last executing test programs:

1m38.247679157s ago: executing program 4 (id=4442):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="84010000", @ANYRES16=r2, @ANYBLOB="a18300000000fddbdf"], 0x184}}, 0x4040890)

1m38.205473991s ago: executing program 4 (id=4445):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="c0020000100063d10000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000000000000000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc01000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000b000000000000000000000000000000ffffffffffffffff000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001600000000020000000000000000000000bf010100636d61632861657329"], 0x2c0}, 0x1, 0x0, 0x0, 0x40000}, 0x4004)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x108284, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x26}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x410, &(0x7f0000000140)=ANY=[@ANYBLOB="696f636861727365743d61736369692c636865636b3d7374726963742c008dc72788a4fd1d7a9e96f5af8b1e45accead19436f26d694969a11ba75120b4d62f34885979931a363c752e585ec3604e30dbe2a796fc821132b494dde1c10c9dd6e964a204d3419f8429a34ad0f9eef6d8e64551e180300000043f138d74174cf31003d8e2e285a38f0c00baa5f773735f6e6eb3d29d249635d3f5317a9cd809294ebc15b04d444ccb0c1a90e8e0587fae4eefddd7e3d5c20a076101fd7f3ee5634000000000000fda9bc4dbfe77e9b101986ec88"], 0xfe, 0x340, &(0x7f0000000bc0)="$eJzs3T9rZFUYB+B3Y5KRleykEEFBPGijzZDEwtZBdkEMKHEjq4Vw19ysw9ydCXOHlVnEtbP1E1hYLpZ2gvgF0tjb2aWx3EK8Mn82m8Qga3S8WfI8EM4L5/5yz5nhDm8zcw5ufH27u1u2drNhLLyZYiEiFh5ErE6qqUuzcWFSL8dRX8ZrzRu/vPj+hx+9097cvLqV0rX29dc3UkpXXvrxs8+/e/mn4TMffH/lh0bsr3588NvGr/vP7T9/8Mf1Tztl6pSp1x+mLN3s94fZzSJPO52y20rpvSLPyjx1emU+ODa/W/T39kYp6+2sXN4b5GWZst4odfNRGvbTcDBK2a2s00utViutXI6L5Sz73b6/tZW157AYzpHBoJ2Nn+HGX2a279eyIACgVues/3/YojxW/78UEVlvtDTLXPD+/yz+Tf9/6b9eDHMy7v+XZ8/vcfp/AAAAAAAAAAAAAAB4EjyoqmZVVc2H48m/utfHfHn/L7YjX9x7OqL46s72ne3pOJ1v70YnishjLZpLEVEdmtbX3t68upYmVmPl9r1pfjw+dTy/Hs1YPT2/nlKq7qV0PL80+UWLcX5xnN+IZjx7en5jev8T+eV49ZUj929FM37+JPpRxM5kH4/yX6yn9Na7myfyjcl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwMrXToxPn9s/nW388fnq+/Fs34/fTz+ddOPZ9/MV5YrHXrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoHN3tZkWRD85RUc2c/f/c+rb+XfyTImJWNB7j4m8aNa/5jYio+xVTzLuo+5MJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/n+PDv2ueyUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUqRzd7WZFkQ/mWNS9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCfJnwEAAP//cTwlMA==")

1m38.015217466s ago: executing program 4 (id=4451):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x6}, 0x18)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r2, &(0x7f0000000880)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0, 0x300}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c000400"/44, @ANYRES32=0x0], 0x30}], 0x1, 0x0) (fail_nth: 5)

1m37.709079411s ago: executing program 4 (id=4452):
r0 = creat(0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
pipe2$9p(0x0, 0x0)
r1 = dup(0xffffffffffffffff)
write$RDMA_USER_CM_CMD_SET_OPTION(r1, 0x0, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000340)=ANY=[], 0x7c8)
socket$netlink(0x10, 0x3, 0x8000000004)
r2 = syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r4, 0x0, 0xfffffffffffffffd}, 0x18)
ptrace(0x10, r2)
ptrace$pokeuser(0x6, r2, 0x358, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000100), 0xff, 0x4a6, &(0x7f0000000980)="$eJzs3MtvVFUYAPDvTh+8aUVEQdAqGomPlhZUFi7UaOJCExNd4LK2BZGBGloTIY0WY3BpSNwblyb+Be7cGHVhTNxq4tKQEG1MKK5q7gum02mZlpYpnd8vmc45c1/nu+eemXPv6b0BtK2+9E8SsT0ifo+Injw7f4a+/G12Zmrk+szUSBJzc2/9nWTzXZuZGilnLZfbVmQOVSIqnyXxYrJwuxPnL5werlbHzhX5gckzHwxMnL/wzKkzwyfHTo6dHTp27OiRweefG3p2VeJM47q27+Px/Xtfe+fyGyPHL7/707dpsfYcyKfXxnFL1xsE1EBfutf+mcvUT3t8GWW/G+yoSSedLSwIy9IREWl1dWXtvyc64mbl9cSrn7a0cMCaSn+bNi0+eXoO2MCSaHUJgNYof+jT89/ydYe6HuvC1Zciuov07MzUyOyN+DujUnzetYbb74uI49P/fZW+YrnXIQAAViDr2zzdqP9XiT3Zez7WsbMYQ+mNiHsiYldE3BsRuyPivohs3vujOx7IF57raXL7fXX5hf2fypWGZV4laf/vhZq+32xN/MVbb0eR25HF35WcOFUdO1zsk0PRtSnNDy6xje9f+e2LxabV9v/SV7r9si9YFOBKZ90FutHhyeHV2glXL0bs62wUf3JjJCA9AvZGxL7lrXpnmTj15Df7F5vp1vEvYRXGmea+jngir//pqIu/lCw9PjmwOapjhwfKo2Khn3+99GaR7K6fdlvxr4K0/rfOP/6LKReL955/k3y8tiuq1bFzE8vfxqU/Pl/0nGalx3938nY2Zv3Le/lnHw1PTp4bjOhOXs/y5Y7OPh+6uWyZL+dP4z90sHH731Usk8b/YESkB/GBiHgoIh4uyv5IRDwaEQeXiP/Hlx97f4n4k0iipfU/2vD7L4nYnCV6k9rx+hUkOk7/8N1iI+bN1f/RmM6+a3PZ998tNFvA29+DAAAAsP5VImJ7JJX+PN23PSqV/v78f/h3x9ZKdXxi8qkT4x+eHc3vEeiNrkp5paun5nroYDJdrDHPDxXXisvpR4rrxl92bMny/SPj1dEWxw7tbtv89h9l+0/91dHq0gFrzv1a0L7q23+lReUA7rxmfv+dC8DG1KD9b2lFOYA7z/k/tK9G7f+Turz+P2xMC9v/nw0eWQdsRPr/0L60f2hf2j+0pWbv4i+fp7DihwDMS5Q3C6x8PZubvsN//SX61mTNZQ2tZeG3xM1PorKMxcurSY3nmV4HlbLOE2mLWcnisbP5Z2HMTzR4WA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBd6P8AAAD//9FR4Lw=")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xf, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x13, &(0x7f0000000280)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x587}, @initr0={0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x9}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xb9a}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}], &(0x7f0000000340)='syzkaller\x00', 0x1, 0x32, &(0x7f0000000380)=""/50, 0x41000, 0x18, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000003c0)={0x8, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000400)=[r5, r6], &(0x7f0000000440)=[{0x5, 0x3, 0xb, 0x7}, {0x2, 0x2, 0xb, 0xc}, {0x5, 0x4, 0x10, 0xa}, {0x4, 0x5, 0xd, 0x2}, {0x5, 0x4, 0x2, 0x9}, {0x2, 0x2, 0x7, 0x8}, {0x3, 0x4, 0x10, 0x7}]}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
renameat2(0xffffffffffffff9c, &(0x7f0000000600)='./file1/file4\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00', 0x2)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
umount2(&(0x7f0000000580)='./file0\x00', 0x3)

1m37.558250983s ago: executing program 4 (id=4459):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r0}, 0x10)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x410, &(0x7f0000000140)=ANY=[@ANYBLOB="696f636861727365743d61736369692c636865636b3d7374726963742c008dc72788a4fd1d7a9e96f5af8b1e45accead19436f26d694969a11ba75120b4d62f34885979931a363c752e585ec3604e30dbe2a796fc821132b494dde1c10c9dd6e964a204d3419f8429a34ad0f9eef6d8e64551e180300000043f138d74174cf31003d8e2e285a38f0c00baa5f773735f6e6eb3d29d249635d3f5317a9cd809294ebc15b04d444ccb0c1a90e8e0587fae4eefddd7e3d5c20a076101fd7f3ee5634000000000000fda9bc4dbfe77e9b101986ec88"], 0xfe, 0x340, &(0x7f0000000bc0)="$eJzs3T9rZFUYB+B3Y5KRleykEEFBPGijzZDEwtZBdkEMKHEjq4Vw19ysw9ydCXOHlVnEtbP1E1hYLpZ2gvgF0tjb2aWx3EK8Mn82m8Qga3S8WfI8EM4L5/5yz5nhDm8zcw5ufH27u1u2drNhLLyZYiEiFh5ErE6qqUuzcWFSL8dRX8ZrzRu/vPj+hx+9097cvLqV0rX29dc3UkpXXvrxs8+/e/mn4TMffH/lh0bsr3588NvGr/vP7T9/8Mf1Tztl6pSp1x+mLN3s94fZzSJPO52y20rpvSLPyjx1emU+ODa/W/T39kYp6+2sXN4b5GWZst4odfNRGvbTcDBK2a2s00utViutXI6L5Sz73b6/tZW157AYzpHBoJ2Nn+HGX2a279eyIACgVues/3/YojxW/78UEVlvtDTLXPD+/yz+Tf9/6b9eDHMy7v+XZ8/vcfp/AAAAAAAAAAAAAAB4EjyoqmZVVc2H48m/utfHfHn/L7YjX9x7OqL46s72ne3pOJ1v70YnishjLZpLEVEdmtbX3t68upYmVmPl9r1pfjw+dTy/Hs1YPT2/nlKq7qV0PL80+UWLcX5xnN+IZjx7en5jev8T+eV49ZUj929FM37+JPpRxM5kH4/yX6yn9Na7myfyjcl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwMrXToxPn9s/nW388fnq+/Fs34/fTz+ddOPZ9/MV5YrHXrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoHN3tZkWRD85RUc2c/f/c+rb+XfyTImJWNB7j4m8aNa/5jYio+xVTzLuo+5MJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/n+PDv2ueyUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUqRzd7WZFkQ/mWNS9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCfJnwEAAP//cTwlMA==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1f0)

1m36.987864469s ago: executing program 4 (id=4472):
creat(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000050000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10)
pipe2$9p(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@version_u}]}})

1m36.812731563s ago: executing program 32 (id=4472):
creat(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000050000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10)
pipe2$9p(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@version_u}]}})

2.265104838s ago: executing program 5 (id=6286):
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c756e695f786c6174653d312c636865636b3d7374726963742c646f733178666c6f7070792c757466383d312c757466383d312c757466383d302c696f636861727365743d6370313235de26302c696f636861727365743d69736f383835392d342c696f636861727365743d64656661756c742c73686f72746e616d653d6d69786564", @ANYRES8=0x0], 0xff, 0x1b1, &(0x7f0000001bc0)="$eJzs289qE10YB+A3+dp+SV0kC1fiYsCNq9D0CgxSQQwIShYKgmIbkI4ELAR0YbNz4U14OW71Slx2IRxJJrF/nIBUzVj7PJu8zJlfeGfg5OSEzNPrL/d3RwfDJ8OP0ajVon4rpTiqRTvqsTCJEmtlBwGAi+AopfiSUpou580PkVKquiMA4E9brP/p/4n1HwAuiYePHt/r9fs7D7KsEZG/Gw/Gg+K1GO8N40XksRdb0YqvMf2CMFfUd+72d7aymXa8zw/n+cPx4L/T+W60ol2e7xb57HR+PTZP5rejFVfL89ul+Y24eeNEvhOt+Pw8RpHHbkyzx/m33Sy7fb9/Jn9ldh4AAAD8CzrZd6X7905n2XiR79V++veBM/vrtbjmP4QAUImD12/2n+X53qvKioiYzI804sdzPm0Wja6useyc8cUtrfJm/lrRjN//zusbEfG3XOCFL0b1ZUPNkrlznqIREbOiwg8lYCWOZ3/VnQAAAAAAAAAAAAAAAMus4tGlqq8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMvnWwAAAP//cyOKBA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000c62)
r1 = perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x376, 0x0, 0x0, 0xcc2, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='cpu==0||!')

1.093342022s ago: executing program 0 (id=6308):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x0, r1, 0x4}, 0x50)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0xa100, 0xc8, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r4)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x4d}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000640)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce8102032908000000000000000000000000ac14140a000000000000000000000000ac1414aa"], 0xfdef)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x2000c8c5}, 0x0)
r8 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x30, r10, 0xc4fc9e906872338b, 0x70bd2a, 0x0, {{0x15}, {@void, @val={0xc, 0x99, {0xc7, 0x3a}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4, 0x3, 0x0, 0x0}]}]}]}]}, 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r11}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x1000}, 0x20004015)
sendmsg$NL80211_CMD_TDLS_MGMT(r8, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000480)={&(0x7f0000000640)={0x3c, r10, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x200, 0x36}}}}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000080}, 0x801)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x4c, r7, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r11}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9b4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x20c}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0xc881)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2, <r12=>0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x8, r12}, 0x38)
r13 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
memfd_secret(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$LINK_DETACH(0x22, &(0x7f0000000080), 0x4)
close_range(r13, 0xffffffffffffffff, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newsa={0x1a0, 0x10, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x64}, {@in, 0x0, 0x32}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, {}, {0x0, 0x0, 0x8000000, 0x200}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xcd}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0xfffffffd, 0x0, 0x0, 0x70bd28}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0x18}}]}, 0x1a0}}, 0x800)

1.050446865s ago: executing program 0 (id=6310):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = getpid()
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000180)=0x14)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = socket$kcm(0x29, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)='r', 0x200420}], 0x1}, 0x48000)
r7 = dup(r5)
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f00000007c0)={0x2, {0x2, 0x101, 0x0, 0x101}})
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x10)
request_key(&(0x7f0000000540)='user\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f00000005c0)='\x00', 0xffffffffffffffff)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
pwrite64(r9, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000003c0)=0x1)

1.006204539s ago: executing program 2 (id=6312):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r2, &(0x7f0000000240)=""/171, 0xab)
r3 = add_key$keyring(&(0x7f0000000280), &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8)
r4 = request_key(&(0x7f0000000400)='asymmetric\x00', &(0x7f0000000540)={'syz', 0x2}, &(0x7f0000000640)=':/%\x89\x00', 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r2, r3, r4, 0x1)
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/113, 0x71}], 0x1)
ioctl$IMADDTIMER(r1, 0x80044940, &(0x7f00000000c0)=0x32)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x8, &(0x7f0000000140)={[{@nouid32}, {@sb={'sb', 0x3d, 0x1}}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r5, 0x0, 0xfffffffffffffffc}, 0x18)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010"], 0x44}}, 0x20008000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file6\x00', 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = fsopen(&(0x7f0000000680)='rpc_pipefs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r10 = syz_io_uring_complete(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x18)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0202000311000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000bb000000000000000002000100000007000000000b000000000200090000000000000000000000000005000600000000000a00000000000000fe8800000000000000000000000000010000000000000000010018"], 0x88}}, 0x0)

765.742248ms ago: executing program 2 (id=6315):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="c0020000100063d10000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc01000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000b000000000000000000000000000000ffffffffffffffff000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001600000000020000000000000000000000bf010100636d61632861657329"], 0x2c0}, 0x1, 0x0, 0x0, 0x40000}, 0x4004)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x410, &(0x7f0000000140)=ANY=[@ANYBLOB="696f636861727365743d61736369692c636865636b3d7374726963742c008dc72788a4fd1d7a9e96f5af8b1e45accead19436f26d694969a11ba75120b4d62f34885979931a363c752e585ec3604e30dbe2a796fc821132b494dde1c10c9dd6e964a204d3419f8429a34ad0f9eef6d8e64551e180300000043f138d74174cf31003d8e2e285a38f0c00baa5f773735f6e6eb3d29d249635d3f5317a9cd809294ebc15b04d444ccb0c1a90e8e0587fae4eefddd7e3d5c20a076101fd7f3ee5634000000000000fda9bc4dbfe77e9b101986ec88"], 0xfe, 0x340, &(0x7f0000000bc0)="$eJzs3T9rZFUYB+B3Y5KRleykEEFBPGijzZDEwtZBdkEMKHEjq4Vw19ysw9ydCXOHlVnEtbP1E1hYLpZ2gvgF0tjb2aWx3EK8Mn82m8Qga3S8WfI8EM4L5/5yz5nhDm8zcw5ufH27u1u2drNhLLyZYiEiFh5ErE6qqUuzcWFSL8dRX8ZrzRu/vPj+hx+9097cvLqV0rX29dc3UkpXXvrxs8+/e/mn4TMffH/lh0bsr3588NvGr/vP7T9/8Mf1Tztl6pSp1x+mLN3s94fZzSJPO52y20rpvSLPyjx1emU+ODa/W/T39kYp6+2sXN4b5GWZst4odfNRGvbTcDBK2a2s00utViutXI6L5Sz73b6/tZW157AYzpHBoJ2Nn+HGX2a279eyIACgVues/3/YojxW/78UEVlvtDTLXPD+/yz+Tf9/6b9eDHMy7v+XZ8/vcfp/AAAAAAAAAAAAAAB4EjyoqmZVVc2H48m/utfHfHn/L7YjX9x7OqL46s72ne3pOJ1v70YnishjLZpLEVEdmtbX3t68upYmVmPl9r1pfjw+dTy/Hs1YPT2/nlKq7qV0PL80+UWLcX5xnN+IZjx7en5jev8T+eV49ZUj929FM37+JPpRxM5kH4/yX6yn9Na7myfyjcl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwMrXToxPn9s/nW388fnq+/Fs34/fTz+ddOPZ9/MV5YrHXrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoHN3tZkWRD85RUc2c/f/c+rb+XfyTImJWNB7j4m8aNa/5jYio+xVTzLuo+5MJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/n+PDv2ueyUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUqRzd7WZFkQ/mWNS9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCfJnwEAAP//cTwlMA==")

765.119868ms ago: executing program 5 (id=6316):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x95, 0x3}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0xe}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usbip_server_init(0x1)

706.525703ms ago: executing program 2 (id=6319):
r0 = socket$netlink(0x10, 0x3, 0xf)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f00000001c0)=0x1, 0x4) (async)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f00000001c0)=0x1, 0x4)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x20}, 0xc) (async)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x20}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x28, r3, 0x8, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x0, 0x37}}}}, [""]}, 0x28}}, 0xac211ea051bae30e)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0xa4, r5, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x44080}, 0x2000000)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000340)={'syztnl1\x00', &(0x7f0000000300)={'gre0\x00', <r6=>0x0, 0x20, 0x20, 0x5, 0x9, {{0x6, 0x4, 0x1, 0x21, 0x18, 0x66, 0x0, 0x5, 0x4, 0x0, @multicast2, @rand_addr=0x64010102, {[@noop]}}}}})
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, 0x50a10, 0x51a01}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)

555.134875ms ago: executing program 3 (id=6321):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x931766f6319eed14)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000000380)="0975b179a61c92d1e36dd09dbfaa1fcbe0ddd6923c6a0d6b08e0c7809ba6c2dc073c3ad4b8ca0657aa7fbb6140c2bbca3f4ce6ca4f39c81425df5969597b5cb497ae38a83c13338bd10960989da5f83f788a32a1731ebb330b2566040c82c9d98c88fa23ad25c2a8a2cbf1f33fbdf97c229184ab0cc42bb576bb3c4060eb80a06d6e34c28ce3f491b73b8bd5e6257d6927de88ee3c431ee94bff016b976dbcbc84717eb80b8b559d67204e825f1ea1a6245252a8cde6aefc84518a1ef71092f502b12799176edf7d196d02585d5321d97f6254", 0xd3, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

504.799049ms ago: executing program 2 (id=6323):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r2, &(0x7f0000000240)=""/171, 0xab)
r3 = add_key$keyring(&(0x7f0000000280), &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8)
r4 = request_key(&(0x7f0000000400)='asymmetric\x00', &(0x7f0000000540)={'syz', 0x2}, &(0x7f0000000640)=':/%\x89\x00', 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r2, r3, r4, 0x1)
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/113, 0x71}], 0x1)
ioctl$IMADDTIMER(r1, 0x80044940, &(0x7f00000000c0)=0x32)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x8, &(0x7f0000000140)={[{@nouid32}, {@sb={'sb', 0x3d, 0x1}}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r5, 0x0, 0xfffffffffffffffc}, 0x18)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010"], 0x44}}, 0x20008000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file6\x00', 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = fsopen(&(0x7f0000000680)='rpc_pipefs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r10 = syz_io_uring_complete(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x18)
unlinkat(0xffffffffffffff9c, &(0x7f0000000140)='./file6\x00', 0x200)

504.04637ms ago: executing program 0 (id=6324):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3, 0x0, 0x400}, 0x18)
socket$inet6(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r5, 0x0, 0x5}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x1, {0x41}}, 0x10)
listen(0xffffffffffffffff, 0x1)
r6 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r6, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
close(r6)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x400000000000000)
flock(0xffffffffffffffff, 0x2)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/profiling', 0x2, 0x184)
copy_file_range(r7, &(0x7f0000000000)=0x401, r7, 0x0, 0x7, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

441.523635ms ago: executing program 3 (id=6325):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

440.441284ms ago: executing program 1 (id=6326):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={<r1=>r0, 0x7, 0x104, 0xfffffffe})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x19, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='sys_enter\x00', r2}, 0x10)
rt_sigpending(0x0, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r4 = msgget$private(0x0, 0xfffffffffffffffd)
msgrcv(r4, 0x0, 0x0, 0x1, 0x0)
msgsnd(r4, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000000000087fd285c63e41580364e19e4423073e6d20800000065dc40917dc07ae5a100c1570700d09e41ca"], 0x8, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x4000)
getresuid(&(0x7f0000000180)=<r6=>0x0, &(0x7f0000000200), &(0x7f0000000500))
msgctl$IPC_SET(r4, 0x1, &(0x7f0000000680)={{0x3, 0x0, r5, r6, 0x0, 0x80, 0x8}, 0x0, 0x0, 0x0, 0x19, 0x5, 0x2bde, 0xffffffffffffff27, 0xc7, 0x2, 0x9})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, r5}}, './file0\x00'})
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0)
pread64(r7, &(0x7f0000000180)=""/73, 0x49, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f00000007c0)={{{@in6=@empty, @in=@private}}, {{@in=@private}, 0x0, @in6=@private0}}, &(0x7f0000000300)=0xe8)
perf_event_open(0x0, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x0)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_int(r8, &(0x7f0000000700)='notify_on_release\x00', 0x2, 0x0)
write$cgroup_int(r9, &(0x7f00000003c0)=0x1ff, 0x12)
mkdirat$cgroup(r8, &(0x7f00000001c0)='syz0\x00', 0x1ff)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000440)={{{@in=@multicast1, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in=@multicast2}, 0x0, @in=@empty}}, &(0x7f0000000580)=0xe8)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000400), 0x40000, &(0x7f0000000c00)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_user}, {@directio}, {@noxattr}, {@dfltgid={'dfltgid', 0x3d, r5}}], [{@fsname={'fsname', 0x3d, '/dev/sg#\x00'}}, {@subj_role={'subj_role', 0x3d, 'kfree\x00'}}, {@obj_role={'obj_role', 0x3d, 'team0\x00'}}, {@uid_gt={'uid>', r10}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'kfree\x00'}}, {@subj_type}, {@dont_hash}, {@obj_user={'obj_user', 0x3d, '*\''}}]}})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)

408.544827ms ago: executing program 0 (id=6327):
socket$nl_sock_diag(0x10, 0x3, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000901, &(0x7f00000080c0)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000002085000000040000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='attr/current\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

392.255668ms ago: executing program 3 (id=6328):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r2 = gettid()
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=ANY=[@ANYBLOB=',\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf25140000000800010001000000080003", @ANYRES32=0x0, @ANYBLOB="08001c00", @ANYRES32=r2], 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000002c0), 0x121302, 0x0)
sendmsg$AUDIT_SET(r3, 0x0, 0x40010)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000300)=""/127, 0x7f}, {&(0x7f0000000100)=""/3, 0x3}, {&(0x7f0000000380)=""/32, 0x20}, {&(0x7f00000003c0)=""/19, 0x13}, {&(0x7f0000000400)=""/16, 0x10}, {&(0x7f0000000440)=""/146, 0x92}], 0x6, &(0x7f0000000580)=""/196, 0xc4}, 0x2}, {{&(0x7f0000000680), 0x80, 0x0}, 0x5}], 0x2, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000002ac0)={@cgroup=r3, 0x37, 0x0, 0x7f8e, &(0x7f00000029c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f0000002a00)=[0x0, 0x0], &(0x7f0000002a40)=[0x0, 0x0, 0x0], 0x0}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf2503"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$xdp(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0xdfffffff, 0x1000, 0x5, 0x1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r5, 0x0, 0xffffffffffffffa2}, 0x18)
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = gettid()
sendmsg$unix(r10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='>', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r11, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r10, @ANYRES32=r9, @ANYRES32=r9, @ANYRES32=r10, @ANYRES32=r9, @ANYRES32=r10, @ANYRES32=r9, @ANYRES32=r10, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r9, @ANYBLOB="e5ffff6e18"], 0xa0}, 0x4004881)

371.55805ms ago: executing program 0 (id=6329):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x7fe, @local}, 0x10)
sendto$inet(r0, &(0x7f00000000c0)="d2664e3de44e5781659d1c2224a19de44f", 0x11, 0x2c000891, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000000f000000000000000000000bd631fdb", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffffff5]}, 0x0, 0x8)
r6 = gettid()
r7 = gettid()
tkill(r6, 0x12)
tkill(r7, 0x1)
tkill(r7, 0x14)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000540)={'bond_slave_1\x00', <r8=>0x0})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000000)={r8, 0x11, 0x6, @random}, 0x10)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r9}, 0x10)
rmdir(0x0)
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r8, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0x0, 0x5}, {0x0, 0xa}, {0x0, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000025c0)={{r1}, &(0x7f0000002540), &(0x7f0000002580)}, 0x20)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r10, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)

369.36014ms ago: executing program 1 (id=6330):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x0, r1, 0x4}, 0x50)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0xa100, 0xc8, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r4)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x4d}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000640)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce8102032908000000000000000000000000ac14140a000000000000000000000000ac1414aa"], 0xfdef)
r6 = dup3(r4, r4, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x2000c8c5}, 0x0)
r9 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x30, r11, 0xc4fc9e906872338b, 0x70bd2a, 0x0, {{0x15}, {@void, @val={0xc, 0x99, {0xc7, 0x3a}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4, 0x3, 0x0, 0x0}]}]}]}]}, 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x1000}, 0x20004015)
sendmsg$NL80211_CMD_TDLS_MGMT(r9, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000480)={&(0x7f0000000640)={0x3c, r11, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x200, 0x36}}}}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000080}, 0x801)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x4c, r8, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r12}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9b4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x20c}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0xc881)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2, <r13=>0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x8, r13}, 0x38)
r14 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r15 = memfd_secret(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r16 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r16, r15, 0x2e, 0x4608, @void}, 0x10)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
close_range(r14, 0xffffffffffffffff, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newsa={0x1a0, 0x10, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x64}, {@in, 0x0, 0x32}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, {}, {0x0, 0x0, 0x8000000, 0x200}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xcd}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @replay_esn_val={0x1c, 0x17, {0x0, 0xfffffffd, 0x0, 0x0, 0x70bd28}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0x18}}]}, 0x1a0}}, 0x800)

366.50754ms ago: executing program 2 (id=6331):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$tipc(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

303.079736ms ago: executing program 0 (id=6332):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x95, 0x3}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0xe}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usbip_server_init(0x1)

302.118806ms ago: executing program 1 (id=6333):
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x2}, 0x18)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x108000)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0})

187.205765ms ago: executing program 2 (id=6334):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = getpid()
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000180)=0x14)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = socket$kcm(0x29, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)='r', 0x200420}], 0x1}, 0x48000)
r7 = dup(r5)
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f00000007c0)={0x2, {0x2, 0x101, 0x0, 0x101}})
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x10)
request_key(&(0x7f0000000540)='user\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f00000005c0)='\x00', 0xffffffffffffffff)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
pwrite64(r9, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000003c0)=0x1)

159.858357ms ago: executing program 1 (id=6335):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x0, r0, 0x4}, 0x50)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0xa100, 0xc8, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x4d}, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000640)=ANY=[], 0xfdef)
r5 = dup3(r3, r3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x2000c8c5}, 0x0)
r8 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x30, r10, 0xc4fc9e906872338b, 0x70bd2a, 0x0, {{0x15}, {@void, @val={0xc, 0x99, {0xc7, 0x3a}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4, 0x3, 0x0, 0x0}]}]}]}]}, 0x30}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r11}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x1000}, 0x20004015)
sendmsg$NL80211_CMD_TDLS_MGMT(r8, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000480)={&(0x7f0000000640)={0x3c, r10, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x200, 0x36}}}}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000080}, 0x801)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x4c, r7, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r11}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9b4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x20c}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0xc881)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1, <r12=>0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x8, r12}, 0x38)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r13 = memfd_secret(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r14 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
r15 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r14, r13, 0x2e, 0x4608, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r15, 0x4)

131.89683ms ago: executing program 5 (id=6336):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000005c0)='kfree_skb\x00', r2}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00'}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

116.513281ms ago: executing program 1 (id=6337):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000006d40)=@newtaction={0x48, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0x34, 0x1, [@m_pedit={0x30, 0x1, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0)

86.767963ms ago: executing program 3 (id=6338):
unshare(0x24020400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x3, 0x4, 0x4, 0x3}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280), &(0x7f0000000300)=""/56}, 0x20)

67.142225ms ago: executing program 3 (id=6339):
socket$nl_sock_diag(0x10, 0x3, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000901, &(0x7f00000080c0)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000002085000000040000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='attr/current\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

64.969055ms ago: executing program 1 (id=6340):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'gretap0\x00', &(0x7f00000000c0)={'tunl0\x00', <r3=>0x0, 0x7800, 0x8, 0xfffffffc, 0x3, {{0xf, 0x4, 0x2, 0x31, 0x3c, 0x65, 0x0, 0x80, 0x4, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x2d}, {[@timestamp_addr={0x44, 0x1c, 0x50, 0x1, 0x5, [{@remote, 0x3}, {@dev={0xac, 0x14, 0x14, 0x2f}, 0x9}, {@empty, 0xad6a}]}, @rr={0x7, 0xb, 0x7e, [@multicast1, @multicast2]}, @noop]}}}}})
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000500)={0x4, &(0x7f00000004c0)=[{0x2, 0x1, 0x7, 0xd}, {0x2, 0x20, 0x1, 0xfff}, {0x6, 0x9, 0x82, 0xde9}, {0x4, 0x33, 0x9, 0x22d8}]})
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSBRKP(r5, 0x5425, 0x5)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x40, 0x0, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000000280)={'erspan0\x00', <r6=>0x0, 0x20, 0x7, 0x7, 0x22, {{0x9, 0x4, 0x1, 0x32, 0x24, 0x64, 0x0, 0x9, 0x29, 0x0, @empty, @empty, {[@timestamp={0x44, 0x10, 0x6e, 0x0, 0xc, [0x1, 0x280, 0x1]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f0000000300)={'ip6_vti0\x00', <r7=>0x0, 0x4, 0x4, 0x5, 0x0, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, 0x10, 0x8, 0x4, 0x6}})
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540), 0x8800, 0x0)
ioctl$PPPIOCSPASS(r8, 0x40107447, &(0x7f00000005c0)={0x1, &(0x7f0000000580)=[{0x1000, 0x7, 0x6, 0x81c}]})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0xa4, r2, 0x906, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_DEBUG_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}, @ETHTOOL_A_DEBUG_HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24008040}, 0x4008008)
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000600)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x7fc, '\x00', r6, 0xffffffffffffffff, 0x0, 0x2, 0x1}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@bloom_filter={0x1e, 0x2, 0x460a, 0x7fffffff, 0x41000, r9, 0x2, '\x00', r7, 0xffffffffffffffff, 0x0, 0x3, 0x4, 0xf}, 0x50)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@ipv4_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x4}}, 0x1c}}, 0x0)

49.643726ms ago: executing program 5 (id=6341):
unshare(0x22020600)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xe, 0x4, 0x4, 0x12}, 0x50)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
unshare(0x2000000)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000004c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="05"], 0x10)

2.18339ms ago: executing program 3 (id=6342):
creat(&(0x7f0000000040)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r2}, 0x10)
pipe2$9p(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})

1.54517ms ago: executing program 5 (id=6343):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x7}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000340)='/,O#,)\x02\x00', 0xfffffffffffffffd)

0s ago: executing program 5 (id=6344):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r2, &(0x7f0000000240)=""/171, 0xab)
r3 = add_key$keyring(&(0x7f0000000280), &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8)
r4 = request_key(&(0x7f0000000400)='asymmetric\x00', &(0x7f0000000540)={'syz', 0x2}, &(0x7f0000000640)=':/%\x89\x00', 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r2, r3, r4, 0x1)
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/113, 0x71}], 0x1)
ioctl$IMADDTIMER(r1, 0x80044940, &(0x7f00000000c0)=0x32)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x8, &(0x7f0000000140)={[{@nouid32}, {@sb={'sb', 0x3d, 0x1}}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r5, 0x0, 0xfffffffffffffffc}, 0x18)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010"], 0x44}}, 0x20008000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file6\x00', 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = fsopen(&(0x7f0000000680)='rpc_pipefs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
r10 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0202000311000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000bb000000000000000002000100000007000000000b000000000200090000000000000000000000000005000600000000000a00000000000000fe8800000000000000000000000000010000000000000000010018"], 0x88}}, 0x0)

kernel console output (not intermixed with test programs):

8
[  333.006341][T19991] RSP: 002b:00007f16361cee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  333.006358][T19991] RAX: ffffffffffffffda RBX: 00007f16361ceef0 RCX: 00007f1637b7030a
[  333.006369][T19991] RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
[  333.006380][T19991] RBP: 0000200000000f40 R08: 00007f16361ceef0 R09: 0000000001a4a438
[  333.006449][T19991] R10: 0000000001a4a438 R11: 0000000000000246 R12: 0000200000000f00
[  333.006460][T19991] R13: 00007f16361ceeb0 R14: 0000000000000000 R15: 00002000000008c0
[  333.006479][T19991]  </TASK>
[  333.201183][T19993] loop3: detected capacity change from 0 to 512
[  333.237409][T19999] __nla_validate_parse: 8 callbacks suppressed
[  333.237425][T19999] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5361'.
[  333.470998][T20022] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -98
[  333.497596][T20023] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5370'.
[  333.591515][T20040] loop3: detected capacity change from 0 to 512
[  333.603187][T20040] EXT4-fs (loop3): orphan cleanup on readonly fs
[  333.611150][T20040] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5378: bg 0: block 248: padding at end of block bitmap is not set
[  333.628479][T20040] __quota_error: 35 callbacks suppressed
[  333.628493][T20040] Quota error (device loop3): write_blk: dquota write failed
[  333.641698][T20040] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  333.651630][T20040] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5378: Failed to acquire dquot type 1
[  333.667095][T20040] EXT4-fs (loop3): 1 truncate cleaned up
[  333.670437][ T6685] net_ratelimit: 62 callbacks suppressed
[  333.670453][ T6685] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  333.680610][ T3358] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  333.686577][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  333.708683][T20040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  333.726719][   T29] audit: type=1400 audit(1754290202.326:11808): avc:  denied  { bind } for  pid=20044 comm="syz.5.5381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  333.748275][ T3465] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  333.771293][T20040] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  333.802104][T20040] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  333.813009][T20040] Quota error (device loop3): do_check_range: Getting block 1536 out of range 0-5
[  333.838174][T11988] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.974562][T20073] IPv6: Can't replace route, no match found
[  334.044726][   T29] audit: type=1400 audit(1754290202.646:11809): avc:  denied  { write } for  pid=20081 comm="syz.2.5395" path="socket:[63118]" dev="sockfs" ino=63118 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  334.134326][T20089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5398'.
[  334.150765][T20089] bridge0: port 3(macvlan2) entered blocking state
[  334.157379][T20089] bridge0: port 3(macvlan2) entered disabled state
[  334.164145][T20089] macvlan2: entered allmulticast mode
[  334.169545][T20089] bridge0: entered allmulticast mode
[  334.188408][T20089] macvlan2: left allmulticast mode
[  334.193578][T20089] bridge0: left allmulticast mode
[  334.368396][T20098] loop7: detected capacity change from 0 to 16384
[  334.681513][T20103] loop3: detected capacity change from 0 to 512
[  334.873585][T16907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  334.927243][T20110] validate_nla: 4 callbacks suppressed
[  334.927322][T20110] netlink: 'syz.3.5406': attribute type 3 has an invalid length.
[  334.929024][T20094] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5399'.
[  334.951489][   T29] audit: type=1326 audit(1754290203.556:11810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20111 comm="syz.1.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  334.975184][   T29] audit: type=1326 audit(1754290203.556:11811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20111 comm="syz.1.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  335.006663][   T29] audit: type=1326 audit(1754290203.556:11812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20111 comm="syz.1.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  335.030369][   T29] audit: type=1326 audit(1754290203.556:11813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20111 comm="syz.1.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  335.054017][   T29] audit: type=1326 audit(1754290203.556:11814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20111 comm="syz.1.5407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  335.191402][T20120] loop3: detected capacity change from 0 to 8192
[  335.210874][T20120] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5410'.
[  335.221916][T20134] netlink: 'syz.0.5416': attribute type 9 has an invalid length.
[  335.310765][T20142] FAULT_INJECTION: forcing a failure.
[  335.310765][T20142] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  335.323914][T20142] CPU: 0 UID: 0 PID: 20142 Comm: syz.0.5419 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  335.323947][T20142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  335.323963][T20142] Call Trace:
[  335.323970][T20142]  <TASK>
[  335.323983][T20142]  __dump_stack+0x1d/0x30
[  335.324004][T20142]  dump_stack_lvl+0xe8/0x140
[  335.324045][T20142]  dump_stack+0x15/0x1b
[  335.324065][T20142]  should_fail_ex+0x265/0x280
[  335.324109][T20142]  should_fail+0xb/0x20
[  335.324206][T20142]  should_fail_usercopy+0x1a/0x20
[  335.324229][T20142]  _copy_from_user+0x1c/0xb0
[  335.324258][T20142]  __ia32_sys_rt_sigreturn+0x128/0x350
[  335.324368][T20142]  x64_sys_call+0x2d3c/0x2ff0
[  335.324392][T20142]  do_syscall_64+0xd2/0x200
[  335.324419][T20142]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  335.324478][T20142]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  335.324499][T20142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.324576][T20142] RIP: 0033:0x7fd3034aad69
[  335.324591][T20142] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  335.324608][T20142] RSP: 002b:00007fd301b6ea80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  335.324625][T20142] RAX: ffffffffffffffda RBX: 00007fd303735fa0 RCX: 00007fd3034aad69
[  335.324637][T20142] RDX: 00007fd301b6ea80 RSI: 00007fd301b6ebb0 RDI: 0000000000000021
[  335.324656][T20142] RBP: 00007fd301b6f090 R08: 0000000000000007 R09: 0000000000000000
[  335.324668][T20142] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[  335.324679][T20142] R13: 0000000000000000 R14: 00007fd303735fa0 R15: 00007ffeebbcd128
[  335.324697][T20142]  </TASK>
[  335.535606][T20149] netlink: 'syz.0.5422': attribute type 3 has an invalid length.
[  335.686980][T20158] netlink: 'syz.0.5427': attribute type 4 has an invalid length.
[  335.695079][T20158] netlink: 152 bytes leftover after parsing attributes in process `syz.0.5427'.
[  335.717740][T20158] netlink: 6 bytes leftover after parsing attributes in process `syz.0.5427'.
[  335.726848][T20158] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  335.747393][T20161] netlink: 368 bytes leftover after parsing attributes in process `syz.2.5428'.
[  335.816115][T20169] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.826168][T20171] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5433'.
[  335.872252][T20178] netlink: 'syz.3.5435': attribute type 3 has an invalid length.
[  335.891613][T20169] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.908132][T16907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  335.992142][T20169] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.080800][T20198] loop3: detected capacity change from 0 to 128
[  336.091207][T20169] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.149585][T20198] random: crng reseeded on system resumption
[  336.164317][ T6675] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  336.181609][ T6675] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  336.204449][ T6675] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  336.238060][ T6675] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  336.278271][T20203] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5446'.
[  336.313585][T20207] loop3: detected capacity change from 0 to 512
[  336.358247][T20213] netlink: 'syz.0.5448': attribute type 3 has an invalid length.
[  336.474158][T20219] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  336.480692][T20219] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  336.488246][T20219] vhci_hcd vhci_hcd.0: Device attached
[  336.504328][T20220] vhci_hcd: connection closed
[  336.504592][ T3432] vhci_hcd: stop threads
[  336.513690][ T3432] vhci_hcd: release socket
[  336.518164][ T3432] vhci_hcd: disconnect device
[  336.566094][T20227] loop3: detected capacity change from 0 to 512
[  336.578450][T20227] EXT4-fs (loop3): orphan cleanup on readonly fs
[  336.610813][T20227] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5456: bg 0: block 248: padding at end of block bitmap is not set
[  336.625520][T20227] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5456: Failed to acquire dquot type 1
[  336.665624][T20227] EXT4-fs (loop3): 1 truncate cleaned up
[  336.672117][T20233] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.708658][T20209] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  336.716799][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  336.725276][ T3407] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  336.775248][T20233] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.881454][T20233] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.984718][T20233] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.204180][T20227] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  337.246898][T20227] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  337.356576][T20227] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  337.499961][T11988] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.627274][T20274] netlink: 'syz.2.5473': attribute type 9 has an invalid length.
[  337.965141][T20296] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  337.971692][T20296] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  337.979275][T20296] vhci_hcd vhci_hcd.0: Device attached
[  337.990830][T20297] vhci_hcd: connection closed
[  337.991254][  T292] vhci_hcd: stop threads
[  338.000267][  T292] vhci_hcd: release socket
[  338.004688][  T292] vhci_hcd: disconnect device
[  338.013012][T20300] netlink: 'syz.3.5483': attribute type 3 has an invalid length.
[  338.042041][T20302] loop3: detected capacity change from 0 to 1024
[  338.070005][T20302] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  338.082164][T20302] ext4 filesystem being mounted at /464/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  338.105016][T11988] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  338.126395][T20310] loop3: detected capacity change from 0 to 512
[  338.191887][T20319] netlink: 'syz.2.5492': attribute type 3 has an invalid length.
[  338.210397][T20321] IPv6: Can't replace route, no match found
[  338.409044][T20332] netlink: 'syz.2.5497': attribute type 10 has an invalid length.
[  338.683436][T20349] net_ratelimit: 38 callbacks suppressed
[  338.683449][T20349] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  338.717640][T20353] __nla_validate_parse: 5 callbacks suppressed
[  338.717651][T20353] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5505'.
[  338.870893][ T3432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  338.879167][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  338.912639][   T29] kauditd_printk_skb: 152 callbacks suppressed
[  338.912678][   T29] audit: type=1400 audit(1754290207.516:11964): avc:  denied  { wake_alarm } for  pid=20363 comm="syz.2.5509" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  339.021775][T20370] loop3: detected capacity change from 0 to 512
[  339.073447][   T29] audit: type=1326 audit(1754290207.676:11965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20372 comm="syz.3.5513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  339.097164][   T29] audit: type=1326 audit(1754290207.676:11966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20372 comm="syz.3.5513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=326 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  339.120756][   T29] audit: type=1326 audit(1754290207.676:11967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20372 comm="syz.3.5513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  339.196056][T20378] netlink: 180 bytes leftover after parsing attributes in process `syz.5.5515'.
[  339.268475][T16907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.479202][T20402] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.487415][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.496366][T20402] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.504668][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.513546][  T292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.521800][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  339.928658][T20416] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5531'.
[  339.955333][T20416] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5531'.
[  340.026137][T20420] FAULT_INJECTION: forcing a failure.
[  340.026137][T20420] name failslab, interval 1, probability 0, space 0, times 0
[  340.038822][T20420] CPU: 1 UID: 0 PID: 20420 Comm: syz.5.5533 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  340.038868][T20420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  340.038882][T20420] Call Trace:
[  340.038892][T20420]  <TASK>
[  340.038929][T20420]  __dump_stack+0x1d/0x30
[  340.038948][T20420]  dump_stack_lvl+0xe8/0x140
[  340.038964][T20420]  dump_stack+0x15/0x1b
[  340.038977][T20420]  should_fail_ex+0x265/0x280
[  340.039004][T20420]  should_failslab+0x8c/0xb0
[  340.039101][T20420]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  340.039124][T20420]  ? shmem_alloc_inode+0x34/0x50
[  340.039142][T20420]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  340.039159][T20420]  shmem_alloc_inode+0x34/0x50
[  340.039250][T20420]  alloc_inode+0x3d/0x170
[  340.039268][T20420]  new_inode+0x1d/0xe0
[  340.039287][T20420]  shmem_get_inode+0x244/0x750
[  340.039306][T20420]  __shmem_file_setup+0x113/0x210
[  340.039342][T20420]  shmem_file_setup+0x3b/0x50
[  340.039368][T20420]  __se_sys_memfd_create+0x2c3/0x590
[  340.039409][T20420]  __x64_sys_memfd_create+0x31/0x40
[  340.039497][T20420]  x64_sys_call+0x2abe/0x2ff0
[  340.039531][T20420]  do_syscall_64+0xd2/0x200
[  340.039556][T20420]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  340.039624][T20420]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  340.039704][T20420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.039720][T20420] RIP: 0033:0x7f0299f8eb69
[  340.039731][T20420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.039745][T20420] RSP: 002b:00007f02985f6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  340.039828][T20420] RAX: ffffffffffffffda RBX: 0000000000000512 RCX: 00007f0299f8eb69
[  340.039837][T20420] RDX: 00007f02985f6ef0 RSI: 0000000000000000 RDI: 00007f029a012784
[  340.039847][T20420] RBP: 0000200000001bc0 R08: 00007f02985f6bb7 R09: 00007f02985f6e40
[  340.039856][T20420] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000980
[  340.039865][T20420] R13: 00007f02985f6ef0 R14: 00007f02985f6eb0 R15: 00002000000002c0
[  340.039881][T20420]  </TASK>
[  340.310511][T20430] loop3: detected capacity change from 0 to 512
[  340.318310][T20430] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  340.335532][T20430] EXT4-fs (loop3): orphan cleanup on readonly fs
[  340.345467][T20430] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:517: comm syz.3.5538: Block bitmap for bg 0 marked uninitialized
[  340.358983][T20430] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  340.369537][T20430] EXT4-fs (loop3): 1 orphan inode deleted
[  340.375669][T20430] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  340.390720][T20439] IPv6: Can't replace route, no match found
[  340.403560][T20430] EXT4-fs: Ignoring sb option on remount
[  340.409311][T20430] EXT4-fs: Ignoring removed orlov option
[  340.416482][T20430] EXT4-fs: Ignoring removed nomblk_io_submit option
[  340.425322][T20430] EXT4-fs: Remounting fs w/o journal so ignoring data_err option
[  340.446979][T20430] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  340.459284][T20430] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  340.485366][ T3432] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  340.497528][T11988] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.513219][ T3432] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  340.530394][ T3432] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  340.547415][ T3432] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  340.606281][   T29] audit: type=1326 audit(1754290209.206:11968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20449 comm="syz.0.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd30350eb69 code=0x7ffc0000
[  340.659595][T20454] tipc: Started in network mode
[  340.664474][T20454] tipc: Node identity , cluster identity 4711
[  340.670584][T20454] tipc: Failed to set node id, please configure manually
[  340.672304][   T29] audit: type=1326 audit(1754290209.206:11969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20449 comm="syz.0.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7fd30350eb69 code=0x7ffc0000
[  340.677608][T20454] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  340.701471][   T29] audit: type=1326 audit(1754290209.206:11970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20449 comm="syz.0.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd30350eb69 code=0x7ffc0000
[  340.733036][   T29] audit: type=1326 audit(1754290209.206:11971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20449 comm="syz.0.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7fd30350eb69 code=0x7ffc0000
[  340.756692][   T29] audit: type=1326 audit(1754290209.206:11972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20449 comm="syz.0.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd30350eb69 code=0x7ffc0000
[  340.780528][   T29] audit: type=1326 audit(1754290209.206:11973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20449 comm="syz.0.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd30350eb69 code=0x7ffc0000
[  340.846837][T20465] loop3: detected capacity change from 0 to 512
[  340.885228][T20470] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5556'.
[  341.477353][T20474] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5551'.
[  341.690304][T20484] vhci_hcd: invalid port number 96
[  341.695463][T20484] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  341.873891][T20489] netlink: 256 bytes leftover after parsing attributes in process `syz.1.5558'.
[  341.960076][T20500] Process accounting resumed
[  342.026350][T20516] validate_nla: 6 callbacks suppressed
[  342.026366][T20516] netlink: 'syz.3.5567': attribute type 3 has an invalid length.
[  342.128799][T20509] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5564'.
[  342.145725][T20525] netlink: 'syz.0.5571': attribute type 8 has an invalid length.
[  342.160921][T20524] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5570'.
[  342.248798][T20530] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  342.255427][T20530] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  342.263060][T20530] vhci_hcd vhci_hcd.0: Device attached
[  342.274163][T20531] vhci_hcd: connection closed
[  342.278457][ T3432] vhci_hcd: stop threads
[  342.287421][ T3432] vhci_hcd: release socket
[  342.291869][ T3432] vhci_hcd: disconnect device
[  342.338786][T20542] loop3: detected capacity change from 0 to 512
[  342.370247][T20548] netlink: 'syz.1.5579': attribute type 3 has an invalid length.
[  342.413404][T20542] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  342.438607][T20542] ext4 filesystem being mounted at /484/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  342.475501][T20542] EXT4-fs: Ignoring removed orlov option
[  342.481378][T20542] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  342.490421][T20542] EXT4-fs (loop3): can't enable nombcache during remount
[  342.501714][T20546] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5577'.
[  342.579279][T11988] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.601070][T20571] loop3: detected capacity change from 0 to 512
[  342.804467][T20582] netlink: 'syz.0.5590': attribute type 4 has an invalid length.
[  343.691334][T20621] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  343.697909][T20621] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  343.705546][T20621] vhci_hcd vhci_hcd.0: Device attached
[  343.712020][T20622] vhci_hcd: connection closed
[  343.713391][   T12] vhci_hcd: stop threads
[  343.722425][   T12] vhci_hcd: release socket
[  343.726833][   T12] vhci_hcd: disconnect device
[  343.743116][T20628] blkio.reset_stats is deprecated
[  343.748135][T16907] net_ratelimit: 2053 callbacks suppressed
[  343.748150][T16907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  343.779000][T20630] netlink: 'syz.0.5609': attribute type 3 has an invalid length.
[  343.779051][T20625] __nla_validate_parse: 4 callbacks suppressed
[  343.779064][T20625] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5607'.
[  343.908685][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  343.916896][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.031514][T20640] netlink: 'syz.2.5611': attribute type 4 has an invalid length.
[  344.048021][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.086648][T20640] netlink: 'syz.2.5611': attribute type 4 has an invalid length.
[  344.158079][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.351587][   T29] kauditd_printk_skb: 116 callbacks suppressed
[  344.351603][   T29] audit: type=1400 audit(1754290212.956:12090): avc:  denied  { map } for  pid=20617 comm="syz.1.5604" path="socket:[66554]" dev="sockfs" ino=66554 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  344.355709][T20636] batadv2: entered promiscuous mode
[  344.357823][   T29] audit: type=1400 audit(1754290212.956:12091): avc:  denied  { read } for  pid=20617 comm="syz.1.5604" path="socket:[66554]" dev="sockfs" ino=66554 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  344.421517][T20652] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.432399][T20654] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5617'.
[  344.433594][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.454358][T20652] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.462603][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.478044][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  344.489853][T20654] loop3: detected capacity change from 0 to 512
[  344.587152][T20666] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.665742][T20674] netlink: 'syz.1.5625': attribute type 4 has an invalid length.
[  344.673621][T20674] netlink: 17 bytes leftover after parsing attributes in process `syz.1.5625'.
[  344.682929][   T29] audit: type=1326 audit(1754290213.266:12092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20673 comm="syz.1.5625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  344.706575][   T29] audit: type=1326 audit(1754290213.266:12093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20673 comm="syz.1.5625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  344.730195][   T29] audit: type=1326 audit(1754290213.266:12094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20673 comm="syz.1.5625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  344.753805][   T29] audit: type=1326 audit(1754290213.266:12095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20673 comm="syz.1.5625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  344.777547][   T29] audit: type=1326 audit(1754290213.266:12096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20673 comm="syz.1.5625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  344.801219][   T29] audit: type=1326 audit(1754290213.266:12097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20673 comm="syz.1.5625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  344.824917][   T29] audit: type=1326 audit(1754290213.266:12098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20673 comm="syz.1.5625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  344.848497][   T29] audit: type=1326 audit(1754290213.266:12099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20673 comm="syz.1.5625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2e4e4eb69 code=0x7ffc0000
[  344.873755][T20666] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.039045][T20666] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.290522][T20666] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  345.333393][T20688] FAULT_INJECTION: forcing a failure.
[  345.333393][T20688] name failslab, interval 1, probability 0, space 0, times 0
[  345.346112][T20688] CPU: 1 UID: 0 PID: 20688 Comm: syz.3.5628 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  345.346141][T20688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  345.346153][T20688] Call Trace:
[  345.346159][T20688]  <TASK>
[  345.346167][T20688]  __dump_stack+0x1d/0x30
[  345.346234][T20688]  dump_stack_lvl+0xe8/0x140
[  345.346260][T20688]  dump_stack+0x15/0x1b
[  345.346278][T20688]  should_fail_ex+0x265/0x280
[  345.346312][T20688]  should_failslab+0x8c/0xb0
[  345.346353][T20688]  __kmalloc_noprof+0xa5/0x3e0
[  345.346385][T20688]  ? bpf_map_meta_alloc+0x116/0x340
[  345.346412][T20688]  bpf_map_meta_alloc+0x116/0x340
[  345.346450][T20688]  htab_of_map_alloc+0x21/0x80
[  345.346485][T20688]  map_create+0x843/0xca0
[  345.346558][T20688]  ? security_bpf+0x2b/0x90
[  345.346615][T20688]  __sys_bpf+0x545/0x7b0
[  345.346648][T20688]  __x64_sys_bpf+0x41/0x50
[  345.346677][T20688]  x64_sys_call+0x2aea/0x2ff0
[  345.346704][T20688]  do_syscall_64+0xd2/0x200
[  345.346781][T20688]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  345.346806][T20688]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  345.346826][T20688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.346847][T20688] RIP: 0033:0x7fdfa99ceb69
[  345.346865][T20688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.346889][T20688] RSP: 002b:00007fdfa802f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  345.346913][T20688] RAX: ffffffffffffffda RBX: 00007fdfa9bf5fa0 RCX: 00007fdfa99ceb69
[  345.346960][T20688] RDX: 0000000000000050 RSI: 00002000000008c0 RDI: 0000000000000000
[  345.347034][T20688] RBP: 00007fdfa802f090 R08: 0000000000000000 R09: 0000000000000000
[  345.347045][T20688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  345.347056][T20688] R13: 0000000000000000 R14: 00007fdfa9bf5fa0 R15: 00007fffb4c4c7d8
[  345.347074][T20688]  </TASK>
[  345.705713][  T139] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  345.733231][  T139] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  345.747873][  T139] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  345.769087][T20704] tmpfs: Bad value for 'mpol'
[  345.828214][  T139] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  345.838411][T20705] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5631'.
[  345.982066][T20718] FAULT_INJECTION: forcing a failure.
[  345.982066][T20718] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  345.995389][T20718] CPU: 1 UID: 0 PID: 20718 Comm: syz.2.5640 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  345.995479][T20718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  345.995495][T20718] Call Trace:
[  345.995503][T20718]  <TASK>
[  345.995513][T20718]  __dump_stack+0x1d/0x30
[  345.995535][T20718]  dump_stack_lvl+0xe8/0x140
[  345.995553][T20718]  dump_stack+0x15/0x1b
[  345.995573][T20718]  should_fail_ex+0x265/0x280
[  345.995656][T20718]  should_fail_alloc_page+0xf2/0x100
[  345.995701][T20718]  __alloc_frozen_pages_noprof+0xff/0x360
[  345.995745][T20718]  alloc_pages_mpol+0xb3/0x250
[  345.995800][T20718]  vma_alloc_folio_noprof+0x1aa/0x300
[  345.995832][T20718]  handle_mm_fault+0xec2/0x2c20
[  345.995854][T20718]  ? __rcu_read_unlock+0x4f/0x70
[  345.995947][T20718]  do_user_addr_fault+0x3fe/0x1090
[  345.996086][T20718]  exc_page_fault+0x62/0xa0
[  345.996106][T20718]  asm_exc_page_fault+0x26/0x30
[  345.996146][T20718] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  345.996245][T20718] Code: f6 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 8f f6 01 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  345.996268][T20718] RSP: 0018:ffffc90001213b50 EFLAGS: 00050206
[  345.996288][T20718] RAX: ffff88811a73cca0 RBX: ffffc90001213ce0 RCX: 0000000000000e80
[  345.996305][T20718] RDX: 0000000000000000 RSI: ffff888008dfe180 RDI: 0000200000001000
[  345.996319][T20718] RBP: 0000000000000b80 R08: 00000000000006cc R09: 0000000000000000
[  345.996358][T20718] R10: 0001888008dfe000 R11: 0001888008dfefff R12: ffffc90001213cc8
[  345.996370][T20718] R13: 0000000000001000 R14: 0000000000001000 R15: 0000000000001000
[  345.996400][T20718]  _copy_to_iter+0x2d9/0xe30
[  345.996424][T20718]  ? should_fail_ex+0xdb/0x280
[  345.996456][T20718]  copy_page_to_iter+0x18f/0x2d0
[  345.996571][T20718]  process_vm_rw+0x672/0x960
[  345.996638][T20718]  __x64_sys_process_vm_readv+0x78/0x90
[  345.996671][T20718]  x64_sys_call+0x1874/0x2ff0
[  345.996700][T20718]  do_syscall_64+0xd2/0x200
[  345.996749][T20718]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  345.996772][T20718]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  345.996793][T20718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.996817][T20718] RIP: 0033:0x7f1637b6eb69
[  345.996835][T20718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.996912][T20718] RSP: 002b:00007f16361cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  345.996984][T20718] RAX: ffffffffffffffda RBX: 00007f1637d95fa0 RCX: 00007f1637b6eb69
[  345.997000][T20718] RDX: 0000000000000002 RSI: 0000200000008400 RDI: 000000000000055f
[  345.997017][T20718] RBP: 00007f16361cf090 R08: 0000000000000286 R09: 0000000000000000
[  345.997031][T20718] R10: 0000200000008640 R11: 0000000000000246 R12: 0000000000000001
[  345.997043][T20718] R13: 0000000000000000 R14: 00007f1637d95fa0 R15: 00007ffc242a0898
[  345.997062][T20718]  </TASK>
[  346.337186][T20716] netlink: 256 bytes leftover after parsing attributes in process `syz.3.5639'.
[  346.367724][T20727] netlink: 'syz.2.5643': attribute type 3 has an invalid length.
[  346.387385][T20722] netlink: 'syz.0.5642': attribute type 3 has an invalid length.
[  346.420562][T20729] netlink: 104 bytes leftover after parsing attributes in process `syz.5.5644'.
[  346.482413][T20736] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5647'.
[  346.518001][T20730] netlink: 104 bytes leftover after parsing attributes in process `syz.1.5645'.
[  346.553419][T20741] loop3: detected capacity change from 0 to 512
[  346.608458][T20751] FAULT_INJECTION: forcing a failure.
[  346.608458][T20751] name failslab, interval 1, probability 0, space 0, times 0
[  346.621252][T20751] CPU: 1 UID: 0 PID: 20751 Comm: syz.5.5654 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  346.621324][T20751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  346.621335][T20751] Call Trace:
[  346.621402][T20751]  <TASK>
[  346.621410][T20751]  __dump_stack+0x1d/0x30
[  346.621433][T20751]  dump_stack_lvl+0xe8/0x140
[  346.621452][T20751]  dump_stack+0x15/0x1b
[  346.621466][T20751]  should_fail_ex+0x265/0x280
[  346.621539][T20751]  should_failslab+0x8c/0xb0
[  346.621574][T20751]  __kmalloc_noprof+0xa5/0x3e0
[  346.621631][T20751]  ? alloc_trace_uprobe+0x2f/0x1e0
[  346.621652][T20751]  alloc_trace_uprobe+0x2f/0x1e0
[  346.621670][T20751]  ? create_local_trace_uprobe+0x91/0x2c0
[  346.621698][T20751]  create_local_trace_uprobe+0xb5/0x2c0
[  346.621727][T20751]  perf_uprobe_init+0xc0/0x150
[  346.621845][T20751]  perf_uprobe_event_init+0xc4/0x140
[  346.621958][T20751]  perf_try_init_event+0xd6/0x540
[  346.621989][T20751]  ? perf_event_alloc+0xb1c/0x1740
[  346.622160][T20751]  perf_event_alloc+0xb27/0x1740
[  346.622229][T20751]  __se_sys_perf_event_open+0x615/0x11c0
[  346.622267][T20751]  ? __rcu_read_unlock+0x4f/0x70
[  346.622301][T20751]  __x64_sys_perf_event_open+0x67/0x80
[  346.622401][T20751]  x64_sys_call+0x7bd/0x2ff0
[  346.622488][T20751]  do_syscall_64+0xd2/0x200
[  346.622532][T20751]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  346.622680][T20751]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  346.622704][T20751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.622781][T20751] RIP: 0033:0x7f0299f8eb69
[  346.622794][T20751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  346.622810][T20751] RSP: 002b:00007f02985f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  346.622928][T20751] RAX: ffffffffffffffda RBX: 00007f029a1b5fa0 RCX: 00007f0299f8eb69
[  346.622939][T20751] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  346.622949][T20751] RBP: 00007f02985f7090 R08: 0000000000000000 R09: 0000000000000000
[  346.623001][T20751] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  346.623013][T20751] R13: 0000000000000000 R14: 00007f029a1b5fa0 R15: 00007ffe39e65408
[  346.623031][T20751]  </TASK>
[  346.623038][T20751] trace_uprobe: Failed to allocate trace_uprobe.(-12)
[  346.644750][T20749] IPv6: Can't replace route, no match found
[  346.896945][T20770] 8021q: adding VLAN 0 to HW filter on device bond3
[  346.906352][T20770] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5661'.
[  346.922570][T20770] bond3 (unregistering): Released all slaves
[  346.964215][T20778] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5664'.
[  347.074205][T20796] SELinux:  policydb version -957581230 does not match my version range 15-35
[  347.096986][T20796] SELinux: failed to load policy
[  347.180763][T20802] IPv6: Can't replace route, no match found
[  347.291575][T20818] FAULT_INJECTION: forcing a failure.
[  347.291575][T20818] name failslab, interval 1, probability 0, space 0, times 0
[  347.305346][T20818] CPU: 1 UID: 0 PID: 20818 Comm: syz.2.5680 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  347.305372][T20818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  347.305385][T20818] Call Trace:
[  347.305391][T20818]  <TASK>
[  347.305398][T20818]  __dump_stack+0x1d/0x30
[  347.305473][T20818]  dump_stack_lvl+0xe8/0x140
[  347.305492][T20818]  dump_stack+0x15/0x1b
[  347.305507][T20818]  should_fail_ex+0x265/0x280
[  347.305574][T20818]  should_failslab+0x8c/0xb0
[  347.305631][T20818]  kmem_cache_alloc_node_noprof+0x57/0x320
[  347.305675][T20818]  ? __alloc_skb+0x101/0x320
[  347.305703][T20818]  __alloc_skb+0x101/0x320
[  347.305744][T20818]  _sctp_make_chunk+0x59/0x210
[  347.305779][T20818]  sctp_make_abort_user+0x4c/0x3a0
[  347.305800][T20818]  ? __pfx_sctp_v4_cmp_addr+0x10/0x10
[  347.305836][T20818]  sctp_sendmsg_check_sflags+0x17e/0x1e0
[  347.305907][T20818]  sctp_sendmsg+0x75f/0x18d0
[  347.305940][T20818]  ? __pfx_sctp_sendmsg+0x10/0x10
[  347.305966][T20818]  inet_sendmsg+0xc5/0xd0
[  347.306019][T20818]  __sock_sendmsg+0x102/0x180
[  347.306043][T20818]  ____sys_sendmsg+0x345/0x4e0
[  347.306085][T20818]  ___sys_sendmsg+0x17b/0x1d0
[  347.306209][T20818]  __sys_sendmmsg+0x178/0x300
[  347.306261][T20818]  __x64_sys_sendmmsg+0x57/0x70
[  347.306378][T20818]  x64_sys_call+0x1c4a/0x2ff0
[  347.306404][T20818]  do_syscall_64+0xd2/0x200
[  347.306477][T20818]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  347.306505][T20818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.306529][T20818] RIP: 0033:0x7f1637b6eb69
[  347.306547][T20818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.306568][T20818] RSP: 002b:00007f16361cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  347.306618][T20818] RAX: ffffffffffffffda RBX: 00007f1637d95fa0 RCX: 00007f1637b6eb69
[  347.306633][T20818] RDX: 0000000000000001 RSI: 00002000000032c0 RDI: 0000000000000007
[  347.306676][T20818] RBP: 00007f16361cf090 R08: 0000000000000000 R09: 0000000000000000
[  347.306690][T20818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.306704][T20818] R13: 0000000000000000 R14: 00007f1637d95fa0 R15: 00007ffc242a0898
[  347.306728][T20818]  </TASK>
[  347.655610][T20851] syzkaller0: entered allmulticast mode
[  347.673716][T20853] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.717433][T20861] validate_nla: 1 callbacks suppressed
[  347.717445][T20861] netlink: 'syz.3.5699': attribute type 4 has an invalid length.
[  347.750574][T20851] syzkaller0: entered promiscuous mode
[  347.772959][T20863] syzkaller0 (unregistering): left allmulticast mode
[  347.779723][T20863] syzkaller0 (unregistering): left promiscuous mode
[  347.841938][T20853] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  347.903700][T20853] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.155557][T20883] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  348.162211][T20883] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  348.169920][T20883] vhci_hcd vhci_hcd.0: Device attached
[  348.187023][T20853] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.230437][T20884] vhci_hcd: connection closed
[  348.230732][   T12] vhci_hcd: stop threads
[  348.239696][   T12] vhci_hcd: release socket
[  348.244109][   T12] vhci_hcd: disconnect device
[  348.279988][T20889] netlink: 'syz.0.5706': attribute type 3 has an invalid length.
[  348.405755][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  348.454452][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  348.570748][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  348.650555][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  348.948915][ T3380] net_ratelimit: 30 callbacks suppressed
[  348.948940][ T3380] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  349.070896][T20912] netlink: 'syz.3.5714': attribute type 4 has an invalid length.
[  349.078768][T20912] __nla_validate_parse: 4 callbacks suppressed
[  349.078804][T20912] netlink: 17 bytes leftover after parsing attributes in process `syz.3.5714'.
[  349.110956][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  349.119273][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  349.544954][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  349.710248][T20932] netlink: 'syz.5.5723': attribute type 3 has an invalid length.
[  349.713533][T20923] netlink: 256 bytes leftover after parsing attributes in process `syz.0.5720'.
[  349.857826][   T29] kauditd_printk_skb: 240 callbacks suppressed
[  349.857843][T20943] tmpfs: Bad value for 'mpol'
[  349.857842][   T29] audit: type=1400 audit(1754290218.456:12338): avc:  denied  { mounton } for  pid=20942 comm="syz.5.5727" path="/syzcgroup/unified/syz5" dev="loop5" ino=1472 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=dir permissive=1
[  349.868509][T20927] netlink: 256 bytes leftover after parsing attributes in process `syz.2.5721'.
[  349.988850][T20949] netlink: 104 bytes leftover after parsing attributes in process `syz.3.5729'.
[  350.104025][T20968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  350.112624][T20968] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  350.134310][   T29] audit: type=1326 audit(1754290218.736:12339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20969 comm="syz.3.5738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  350.537964][   T29] audit: type=1326 audit(1754290218.736:12340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20969 comm="syz.3.5738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=326 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  350.561762][   T29] audit: type=1326 audit(1754290218.736:12341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20969 comm="syz.3.5738" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  350.617827][T20975] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5739'.
[  350.779384][ T3380] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  350.786146][T20983] tmpfs: Bad value for 'mpol'
[  350.792434][T16907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  350.948657][T21000] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5749'.
[  350.974788][T20991] netlink: 256 bytes leftover after parsing attributes in process `syz.0.5746'.
[  351.016813][T20994] tipc: New replicast peer: 10.1.1.2
[  351.022255][T20994] tipc: Enabled bearer <udp:syz2>, priority 10
[  351.028047][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  351.036631][ T3380] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  351.047973][T21002] IPv6: Can't replace route, no match found
[  351.144702][T21016] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5755'.
[  351.299259][T21026] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5759'.
[  351.309361][T21026] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5759'.
[  351.382384][T21037] netlink: 'syz.3.5764': attribute type 4 has an invalid length.
[  351.386576][T21040] netlink: 'syz.2.5765': attribute type 3 has an invalid length.
[  351.399910][   T29] audit: type=1326 audit(1754290219.986:12342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21036 comm="syz.3.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  351.423544][   T29] audit: type=1326 audit(1754290219.986:12343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21036 comm="syz.3.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  351.428487][T21041] netlink: 'syz.0.5763': attribute type 3 has an invalid length.
[  351.447247][   T29] audit: type=1326 audit(1754290219.986:12344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21036 comm="syz.3.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  351.478601][   T29] audit: type=1326 audit(1754290219.986:12345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21036 comm="syz.3.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  351.502190][   T29] audit: type=1326 audit(1754290219.986:12346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21036 comm="syz.3.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  351.525877][   T29] audit: type=1326 audit(1754290219.986:12347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21036 comm="syz.3.5764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  351.668684][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  351.828189][T13314] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  352.148061][T13314] tipc: Node number set to 1883200940
[  352.171664][T21080] netlink: 'syz.3.5780': attribute type 4 has an invalid length.
[  352.485364][T21081] chnl_net:caif_netlink_parms(): no params data found
[  352.588670][T21081] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.595743][T21081] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.609305][T21081] bridge_slave_0: entered allmulticast mode
[  352.617431][T21117] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  352.623982][T21117] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  352.631557][T21117] vhci_hcd vhci_hcd.0: Device attached
[  352.639996][T21081] bridge_slave_0: entered promiscuous mode
[  352.648689][T21081] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.655742][T21081] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.665714][T21081] bridge_slave_1: entered allmulticast mode
[  352.672248][T21118] vhci_hcd: connection closed
[  352.672461][  T139] vhci_hcd: stop threads
[  352.676270][T21081] bridge_slave_1: entered promiscuous mode
[  352.677252][  T139] vhci_hcd: release socket
[  352.691658][  T139] vhci_hcd: disconnect device
[  352.730088][T21081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  352.745788][T21081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  352.769203][T21129] tipc: Started in network mode
[  352.774164][T21129] tipc: Node identity 8e68dad79c96, cluster identity 4711
[  352.781428][T21129] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  352.789050][T21129] syzkaller0: entered promiscuous mode
[  352.794513][T21129] syzkaller0: entered allmulticast mode
[  352.862906][T21129] tipc: Resetting bearer <eth:syzkaller0>
[  352.869545][T21081] team0: Port device team_slave_0 added
[  352.876146][T21081] team0: Port device team_slave_1 added
[  352.887045][T21128] tipc: Resetting bearer <eth:syzkaller0>
[  352.894108][T21128] tipc: Disabling bearer <eth:syzkaller0>
[  352.906595][T21081] batman_adv: batadv0: Adding interface: batadv_slave_0
[  352.913678][T21081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  352.939744][T21081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  352.954845][T21081] batman_adv: batadv0: Adding interface: batadv_slave_1
[  352.961829][T21081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  352.987766][T21081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  353.003395][T21134] IPv6: Can't replace route, no match found
[  353.123048][T21081] hsr_slave_0: entered promiscuous mode
[  353.164315][T21081] hsr_slave_1: entered promiscuous mode
[  353.204329][T21081] debugfs: 'hsr0' already exists in 'hsr'
[  353.210111][T21081] Cannot create hsr debugfs directory
[  353.454702][T21081] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.479968][T21081] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.529623][T21081] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.543441][T21158] vhci_hcd: invalid port number 96
[  353.548655][T21158] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  353.627007][T21081] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.641849][T21172] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  353.648375][T21172] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  353.656035][T21172] vhci_hcd vhci_hcd.0: Device attached
[  353.676836][T21174] netlink: 'syz.0.5815': attribute type 4 has an invalid length.
[  353.677990][T21175] vhci_hcd: connection closed
[  353.687842][   T12] vhci_hcd: stop threads
[  353.696817][   T12] vhci_hcd: release socket
[  353.701273][   T12] vhci_hcd: disconnect device
[  353.761221][T21185] netlink: 'syz.5.5817': attribute type 3 has an invalid length.
[  353.826787][T21081] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  353.836030][T21081] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  353.845060][T21081] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  353.853780][T21081] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  353.890063][T21081] 8021q: adding VLAN 0 to HW filter on device bond0
[  353.907977][T21081] 8021q: adding VLAN 0 to HW filter on device team0
[  353.917171][ T3432] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.924307][ T3432] bridge0: port 1(bridge_slave_0) entered forwarding state
[  353.962367][ T3432] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.969593][ T3432] bridge0: port 2(bridge_slave_1) entered forwarding state
[  354.009244][T21081] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  354.022396][T21199] vhci_hcd: invalid port number 96
[  354.027588][T21199] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  354.062151][  T292] bridge_slave_1: left allmulticast mode
[  354.067845][  T292] bridge_slave_1: left promiscuous mode
[  354.073647][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.084258][  T292] bridge_slave_0: left allmulticast mode
[  354.090107][  T292] bridge_slave_0: left promiscuous mode
[  354.095953][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.166149][T21210] rtc_cmos 00:00: Alarms can be up to one day in the future
[  354.319618][  T292] bond0 (unregistering): left promiscuous mode
[  354.322624][    T9] rtc_cmos 00:00: Alarms can be up to one day in the future
[  354.325800][  T292] bond_slave_0: left promiscuous mode
[  354.333591][    T9] rtc_cmos 00:00: Alarms can be up to one day in the future
[  354.338618][  T292] bond_slave_1: left promiscuous mode
[  354.346203][    T9] rtc_cmos 00:00: Alarms can be up to one day in the future
[  354.358901][    T9] rtc_cmos 00:00: Alarms can be up to one day in the future
[  354.366178][    T9] rtc rtc0: __rtc_set_alarm: err=-22
[  354.371869][  T292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  354.380759][  T292] bond_slave_0: left allmulticast mode
[  354.387629][  T292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  354.398332][  T292] bond_slave_1: left allmulticast mode
[  354.404354][  T292] bond0 (unregistering): Released all slaves
[  354.421059][T21223] dummy0: entered promiscuous mode
[  354.436625][T21223] bond0: entered promiscuous mode
[  354.441710][T21223] bond_slave_0: entered promiscuous mode
[  354.447495][T21223] bond_slave_1: entered promiscuous mode
[  354.456072][T21223] bond0: left promiscuous mode
[  354.460891][T21223] bond_slave_0: left promiscuous mode
[  354.466373][T21223] bond_slave_1: left promiscuous mode
[  354.495683][T21223] dummy0: left promiscuous mode
[  354.520129][  T292] dummy0: left promiscuous mode
[  354.526995][  T292] hsr_slave_0: left promiscuous mode
[  354.533664][  T292] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  354.541076][  T292] batman_adv: batadv0: Removing interface: batadv_slave_0
[  354.560090][  T292] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  354.567497][  T292] batman_adv: batadv0: Removing interface: batadv_slave_1
[  354.580943][  T292] veth1_macvtap: left promiscuous mode
[  354.586665][  T292] veth0_macvtap: left promiscuous mode
[  354.600800][  T292] veth1_vlan: left promiscuous mode
[  354.602627][T21227] __nla_validate_parse: 9 callbacks suppressed
[  354.602704][T21227] netlink: 256 bytes leftover after parsing attributes in process `syz.3.5830'.
[  354.606117][  T292] veth0_vlan: left promiscuous mode
[  354.683669][  T292] team0 (unregistering): Port device team_slave_1 removed
[  354.693019][  T292] team0 (unregistering): Port device team_slave_0 removed
[  354.741548][T21081] 8021q: adding VLAN 0 to HW filter on device batadv0
[  354.854549][T21081] veth0_vlan: entered promiscuous mode
[  354.866402][   T29] kauditd_printk_skb: 203 callbacks suppressed
[  354.866446][   T29] audit: type=1326 audit(1754290223.466:12551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21253 comm="syz.3.5838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  354.868570][T21254] netlink: 'syz.3.5838': attribute type 4 has an invalid length.
[  354.877946][   T29] audit: type=1326 audit(1754290223.466:12552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21253 comm="syz.3.5838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  354.896202][T21254] netlink: 17 bytes leftover after parsing attributes in process `syz.3.5838'.
[  354.904031][   T29] audit: type=1326 audit(1754290223.466:12553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21253 comm="syz.3.5838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  354.940704][T21081] veth1_vlan: entered promiscuous mode
[  354.959964][   T29] audit: type=1326 audit(1754290223.466:12554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21253 comm="syz.3.5838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  354.974408][T21081] veth0_macvtap: entered promiscuous mode
[  354.988799][   T29] audit: type=1326 audit(1754290223.466:12555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21253 comm="syz.3.5838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  354.996188][T21081] veth1_macvtap: entered promiscuous mode
[  355.018042][   T29] audit: type=1326 audit(1754290223.466:12556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21253 comm="syz.3.5838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  355.036493][ T3380] net_ratelimit: 5 callbacks suppressed
[  355.036575][ T3380] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  355.047180][   T29] audit: type=1326 audit(1754290223.466:12557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21253 comm="syz.3.5838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  355.056315][T21081] batman_adv: batadv0: Interface activated: batadv_slave_0
[  355.060829][   T29] audit: type=1326 audit(1754290223.466:12558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21253 comm="syz.3.5838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  355.060865][   T29] audit: type=1326 audit(1754290223.466:12559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21253 comm="syz.3.5838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  355.138821][   T29] audit: type=1326 audit(1754290223.466:12560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21253 comm="syz.3.5838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fdfa99ceb69 code=0x7ffc0000
[  355.162639][T13314] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  355.178013][T21081] batman_adv: batadv0: Interface activated: batadv_slave_1
[  355.191116][ T4879] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  355.200024][ T4879] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  355.239413][ T4879] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  355.250830][ T4879] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  355.320342][T21266] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5841'.
[  355.408882][T21284] program syz.5.5849 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  355.423540][T21286] netlink: 'syz.0.5850': attribute type 4 has an invalid length.
[  355.431454][T21286] netlink: 17 bytes leftover after parsing attributes in process `syz.0.5850'.
[  355.440679][T21288] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5851'.
[  355.465038][T21291] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7 sclass=netlink_route_socket pid=21291 comm=syz.1.5852
[  355.494164][T21295] program syz.1.5853 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  355.589939][T21317] netlink: 'syz.5.5862': attribute type 3 has an invalid length.
[  355.634758][T21327] 9pnet_fd: Insufficient options for proto=fd
[  355.636933][T21325] netlink: 'syz.3.5866': attribute type 4 has an invalid length.
[  355.648626][T21325] netlink: 17 bytes leftover after parsing attributes in process `syz.3.5866'.
[  355.806541][T21348] delete_channel: no stack
[  355.811241][T21348] delete_channel: no stack
[  355.825048][T21348] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5877'.
[  355.833989][T21348] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5877'.
[  355.861565][T21352] 9pnet_fd: Insufficient options for proto=fd
[  355.980979][T21359] netlink: 'syz.0.5881': attribute type 4 has an invalid length.
[  355.988843][T21359] netlink: 17 bytes leftover after parsing attributes in process `syz.0.5881'.
[  356.636796][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  356.671259][T13314] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  356.750881][T21385] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5891'.
[  356.804470][T21387] 9pnet_fd: Insufficient options for proto=fd
[  356.834730][T21393] netlink: 'syz.0.5895': attribute type 3 has an invalid length.
[  357.024117][T21411] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  357.033505][T21411] syzkaller0: entered promiscuous mode
[  357.039021][T21411] syzkaller0: entered allmulticast mode
[  357.073369][T21411] tipc: Resetting bearer <eth:syzkaller0>
[  357.080294][T21409] tipc: Resetting bearer <eth:syzkaller0>
[  357.098912][T21409] tipc: Disabling bearer <eth:syzkaller0>
[  357.683937][ T6675] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  357.758616][T13314] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  357.769843][ T6675] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  357.822166][ T6675] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  357.879369][ T6675] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  357.914723][T21425] chnl_net:caif_netlink_parms(): no params data found
[  358.254032][ T6675] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  358.271819][ T6675] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  358.285650][ T6675] bond0 (unregistering): Released all slaves
[  358.304616][ T6675] bond1 (unregistering): Released all slaves
[  358.323614][ T6675] bond2 (unregistering): Released all slaves
[  358.372038][T21425] bridge0: port 1(bridge_slave_0) entered blocking state
[  358.379154][T21425] bridge0: port 1(bridge_slave_0) entered disabled state
[  358.394141][T21425] bridge_slave_0: entered allmulticast mode
[  358.407826][T21425] bridge_slave_0: entered promiscuous mode
[  358.426931][T21425] bridge0: port 2(bridge_slave_1) entered blocking state
[  358.434100][T21425] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.458732][T21425] bridge_slave_1: entered allmulticast mode
[  358.473568][T21425] bridge_slave_1: entered promiscuous mode
[  358.494047][T21459] tipc: Started in network mode
[  358.498977][T21459] tipc: Node identity 96d02a21f4fb, cluster identity 4711
[  358.506141][T21459] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  358.521023][T21460] syzkaller0: entered promiscuous mode
[  358.526518][T21460] syzkaller0: entered allmulticast mode
[  358.533489][ T6675] tipc: Left network mode
[  358.542081][T21457] tipc: Resetting bearer <eth:syzkaller0>
[  358.557723][ T6675] IPVS: stopping backup sync thread 13259 ...
[  358.566453][T21456] tipc: Resetting bearer <eth:syzkaller0>
[  358.585865][T21456] tipc: Disabling bearer <eth:syzkaller0>
[  358.606687][ T6675] hsr_slave_0: left promiscuous mode
[  358.618705][ T6675] hsr_slave_1: left promiscuous mode
[  358.629606][ T6675] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  358.637081][ T6675] batman_adv: batadv0: Removing interface: batadv_slave_0
[  358.661700][ T6675] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  358.669149][ T6675] batman_adv: batadv0: Removing interface: batadv_slave_1
[  358.680523][ T6675] veth1_macvtap: left promiscuous mode
[  358.686696][ T6675] veth0_macvtap: left promiscuous mode
[  358.700137][ T6675] veth1_vlan: left promiscuous mode
[  358.713710][ T6675] veth0_vlan: left promiscuous mode
[  358.737292][T21473] netlink: 'syz.5.5921': attribute type 10 has an invalid length.
[  358.788291][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  358.799533][T21481] netlink: 'syz.5.5921': attribute type 10 has an invalid length.
[  358.843853][T21425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  358.866558][T21473] team0: Port device dummy0 added
[  358.886053][T21481] team0: Port device dummy0 removed
[  358.906232][T21481] dummy0: entered promiscuous mode
[  358.913301][T21481] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  358.945206][T21425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  358.967395][T21495] tmpfs: Bad value for 'mpol'
[  358.987557][T21425] team0: Port device team_slave_0 added
[  358.994277][T21425] team0: Port device team_slave_1 added
[  359.010724][T21425] batman_adv: batadv0: Adding interface: batadv_slave_0
[  359.017693][T21425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  359.043954][T21425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  359.068250][T21425] batman_adv: batadv0: Adding interface: batadv_slave_1
[  359.075297][T21425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  359.101279][T21425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  359.113476][T21501] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[  359.120096][T21501] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  359.127968][T21501] vhci_hcd vhci_hcd.0: Device attached
[  359.140697][T21502] vhci_hcd: connection closed
[  359.142741][   T12] vhci_hcd: stop threads
[  359.151745][   T12] vhci_hcd: release socket
[  359.156169][   T12] vhci_hcd: disconnect device
[  359.174511][T21425] hsr_slave_0: entered promiscuous mode
[  359.182674][T21425] hsr_slave_1: entered promiscuous mode
[  359.190828][T21425] debugfs: 'hsr0' already exists in 'hsr'
[  359.196582][T21425] Cannot create hsr debugfs directory
[  359.491547][T21425] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  359.538671][T21425] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  359.603762][T21425] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  359.613443][T21425] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  359.657665][T21425] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.829254][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  359.944152][   T29] kauditd_printk_skb: 263 callbacks suppressed
[  359.944192][   T29] audit: type=1326 audit(1754290228.546:12822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21559 comm="syz.5.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0299f8eb69 code=0x7ffc0000
[  360.047027][   T29] audit: type=1326 audit(1754290228.586:12823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21559 comm="syz.5.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0299f8eb69 code=0x7ffc0000
[  360.070810][   T29] audit: type=1326 audit(1754290228.586:12824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21559 comm="syz.5.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0299f8eb69 code=0x7ffc0000
[  360.094269][ T3407] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  360.094458][   T29] audit: type=1326 audit(1754290228.586:12825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21559 comm="syz.5.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0299f8eb69 code=0x7ffc0000
[  360.102672][ T3380] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  360.126039][   T29] audit: type=1326 audit(1754290228.586:12826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21559 comm="syz.5.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0299f8eb69 code=0x7ffc0000
[  360.142873][T21425] 8021q: adding VLAN 0 to HW filter on device team0
[  360.157738][   T29] audit: type=1326 audit(1754290228.586:12827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21559 comm="syz.5.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0299f8eb69 code=0x7ffc0000
[  360.187891][   T29] audit: type=1326 audit(1754290228.586:12828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21559 comm="syz.5.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0299f8eb69 code=0x7ffc0000
[  360.211625][   T29] audit: type=1326 audit(1754290228.586:12829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21559 comm="syz.5.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0299f8eb69 code=0x7ffc0000
[  360.235314][   T29] audit: type=1326 audit(1754290228.586:12830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21559 comm="syz.5.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0299f8eb69 code=0x7ffc0000
[  360.247966][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.259134][   T29] audit: type=1326 audit(1754290228.586:12831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21559 comm="syz.5.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0299f8eb69 code=0x7ffc0000
[  360.266154][  T292] bridge0: port 1(bridge_slave_0) entered forwarding state
[  360.301638][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.308729][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[  360.326777][T21425] 8021q: adding VLAN 0 to HW filter on device batadv0
[  360.401719][T21574] __nla_validate_parse: 6 callbacks suppressed
[  360.401732][T21574] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5954'.
[  360.461668][T21582] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5955'.
[  360.492915][T21425] veth0_vlan: entered promiscuous mode
[  360.511874][T21425] veth1_vlan: entered promiscuous mode
[  360.546527][T21425] veth0_macvtap: entered promiscuous mode
[  360.548517][T21588] netlink: 'syz.1.5958': attribute type 3 has an invalid length.
[  360.571308][T21425] veth1_macvtap: entered promiscuous mode
[  360.593479][T21425] batman_adv: batadv0: Interface activated: batadv_slave_0
[  360.612020][T21425] batman_adv: batadv0: Interface activated: batadv_slave_1
[  360.633301][  T292] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  360.642899][  T292] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  360.684862][  T292] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  360.706759][  T292] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  360.750735][T21603] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  360.757282][T21603] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  360.764851][T21603] vhci_hcd vhci_hcd.0: Device attached
[  360.777219][T21604] vhci_hcd: connection closed
[  360.777665][  T292] vhci_hcd: stop threads
[  360.786708][  T292] vhci_hcd: release socket
[  360.791215][  T292] vhci_hcd: disconnect device
[  360.798361][ T3407] IPVS: starting estimator thread 0...
[  360.878279][T16907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  360.898193][T21607] IPVS: using max 2688 ests per chain, 134400 per kthread
[  360.968189][T21625] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125
[  361.052093][ T4879] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.090298][ T4879] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.139841][ T4879] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.152312][T21613] chnl_net:caif_netlink_parms(): no params data found
[  361.200434][T21613] bridge0: port 1(bridge_slave_0) entered blocking state
[  361.207532][T21613] bridge0: port 1(bridge_slave_0) entered disabled state
[  361.214935][T21613] bridge_slave_0: entered allmulticast mode
[  361.223113][T21613] bridge_slave_0: entered promiscuous mode
[  361.242009][ T4879] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.258084][T21613] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.265242][T21613] bridge0: port 2(bridge_slave_1) entered disabled state
[  361.274046][T21613] bridge_slave_1: entered allmulticast mode
[  361.281393][T21613] bridge_slave_1: entered promiscuous mode
[  361.333095][T21613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  361.348782][ T4879] batadv1: left allmulticast mode
[  361.353928][ T4879] batadv1: left promiscuous mode
[  361.359244][ T4879] bridge0: port 3(batadv1) entered disabled state
[  361.374059][ T4879] bridge_slave_1: left allmulticast mode
[  361.379945][ T4879] bridge_slave_1: left promiscuous mode
[  361.385711][ T4879] bridge0: port 2(bridge_slave_1) entered disabled state
[  361.418721][ T4879] bridge_slave_0: left allmulticast mode
[  361.424429][ T4879] bridge_slave_0: left promiscuous mode
[  361.430182][ T4879] bridge0: port 1(bridge_slave_0) entered disabled state
[  361.626485][ T4879] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  361.641029][ T4879] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  361.644024][T21659] netlink: 256 bytes leftover after parsing attributes in process `syz.0.5979'.
[  361.660899][ T4879] bond0 (unregistering): Released all slaves
[  361.670864][T21613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  361.696102][T21613] team0: Port device team_slave_0 added
[  361.706556][T21613] team0: Port device team_slave_1 added
[  361.730992][T21613] batman_adv: batadv0: Adding interface: batadv_slave_0
[  361.737999][T21613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  361.763905][T21613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  361.769155][T21664] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5980'.
[  361.785231][ T4879] hsr_slave_0: left promiscuous mode
[  361.792323][ T4879] hsr_slave_1: left promiscuous mode
[  361.807126][ T4879] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  361.814563][ T4879] batman_adv: batadv0: Removing interface: batadv_slave_0
[  361.824167][T21666] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5981'.
[  361.833505][ T4879] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  361.840981][ T4879] batman_adv: batadv0: Removing interface: batadv_slave_1
[  361.856248][ T4879] veth1_macvtap: left promiscuous mode
[  361.868081][ T4879] veth0_macvtap: left promiscuous mode
[  361.885197][T21668] IPv6: Can't replace route, no match found
[  361.910072][T16907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  361.939532][T21673] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  361.946075][T21673] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  361.953632][T21673] vhci_hcd vhci_hcd.0: Device attached
[  361.983330][T21675] vhci_hcd: connection closed
[  361.983735][ T6675] vhci_hcd: stop threads
[  361.992720][ T6675] vhci_hcd: release socket
[  361.997142][ T6675] vhci_hcd: disconnect device
[  362.004086][ T4879] team0 (unregistering): Port device team_slave_1 removed
[  362.012857][T21679] netlink: 'syz.5.5986': attribute type 3 has an invalid length.
[  362.020918][ T4879] team0 (unregistering): Port device team_slave_0 removed
[  362.082666][T21613] batman_adv: batadv0: Adding interface: batadv_slave_1
[  362.089820][T21613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  362.096332][T21689] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5991'.
[  362.115931][T21613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  362.137837][T21691] IPv6: Can't replace route, no match found
[  362.169327][T21613] hsr_slave_0: entered promiscuous mode
[  362.175599][T21613] hsr_slave_1: entered promiscuous mode
[  362.183862][T21613] debugfs: 'hsr0' already exists in 'hsr'
[  362.189678][T21613] Cannot create hsr debugfs directory
[  362.471522][T21721] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.540426][T21721] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.563888][T21725] netlink: '+}[@': attribute type 13 has an invalid length.
[  362.719727][T21721] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.758537][   T12] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  362.766997][   T12] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  362.779239][T21741] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  362.790938][T21721] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.812348][   T12] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  362.820935][T21613] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  362.832887][T21613] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  362.852143][   T12] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  362.862302][T21613] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  362.862708][T21747] tmpfs: Unknown parameter '01777777777777777777777'
[  362.877612][T21613] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  362.910807][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  362.931864][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  362.948349][T16907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  362.969777][ T4879] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  362.990225][ T4879] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.002018][T21613] 8021q: adding VLAN 0 to HW filter on device bond0
[  363.014460][T21613] 8021q: adding VLAN 0 to HW filter on device team0
[  363.029503][ T4879] bridge0: port 1(bridge_slave_0) entered blocking state
[  363.036553][ T4879] bridge0: port 1(bridge_slave_0) entered forwarding state
[  363.060574][ T4879] bridge0: port 2(bridge_slave_1) entered blocking state
[  363.067675][ T4879] bridge0: port 2(bridge_slave_1) entered forwarding state
[  363.097713][T21758] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6015'.
[  363.127645][T21760] netlink: 256 bytes leftover after parsing attributes in process `syz.3.6014'.
[  363.161095][T21764] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=20 sclass=netlink_audit_socket pid=21764 comm=syz.2.6016
[  363.178485][T21613] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  363.237364][T21613] 8021q: adding VLAN 0 to HW filter on device batadv0
[  363.277591][T21764] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6016'.
[  363.322374][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  363.418999][T21613] veth0_vlan: entered promiscuous mode
[  363.446404][T21613] veth1_vlan: entered promiscuous mode
[  363.484300][T21613] veth0_macvtap: entered promiscuous mode
[  363.508417][T21613] veth1_macvtap: entered promiscuous mode
[  363.534863][T21613] batman_adv: batadv0: Interface activated: batadv_slave_0
[  363.558338][T21613] batman_adv: batadv0: Interface activated: batadv_slave_1
[  363.577421][ T4879] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.586570][ T4879] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.611284][ T4879] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.631159][ T4879] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.688456][T21783] vhci_hcd: invalid port number 96
[  363.693638][T21783] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  364.223190][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  364.232464][T21792] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  364.238992][T21792] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  364.246564][T21792] vhci_hcd vhci_hcd.0: Device attached
[  364.256921][T21793] chnl_net:caif_netlink_parms(): no params data found
[  364.257800][T21803] vhci_hcd: connection closed
[  364.265002][   T12] vhci_hcd: stop threads
[  364.274028][   T12] vhci_hcd: release socket
[  364.278470][   T12] vhci_hcd: disconnect device
[  364.303824][T21793] bridge0: port 1(bridge_slave_0) entered blocking state
[  364.311222][T21793] bridge0: port 1(bridge_slave_0) entered disabled state
[  364.313256][T21811] tmpfs: Unknown parameter '01777777777777777777777'
[  364.321251][T21793] bridge_slave_0: entered allmulticast mode
[  364.332026][T21793] bridge_slave_0: entered promiscuous mode
[  364.341339][T21793] bridge0: port 2(bridge_slave_1) entered blocking state
[  364.348452][T21793] bridge0: port 2(bridge_slave_1) entered disabled state
[  364.355745][T21793] bridge_slave_1: entered allmulticast mode
[  364.362038][T21793] bridge_slave_1: entered promiscuous mode
[  364.374128][T21813] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.391443][T21793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  364.402331][T21793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  364.423367][T21813] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.435066][T21793] team0: Port device team_slave_0 added
[  364.441927][T21793] team0: Port device team_slave_1 added
[  364.458882][T21793] batman_adv: batadv0: Adding interface: batadv_slave_0
[  364.465850][T21793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  364.491924][T21793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  364.510938][T21813] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.563842][T21793] batman_adv: batadv0: Adding interface: batadv_slave_1
[  364.570859][T21793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  364.596785][T21793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  364.623173][T21813] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.648319][T21793] hsr_slave_0: entered promiscuous mode
[  364.654274][T21793] hsr_slave_1: entered promiscuous mode
[  364.660852][T21793] debugfs: 'hsr0' already exists in 'hsr'
[  364.666579][T21793] Cannot create hsr debugfs directory
[  364.815638][T21819] sd 0:0:1:0: device reset
[  365.170243][T21839] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6034'.
[  365.228376][T21845] netlink: 'syz.5.6036': attribute type 3 has an invalid length.
[  365.338634][ T3465] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.576954][T21854] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6040'.
[  365.693296][T21860] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.704392][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.716960][T21860] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.725276][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.733975][T21860] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.745181][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.756061][   T29] kauditd_printk_skb: 199 callbacks suppressed
[  365.756091][   T29] audit: type=1400 audit(1754290234.356:13031): avc:  denied  { block_suspend } for  pid=21857 comm="syz.1.6041" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  365.757550][T21860] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.792148][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.801321][T21860] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  365.889159][T21868] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6045'.
[  365.932543][T21874] netlink: '+}[@': attribute type 13 has an invalid length.
[  365.965310][   T29] audit: type=1400 audit(1754290234.566:13032): avc:  denied  { search } for  pid=21875 comm="syz.5.6049" name="/" dev="configfs" ino=151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  365.970896][T21876] netlink: 'syz.5.6049': attribute type 1 has an invalid length.
[  365.987595][   T29] audit: type=1400 audit(1754290234.566:13033): avc:  denied  { read open } for  pid=21875 comm="syz.5.6049" path="/" dev="configfs" ino=151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  366.018098][T21876] netlink: 'syz.5.6049': attribute type 4 has an invalid length.
[  366.025939][T21876] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.6049'.
[  366.044646][T21876] netlink: 'syz.5.6049': attribute type 1 has an invalid length.
[  366.048076][T21874] bridge0: port 2(bridge_slave_1) entered disabled state
[  366.052571][T21876] netlink: 'syz.5.6049': attribute type 4 has an invalid length.
[  366.059547][T21874] bridge0: port 1(bridge_slave_0) entered disabled state
[  366.067256][T21876] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.6049'.
[  366.094119][T21878] netlink: 'syz.0.6050': attribute type 3 has an invalid length.
[  366.124468][T21874] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  366.134978][T21874] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  366.136253][T21880] netlink: 'syz.5.6051': attribute type 3 has an invalid length.
[  366.176156][T21883] netlink: 'syz.5.6052': attribute type 3 has an invalid length.
[  366.197753][ T4879] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  366.208617][ T4879] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  366.217615][ T4879] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  366.226815][ T4879] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  366.445956][T21904] netlink: 87 bytes leftover after parsing attributes in process `syz.5.6060'.
[  367.006494][T21793] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  367.019580][T21911] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6061'.
[  367.027587][T21793] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  367.039189][T21793] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  367.068405][T21793] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  367.134368][T21793] 8021q: adding VLAN 0 to HW filter on device bond0
[  367.147159][T21793] 8021q: adding VLAN 0 to HW filter on device team0
[  367.190871][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.197993][  T292] bridge0: port 1(bridge_slave_0) entered forwarding state
[  367.234589][T21793] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  367.245046][T21793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  367.273099][T21923] netlink: 87 bytes leftover after parsing attributes in process `syz.5.6064'.
[  367.349521][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[  367.356600][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[  367.594958][T21793] 8021q: adding VLAN 0 to HW filter on device batadv0
[  367.849016][T21793] veth0_vlan: entered promiscuous mode
[  367.865304][T21793] veth1_vlan: entered promiscuous mode
[  367.896587][T21793] veth0_macvtap: entered promiscuous mode
[  367.912231][T21793] veth1_macvtap: entered promiscuous mode
[  367.925491][T21793] batman_adv: batadv0: Interface activated: batadv_slave_0
[  367.935883][T21944] netlink: 256 bytes leftover after parsing attributes in process `syz.0.6068'.
[  367.937423][T21793] batman_adv: batadv0: Interface activated: batadv_slave_1
[  367.958582][ T4879] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  367.967772][ T4879] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  367.981854][ T4879] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  367.997366][ T4879] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  368.034594][   T29] audit: type=1400 audit(1754290236.636:13034): avc:  denied  { write } for  pid=21793 comm="syz-executor" name="cgroup.procs" dev="cgroup" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object"
[  368.060330][   T29] audit: type=1400 audit(1754290236.636:13035): avc:  denied  { open } for  pid=21793 comm="syz-executor" path="/syzcgroup/cpu/syz3/cgroup.procs" dev="cgroup" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object"
[  368.186772][T21965] netlink: 'syz.1.6076': attribute type 2 has an invalid length.
[  368.268503][T21972] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6079'.
[  368.295845][T21974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6078'.
[  368.305556][T21976] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[  368.312068][T21976] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  368.319850][T21976] vhci_hcd vhci_hcd.0: Device attached
[  368.320289][T21974] bridge_slave_1: left allmulticast mode
[  368.331527][T21974] bridge_slave_1: left promiscuous mode
[  368.337401][T21974] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.347149][T21977] vhci_hcd: connection closed
[  368.347396][ T6675] vhci_hcd: stop threads
[  368.356378][ T6675] vhci_hcd: release socket
[  368.360844][ T6675] vhci_hcd: disconnect device
[  368.370536][T21974] bridge_slave_0: left allmulticast mode
[  368.376255][T21974] bridge_slave_0: left promiscuous mode
[  368.381986][T21974] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.404178][   T29] audit: type=1326 audit(1754290237.006:13036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21983 comm="syz.1.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401e44eb69 code=0x7ffc0000
[  368.427820][   T29] audit: type=1326 audit(1754290237.006:13037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21983 comm="syz.1.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401e44eb69 code=0x7ffc0000
[  368.451989][   T29] audit: type=1326 audit(1754290237.036:13038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21983 comm="syz.1.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f401e44eb69 code=0x7ffc0000
[  368.475668][   T29] audit: type=1326 audit(1754290237.036:13039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21983 comm="syz.1.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401e44eb69 code=0x7ffc0000
[  368.499331][   T29] audit: type=1326 audit(1754290237.036:13040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21983 comm="syz.1.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401e44eb69 code=0x7ffc0000
[  369.130160][  T292] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  369.185047][  T292] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  369.227225][  T292] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  369.246946][  T292] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  369.308428][T22014] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  369.334396][T22013] tipc: Disabling bearer <eth:syzkaller0>
[  369.485758][T22032] tipc: Started in network mode
[  369.490788][T22032] tipc: Node identity 9aac61c309e5, cluster identity 4711
[  369.498232][T22032] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  369.517765][T22031] tipc: Disabling bearer <eth:syzkaller0>
[  370.359609][T22081] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  370.359925][T22079] validate_nla: 3 callbacks suppressed
[  370.359941][T22079] netlink: 'syz.3.6118': attribute type 3 has an invalid length.
[  370.380865][T22080] tipc: Disabling bearer <eth:syzkaller0>
[  370.492298][T22089] netlink: 'syz.3.6122': attribute type 3 has an invalid length.
[  370.786330][T22100] bridge0: port 2(bridge_slave_1) entered disabled state
[  370.793594][T22100] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.806577][T22100] bond_slave_0: left promiscuous mode
[  370.812072][T22100] bond_slave_1: left promiscuous mode
[  370.817482][T22100] dummy0: left promiscuous mode
[  370.996899][   T29] kauditd_printk_skb: 193 callbacks suppressed
[  370.996915][   T29] audit: type=1326 audit(1754290239.596:13234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22107 comm="syz.2.6129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45410eb69 code=0x7ffc0000
[  371.030179][T22100] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  371.049021][   T29] audit: type=1326 audit(1754290239.636:13235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22107 comm="syz.2.6129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb45410eb69 code=0x7ffc0000
[  371.072645][   T29] audit: type=1326 audit(1754290239.636:13236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22107 comm="syz.2.6129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45410eb69 code=0x7ffc0000
[  371.080774][T22100] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  371.096281][   T29] audit: type=1326 audit(1754290239.636:13237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22107 comm="syz.2.6129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fb45410eb69 code=0x7ffc0000
[  371.127220][   T29] audit: type=1326 audit(1754290239.636:13238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22107 comm="syz.2.6129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45410eb69 code=0x7ffc0000
[  371.150870][   T29] audit: type=1326 audit(1754290239.646:13239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22107 comm="syz.2.6129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45410eb69 code=0x7ffc0000
[  371.174452][   T29] audit: type=1326 audit(1754290239.646:13240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22107 comm="syz.2.6129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fb45410eb69 code=0x7ffc0000
[  371.197972][   T29] audit: type=1326 audit(1754290239.646:13241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22107 comm="syz.2.6129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45410eb69 code=0x7ffc0000
[  371.213067][T22100] 0·: left allmulticast mode
[  371.221575][   T29] audit: type=1326 audit(1754290239.646:13242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22107 comm="syz.2.6129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb45410eb69 code=0x7ffc0000
[  371.226198][T22100] hsr_slave_0: left allmulticast mode
[  371.249714][   T29] audit: type=1326 audit(1754290239.646:13243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22107 comm="syz.2.6129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb45410eb69 code=0x7ffc0000
[  371.255138][T22100] hsr_slave_1: left allmulticast mode
[  371.315319][  T292] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  371.326783][  T292] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  371.339923][  T292] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  371.349567][  T292] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  371.584732][T22128] netlink: 'syz.1.6131': attribute type 27 has an invalid length.
[  371.954088][T22124] 8021q: adding VLAN 0 to HW filter on device bond0
[  371.969186][T22124] 8021q: adding VLAN 0 to HW filter on device team0
[  371.979884][T22124] net_ratelimit: 30 callbacks suppressed
[  371.979893][T22124] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  372.010283][T22147] smc: net device bond0 erased user defined pnetid SYZ0
[  372.118411][T22155] 9pnet_fd: Insufficient options for proto=fd
[  372.258240][T22175] tipc: Started in network mode
[  372.263147][T22175] tipc: Node identity 2ac7ab3c4597, cluster identity 4711
[  372.270335][T22175] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  372.279832][T22174] tipc: Disabling bearer <eth:syzkaller0>
[  372.295860][T22176] SELinux:  policydb version -957581230 does not match my version range 15-35
[  372.304979][T22176] SELinux: failed to load policy
[  372.325721][T22179] tmpfs: Bad value for 'mpol'
[  372.483971][T22187] tipc: Started in network mode
[  372.488965][T22187] tipc: Node identity 5ad7e168dc04, cluster identity 4711
[  372.496257][T22187] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  372.504411][T22187] syzkaller0: entered promiscuous mode
[  372.509928][T22187] syzkaller0: entered allmulticast mode
[  372.526416][T22187] tipc: Resetting bearer <eth:syzkaller0>
[  372.544362][T22186] tipc: Resetting bearer <eth:syzkaller0>
[  372.558191][T22192] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  372.564766][T22192] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  372.572409][T22192] vhci_hcd vhci_hcd.0: Device attached
[  372.580631][T22193] vhci_hcd: connection closed
[  372.584216][   T12] vhci_hcd: stop threads
[  372.593205][   T12] vhci_hcd: release socket
[  372.597616][   T12] vhci_hcd: disconnect device
[  372.604613][T22186] tipc: Disabling bearer <eth:syzkaller0>
[  372.746775][T22207] tipc: Started in network mode
[  372.751811][T22207] tipc: Node identity a22b97f1efeb, cluster identity 4711
[  372.759077][T22207] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  372.773632][T22206] tipc: Disabling bearer <eth:syzkaller0>
[  372.831813][T22213] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  372.917154][T22221] __nla_validate_parse: 1 callbacks suppressed
[  372.917171][T22221] netlink: 87 bytes leftover after parsing attributes in process `syz.1.6163'.
[  373.066094][T22231] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  373.072729][T22231] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  373.080295][T22231] vhci_hcd vhci_hcd.0: Device attached
[  373.092203][T22232] vhci_hcd: connection closed
[  373.092373][ T6675] vhci_hcd: stop threads
[  373.101411][ T6675] vhci_hcd: release socket
[  373.105967][ T6675] vhci_hcd: disconnect device
[  373.218413][T22241] FAULT_INJECTION: forcing a failure.
[  373.218413][T22241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  373.231733][T22241] CPU: 1 UID: 0 PID: 22241 Comm: syz.2.6171 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  373.231777][T22241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  373.231834][T22241] Call Trace:
[  373.231840][T22241]  <TASK>
[  373.231846][T22241]  __dump_stack+0x1d/0x30
[  373.231865][T22241]  dump_stack_lvl+0xe8/0x140
[  373.231882][T22241]  dump_stack+0x15/0x1b
[  373.231896][T22241]  should_fail_ex+0x265/0x280
[  373.231967][T22241]  should_fail+0xb/0x20
[  373.232006][T22241]  should_fail_usercopy+0x1a/0x20
[  373.232027][T22241]  _copy_to_user+0x20/0xa0
[  373.232055][T22241]  simple_read_from_buffer+0xb5/0x130
[  373.232074][T22241]  proc_fail_nth_read+0x10e/0x150
[  373.232104][T22241]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  373.232133][T22241]  vfs_read+0x1a0/0x6f0
[  373.232156][T22241]  ? __rcu_read_unlock+0x4f/0x70
[  373.232199][T22241]  ? __fget_files+0x184/0x1c0
[  373.232221][T22241]  ksys_read+0xda/0x1a0
[  373.232243][T22241]  __x64_sys_read+0x40/0x50
[  373.232266][T22241]  x64_sys_call+0x27bc/0x2ff0
[  373.232286][T22241]  do_syscall_64+0xd2/0x200
[  373.232373][T22241]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  373.232393][T22241]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  373.232480][T22241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.232498][T22241] RIP: 0033:0x7fb45410d57c
[  373.232527][T22241] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  373.232585][T22241] RSP: 002b:00007fb45276f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  373.232607][T22241] RAX: ffffffffffffffda RBX: 00007fb454335fa0 RCX: 00007fb45410d57c
[  373.232724][T22241] RDX: 000000000000000f RSI: 00007fb45276f0a0 RDI: 0000000000000006
[  373.232804][T22241] RBP: 00007fb45276f090 R08: 0000000000000000 R09: 0000000000000000
[  373.232817][T22241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.232828][T22241] R13: 0000000000000000 R14: 00007fb454335fa0 R15: 00007ffe05300d18
[  373.232844][T22241]  </TASK>
[  373.532045][T22243] IPv6: Can't replace route, no match found
[  373.841204][T22261] netlink: 'syz.3.6179': attribute type 3 has an invalid length.
[  373.881208][T22265] netlink: 87 bytes leftover after parsing attributes in process `syz.3.6181'.
[  374.207132][T22288] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  374.213825][T22288] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  374.221415][T22288] vhci_hcd vhci_hcd.0: Device attached
[  374.235196][T22289] vhci_hcd: connection closed
[  374.235498][  T292] vhci_hcd: stop threads
[  374.244598][  T292] vhci_hcd: release socket
[  374.249056][  T292] vhci_hcd: disconnect device
[  374.258641][T22275] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  374.347112][T22299] IPv6: Can't replace route, no match found
[  374.453203][T22302] netlink: 256 bytes leftover after parsing attributes in process `syz.1.6191'.
[  374.520847][T22307] vhci_hcd: invalid port number 96
[  374.526001][T22307] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  374.569086][T22311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6194'.
[  374.607836][T22318] netlink: 87 bytes leftover after parsing attributes in process `syz.2.6197'.
[  374.851988][T22335] vhci_hcd: invalid port number 96
[  374.857129][T22335] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  374.928857][T22342] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  374.943147][T22341] tipc: Disabling bearer <eth:syzkaller0>
[  374.944932][T22348] netlink: 'syz.2.6210': attribute type 3 has an invalid length.
[  374.958742][T22346] netlink: 'syz.1.6211': attribute type 3 has an invalid length.
[  374.992974][T22353] block device autoloading is deprecated and will be removed.
[  375.123687][T22367] netlink: 87 bytes leftover after parsing attributes in process `syz.2.6219'.
[  375.236582][T22377] netlink: 'syz.1.6223': attribute type 3 has an invalid length.
[  375.331004][T22381] IPv6: Can't replace route, no match found
[  375.394473][T22386] loop2: detected capacity change from 0 to 512
[  375.477619][T22394] loop2: detected capacity change from 0 to 512
[  375.544909][T22398] netlink: 'syz.5.6232': attribute type 3 has an invalid length.
[  375.559548][T22401] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6231'.
[  375.568798][T22401] unsupported nlmsg_type 40
[  375.584109][T22401] loop2: detected capacity change from 0 to 512
[  375.591673][T22401] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  375.605054][T22405] netlink: 'syz.5.6234': attribute type 3 has an invalid length.
[  375.615207][T22401] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  375.628608][T22401] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  375.655680][T22406] IPv6: Can't replace route, no match found
[  375.719035][T21081] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.734363][T22425] FAULT_INJECTION: forcing a failure.
[  375.734363][T22425] name failslab, interval 1, probability 0, space 0, times 0
[  375.747222][T22425] CPU: 1 UID: 0 PID: 22425 Comm: syz.0.6241 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  375.747254][T22425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  375.747269][T22425] Call Trace:
[  375.747277][T22425]  <TASK>
[  375.747293][T22425]  __dump_stack+0x1d/0x30
[  375.747314][T22425]  dump_stack_lvl+0xe8/0x140
[  375.747335][T22425]  dump_stack+0x15/0x1b
[  375.747462][T22425]  should_fail_ex+0x265/0x280
[  375.747492][T22425]  should_failslab+0x8c/0xb0
[  375.747515][T22425]  kmem_cache_alloc_node_noprof+0x57/0x320
[  375.747544][T22425]  ? __alloc_skb+0x101/0x320
[  375.747611][T22425]  __alloc_skb+0x101/0x320
[  375.747716][T22425]  ? audit_log_start+0x365/0x6c0
[  375.747749][T22425]  audit_log_start+0x380/0x6c0
[  375.747835][T22425]  audit_seccomp+0x48/0x100
[  375.747894][T22425]  ? __seccomp_filter+0x68c/0x10d0
[  375.747920][T22425]  __seccomp_filter+0x69d/0x10d0
[  375.747947][T22425]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  375.748082][T22425]  ? vfs_write+0x75e/0x8e0
[  375.748108][T22425]  ? __rcu_read_unlock+0x4f/0x70
[  375.748207][T22425]  ? __fget_files+0x184/0x1c0
[  375.748231][T22425]  __secure_computing+0x82/0x150
[  375.748250][T22425]  syscall_trace_enter+0xcf/0x1e0
[  375.748328][T22425]  do_syscall_64+0xac/0x200
[  375.748355][T22425]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  375.748452][T22425]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  375.748475][T22425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.748500][T22425] RIP: 0033:0x7f46fa69eb69
[  375.748544][T22425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.748564][T22425] RSP: 002b:00007f46f8cff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c7
[  375.748585][T22425] RAX: ffffffffffffffda RBX: 00007f46fa8c5fa0 RCX: 00007f46fa69eb69
[  375.748600][T22425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
[  375.748632][T22425] RBP: 00007f46f8cff090 R08: 0000000000000000 R09: 0000000000000000
[  375.748642][T22425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.748653][T22425] R13: 0000000000000000 R14: 00007f46fa8c5fa0 R15: 00007fff5b2b36e8
[  375.748670][T22425]  </TASK>
[  375.987029][T22430] netlink: 'syz.3.6244': attribute type 3 has an invalid length.
[  376.136992][   T29] kauditd_printk_skb: 373 callbacks suppressed
[  376.137080][   T29] audit: type=1400 audit(1754290244.736:13613): avc:  denied  { bind } for  pid=22439 comm="syz.0.6248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  376.162906][   T29] audit: type=1400 audit(1754290244.736:13614): avc:  denied  { name_bind } for  pid=22439 comm="syz.0.6248" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  376.184068][   T29] audit: type=1400 audit(1754290244.736:13615): avc:  denied  { node_bind } for  pid=22439 comm="syz.0.6248" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  376.186171][T22445] IPv6: Can't replace route, no match found
[  376.255916][   T29] audit: type=1400 audit(1754290244.856:13616): avc:  denied  { read } for  pid=22439 comm="syz.0.6248" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  376.279159][   T29] audit: type=1400 audit(1754290244.876:13617): avc:  denied  { map_create } for  pid=22451 comm="syz.1.6251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  376.301241][   T29] audit: type=1400 audit(1754290244.906:13618): avc:  denied  { prog_load } for  pid=22451 comm="syz.1.6251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  376.320596][   T29] audit: type=1400 audit(1754290244.906:13619): avc:  denied  { bpf } for  pid=22451 comm="syz.1.6251" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  376.341488][   T29] audit: type=1400 audit(1754290244.906:13620): avc:  denied  { perfmon } for  pid=22451 comm="syz.1.6251" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  376.362633][   T29] audit: type=1400 audit(1754290244.906:13621): avc:  denied  { create } for  pid=22439 comm="syz.0.6248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  376.382416][   T29] audit: type=1400 audit(1754290244.906:13622): avc:  denied  { write } for  pid=22439 comm="syz.0.6248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  376.411671][T22454] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  376.431098][T22453] tipc: Disabling bearer <eth:syzkaller0>
[  376.524357][T22463] netlink: 'syz.3.6255': attribute type 3 has an invalid length.
[  376.692330][T22470] FAULT_INJECTION: forcing a failure.
[  376.692330][T22470] name failslab, interval 1, probability 0, space 0, times 0
[  376.705117][T22470] CPU: 1 UID: 0 PID: 22470 Comm: syz.5.6257 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  376.705143][T22470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  376.705155][T22470] Call Trace:
[  376.705163][T22470]  <TASK>
[  376.705171][T22470]  __dump_stack+0x1d/0x30
[  376.705195][T22470]  dump_stack_lvl+0xe8/0x140
[  376.705218][T22470]  dump_stack+0x15/0x1b
[  376.705260][T22470]  should_fail_ex+0x265/0x280
[  376.705348][T22470]  should_failslab+0x8c/0xb0
[  376.705376][T22470]  kmem_cache_alloc_node_noprof+0x57/0x320
[  376.705411][T22470]  ? __alloc_skb+0x101/0x320
[  376.705516][T22470]  __alloc_skb+0x101/0x320
[  376.705547][T22470]  ? audit_log_start+0x365/0x6c0
[  376.705578][T22470]  audit_log_start+0x380/0x6c0
[  376.705615][T22470]  audit_seccomp+0x48/0x100
[  376.705799][T22470]  ? __seccomp_filter+0x68c/0x10d0
[  376.705851][T22470]  __seccomp_filter+0x69d/0x10d0
[  376.705873][T22470]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  376.705905][T22470]  ? vfs_write+0x75e/0x8e0
[  376.705929][T22470]  ? __rcu_read_unlock+0x4f/0x70
[  376.705967][T22470]  ? __fget_files+0x184/0x1c0
[  376.706070][T22470]  __secure_computing+0x82/0x150
[  376.706089][T22470]  syscall_trace_enter+0xcf/0x1e0
[  376.706114][T22470]  do_syscall_64+0xac/0x200
[  376.706137][T22470]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  376.706181][T22470]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  376.706205][T22470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.706250][T22470] RIP: 0033:0x7f0299f8eb69
[  376.706268][T22470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.706291][T22470] RSP: 002b:00007f02985f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000006a
[  376.706315][T22470] RAX: ffffffffffffffda RBX: 00007f029a1b5fa0 RCX: 00007f0299f8eb69
[  376.706331][T22470] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  376.706346][T22470] RBP: 00007f02985f7090 R08: 0000000000000000 R09: 0000000000000000
[  376.706361][T22470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.706409][T22470] R13: 0000000000000000 R14: 00007f029a1b5fa0 R15: 00007ffe39e65408
[  376.706427][T22470]  </TASK>
[  377.049624][T22480] netlink: 'syz.0.6262': attribute type 10 has an invalid length.
[  377.057576][T22480] netlink: 55 bytes leftover after parsing attributes in process `syz.0.6262'.
[  377.424829][T22498] loop2: detected capacity change from 0 to 512
[  377.543224][T22504] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6270'.
[  377.552582][T22504] veth0_to_bond: entered allmulticast mode
[  377.567098][T22500] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6270'.
[  377.661073][T22511] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.749971][T22511] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.823984][T22511] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.875118][T22511] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.940810][T22520] FAULT_INJECTION: forcing a failure.
[  377.940810][T22520] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.953949][T22520] CPU: 1 UID: 0 PID: 22520 Comm: syz.5.6277 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  377.953979][T22520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  377.953993][T22520] Call Trace:
[  377.953999][T22520]  <TASK>
[  377.954007][T22520]  __dump_stack+0x1d/0x30
[  377.954051][T22520]  dump_stack_lvl+0xe8/0x140
[  377.954072][T22520]  dump_stack+0x15/0x1b
[  377.954134][T22520]  should_fail_ex+0x265/0x280
[  377.954162][T22520]  should_fail+0xb/0x20
[  377.954186][T22520]  should_fail_usercopy+0x1a/0x20
[  377.954269][T22520]  _copy_from_iter+0xcf/0xe40
[  377.954288][T22520]  ? should_fail_ex+0xdb/0x280
[  377.954359][T22520]  ? should_failslab+0x8c/0xb0
[  377.954381][T22520]  ? __kmalloc_noprof+0x1dd/0x3e0
[  377.954482][T22520]  ? kernfs_fop_write_iter+0xe1/0x2d0
[  377.954577][T22520]  kernfs_fop_write_iter+0x129/0x2d0
[  377.954630][T22520]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  377.954657][T22520]  vfs_write+0x4a0/0x8e0
[  377.954680][T22520]  ksys_write+0xda/0x1a0
[  377.954716][T22520]  __x64_sys_write+0x40/0x50
[  377.954847][T22520]  x64_sys_call+0x27fe/0x2ff0
[  377.954931][T22520]  do_syscall_64+0xd2/0x200
[  377.954951][T22520]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  377.955044][T22520]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  377.955076][T22520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.955095][T22520] RIP: 0033:0x7f0299f8eb69
[  377.955108][T22520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.955125][T22520] RSP: 002b:00007f02985f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  377.955141][T22520] RAX: ffffffffffffffda RBX: 00007f029a1b5fa0 RCX: 00007f0299f8eb69
[  377.955155][T22520] RDX: 0000000000000012 RSI: 0000200000000040 RDI: 0000000000000007
[  377.955166][T22520] RBP: 00007f02985f7090 R08: 0000000000000000 R09: 0000000000000000
[  377.955177][T22520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.955187][T22520] R13: 0000000000000000 R14: 00007f029a1b5fa0 R15: 00007ffe39e65408
[  377.955204][T22520]  </TASK>
[  378.186793][  T292] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  378.199822][T22522] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  378.209754][T22522] syzkaller0: entered promiscuous mode
[  378.215245][T22522] syzkaller0: entered allmulticast mode
[  378.228793][  T292] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  378.257020][T22522] tipc: Resetting bearer <eth:syzkaller0>
[  378.265128][T22521] tipc: Resetting bearer <eth:syzkaller0>
[  378.272534][T22521] tipc: Disabling bearer <eth:syzkaller0>
[  378.288294][  T292] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  378.306019][  T292] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.390740][T22534] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  378.397741][T22534] syzkaller0: entered promiscuous mode
[  378.403339][T22534] syzkaller0: entered allmulticast mode
[  378.416231][T22534] tipc: Resetting bearer <eth:syzkaller0>
[  378.428103][T22533] tipc: Resetting bearer <eth:syzkaller0>
[  378.459107][T22533] tipc: Disabling bearer <eth:syzkaller0>
[  378.516019][T22544] FAULT_INJECTION: forcing a failure.
[  378.516019][T22544] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.529116][T22544] CPU: 0 UID: 0 PID: 22544 Comm: syz.2.6287 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  378.529146][T22544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  378.529163][T22544] Call Trace:
[  378.529170][T22544]  <TASK>
[  378.529193][T22544]  __dump_stack+0x1d/0x30
[  378.529232][T22544]  dump_stack_lvl+0xe8/0x140
[  378.529255][T22544]  dump_stack+0x15/0x1b
[  378.529270][T22544]  should_fail_ex+0x265/0x280
[  378.529303][T22544]  should_fail+0xb/0x20
[  378.529343][T22544]  should_fail_usercopy+0x1a/0x20
[  378.529361][T22544]  _copy_from_user+0x1c/0xb0
[  378.529386][T22544]  do_sys_poll+0x149/0xbd0
[  378.529419][T22544]  ? avc_has_perm+0xf7/0x180
[  378.529537][T22544]  ? __fget_files+0x184/0x1c0
[  378.529566][T22544]  ? set_user_sigmask+0x84/0x190
[  378.529593][T22544]  __se_sys_ppoll+0x1b9/0x200
[  378.529627][T22544]  ? fput+0x8f/0xc0
[  378.529662][T22544]  __x64_sys_ppoll+0x67/0x80
[  378.529688][T22544]  x64_sys_call+0x1d52/0x2ff0
[  378.529728][T22544]  do_syscall_64+0xd2/0x200
[  378.529756][T22544]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  378.529779][T22544]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  378.529798][T22544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.529821][T22544] RIP: 0033:0x7fb45410eb69
[  378.529839][T22544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  378.529861][T22544] RSP: 002b:00007fb45276f038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  378.529879][T22544] RAX: ffffffffffffffda RBX: 00007fb454335fa0 RCX: 00007fb45410eb69
[  378.529890][T22544] RDX: 0000000000000000 RSI: 000000000000005b RDI: 0000200000000540
[  378.529904][T22544] RBP: 00007fb45276f090 R08: 0000000000000000 R09: 0000000000000000
[  378.529951][T22544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  378.529963][T22544] R13: 0000000000000000 R14: 00007fb454335fa0 R15: 00007ffe05300d18
[  378.529986][T22544]  </TASK>
[  378.796926][T22552] vhci_hcd: invalid port number 96
[  378.802123][T22552] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  378.984326][T22559] 9pnet_fd: Insufficient options for proto=fd
[  379.047142][T22562] loop2: detected capacity change from 0 to 8192
[  379.055452][T22562] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  379.134786][T22566] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.6296' sets config #0
[  379.175289][T22564] IPv6: Can't replace route, no match found
[  379.176310][T22566] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -98
[  379.265040][T22576] loop2: detected capacity change from 0 to 512
[  379.313091][T22576] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  379.328297][T22576] ext4 filesystem being mounted at /87/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  379.387331][T21081] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.398882][T22583] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  379.418530][T22583] syzkaller0: entered promiscuous mode
[  379.424031][T22583] syzkaller0: entered allmulticast mode
[  379.443311][T22585] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  379.451446][T22584] tipc: Disabling bearer <eth:syzkaller0>
[  379.468149][T22583] tipc: Resetting bearer <eth:syzkaller0>
[  379.487076][T22582] tipc: Resetting bearer <eth:syzkaller0>
[  379.499927][T22582] tipc: Disabling bearer <eth:syzkaller0>
[  379.534081][T22589] netlink: 'syz.2.6305': attribute type 3 has an invalid length.
[  379.542248][T22591] netlink: 'syz.0.6304': attribute type 3 has an invalid length.
[  379.684417][T22605] IPv6: Can't replace route, no match found
[  379.709640][T22609] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.775486][T22619] loop2: detected capacity change from 0 to 512
[  379.783802][T22609] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.814903][T22619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  379.834400][T22619] ext4 filesystem being mounted at /91/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  379.861550][T22609] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.912824][T21081] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.951800][T22609] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.979727][T22628] loop2: detected capacity change from 0 to 512
[  380.007037][T22630] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[  380.013584][T22630] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  380.021168][T22630] vhci_hcd vhci_hcd.0: Device attached
[  380.060842][T22631] vhci_hcd: connection closed
[  380.062195][ T4879] vhci_hcd: stop threads
[  380.071271][ T4879] vhci_hcd: release socket
[  380.075695][ T4879] vhci_hcd: disconnect device
[  380.089792][T22642] netlink: 464 bytes leftover after parsing attributes in process `syz.1.6320'.
[  380.120830][ T6675] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  380.140531][T22639] bridge1: entered allmulticast mode
[  380.150688][ T4879] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  380.166371][ T4879] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  380.175521][ T4879] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  380.239464][T22653] SELinux: failed to load policy
[  380.260672][T22663] loop2: detected capacity change from 0 to 512
[  380.280077][T22663] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  380.292972][T22663] ext4 filesystem being mounted at /94/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  380.344591][T22679] netlink: 'syz.1.6330': attribute type 3 has an invalid length.
[  380.354383][T21081] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  380.369823][T22677] bond_slave_1: entered promiscuous mode
[  380.380273][T22676] bond_slave_1: left promiscuous mode
[  380.412573][T22683] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  380.414271][T22682] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  380.419114][T22683] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  380.419271][T22683] vhci_hcd vhci_hcd.0: Device attached
[  380.440636][T22681] tipc: Disabling bearer <eth:syzkaller0>
[  380.446397][T22685] vhci_hcd: connection closed
[  380.446518][ T3432] vhci_hcd: stop threads
[  380.455506][ T3432] vhci_hcd: release socket
[  380.459962][ T3432] vhci_hcd: disconnect device
[  380.473913][T22686] vhci_hcd: invalid port number 96
[  380.479135][T22686] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[  380.513657][T22674] netlink: 256 bytes leftover after parsing attributes in process `syz.3.6328'.
[  380.526944][T22690] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.553959][T22694] netlink: 'syz.1.6335': attribute type 3 has an invalid length.
[  380.601513][T22699] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  380.609185][T22698] tipc: Disabling bearer <eth:syzkaller0>
[  380.626277][T22690] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.680423][T22690] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.741487][T22690] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.787987][    C0] ==================================================================
[  380.796088][    C0] BUG: KCSAN: data-race in kick_pool / wq_worker_running
[  380.803107][    C0] 
[  380.805420][    C0] read-write to 0xffff888237d29d64 of 4 bytes by task 3358 on cpu 1:
[  380.813490][    C0]  wq_worker_running+0x95/0x120
[  380.818334][    C0]  schedule_timeout+0xb7/0x170
[  380.823120][    C0]  msleep+0x50/0x90
[  380.826937][    C0]  nsim_fib_event_work+0x1ebc/0x21a0
[  380.832220][    C0]  process_scheduled_works+0x4ce/0x9d0
[  380.837676][    C0]  worker_thread+0x582/0x770
[  380.842293][    C0]  kthread+0x489/0x510
[  380.846350][    C0]  ret_from_fork+0xdd/0x150
[  380.850840][    C0]  ret_from_fork_asm+0x1a/0x30
[  380.855593][    C0] 
[  380.857902][    C0] read to 0xffff888237d29d64 of 4 bytes by interrupt on cpu 0:
[  380.865441][    C0]  kick_pool+0x49/0x2d0
[  380.869589][    C0]  __queue_work+0x8cb/0xb50
[  380.874177][    C0]  queue_work_on+0xd1/0x160
[  380.878667][    C0]  wg_packet_send_staged_packets+0x83d/0xab0
[  380.884645][    C0]  wg_packet_send_keepalive+0xeb/0x100
[  380.890130][    C0]  wg_expired_send_persistent_keepalive+0x3c/0x50
[  380.896562][    C0]  call_timer_fn+0x3b/0x2c0
[  380.901054][    C0]  __run_timer_base+0x415/0x610
[  380.905909][    C0]  run_timer_softirq+0x31/0x70
[  380.910670][    C0]  handle_softirqs+0xb7/0x290
[  380.915333][    C0]  __irq_exit_rcu+0x3a/0xc0
[  380.919848][    C0]  sysvec_apic_timer_interrupt+0x74/0x80
[  380.925481][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  380.931465][    C0]  unmap_page_range+0xe64/0x2680
[  380.936425][    C0]  unmap_vmas+0x23d/0x3a0
[  380.940763][    C0]  exit_mmap+0x1b0/0x6c0
[  380.945006][    C0]  __mmput+0x28/0x1c0
[  380.948993][    C0]  mmput+0x40/0x50
[  380.952707][    C0]  exit_mm+0xe4/0x190
[  380.956685][    C0]  do_exit+0x417/0x15c0
[  380.960850][    C0]  do_group_exit+0x139/0x140
[  380.965436][    C0]  __x64_sys_exit_group+0x1f/0x20
[  380.970457][    C0]  x64_sys_call+0x2fe2/0x2ff0
[  380.975127][    C0]  do_syscall_64+0xd2/0x200
[  380.979649][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.985541][    C0] 
[  380.987855][    C0] value changed: 0x00000000 -> 0x00000001
[  380.993562][    C0] 
[  380.995876][    C0] Reported by Kernel Concurrency Sanitizer on:
[  381.002019][    C0] CPU: 0 UID: 0 PID: 22712 Comm: syz.3.6342 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  381.014167][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  381.024214][    C0] ==================================================================
[  381.111671][ T6675] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  381.125151][ T6675] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  381.149457][ T6675] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  381.167974][ T6675] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0