last executing test programs:

7.608474839s ago: executing program 3 (id=3478):
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f00000006c0)=<r2=>0x0, &(0x7f0000000700)=0x4)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="d800000018007b7be00212ba0d1605040a003f00000f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e0700000004000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000640)={@empty, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7, 0x1, 0x81, 0x100, 0x2, 0x40fb0267, r2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x11, &(0x7f00000001c0)=@raw=[@generic={0x8, 0x1, 0x3, 0x3, 0xa75}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffff9}, @map_idx={0x18, 0x2, 0x5, 0x0, 0x3}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @exit, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @alu={0x4, 0x0, 0xa, 0x4, 0x1, 0xfffffffffffffffc, 0xffffffffffffffef}], &(0x7f00000000c0)='GPL\x00', 0xd6e6, 0x0, 0x0, 0x41100, 0x4c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000280)={0x2, 0x80000000, 0xb, 0x5}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000400)=[{0x1, 0x2, 0x5}, {0x0, 0x3, 0xf, 0xc}, {0x1, 0x3, 0xd}], 0x10, 0x7}, 0x94)
openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.pending_reads\x00', 0x200, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='timer_start\x00', r5, 0x0, 0xfffffffffffffff8}, 0x18)
semctl$GETVAL(0x0, 0x0, 0xc, 0x0)

7.553882394s ago: executing program 3 (id=3479):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./file2\x00', 0x404, &(0x7f0000000080)={[{@nogrpid}, {@noinit_itable}, {@jqfmt_vfsold}, {@debug}, {@nodiscard}, {@quota}]}, 0x1, 0x43d, &(0x7f0000000700)="$eJzs28tvG0UYAPBv7SQlfZBQlUfTAoGCiHgkTVpKD1xAIHEACQkO5RiStAp1G9QEiVYRBITKEVXijjgi8RdwggsCTkhc4Y4qVSiXFk5Ga+8mtmOneThxW/9+0iYzu+PMfN4de2YnG0DXGk5/JBH7I+LPiBioZusLDFd/3VpenPp3eXEqiXL5nX+SSrmby4tTedH8dfvyTE9E4YskjjSpd/7ylfOTpdLMpSw/tnDhw7H5y1demL0weW7m3MzFidOnT54Yf+nUxIttiTON6+bQJ3NHD7/x3rW3ps5ce//X75M8/oY42mR4vYNPl8ttrq6zDtSkk54ONoRNKVa7afRW+v9AFGP15A3E65/n6b5ONRDYMeVyufxQ68NLZeAelkSnWwB0Rv5Fn85/822Xhh53hBuvVCdAady3sq16pCcKWZnehvltOw1HxJml/75Jt9iZ+xAAAHV+TMc/zzcb/xWi9r7Q/dkaymBEPBARByPiVEQciogHIyplH46IRzZZf+MiydrxT+H6lgLboHT893K2tlU//stHfzFYzHIHKvH3JmdnSzPHs/dkJHr3pPnxder46bU/vmp1rHb8l25p/flYMGvH9Z499a+ZnlyY3E7MtW58FjHU0yz+ZGUlIImIwxExtMU6Zp/97mirY7ePfx1tWGcqfxvxTPX8L0VD/LlktaZm65Nj90Vp5vhYflWs9dvvV99uVf+24m+D9PzvbXr9r8Q/mNSu185vvo6rf33Zck6z1eu/L3m3bt/HkwsLl8Yj+pI3q42u3T/RUG5itXwa/8ix5v3/YKy+E0ciIr2IH42IxyLi8aztT0TEkxFxbJ34f3n1qQ+2Hv/OSuOf3tT5X030ReOe5oni+Z9/qKt0cDPxp+f/ZCU1ku3ZyOffRtq1tasZAAAA7j6FiNgfSWF0JV0ojI5W/4f/UOwtlObmF547O/fRxenqMwKD0VvI73QN1NwPHc+m9Xl+oiF/Irtv/HWxv5IfnZorTXc6eOhy+1r0/9TfxU63DthxnteC7qX/Q/fS/6F76f/QvZr0//5OtAPYfc2+/z/tQDuA3dfQ/y37QRcx/4fupf9D99L/oSvN98ftH5KXkFiTiMId0Yx7J5EkEdv/O0m0qT2d/mQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoj/8DAAD//7Pm4aw=")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x248}, 0x0)
r0 = getpid()
socket$inet_smc(0x2b, 0x1, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
syz_clone(0x41aa1000, 0x0, 0x0, 0x0, 0x0, 0x0)

6.047016637s ago: executing program 1 (id=3488):
socket$nl_route(0x10, 0x3, 0x0)
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x72051052ae3513ca}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1, 0x0, 0x1075}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r5}, &(0x7f0000000000), &(0x7f00000005c0)=r6}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x9, 0x2)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x4}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='cpu<\t\t')
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000001880)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x5, &(0x7f00000000c0)={0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r8 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2000)
ioctl$SG_GET_VERSION_NUM(r8, 0x2284, &(0x7f0000000080))
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x1f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
r10 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r10, 0xc0105512, &(0x7f0000000200))

5.497904146s ago: executing program 0 (id=3492):
perf_event_open$cgroup(&(0x7f0000000300)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3bfffffe, 0x2, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x1, 0x91, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xe985}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c00)=@delchain={0x140c, 0x65, 0x100, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x10, 0x8}, {0xf, 0xffff}, {0xc, 0xffff}}, [@filter_kind_options=@f_u32={{0x8}, {0x13d0, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x5e}, @TCA_U32_ACT={0x2e0, 0x7, [@m_sample={0xc8, 0x1b, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0xfffffbff}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x1, 0x0, 0x8, 0x1, 0x7}}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x3}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x7ff}]}, {0x6b, 0x6, "44c7c613907537ebd610cfb1c9ae022ef8649b4c2b27496be4e5cc1b5dbed9de783b92da8865e84adfcc46751b1c190ccee199722ca84bcaa849fe2e70fdcfb1d3684f24045f07a30c44562aeb12aaaf4a43d1381d4a5eca29d1bfea56c7cb133f2d4fa367acf6"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_csum={0xa8, 0x14, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x101, 0xffffffff, 0xfffffffffffffff8, 0x83b, 0x10}, 0x10}}]}, {0x60, 0x6, "157d96bab58688193e7ce48d7d4111e201dec4ad7080aec3c0f584b8385291124acfa0b389ec9dd53c1764edd5bfff0998d4290481dcd3a415857de5cec2065af22b0b95a00044f82114a9b720e317d0e51a515fbd67dfa796ba726e"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_vlan={0xd4, 0x15, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}]}, {0xa0, 0x6, "465b9fffb2fb65cae38c41522998e39593821471de031b3c4671f563ee458a076efdc80eb9303871914b3dc48a77fe655ef9715025381ccc58c5f3b49457270f4551d4d83b9d884f616cf29662589896d15842658b5f68e987278f9dbc589ef8407d585731ae691b43a96f0daef7cbb60b796f25fc08001015ddd7e73309bae9429525a54e0d320413aa3bbc1d57a14ed81badbb1b7e3ff450d39066"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_xt={0x3c, 0x9, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x1}]}, {0xb, 0x6, "ba0a10dc57cd40"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_skbmod={0x5c, 0x11, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x3ff}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x5}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x5}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x645}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x5}]}, {0x8, 0x6, "246cc6da"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}, @TCA_U32_DIVISOR={0x8, 0x4, 0xcf}, @TCA_U32_POLICE={0xcb8, 0x6, [@TCA_POLICE_RATE={0x404, 0x2, [0x5, 0xfffffffe, 0x8, 0xba, 0x0, 0x10001, 0x7, 0x8d, 0x932, 0x5, 0xb, 0x4, 0x45, 0x4, 0x2, 0x6, 0x1, 0x834, 0x6a, 0x0, 0x4, 0x6, 0xff, 0x5, 0x2, 0x75ac, 0x80000000, 0x9, 0x1, 0xa, 0x2, 0x2, 0xa, 0x9, 0x80000000, 0x3, 0x2, 0x2, 0x5, 0x0, 0x0, 0x7fff, 0x2, 0xc, 0xfffffff8, 0x8, 0x7, 0xffffff01, 0x40, 0xa8, 0x5, 0x8, 0x4f, 0x1, 0x54, 0xe, 0xe8, 0x56, 0x0, 0x8001, 0xa, 0x3, 0x8001, 0x2, 0x4, 0x1, 0x3, 0x1, 0x32, 0x2, 0x2, 0x8001, 0x6, 0x6a, 0x7, 0x9, 0xea28, 0x5, 0x0, 0x1, 0x19f, 0x3, 0x8, 0x5, 0xffff0000, 0x8, 0xa, 0x2, 0x2, 0x9, 0x9, 0x9, 0x5, 0x2575, 0x3, 0x6, 0x4, 0x400, 0x7, 0x3, 0x4, 0x9, 0x6, 0x57, 0x97, 0x10, 0x10001, 0x7ff, 0x80, 0xbf, 0x7, 0xfffffbff, 0x6e5, 0x8001, 0xd5c3, 0x5, 0x5, 0x5, 0x8, 0x7, 0x0, 0x400, 0x7fff, 0x2, 0x2, 0xff, 0x0, 0x2, 0x2, 0x8, 0x8, 0xe5c3, 0x3, 0x80000001, 0x8, 0x4, 0x8, 0xd, 0x2, 0x9, 0x4075, 0x3, 0x76bd, 0x6f, 0x9, 0xffffffff, 0x0, 0x5, 0x4, 0x0, 0x6, 0x1, 0x9, 0x7, 0x800, 0x9, 0x7, 0x48274ed5, 0xce2, 0x1, 0x9, 0x7, 0xb, 0x200, 0x3, 0x4, 0x9, 0xa, 0x10000, 0x9, 0xd72, 0xd, 0x4, 0x3, 0x9, 0x10000, 0x3, 0x4, 0x3, 0x8, 0x9, 0x6, 0x4, 0x401, 0x7fffffff, 0xfffffff8, 0x80000001, 0x6, 0x10000, 0xe, 0x8000, 0x9, 0x4, 0x3, 0x9, 0xd0d9, 0x7ff, 0xfffffffe, 0xe4, 0x7f, 0x8000, 0x2, 0x1000, 0x10000, 0x8, 0x4, 0x2, 0x6, 0x7c, 0xd, 0xd01, 0x3, 0x80, 0x8b, 0x8001, 0x4, 0xe, 0x80, 0x1ff, 0x7, 0xeb, 0xcbc, 0x10000, 0xa, 0x6, 0x1, 0x9146, 0x9, 0x1, 0x8, 0x5, 0xffff, 0x2, 0x6, 0x4d6, 0x1, 0x9, 0x2, 0x4, 0x6923, 0x0, 0x2, 0x163, 0x8f3, 0x3a, 0x83ad, 0xbb3, 0x4, 0x8001, 0x1, 0x6, 0xbcfa, 0x5, 0x8001, 0xa065, 0x8]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x3}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x67, 0x40, 0x1, 0x50, 0x9, 0xcb5, 0x0, 0x3, 0x5, 0x3, 0x80, 0x0, 0xacb, 0x7, 0x9, 0x2, 0x2, 0x25, 0x4, 0x8, 0x3, 0xf7b, 0x40, 0xf, 0x80000000, 0xd284, 0x4e28, 0x2, 0x4a, 0x5, 0x4, 0x1, 0x15ba, 0x8, 0x6, 0x7000, 0x7, 0x1, 0xffffffff, 0x6, 0x7, 0x2, 0xfffffff8, 0x3, 0x25, 0x6, 0xfff, 0x5, 0x3, 0x1, 0x7f, 0x3b, 0xe, 0x6, 0x1, 0x9, 0x2, 0x3, 0xfffffffe, 0xe, 0xc9, 0x5, 0x7fffffff, 0xfffffff9, 0x1, 0xce6, 0xd82, 0x70000000, 0xfff, 0xffffac72, 0x1, 0x5, 0x7, 0x2, 0x100, 0x5, 0x3, 0x3, 0x110, 0x7, 0x9, 0x6, 0x2, 0x200, 0xfff, 0xfffffa5c, 0x3ff, 0x3, 0xc4, 0x7, 0x0, 0xb23, 0x5, 0xa9d, 0x8, 0xffffffff, 0x1, 0x80, 0x8, 0x80000001, 0x5, 0x4, 0x3, 0x2, 0x7f, 0x7, 0xa, 0x0, 0x1, 0x6, 0x1c000000, 0x5, 0x1, 0x7f, 0x0, 0x9, 0x254e, 0x7, 0x9, 0x50, 0x6, 0x8, 0xeb6e, 0xf, 0x100, 0x100, 0x800, 0x723, 0x22, 0x5, 0x950, 0x5, 0x5, 0x2, 0x8, 0xddc3, 0x7, 0x2, 0xd86c, 0x22, 0x9, 0x4, 0x9, 0xe, 0x4, 0x7fffffff, 0x9, 0xfffffffb, 0x80, 0x4, 0x2, 0xff, 0x7, 0x401, 0xfffffffa, 0x1000, 0x3, 0xbf, 0x7, 0x651, 0x4, 0x80000001, 0x6, 0xda, 0x6, 0x95f, 0x5, 0xe, 0x54a, 0xb8, 0x0, 0x7, 0x6, 0x8001, 0x1, 0x3, 0xcdad, 0x6, 0x8, 0xffffffff, 0x4, 0x800, 0xb, 0x6, 0x2, 0x2c, 0xffff, 0xf, 0x1, 0xfffffddb, 0x3, 0xe2, 0x6b05, 0x9c2, 0x0, 0x2b, 0x7bd4, 0x24f, 0xfffffffa, 0x6, 0xd411, 0x3, 0x8, 0x2, 0x80, 0xfffffffe, 0x4, 0x9, 0x7, 0x7fffffff, 0x9, 0x8, 0x200, 0x7ff, 0x0, 0x7, 0x5f, 0xfffffffb, 0x8, 0x9, 0x2, 0x5, 0x3, 0x3a, 0x9, 0x2, 0x304, 0x4, 0x9, 0x15, 0x413, 0x7, 0x7, 0x8, 0x49b, 0x925, 0x7ff, 0x7ff, 0x0, 0x9, 0xfffffffa, 0xffffffff, 0x470, 0x1, 0x2, 0x0, 0x6, 0x6, 0xff, 0xfffffff2, 0x85b, 0x6, 0x3, 0x9, 0x9]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x4}, @TCA_POLICE_RESULT={0x8, 0x5, 0x816}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x9, 0x8, 0x6, 0x65a, 0x4, 0x6, 0x97d, 0x0, 0x79, 0x4, 0x581d, 0x1, 0x200000, 0x400, 0xee4, 0x10000, 0x6, 0xea, 0x1, 0x0, 0x7, 0x4, 0xfff, 0x200, 0xaf, 0x101, 0xffff, 0xc93, 0x10000, 0x3, 0x40, 0x1dfe91c5, 0x6, 0x80, 0x5, 0x5c0, 0x800000, 0x8, 0x9, 0x7fffffff, 0xff2b, 0x8, 0x0, 0x0, 0xb3, 0x8, 0x10001, 0x10001, 0x5, 0x8, 0x2, 0x8, 0x10001, 0x1ff, 0x2, 0x5, 0x6, 0x5, 0x0, 0x685c, 0x5, 0x9, 0x4, 0xfffffffd, 0x10, 0x2, 0x41, 0x5, 0x4, 0x2, 0x5, 0x9, 0x101, 0x9, 0x9, 0x401, 0x2, 0xffffffff, 0x8, 0x5, 0x8001, 0x0, 0x4, 0x7fff, 0x70, 0x2, 0x8001, 0x3, 0x2, 0x100, 0x3, 0x0, 0x2, 0x0, 0x4d9, 0x1, 0x2, 0x52, 0x7ff, 0x1, 0x0, 0x6be, 0x7, 0x3, 0xe6f2, 0x8, 0x4, 0x5, 0x971, 0x7, 0xaf60, 0x0, 0x2, 0x35, 0x9, 0x0, 0xffff, 0x2, 0xa13, 0x7, 0xa88, 0x1, 0xd, 0x7, 0x80, 0x9, 0x7f, 0x0, 0xffffffff, 0x7, 0xe0000000, 0x5, 0xe2, 0x5, 0x4, 0xf, 0xcf5, 0xffff, 0x9, 0x37, 0x2, 0x7, 0x9, 0x90, 0x6817, 0xf2, 0x3, 0x0, 0x101, 0x3, 0xe, 0x7, 0x8, 0xbf6, 0xb, 0x1, 0x3, 0x5, 0x4, 0x6, 0x0, 0x3, 0xc5a1, 0x7, 0x0, 0x10000, 0xc864, 0xfffffe00, 0x7, 0x480, 0x3, 0x3000000, 0x3, 0xbb8, 0x8000, 0x3180, 0x4, 0xcd35, 0x1, 0x6, 0x7fff, 0x7e, 0x3ff, 0x4, 0x1dcef53f, 0x5d8, 0xc0, 0x6, 0x89e, 0xfec, 0x1, 0x7, 0xfffffffe, 0x7fff, 0x7b0, 0x800, 0x5, 0x1, 0x0, 0xe515, 0x100, 0x5, 0x4, 0x0, 0x8, 0x4, 0x8, 0x9, 0x76, 0x200, 0x1ff, 0x800, 0x7, 0x100, 0xada7, 0x3, 0x6, 0x8, 0x280000, 0x5, 0x5, 0x10, 0x3, 0x10001, 0x200, 0x3, 0x2, 0x4, 0x3, 0xff, 0x4684, 0x934, 0xac0b, 0x7ff, 0xb38d, 0x8, 0x5, 0xffff, 0x96, 0x8000, 0x44f, 0x7fff, 0xfffffffd, 0x2, 0x5, 0x8, 0x4, 0xffffffff, 0x5a0d, 0x10000, 0x0, 0x2, 0xffff6b41, 0x9, 0x3, 0x9]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x1000, 0x0, 0x5, 0x96, 0x7, {0xfb, 0x2, 0x46e8, 0x4, 0x7, 0x6}, {0x9, 0x2, 0x4, 0x8, 0x6, 0x1}, 0x8, 0x5, 0x7}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x3}, @TCA_POLICE_TBF={0x3c, 0x1, {0x2f2c, 0x1, 0x40, 0x8, 0x2, {0x5, 0x1, 0x0, 0x8, 0x5, 0x3d}, {0x1, 0x1, 0xffc0, 0x4, 0x5, 0xfff}, 0x8, 0xa0, 0x9}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x101}]}, @TCA_U32_POLICE={0x41c, 0x6, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x3}, @TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x7, 0x2, 0x3, 0x0, 0x9, 0x7fffffff, 0x3, 0x2, 0x2, 0xca, 0xfffffff5, 0xb, 0x9, 0x2, 0xfff, 0x1, 0x2, 0x6, 0x1, 0x8bde, 0x5, 0x8, 0x4, 0x2, 0xc, 0x6, 0x3, 0x0, 0x4, 0xffff, 0xfffffffd, 0x80, 0x8, 0x3, 0x2, 0x2, 0x1, 0x7ff, 0x7, 0xffff, 0x46a, 0x9, 0x80000000, 0x3, 0x5, 0x6, 0x3516, 0x69abff2c, 0x9, 0x38, 0xfffffffc, 0x9, 0x7, 0xb2d, 0x3120, 0x826, 0x2, 0x8, 0x7fffffff, 0x800, 0x4, 0x6, 0x5, 0x4, 0xd2d, 0x5, 0x5, 0x909, 0x2, 0x2e3, 0x10, 0x7, 0x6, 0x2, 0x2, 0x1, 0x7f, 0x7, 0x8, 0x5, 0x5, 0x8, 0x100, 0x6a, 0x8, 0x705b, 0x39b6, 0x6, 0x1, 0x1, 0x1, 0x6, 0x6, 0x3, 0x3, 0x9, 0x3, 0x5, 0x5, 0x401, 0x1, 0x8001, 0x10001, 0x4, 0xffffffff, 0xf265, 0x2, 0xfffffff7, 0xa8, 0xee36, 0x7, 0x8, 0xfdd, 0x0, 0x7, 0xad7, 0x1cb6, 0x208, 0x8, 0x2, 0x6b76faec, 0x6, 0x1ff, 0x0, 0x1000, 0x7, 0x8, 0x400, 0xfffffffc, 0xf, 0x8, 0x0, 0x1, 0xb8, 0xb, 0x1ff, 0x10, 0x8, 0x10001, 0x5, 0x9, 0xfff, 0xfffffffa, 0x7, 0x1, 0x6, 0x6, 0x9, 0xc, 0x5, 0x7, 0x6, 0x1, 0x1306, 0x3, 0x2, 0x395f, 0x2, 0x8, 0x9, 0x6, 0x6b2, 0x4, 0x9, 0x4, 0x3, 0x5, 0x5, 0x5, 0x0, 0x5c, 0x9, 0x2, 0x6b19, 0x8, 0x1, 0x9, 0x6, 0xfffffffd, 0x9, 0x6, 0x7c40, 0x2, 0x6, 0x3, 0x7, 0x8, 0x8, 0x3, 0x7fffffff, 0x2, 0x3, 0x1, 0x401, 0x7, 0x80000000, 0x100, 0x6, 0xca381594, 0x7, 0x9, 0x9, 0x608, 0x1, 0x7, 0x80, 0x2, 0x100, 0x80000001, 0x7ff, 0x4, 0x1, 0x3, 0xff, 0x800, 0x5, 0x5, 0xdf8, 0x5, 0x401, 0x8, 0xffffffff, 0x800, 0x2, 0x3, 0x5, 0x1000, 0x9, 0x5, 0x6, 0x1c7, 0x4, 0xe8b00000, 0x20000, 0x9, 0x7, 0x9, 0x6c, 0x9, 0x400, 0x7, 0x6, 0x9, 0x7, 0x3, 0x3, 0x401, 0x6, 0x1, 0x401, 0xffffffdd, 0x73, 0xd92, 0xdca, 0xc0]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x80}]}, @TCA_U32_LINK={0x8, 0x3, 0x6}]}}, @TCA_RATE={0x6, 0x5, {0x5, 0xcb}}, @TCA_RATE={0x6, 0x5, {0x4, 0x1}}]}, 0x140c}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000800)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b703000010000000850000001b000000b7000000000000"], &(0x7f0000000780)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='i2c_result\x00', r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r3 = mq_open(&(0x7f0000000000)='batadv_slave_1\x00', 0x8c2, 0x34, 0x0)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f0000000040)={0x1, 0x1, 0xab0})
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r5, &(0x7f0000000140)='memory.numa_stat\x00', 0x0, 0x0)
mq_getsetattr(r3, &(0x7f0000000240)={0x0, 0x80, 0x2, 0xfffe}, &(0x7f0000000280))
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r8, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c0000000201030000000000000000000a000000180001801400018008000100ac141422085df9000200ac146401f2117f098f09ca77368308c9243ffde913f9104aa741658b4bb02b971ad4b8633b6805b60fc0b0ae219a79c95539096135a1b8873d78ac9e2a43e80719636a198e36cae614784562406dadccfeeb3c3249691ce1a026b6762f298319422551352a5d73bf2d2aaabc0a2fb05203e1f10c7595ff33f3047beb5a5b10c88b7fce15713427bcecf464d64b57"], 0x2c}, 0x1, 0x0, 0x0, 0x10050}, 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c0000000200000000000000004c9e357fb299c997af00800d03000000000000000000000905000000004000000000000a02000000000000000000000b000000000000000000"], 0x0, 0x56}, 0x20)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$SMC_PNETID_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01001d00c9a44794696e13978e6f42784ab1000000000000020000000982010073797a30000000"], 0x20}}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_lsm={0x4, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000050002000000000085000000cc00000085000000000000000500feff0000000095"], &(0x7f00000003c0)='GPL\x00', 0x4}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)

4.338516598s ago: executing program 1 (id=3495):
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0xa, 0x3, 0xff)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xcb, &(0x7f0000000900)=""/203, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001040)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x18)
fstat(0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x2, @loopback, 0x6}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000040)="5e546507da932c3e8c628a600b17cbe584d2f93ce23f60e91af3fbcf0e16db6e759d420151c6c575", 0x77}], 0x1}}], 0x1, 0x4046040)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r9, 0x0, 0x8000)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x0)

4.315047839s ago: executing program 0 (id=3496):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10)
clock_adjtime(0x0, 0x0)

4.248640215s ago: executing program 4 (id=3497):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = socket(0x1d, 0x80000, 0x9)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c00)=@newqdisc={0x0, 0x24, 0x1, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x7, 0x9}, {0x2, 0xfff3}, {0x7, 0xffff}}, [@TCA_RATE={0x0, 0x5, {0x60, 0x48}}, @TCA_RATE={0x0, 0x5, {0x5, 0x18}}, @TCA_STAB={0x0, 0x8, 0x0, 0x1, [{{0x0, 0x1, {0x8, 0x9, 0x4, 0x2, 0x0, 0x7, 0x400}}, {0x0, 0x2, [0x8, 0x5, 0x0, 0x27, 0x9, 0xff]}}, {{0x0, 0x1, {0x4, 0x5, 0x7ff, 0x6, 0x1, 0x7fffffff, 0x8}}, {0x0, 0x2, [0x8001, 0x5]}}, {{0x0, 0x1, {0x81, 0x7, 0x56a, 0x101, 0x0, 0x66, 0xff}}, {0x0, 0x2, [0x600, 0x8, 0x44, 0x4, 0x1000]}}, {{0x0, 0x1, {0x0, 0x7, 0x9, 0x2b, 0x1, 0x4, 0x8}}, {0x0, 0x2, [0x2, 0xf1b, 0x101, 0x2]}}]}, @qdisc_kind_options=@q_hhf={{}, {0x0, 0x2, [@TCA_HHF_RESET_TIMEOUT={0x0, 0x4, 0x93}, @TCA_HHF_NON_HH_WEIGHT={0x0, 0x7, 0x3}, @TCA_HHF_ADMIT_BYTES={0x0, 0x5, 0x2}, @TCA_HHF_NON_HH_WEIGHT={0x0, 0x7, 0x8}, @TCA_HHF_ADMIT_BYTES={0x0, 0x5, 0x6}, @TCA_HHF_ADMIT_BYTES={0x0, 0x5, 0xe72}]}}, @TCA_RATE={0x0, 0x5, {0x4, 0x5}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048850)
connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000300), 0x14)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/fscaps', 0xc8c00, 0x0)
chroot(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')

4.218129818s ago: executing program 2 (id=3498):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
ftruncate(0xffffffffffffffff, 0x8800000)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000100000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r3, <r5=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)=r4}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000180)=[{0x6, 0xd, 0x7, 0x7ffc0001}]})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000580)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x7fff}, 0x18)
link(0x0, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r5, &(0x7f0000000780)}, 0x20)
r7 = socket$packet(0x11, 0x2, 0x300)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000780), r9)
sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32, @ANYBLOB="0100000000000000240012000c000100627269646765000e140002000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendto$packet(r7, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14)

4.217687298s ago: executing program 0 (id=3499):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'})
r1 = socket$inet6(0xa, 0x3, 0x20)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0xfffe, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5c}, 0x1c)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r3, 0x0)
r4 = gettid()
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @netfilter, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x94)
io_uring_setup(0x17f8, &(0x7f0000000080)={0x0, 0x94ec, 0x0, 0x1, 0x33d})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x18)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x24403}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000340)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, r8})
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@nodelalloc}, {@norecovery}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40}}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@resgid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@barrier_val={'barrier', 0x3d, 0x81}}], [{@flag='ro'}]}, 0xfd, 0x580, &(0x7f0000000bc0)="$eJzs3V9rW+UfAPDvSdv9636/djCGeiGDXTgZS9fWPxOEzUvR6UDvZ2izMpouo0nHWgduF+7GGxmCiAPxBXjv5fAN+CoGOhgyil6IUDnpSZelSZPV1MTl84GzPU/OSZ7nyXO+5zzPOUkTwNA6nv6Ti3gxIr5MIiYa1o1GtvL45nbrj2/OpUsSGxsf/ZbEuabXSrL/x7PMCxHx0+cRp3Lby62sri0WSqXicpafqi5dm6qsrp2+slRYKC4Ur87Mzp59fXbmrTff6FlbX734xzcf3n/37Bcn1r/+4eGRu0mcj8PZurRdPSjiVmPmeOGvLDUW55s2nO5BYYMk6XcF2JWRLM7HIj0GTMRIFvXA8++ziNgAhlQi/mFI1ccB9bl9j+bB/xmP3tmcAG1v/+jmtZE4UJsbHVpPnpoZpfPdyR6Un5bx46/37qZL7Hwd4mCHPMAzuXU7Is6Mjm4//iXZ8W/3zkR80Om6YHMZw3b+gX66n45/klsR2+I/tzX+iRbjn/EWsbsbneM/97AHxbSVjv/ebjn+3bppNTmS5f5XG/ONJZevlIpnIuL/EXEyxvan+Z3u55xdf7DRbl3j+C9d0vLrY8GsHg9H9z/9nPlCtfBP2tzo0e2Il1qOf5Ot/k9a9H/6flzssoxjxXsvt1vXuf17a+P7iFda9v+TM1ey8/3Jqdr+MFXfK7b7/c6xn9uV3+/2p/1/aOf2TyaN92srz17Gdwf+LLZbt9v9f1/ycS29L3vsRqFaXZ6O2Je8Pzre/PjMk+fW8/Xt0/afPNE6/nfa/9PJ1yddtv/O0TttNx2E/p/vov9Tm/2/tSN0nXjw3qfftiu/qf3142RT/79WS53MHunm+NdtBXfzngEAAAAAAMCgykXE4Uhy+a10LpfPb36+42gcypXKleqpy+WVq/NR+67sZIzl6ne6Jxo+DzGdfR62np9pys9GxJGI+GrkYC2fnyuX5vvdeAAAAAAAAAAAAAAAAAAAABgQ422+/5/6ZaTftQP2XO2HDfb3uxZAP3T8yf9e/NITMJA6xj/w3Hr2+HdlAJ4Xzv8wvMQ/DC/xD8Or2/gfm9jjigD/Oud/GF7iHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq4oUL6bKx/vjmXJqfv766sli+fnq+WFnML63M5efKy9fyC+XyQqmYnysvdXq9Url8bXomVm5MVYuV6lRlde3SUnnlavXSlaXCgbhUHPPHhgEAAAAAAAAAAAAAAAAAAGCbyuraYqFUKi5LtE2ci4Goxl42cNOunj46KK2Q6GmizwcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjwdwAAAP//Rf8sdQ==")
write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x3, 0x1, 0xfe}, 0x8)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

4.118104117s ago: executing program 4 (id=3500):
socket$nl_route(0x10, 0x3, 0x0)
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x72051052ae3513ca}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1, 0x0, 0x1075}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r5}, &(0x7f0000000000), &(0x7f00000005c0)=r6}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x9, 0x2)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x4}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='cpu<\t\t')
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000001880)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x5, &(0x7f00000000c0)={0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r8 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2000)
ioctl$SG_GET_VERSION_NUM(r8, 0x2284, &(0x7f0000000080))
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x1f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
r10 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r10, 0xc0105512, &(0x7f0000000200))

2.791708814s ago: executing program 2 (id=3501):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = socket(0x1d, 0x80000, 0x9)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c00)=@newqdisc={0x0, 0x24, 0x1, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x7, 0x9}, {0x2, 0xfff3}, {0x7, 0xffff}}, [@TCA_RATE={0x0, 0x5, {0x60, 0x48}}, @TCA_RATE={0x0, 0x5, {0x5, 0x18}}, @TCA_STAB={0x0, 0x8, 0x0, 0x1, [{{0x0, 0x1, {0x8, 0x9, 0x4, 0x2, 0x0, 0x7, 0x400}}, {0x0, 0x2, [0x8, 0x5, 0x0, 0x27, 0x9, 0xff]}}, {{0x0, 0x1, {0x4, 0x5, 0x7ff, 0x6, 0x1, 0x7fffffff, 0x8}}, {0x0, 0x2, [0x8001, 0x5]}}, {{0x0, 0x1, {0x81, 0x7, 0x56a, 0x101, 0x0, 0x66, 0xff}}, {0x0, 0x2, [0x600, 0x8, 0x44, 0x4, 0x1000]}}, {{0x0, 0x1, {0x0, 0x7, 0x9, 0x2b, 0x1, 0x4, 0x8}}, {0x0, 0x2, [0x2, 0xf1b, 0x101, 0x2]}}]}, @qdisc_kind_options=@q_hhf={{}, {0x0, 0x2, [@TCA_HHF_RESET_TIMEOUT={0x0, 0x4, 0x93}, @TCA_HHF_NON_HH_WEIGHT={0x0, 0x7, 0x3}, @TCA_HHF_ADMIT_BYTES={0x0, 0x5, 0x2}, @TCA_HHF_NON_HH_WEIGHT={0x0, 0x7, 0x8}, @TCA_HHF_ADMIT_BYTES={0x0, 0x5, 0x6}, @TCA_HHF_ADMIT_BYTES={0x0, 0x5, 0xe72}]}}, @TCA_RATE={0x0, 0x5, {0x4, 0x5}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048850)
connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000300), 0x14)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/fscaps', 0xc8c00, 0x0)
chroot(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00') (fail_nth: 1)

2.787151804s ago: executing program 0 (id=3502):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r2, 0x1, 0x25, &(0x7f00000002c0), 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0)
mount(0x0, &(0x7f0000000780)='./file0\x00', &(0x7f0000000080)='ocfs2_dlmfs\x00', 0x8000, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb:\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00<r\xe9\x9cD\x90\xce\xe1\xc5\x85=\\!\xbbQ\xde\xc3\xe3\x7f\xcf\x1f\x17G\xa6\x13\xae\x92 \x1c\xbf\xfa\xe8e\x8cD\"\xa3w')
r5 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000001a00)=ANY=[@ANYBLOB="03000000000000000a004e2300000010ff010000000000000000000000000001f8ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000a004e2000000008fe8000000000000000000000000000aa05000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000010000000c0000000000000000000000000000000104000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ad94e2100000073fe8000000000000000000000000000aa09000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e210000000800000000000000000000000000000001"], 0x610)
r6 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0x88f}}, {{0xa, 0x4e08, 0x4a3, @private2, 0x4f0}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f0000000f80)={0x3, {{0xa, 0x4e23, 0x9, @mcast1, 0x8}}, 0x0, 0x6, [{{0xa, 0x4e20, 0xffffffff, @mcast1}}, {{0xa, 0x4e24, 0x7f8, @private0, 0x7}}, {{0xa, 0x4e20, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x5}}, {{0xa, 0x4e21, 0x4192, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x8}}, {{0xa, 0x4e22, 0x90000000, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xffff}}, {{0xa, 0x4e24, 0xc, @dev={0xfe, 0x80, '\x00', 0x1e}, 0xc}}]}, 0x390)
close(0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x1021, 0x3}, [@IFLA_GROUP={0x8}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0xb0b}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
r7 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac141400080008"], 0x2c}}, 0x0)
arch_prctl$ARCH_SHSTK_ENABLE(0x1003, 0xf0ff1f00000000)
sendto$inet6(r7, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r2], 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x18)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x18)
setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000340)=0x2, 0x4)

2.523747188s ago: executing program 1 (id=3503):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x800, 0x11c, 0x1}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000200)=0x1, 0x4)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', <r4=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x200000, 0x4)
bind$xdp(r2, &(0x7f0000000100)={0x2c, 0xe, r4, 0xfffffffe}, 0x10)

2.521819228s ago: executing program 1 (id=3504):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000100)=[{{&(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10, 0x0}}, {{&(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x18}}], 0x2, 0x2000)

2.49277245s ago: executing program 4 (id=3505):
socket$nl_route(0x10, 0x3, 0x0)
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x72051052ae3513ca}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1, 0x0, 0x1075}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r5}, &(0x7f0000000000), &(0x7f00000005c0)=r6}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x9, 0x2)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x4}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='cpu<\t\t')
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000001880)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x5, &(0x7f00000000c0)={0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r8 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2000)
ioctl$SG_GET_VERSION_NUM(r8, 0x2284, &(0x7f0000000080))
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x1f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
r10 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r10, 0xc0105512, &(0x7f0000000200))

2.462891383s ago: executing program 2 (id=3506):
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f00000006c0)=<r2=>0x0, &(0x7f0000000700)=0x4)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="d800000018007b7be00212ba0d1605040a003f00000f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e0700000004000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000640)={@empty, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7, 0x1, 0x81, 0x100, 0x2, 0x40fb0267, r2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
semctl$GETVAL(0x0, 0x0, 0xc, 0x0)

2.450523354s ago: executing program 1 (id=3507):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000780)='netlink_extack\x00', r0, 0x0, 0xb0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x44, r2, 0x1, 0x70bd2d, 0xcee5, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x24000000)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0x7}, 0x18)
r5 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_STATX={0x15, 0xe, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x1})
io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x30)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r9=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xb, 0xfff3}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x80000001, 0x0, 0x8}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=@newtfilter={0x5c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0x3}, {}, {0x4, 0xe}}, [@filter_kind_options=@f_u32={{0x8}, {0x30, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0x600}}, @TCA_U32_SEL={0x24, 0x5, {0xc, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0x3, 0x58f, [{0xebd, 0x1, 0x206, 0x7}]}}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x24040084)
r10 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}, {0x6, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c800}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000400)={'gre0\x00', 0x0, 0x40, 0x40, 0x3, 0x3, {{0x11, 0x4, 0x1, 0x30, 0x44, 0x65, 0x0, 0xaa, 0x29, 0x0, @multicast2, @local, {[@end, @generic={0x7, 0x6, "2a4975e6"}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}, @rr={0x7, 0x1f, 0x24, [@dev={0xac, 0x14, 0x14, 0x1b}, @dev={0xac, 0x14, 0x14, 0x10}, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @broadcast, @private=0xa010102]}, @noop]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r4, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0xa, &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xf8, &(0x7f0000000500)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000580), &(0x7f00000005c0), 0x8, 0x25, 0x8, 0x8, &(0x7f0000000600)}}, 0x10)
r12 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000014c0)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r13, {}, {}, {0x6}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x40d5}, 0x0)

2.293554678s ago: executing program 2 (id=3508):
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x652c0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)

2.204109646s ago: executing program 0 (id=3509):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10)
clock_adjtime(0x0, 0x0)

2.197662406s ago: executing program 3 (id=3510):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xa, 0xfb, 0x7ffc1ffb}]})
io_cancel(0x0, 0x0, 0x0)

2.129842162s ago: executing program 0 (id=3511):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
ftruncate(0xffffffffffffffff, 0x8800000)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000100000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r3, <r5=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)=r4}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000180)=[{0x6, 0xd, 0x7, 0x7ffc0001}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000580)='kmem_cache_free\x00', r6, 0x0, 0x7fff}, 0x18)
link(0x0, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r5, &(0x7f0000000780)}, 0x20)
r7 = socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000780), r8)
sendto$packet(r7, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14)

2.04698229s ago: executing program 2 (id=3512):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
ftruncate(0xffffffffffffffff, 0x8800000)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000100000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r3, <r5=>0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)=r4}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000180)=[{0x6, 0xd, 0x7, 0x7ffc0001}]})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000580)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x7fff}, 0x18)
link(0x0, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r5, &(0x7f0000000780)}, 0x20)
r7 = socket$packet(0x11, 0x2, 0x300)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000780), r9)
sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32, @ANYBLOB="0100000000000000240012000c000100627269646765000e140002000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendto$packet(r7, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14)

429.321272ms ago: executing program 3 (id=3513):
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f00000006c0)=<r2=>0x0, &(0x7f0000000700)=0x4)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="d800000018007b7be00212ba0d1605040a003f00000f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e0700000004000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000640)={@empty, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7, 0x1, 0x81, 0x100, 0x2, 0x40fb0267, r2})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
semctl$GETVAL(0x0, 0x0, 0xc, 0x0)

247.793998ms ago: executing program 4 (id=3514):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x800, 0x11c, 0x1}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000200)=0x1, 0x4)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x200000, 0x4)
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0xe, r3, 0xfffffffe}, 0x10)

133.674738ms ago: executing program 1 (id=3515):
socket$nl_route(0x10, 0x3, 0x0)
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x72051052ae3513ca}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1, 0x0, 0x1075}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r5}, &(0x7f0000000000), &(0x7f00000005c0)=r6}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x9, 0x2)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x4}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='cpu<\t\t')
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000001880)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x5, &(0x7f00000000c0)={0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r8 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2000)
ioctl$SG_GET_VERSION_NUM(r8, 0x2284, &(0x7f0000000080))
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x1f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
r10 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r10, 0xc0105512, &(0x7f0000000200))

104.147961ms ago: executing program 3 (id=3516):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x1)

99.664001ms ago: executing program 2 (id=3517):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000780)='mm_page_free\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1000000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000003000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xe, 0x0, &(0x7f00000003c0)="7993ff01190000e5ffa53b00008f", 0x0, 0x400, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x4}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x3fffffffc}, 0x0, 0x4, 0x0, 0x3, 0xfff, 0x8001, 0x7fff}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
read$msr(r5, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x7c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x50, 0x3, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x40, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x10000}]}}}, {0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xe0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close(0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000300)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r8 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
ftruncate(r8, 0x80079a0)
lseek(r8, 0x80007, 0x4)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r9, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r9, &(0x7f0000000340)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r10, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r11}, 0x10)

35.794237ms ago: executing program 4 (id=3518):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xa, 0xfb, 0x7ffc1ffb}]})
io_cancel(0x0, 0x0, 0x0)

338.73µs ago: executing program 3 (id=3519):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r2, 0x1, 0x25, &(0x7f00000002c0), 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0)
mount(0x0, &(0x7f0000000780)='./file0\x00', &(0x7f0000000080)='ocfs2_dlmfs\x00', 0x8000, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb:\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00<r\xe9\x9cD\x90\xce\xe1\xc5\x85=\\!\xbbQ\xde\xc3\xe3\x7f\xcf\x1f\x17G\xa6\x13\xae\x92 \x1c\xbf\xfa\xe8e\x8cD\"\xa3w')
r5 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000001a00)=ANY=[@ANYBLOB="03000000000000000a004e2300000010ff010000000000000000000000000001f8ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000a004e2000000008fe8000000000000000000000000000aa05000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000010000000c0000000000000000000000000000000104000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ad94e2100000073fe8000000000000000000000000000aa09000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e210000000800000000000000000000000000000001"], 0x610)
r6 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0x88f}}, {{0xa, 0x4e08, 0x4a3, @private2, 0x4f0}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f0000000f80)={0x3, {{0xa, 0x4e23, 0x9, @mcast1, 0x8}}, 0x0, 0x6, [{{0xa, 0x4e20, 0xffffffff, @mcast1}}, {{0xa, 0x4e24, 0x7f8, @private0, 0x7}}, {{0xa, 0x4e20, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x5}}, {{0xa, 0x4e21, 0x4192, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x8}}, {{0xa, 0x4e22, 0x90000000, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xffff}}, {{0xa, 0x4e24, 0xc, @dev={0xfe, 0x80, '\x00', 0x1e}, 0xc}}]}, 0x390)
close(0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x1021, 0x3}, [@IFLA_GROUP={0x8}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0xb0b}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
r7 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac141400080008"], 0x2c}}, 0x0)
arch_prctl$ARCH_SHSTK_ENABLE(0x1003, 0xf0ff1f00000000)
sendto$inet6(r7, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r2], 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x18)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x18)
setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000340)=0x2, 0x4)

0s ago: executing program 4 (id=3520):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a320000000008004100"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES8=r0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r2, 0x0, 0x0, 0x24040000, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="23a983738152cc58ce98a51db5c118ad5a859cee3a6f390aa38675bd9f06ac529bf25104b6df8af7ef8651028a0efc8479067e49a1d076fc46755de3b959c936318755ab21dd23bfbfdd7d61066ab168297edda359944983730100ae9c3d0a350e8ca496f8a58cbd176f2834533d721ac1a7"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r4 = socket(0xa, 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b000000000000000000000000800000000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x18)
close_range(r4, r5, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r8, 0x0, 0x2}, 0x18)
socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = syz_open_dev$rtc(&(0x7f0000000380), 0x0, 0x189040)
ioctl$RTC_RD_TIME(r9, 0x4008700c, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
bpf$PROG_LOAD(0x5, &(0x7f0000002900)={0xf, 0x0, 0x0, 0x0, 0x96, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
fstat(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r11=>0x0, <r12=>0x0})
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x28007c2, &(0x7f0000000680)={[{@delalloc}, {@resuid={'resuid', 0x3d, r11}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid={'resgid', 0x3d, r12}}, {@acl}, {@dax_always}]}, 0x0, 0x483, &(0x7f0000001040)="$eJzs28tvVNUfAPDvvX0APx7tD/EBolaJSaOxpQWVhRuNJsZgNNEFLms7kIaBGlqNIJFiDG5MDImujUujf4E7Y2LUlYlb3bgyJETZALqpuXfuLdNpp1A6ZWrn80lue869Z+ac79zXuefMBNCxBrI/ScS2iPg1Ivpq2YUFBmr/rl05O379ytnxJObmXvszyctdvXJ2vCxavm5rkRlMI9IPk6KShaZPnzk+Vq1WThX54ZkTbw1Pnz7zxDsnxo5VjlVOjh46dPDAyNNPjT7ZkjizuK7ueX9q7+4X37j48viRi2/++HXW3m3F9vo4WmUgC/yvuVzd6vxjerTVlbXZ9rp00t3GhrAiXRGR7a6e/Pzvi664sfP64oUP2to4YE1l96ZNzTfPzgEbWBLtbgHQHuWNPnv+LZc71PVYFy4/W3sAyuK+Viy1Ld2RFmV6Gp5vW2kgIo7M/v15tsQajUMAANT7ePyzw70R8d71r17K+h5981vSuCf//3v+d0cxh9IfEf+PiJ0RcVdE7IqIuyPysvdGxH2rbM/i/k96aZVvuays//dMMbe1sP9X9v6iv6vIbc/j70mOTlYr+4vPZDB6NmX5kWXq+Pb5Xz5ptq2+/5ctWf1lX7Box6XuhgG6ibGZsbxT2gKXz0fs6V4q/mR+JiCJiN0RsWdlb72jTEw+9uXeZoVuHv8yWjDPNPdFFt5sFv9sNMRfSurnJycXzU8Ob45qZf9weVQs9tPPF15tVv9AzN1+/C1wuRL/xMLjv7FIf1I/Xzu98jou/PZR02ea2zz+097k9XyeubdY9+7YzMypkYje5HCeX7B+9MZry3xZPjv+B/ctff7vLF6TxX9/RGQH8QMR8WBEPFS0/eGIeCQi9i0T/w/PNd9Wxh9pm/b/+YiJJa9/88d/w/5feaLr+PffNKv/1vb/wTw1WKzJr383sVRzsstFYwNX89kBAADAf0Wafwc+SYfm02k6NFT7Dv+u+F9anZqeefzo1NsnJ2rfle+PnrQc6eorxkOrk9XKSDJbvGNtfHS0GCsux0sPFOPGn3ZtyfND41PViTbHDp1ua5PzP/NHV7tbB6yxLUuuHe294w0B2qBxHj1dmD33SrgYwEbl99rQuZqf/5tjcXcA2Ejc/6FzLXX+n2vImwuAjcn9HzqX8x86VPpdu1sAtJH7P3Sk1fyufw0Tm9dHM9qTWK87JU9ElIl0XbRHYqWJLbdWuN1XJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4NwAA///Xm+pu")

kernel console output (not intermixed with test programs):

0.361:41117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13681 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  364.023045][   T29] audit: type=1326 audit(1767997080.401:41118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13681 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0b361a2005 code=0x7ffc0000
[  364.046817][   T29] audit: type=1326 audit(1767997080.401:41119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13681 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0b361a2005 code=0x7ffc0000
[  364.079538][   T29] audit: type=1326 audit(1767997080.401:41120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13681 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0b361a2005 code=0x7ffc0000
[  364.103344][   T29] audit: type=1326 audit(1767997080.401:41121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13681 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0b361a2005 code=0x7ffc0000
[  364.127289][   T29] audit: type=1326 audit(1767997080.401:41122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13681 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0b361a2005 code=0x7ffc0000
[  364.150907][   T29] audit: type=1326 audit(1767997080.401:41123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13681 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0b361a2005 code=0x7ffc0000
[  364.174590][   T29] audit: type=1326 audit(1767997080.401:41124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13681 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0b361a2005 code=0x7ffc0000
[  364.198344][   T29] audit: type=1326 audit(1767997080.401:41125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13681 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0b361a2005 code=0x7ffc0000
[  364.221998][   T29] audit: type=1326 audit(1767997080.401:41126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13681 comm="syz.0.2969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0b361a2005 code=0x7ffc0000
[  364.246728][ T3325] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.375048][T13728] loop4: detected capacity change from 0 to 512
[  364.383939][T13718] Process accounting resumed
[  364.391531][T13728] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  364.427180][T13728] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  364.435422][T13728] System zones: 1-12
[  364.439834][T13728] EXT4-fs (loop4): 1 truncate cleaned up
[  364.452308][T13728] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  364.870313][T10920] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.931934][T10920] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.074575][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  365.085458][T10920] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.232934][T13779] netlink: 'syz.0.2988': attribute type 7 has an invalid length.
[  365.240774][T13779] __nla_validate_parse: 3 callbacks suppressed
[  365.240790][T13779] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2988'.
[  365.343967][T13781] Process accounting resumed
[  365.382002][T10920] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.427835][T13785] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2990'.
[  365.874128][T10920] bond1 (unregistering): (slave ip6gretap1): Releasing active interface
[  365.989158][T10920] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  366.006107][T10920] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  366.016384][T10920] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  366.026789][T10920] bond0 (unregistering): Released all slaves
[  366.041438][T10920] bond1 (unregistering): Released all slaves
[  366.055557][T10920] bond2 (unregistering): Released all slaves
[  366.069079][T10920] bond3 (unregistering): Released all slaves
[  366.084039][T10920] bond4 (unregistering): Released all slaves
[  366.098027][T10920] bond5 (unregistering): Released all slaves
[  366.104940][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.118612][T10920] bond6 (unregistering): Released all slaves
[  366.137820][T10920] bond7 (unregistering): Released all slaves
[  366.158932][T10920] bond8 (unregistering): Released all slaves
[  366.166069][T13819] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2996'.
[  366.178340][T10920] bond9 (unregistering): Released all slaves
[  366.198446][T10920] bond10 (unregistering): Released all slaves
[  366.211115][T10920] bond11 (unregistering): Released all slaves
[  366.316305][ T9392] Bluetooth: hci0: Frame reassembly failed (-84)
[  366.322741][T10920] tipc: Left network mode
[  366.446555][T10920] hsr_slave_0: left promiscuous mode
[  366.472152][T10920] hsr_slave_1: left promiscuous mode
[  366.486985][T10920] veth1_macvtap: left promiscuous mode
[  366.492996][T13837] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2997'.
[  366.502375][T10920] veth0_macvtap: left promiscuous mode
[  366.514633][T10920] veth1_vlan: left promiscuous mode
[  366.524627][T10920] veth0_vlan: left promiscuous mode
[  366.591753][T13832] Process accounting resumed
[  366.987061][T10920] team0 (unregistering): Port device team_slave_1 removed
[  367.366461][T10920] team0 (unregistering): Port device team_slave_0 removed
[  367.564285][T13863] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3003'.
[  367.838844][T13766] chnl_net:caif_netlink_parms(): no params data found
[  367.968363][T13877] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3006'.
[  367.998693][T13766] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.005821][T13766] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.017526][T13766] bridge_slave_0: entered allmulticast mode
[  368.024260][T13766] bridge_slave_0: entered promiscuous mode
[  368.033288][T13766] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.040390][T13766] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.048142][T13766] bridge_slave_1: entered allmulticast mode
[  368.064385][T13766] bridge_slave_1: entered promiscuous mode
[  368.087434][T13766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  368.097909][T13766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.127290][T13766] team0: Port device team_slave_0 added
[  368.134131][T13766] team0: Port device team_slave_1 added
[  368.192164][T13766] batman_adv: batadv0: Adding interface: batadv_slave_0
[  368.199175][T13766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  368.225147][T13766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  368.237787][T13766] batman_adv: batadv0: Adding interface: batadv_slave_1
[  368.244820][T13766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  368.270895][T13766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  368.355072][ T3500] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  369.153573][   T29] kauditd_printk_skb: 1425 callbacks suppressed
[  369.153588][   T29] audit: type=1326 audit(1767997085.021:42552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5706832005 code=0x7ffc0000
[  369.183682][   T29] audit: type=1326 audit(1767997085.141:42553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5706832005 code=0x7ffc0000
[  369.207544][   T29] audit: type=1326 audit(1767997085.271:42554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5706832005 code=0x7ffc0000
[  369.231200][   T29] audit: type=1326 audit(1767997085.401:42555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f57067ff749 code=0x7ffc0000
[  369.254811][   T29] audit: type=1326 audit(1767997085.521:42556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57067ff749 code=0x7ffc0000
[  369.278458][   T29] audit: type=1326 audit(1767997085.521:42557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57067ff749 code=0x7ffc0000
[  369.302034][   T29] audit: type=1326 audit(1767997085.521:42559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57067ff749 code=0x7ffc0000
[  369.325753][   T29] audit: type=1326 audit(1767997085.521:42558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13892 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57067ff749 code=0x7ffc0000
[  369.354098][T13907] sd 0:0:1:0: device reset
[  369.438436][   T29] audit: type=1400 audit(1767997085.731:42560): avc:  denied  { write } for  pid=13902 comm="syz.1.3010" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  369.458067][   T29] audit: type=1400 audit(1767997085.731:42561): avc:  denied  { read } for  pid=13902 comm="syz.1.3010" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  369.537170][T13910] Process accounting resumed
[  369.701389][T13922] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3015'.
[  369.790108][T13766] hsr_slave_0: entered promiscuous mode
[  369.803647][T13766] hsr_slave_1: entered promiscuous mode
[  369.809930][T13766] debugfs: 'hsr0' already exists in 'hsr'
[  369.815790][T13766] Cannot create hsr debugfs directory
[  370.059801][T13951] netlink: 'syz.3.3020': attribute type 39 has an invalid length.
[  370.073434][T13942] loop4: detected capacity change from 0 to 1024
[  370.100226][T13942] EXT4-fs: Mount option(s) incompatible with ext3
[  370.130521][T13957] Process accounting resumed
[  370.179232][T13964] loop3: detected capacity change from 0 to 512
[  370.231397][T13964] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  370.252612][T13964] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  370.270809][T13964] System zones: 1-12
[  370.301800][T13964] EXT4-fs (loop3): 1 truncate cleaned up
[  370.325015][T13964] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  370.932972][T13992] bridge0: port 4(batadv2) entered blocking state
[  370.939717][T13992] bridge0: port 4(batadv2) entered disabled state
[  370.952739][T13992] batadv2: entered allmulticast mode
[  370.958939][T13992] batadv2: entered promiscuous mode
[  371.007373][T13766] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  371.023053][T13766] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  371.039031][T13766] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  371.065143][T13766] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  371.282466][T14031] Process accounting resumed
[  371.306160][T13766] 8021q: adding VLAN 0 to HW filter on device bond0
[  371.331063][T13766] 8021q: adding VLAN 0 to HW filter on device team0
[  371.345507][ T6089] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.352628][ T6089] bridge0: port 1(bridge_slave_0) entered forwarding state
[  371.385671][ T6089] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.392813][ T6089] bridge0: port 2(bridge_slave_1) entered forwarding state
[  371.434594][T10920] batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled
[  371.443874][T10920] batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled
[  371.489479][T13766] 8021q: adding VLAN 0 to HW filter on device batadv0
[  371.628874][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  371.847027][T14088] FAULT_INJECTION: forcing a failure.
[  371.847027][T14088] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  371.860265][T14088] CPU: 1 UID: 0 PID: 14088 Comm: syz.3.3041 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  371.860294][T14088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  371.860307][T14088] Call Trace:
[  371.860313][T14088]  <TASK>
[  371.860321][T14088]  __dump_stack+0x1d/0x30
[  371.860395][T14088]  dump_stack_lvl+0x95/0xd0
[  371.860423][T14088]  dump_stack+0x15/0x1b
[  371.860448][T14088]  should_fail_ex+0x265/0x280
[  371.860476][T14088]  should_fail+0xb/0x20
[  371.860501][T14088]  should_fail_usercopy+0x1a/0x20
[  371.860533][T14088]  _copy_from_user+0x1c/0xb0
[  371.860560][T14088]  __sys_bpf+0x183/0x7c0
[  371.860671][T14088]  __x64_sys_bpf+0x41/0x50
[  371.860708][T14088]  x64_sys_call+0x28e1/0x3000
[  371.860807][T14088]  do_syscall_64+0xca/0x2b0
[  371.860851][T14088]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.860878][T14088] RIP: 0033:0x7efff41af749
[  371.860938][T14088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  371.860956][T14088] RSP: 002b:00007efff2c0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  371.861094][T14088] RAX: ffffffffffffffda RBX: 00007efff4405fa0 RCX: 00007efff41af749
[  371.861110][T14088] RDX: 0000000000000094 RSI: 0000200000000780 RDI: 0000000000000005
[  371.861125][T14088] RBP: 00007efff2c0f090 R08: 0000000000000000 R09: 0000000000000000
[  371.861141][T14088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  371.861154][T14088] R13: 00007efff4406038 R14: 00007efff4405fa0 R15: 00007ffd042e76b8
[  371.861172][T14088]  </TASK>
[  372.021890][    C1] vcan0: j1939_tp_rxtimer: 0xffff88812aaffa00: rx timeout, send abort
[  372.030152][    C1] vcan0: j1939_tp_rxtimer: 0xffff88812aafec00: rx timeout, send abort
[  372.038750][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88812aaffa00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  372.053116][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88812aafec00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  372.069510][T13766] veth0_vlan: entered promiscuous mode
[  372.077843][T13766] veth1_vlan: entered promiscuous mode
[  372.103174][T14050] infiniband syz!: set down
[  372.107796][T14050] infiniband syz!: added team_slave_0
[  372.140556][T13766] veth0_macvtap: entered promiscuous mode
[  372.196989][T13766] veth1_macvtap: entered promiscuous mode
[  372.239342][T14095] Process accounting resumed
[  372.240703][T13766] batman_adv: batadv0: Interface activated: batadv_slave_0
[  372.257011][T14050] RDS/IB: syz!: added
[  372.261037][T14050] smc: adding ib device syz! with port count 1
[  372.335062][T13766] batman_adv: batadv0: Interface activated: batadv_slave_1
[  372.337979][T14050] smc:    ib device syz! port 1 has no pnetid
[  372.370295][ T9408] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  372.404005][ T9408] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  372.415934][ T9408] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  372.448867][ T9408] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  372.520578][T14125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2986'.
[  372.529625][T14125] bridge_slave_1: left allmulticast mode
[  372.535411][T14125] bridge_slave_1: left promiscuous mode
[  372.541117][T14125] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.567678][T14125] bridge_slave_0: left allmulticast mode
[  372.573425][T14125] bridge_slave_0: left promiscuous mode
[  372.579252][T14125] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.170182][T14148] loop3: detected capacity change from 0 to 512
[  373.221442][T14148] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  373.237872][T14148] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  373.246639][T14148] System zones: 1-12
[  373.261986][ T7490] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.275303][T14148] EXT4-fs (loop3): 1 truncate cleaned up
[  373.281449][T14148] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  373.330381][ T7490] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.511761][ T7490] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.580465][ T7490] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.727041][T14129] chnl_net:caif_netlink_parms(): no params data found
[  373.848000][ T7490] bond1 (unregistering): (slave ip6gretap1): Releasing active interface
[  373.957392][ T7490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  373.967485][ T7490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  373.977363][ T7490] bond0 (unregistering): Released all slaves
[  373.986870][ T7490] bond1 (unregistering): Released all slaves
[  373.995987][ T7490] bond2 (unregistering): Released all slaves
[  374.012034][ T7490] bond3 (unregistering): Released all slaves
[  374.022200][ T7490] bond4 (unregistering): Released all slaves
[  374.031664][ T7490] bond5 (unregistering): Released all slaves
[  374.105538][T14129] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.112637][T14129] bridge0: port 1(bridge_slave_0) entered disabled state
[  374.150765][T14129] bridge_slave_0: entered allmulticast mode
[  374.165772][T14129] bridge_slave_0: entered promiscuous mode
[  374.195262][T14129] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.202400][T14129] bridge0: port 2(bridge_slave_1) entered disabled state
[  374.223364][T14129] bridge_slave_1: entered allmulticast mode
[  374.225917][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.230728][T14129] bridge_slave_1: entered promiscuous mode
[  374.694780][   T29] kauditd_printk_skb: 1527 callbacks suppressed
[  374.694794][   T29] audit: type=1400 audit(1767997091.081:44089): avc:  denied  { allowed } for  pid=14189 comm="syz.3.3056" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  374.724694][   T29] audit: type=1400 audit(1767997091.111:44090): avc:  denied  { create } for  pid=14189 comm="syz.3.3056" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  374.748688][   T29] audit: type=1400 audit(1767997091.111:44091): avc:  denied  { map } for  pid=14189 comm="syz.3.3056" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=43550 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  374.773232][   T29] audit: type=1400 audit(1767997091.111:44092): avc:  denied  { read write } for  pid=14189 comm="syz.3.3056" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=43550 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  374.814197][   T29] audit: type=1400 audit(1767997091.191:44093): avc:  denied  { create } for  pid=14191 comm="+}[@" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  374.833357][   T29] audit: type=1400 audit(1767997091.191:44094): avc:  denied  { read write } for  pid=14191 comm="+}[@" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  374.857430][   T29] audit: type=1400 audit(1767997091.191:44095): avc:  denied  { open } for  pid=14191 comm="+}[@" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  374.912789][   T29] audit: type=1400 audit(1767997091.261:44096): avc:  denied  { ioctl } for  pid=14189 comm="syz.3.3056" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=43550 ioctlcmd=0x89f8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  374.936489][T14196] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3056'.
[  374.952094][   T29] audit: type=1400 audit(1767997091.331:44097): avc:  denied  { search } for  pid=3047 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  374.973880][   T29] audit: type=1400 audit(1767997091.331:44098): avc:  denied  { search } for  pid=3047 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  375.059548][ T7490] hsr_slave_0: left promiscuous mode
[  375.066307][ T7490] hsr_slave_1: left promiscuous mode
[  375.075889][ T7490] veth1_macvtap: left allmulticast mode
[  375.081612][ T7490] veth1_macvtap: left promiscuous mode
[  375.088547][ T7490] veth0_macvtap: left promiscuous mode
[  375.102207][ T7490] veth1_vlan: left promiscuous mode
[  375.108763][ T7490] veth0_vlan: left promiscuous mode
[  375.218244][ T7490] team0 (unregistering): Port device team_slave_1 removed
[  375.231957][ T7490] team0 (unregistering): Port device team_slave_0 removed
[  375.329279][T14129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  375.428935][T14129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  375.547631][T14129] team0: Port device team_slave_0 added
[  375.603744][T14129] team0: Port device team_slave_1 added
[  375.633018][T14129] batman_adv: batadv0: Adding interface: batadv_slave_0
[  375.640139][T14129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  375.666383][T14129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  375.829486][T14129] batman_adv: batadv0: Adding interface: batadv_slave_1
[  375.836574][T14129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  375.862604][T14129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  375.902430][T14248] syzkaller1: entered promiscuous mode
[  375.908079][T14248] syzkaller1: entered allmulticast mode
[  375.934181][T14208] loop3: detected capacity change from 0 to 1024
[  375.976970][T14208] EXT4-fs: Mount option(s) incompatible with ext3
[  376.000608][T14261] loop2: detected capacity change from 0 to 1024
[  376.035648][T14261] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  376.046637][T14261] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  376.061595][T14129] hsr_slave_0: entered promiscuous mode
[  376.067896][T14129] hsr_slave_1: entered promiscuous mode
[  376.091193][T14261] JBD2: no valid journal superblock found
[  376.097011][T14261] EXT4-fs (loop2): Could not load journal inode
[  376.109803][T14129] debugfs: 'hsr0' already exists in 'hsr'
[  376.115657][T14129] Cannot create hsr debugfs directory
[  376.161140][T14272] loop3: detected capacity change from 0 to 512
[  376.214790][T14272] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  376.236602][T14275] netlink: 67 bytes leftover after parsing attributes in process `syz.2.3069'.
[  376.355132][T14272] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  376.378751][T14272] System zones: 1-12
[  376.387780][T14275] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  376.414060][T14272] EXT4-fs (loop3): 1 truncate cleaned up
[  376.434332][T14272] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  376.618727][T14285] bridge0: entered promiscuous mode
[  376.715417][T14285] bridge0: port 5(macsec1) entered blocking state
[  376.721935][T14285] bridge0: port 5(macsec1) entered disabled state
[  376.728563][T14285] macsec1: entered allmulticast mode
[  376.733874][T14285] bridge0: entered allmulticast mode
[  376.739847][T14285] macsec1: left allmulticast mode
[  376.744953][T14285] bridge0: left allmulticast mode
[  376.750531][T14285] bridge0: left promiscuous mode
[  377.265585][ T9429] Bluetooth: hci0: Frame reassembly failed (-84)
[  377.489446][T14129] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  377.517804][T14129] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  377.548871][T14129] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  377.574707][T14129] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  377.679638][T14129] 8021q: adding VLAN 0 to HW filter on device bond0
[  377.716299][T14129] 8021q: adding VLAN 0 to HW filter on device team0
[  377.808921][T14129] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  377.819365][T14129] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  377.845586][   T56] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.852769][   T56] bridge0: port 1(bridge_slave_0) entered forwarding state
[  377.894625][   T56] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.901818][   T56] bridge0: port 2(bridge_slave_1) entered forwarding state
[  377.987485][T14129] 8021q: adding VLAN 0 to HW filter on device batadv0
[  378.171935][T14129] veth0_vlan: entered promiscuous mode
[  378.195935][T14129] veth1_vlan: entered promiscuous mode
[  378.238320][T14129] veth0_macvtap: entered promiscuous mode
[  378.258119][T14129] veth1_macvtap: entered promiscuous mode
[  378.290442][T14129] batman_adv: batadv0: Interface activated: batadv_slave_0
[  378.311144][T14129] batman_adv: batadv0: Interface activated: batadv_slave_1
[  378.340383][ T8754] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  378.358170][ T8754] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  378.370037][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.374704][ T8754] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  378.404713][ T8754] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.626640][T14421] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3086'.
[  378.729733][T14429] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3088'.
[  378.938213][T14439] netlink: 67 bytes leftover after parsing attributes in process `syz.0.3093'.
[  379.019813][T14440] sd 0:0:1:0: device reset
[  379.044583][T14439] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  379.213504][T14445] syzkaller1: entered promiscuous mode
[  379.219080][T14445] syzkaller1: entered allmulticast mode
[  379.314598][ T3500] Bluetooth: hci0: command 0x1003 tx timeout
[  379.320833][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  379.426453][T14449] netlink: 'syz.0.3096': attribute type 39 has an invalid length.
[  379.717134][   T29] kauditd_printk_skb: 1286 callbacks suppressed
[  379.717229][   T29] audit: type=1326 audit(1767997096.071:45385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14415 comm="syz.2.3085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  379.779586][T14455] FAULT_INJECTION: forcing a failure.
[  379.779586][T14455] name failslab, interval 1, probability 0, space 0, times 0
[  379.792403][T14455] CPU: 1 UID: 0 PID: 14455 Comm: syz.3.3098 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  379.792475][T14455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  379.792488][T14455] Call Trace:
[  379.792494][T14455]  <TASK>
[  379.792502][T14455]  __dump_stack+0x1d/0x30
[  379.792531][T14455]  dump_stack_lvl+0x95/0xd0
[  379.792555][T14455]  dump_stack+0x15/0x1b
[  379.792603][T14455]  should_fail_ex+0x265/0x280
[  379.792631][T14455]  should_failslab+0x8c/0xb0
[  379.792659][T14455]  kmem_cache_alloc_noprof+0x69/0x4b0
[  379.792687][T14455]  ? audit_log_start+0x342/0x720
[  379.792783][T14455]  audit_log_start+0x342/0x720
[  379.792821][T14455]  ? kstrtouint+0x76/0xc0
[  379.792843][T14455]  audit_seccomp+0x48/0x100
[  379.792872][T14455]  ? __seccomp_filter+0x832/0x1260
[  379.792897][T14455]  __seccomp_filter+0x843/0x1260
[  379.792937][T14455]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  379.792972][T14455]  ? vfs_write+0x7e8/0x960
[  379.793026][T14455]  ? __rcu_read_unlock+0x4f/0x70
[  379.793051][T14455]  ? __fget_files+0x184/0x1c0
[  379.793081][T14455]  __secure_computing+0x82/0x150
[  379.793115][T14455]  syscall_trace_enter+0xcf/0x1e0
[  379.793207][T14455]  do_syscall_64+0xa4/0x2b0
[  379.793281][T14455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.793316][T14455] RIP: 0033:0x7efff41af749
[  379.793330][T14455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.793348][T14455] RSP: 002b:00007efff2c0f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[  379.793366][T14455] RAX: ffffffffffffffda RBX: 00007efff4405fa0 RCX: 00007efff41af749
[  379.793382][T14455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  379.793471][T14455] RBP: 00007efff2c0f090 R08: 0000000000000000 R09: 0000000000000000
[  379.793482][T14455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  379.793493][T14455] R13: 00007efff4406038 R14: 00007efff4405fa0 R15: 00007ffd042e76b8
[  379.793511][T14455]  </TASK>
[  379.793519][T14455] audit: audit_lost=6 audit_rate_limit=0 audit_backlog_limit=64
[  380.000495][T14455] audit: out of memory in audit_log_start
[  380.004948][   T29] audit: type=1326 audit(1767997096.131:45386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14415 comm="syz.2.3085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  380.029914][   T29] audit: type=1400 audit(1767997096.151:45387): avc:  denied  { read } for  pid=14454 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  380.051692][   T29] audit: type=1400 audit(1767997096.151:45388): avc:  denied  { open } for  pid=14454 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  380.075917][   T29] audit: type=1400 audit(1767997096.151:45389): avc:  denied  { mounton } for  pid=14454 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  380.097626][   T29] audit: type=1400 audit(1767997096.161:45390): avc:  denied  { prog_run } for  pid=14453 comm="syz.3.3098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  380.116935][   T29] audit: type=1326 audit(1767997096.161:45391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14453 comm="syz.3.3098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efff41af749 code=0x7ffc0000
[  380.140611][   T29] audit: type=1326 audit(1767997096.161:45392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14453 comm="syz.3.3098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efff41adf90 code=0x7ffc0000
[  380.214848][T14462] loop3: detected capacity change from 0 to 1024
[  380.221934][T14462] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  380.232920][T14462] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  380.246282][ T1010] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.277552][T14458] netlink: 'syz.4.3099': attribute type 39 has an invalid length.
[  380.296362][ T1010] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.318504][T14462] JBD2: no valid journal superblock found
[  380.324296][T14462] EXT4-fs (loop3): Could not load journal inode
[  380.345588][T14468] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3101'.
[  380.356464][ T1010] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.428820][T14462] netlink: 67 bytes leftover after parsing attributes in process `syz.3.3100'.
[  380.439920][ T1010] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.459641][T14462] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  380.516007][T14477] bridge0: entered promiscuous mode
[  380.531047][T14477] bridge0: port 5(macsec1) entered blocking state
[  380.537761][T14477] bridge0: port 5(macsec1) entered disabled state
[  380.544787][T14477] macsec1: entered allmulticast mode
[  380.550271][T14477] bridge0: entered allmulticast mode
[  380.556467][T14477] macsec1: left allmulticast mode
[  380.561560][T14477] bridge0: left allmulticast mode
[  380.580733][T14477] bridge0: left promiscuous mode
[  380.780474][T14484] Process accounting resumed
[  380.801367][T14487] loop2: detected capacity change from 0 to 1024
[  380.808897][T14487] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  380.819930][T14487] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  380.830668][T14487] JBD2: no valid journal superblock found
[  380.836486][T14487] EXT4-fs (loop2): Could not load journal inode
[  380.849602][ T1010] bond1 (unregistering): (slave ip6gretap1): Releasing active interface
[  380.864089][T14487] netlink: 67 bytes leftover after parsing attributes in process `syz.2.3106'.
[  380.937857][ T1010] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  380.948651][ T1010] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  380.958829][ T1010] bond0 (unregistering): Released all slaves
[  380.968376][ T1010] bond1 (unregistering): Released all slaves
[  380.978696][ T1010] bond2 (unregistering): Released all slaves
[  380.988885][ T1010] bond3 (unregistering): Released all slaves
[  380.998557][ T1010] bond4 (unregistering): Released all slaves
[  381.008732][ T1010] bond5 (unregistering): Released all slaves
[  381.018753][ T1010] bond6 (unregistering): Released all slaves
[  381.029256][ T1010] bond7 (unregistering): Released all slaves
[  381.039971][ T1010] bond8 (unregistering): Released all slaves
[  381.050501][ T1010] bond9 (unregistering): Released all slaves
[  381.059718][ T1010] bond10 (unregistering): Released all slaves
[  381.069619][ T1010] bond11 (unregistering): Released all slaves
[  381.083386][ T1010] bond12 (unregistering): (slave veth5): Releasing active interface
[  381.093155][ T1010] bond12 (unregistering): Released all slaves
[  381.102997][ T1010] bond13 (unregistering): Released all slaves
[  381.113127][ T1010] bond14 (unregistering): Released all slaves
[  381.122724][ T1010] bond15 (unregistering): Released all slaves
[  381.151329][T14487] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  381.313052][T14454] chnl_net:caif_netlink_parms(): no params data found
[  381.424834][T14502] netlink: 'syz.3.3110': attribute type 39 has an invalid length.
[  381.436826][T14510] sd 0:0:1:0: device reset
[  381.551663][ T1010] hsr_slave_0: left promiscuous mode
[  381.592954][ T1010] hsr_slave_1: left promiscuous mode
[  381.651396][ T1010] veth1_macvtap: left promiscuous mode
[  381.681661][ T1010] veth0_macvtap: left promiscuous mode
[  381.720740][ T1010] veth1_vlan: left promiscuous mode
[  381.757001][ T1010] veth0_vlan: left promiscuous mode
[  382.039743][T14500] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  382.062958][ T1010] team0 (unregistering): Port device team_slave_1 removed
[  382.092460][ T1010] team0 (unregistering): Port device team_slave_0 removed
[  382.129946][ T4137] smc: removing ib device syz!
[  382.203739][T14523] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3111'.
[  382.533751][T14546] sd 0:0:1:0: device reset
[  382.682924][T14554] loop3: detected capacity change from 0 to 1024
[  382.708793][T14554] EXT4-fs: Mount option(s) incompatible with ext3
[  382.769022][T14454] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.776352][T14454] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.826461][T14454] bridge_slave_0: entered allmulticast mode
[  382.858730][T14454] bridge_slave_0: entered promiscuous mode
[  382.915088][T14454] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.922205][T14454] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.025983][T14454] bridge_slave_1: entered allmulticast mode
[  383.063904][T14454] bridge_slave_1: entered promiscuous mode
[  383.430382][T14454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  383.441669][T14454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  383.505509][T14454] team0: Port device team_slave_0 added
[  383.517562][T14454] team0: Port device team_slave_1 added
[  383.542067][T14575] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3121'.
[  383.598725][T14454] batman_adv: batadv0: Adding interface: batadv_slave_0
[  383.605872][T14454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  383.631931][T14454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  383.647957][T14569] infiniband syz!: set down
[  383.652503][T14569] infiniband syz!: added team_slave_0
[  383.665673][T14569] RDS/IB: syz!: added
[  383.672266][T14569] smc: adding ib device syz! with port count 1
[  383.689801][T14569] smc:    ib device syz! port 1 has no pnetid
[  383.703583][T14454] batman_adv: batadv0: Adding interface: batadv_slave_1
[  383.710596][T14454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  383.737192][T14454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  383.838237][T14454] hsr_slave_0: entered promiscuous mode
[  383.944369][T14454] hsr_slave_1: entered promiscuous mode
[  384.111202][T14598] sd 0:0:1:0: device reset
[  384.467196][T14454] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  384.540989][T14454] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  384.593274][T14454] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  384.662808][T14454] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  384.708336][T14599] Process accounting resumed
[  384.893931][T14605] netlink: 'syz.4.3126': attribute type 39 has an invalid length.
[  384.959038][T14454] 8021q: adding VLAN 0 to HW filter on device bond0
[  384.981419][   T29] kauditd_printk_skb: 816 callbacks suppressed
[  384.981486][   T29] audit: type=1326 audit(1767997101.361:46209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.0.3127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  385.011649][   T29] audit: type=1326 audit(1767997101.361:46210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.0.3127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  385.035564][   T29] audit: type=1326 audit(1767997101.361:46211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.0.3127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  385.052720][T14454] 8021q: adding VLAN 0 to HW filter on device team0
[  385.059282][   T29] audit: type=1326 audit(1767997101.361:46212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.0.3127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  385.089672][   T29] audit: type=1326 audit(1767997101.361:46213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.0.3127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  385.113303][   T29] audit: type=1326 audit(1767997101.361:46214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.0.3127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  385.137197][   T29] audit: type=1326 audit(1767997101.361:46215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.0.3127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  385.148319][T14620] bridge0: entered promiscuous mode
[  385.161197][   T29] audit: type=1326 audit(1767997101.361:46216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.0.3127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  385.189922][   T29] audit: type=1326 audit(1767997101.361:46217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.0.3127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  385.213671][   T29] audit: type=1326 audit(1767997101.361:46218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14613 comm="syz.0.3127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0b3616f749 code=0x7ffc0000
[  385.233789][T14620] bridge0: port 5(macsec1) entered blocking state
[  385.243758][T14620] bridge0: port 5(macsec1) entered disabled state
[  385.252090][T14620] macsec1: entered allmulticast mode
[  385.257720][T14620] bridge0: entered allmulticast mode
[  385.267932][T14620] macsec1: left allmulticast mode
[  385.273004][T14620] bridge0: left allmulticast mode
[  385.283546][T14620] bridge0: left promiscuous mode
[  385.321477][  T825] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.328584][  T825] bridge0: port 1(bridge_slave_0) entered forwarding state
[  385.355435][T14454] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  385.365904][T14454] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  385.387896][  T825] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.395007][  T825] bridge0: port 2(bridge_slave_1) entered forwarding state
[  385.474765][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  385.614012][T14454] 8021q: adding VLAN 0 to HW filter on device batadv0
[  385.662966][  T825] Bluetooth: hci0: Frame reassembly failed (-84)
[  385.721989][T14663] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3135'.
[  385.734069][T14673] loop4: detected capacity change from 0 to 512
[  385.755469][T14673] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  385.785525][T14680] loop7: detected capacity change from 0 to 7
[  385.795375][T14673] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  385.815343][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  385.819798][T14673] System zones: 
[  385.825018][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  385.828585][T14673] 1-12
[  385.847335][T14673] EXT4-fs (loop4): 1 truncate cleaned up
[  385.853490][T14673] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  385.855774][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  385.875531][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  385.887671][T14680]  loop7: unable to read partition table
[  385.893423][T14680] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  385.963949][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x880700 phys_seg 1 prio class 2
[  385.973889][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  385.983515][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  385.991620][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  386.001264][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  386.009995][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  386.019606][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  386.028732][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  386.038338][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  386.047226][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  386.052028][T14696] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3138'.
[  386.056863][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  386.079335][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x880700 phys_seg 1 prio class 2
[  386.089418][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  386.099007][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  386.106874][    C0] Buffer I/O error on dev loop7, logical block 1, async page read
[  386.114749][    C0] Buffer I/O error on dev loop7, logical block 2, async page read
[  386.147507][T14454] veth0_vlan: entered promiscuous mode
[  386.159092][T14454] veth1_vlan: entered promiscuous mode
[  386.176121][T14454] veth0_macvtap: entered promiscuous mode
[  386.184007][T14454] veth1_macvtap: entered promiscuous mode
[  386.195722][T14454] batman_adv: batadv0: Interface activated: batadv_slave_0
[  386.225646][T14700] loop3: detected capacity change from 0 to 512
[  386.233380][T14700] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  386.248004][T14454] batman_adv: batadv0: Interface activated: batadv_slave_1
[  386.259669][ T1010] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  386.276592][ T1010] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  386.286480][ T1010] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  386.305431][T14700] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  386.313579][ T1010] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  386.322594][T14700] System zones: 1-12
[  386.327558][T14700] EXT4-fs (loop3): 1 truncate cleaned up
[  386.334231][T14700] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  386.363612][T14705] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  386.443746][T14708] loop1: detected capacity change from 0 to 1024
[  386.467806][T14708] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  386.479043][T14708] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  386.546778][T14708] JBD2: no valid journal superblock found
[  386.552690][T14708] EXT4-fs (loop1): Could not load journal inode
[  386.661754][T14708] netlink: 67 bytes leftover after parsing attributes in process `syz.1.3140'.
[  386.693196][T14708] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  387.076329][ T6387] Bluetooth: hci1: Frame reassembly failed (-84)
[  387.120267][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.200238][ T3008]  loop7: unable to read partition table
[  387.288417][T14747] loop3: detected capacity change from 0 to 512
[  387.320623][T14747] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  387.381842][T14747] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  387.389901][T14747] System zones: 1-12
[  387.394336][T14747] EXT4-fs (loop3): 1 truncate cleaned up
[  387.405357][T14747] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  387.460102][T14129] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.537192][T14751] sd 0:0:1:0: device reset
[  387.724903][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  387.731287][T11911] Bluetooth: hci0: command 0x1003 tx timeout
[  387.993537][T14756] dvmrp6: entered allmulticast mode
[  388.605432][T14764] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3156'.
[  388.617025][T14764] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  388.624446][T14764] batman_adv: batadv0: Removing interface: batadv_slave_0
[  388.646022][T14764] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  388.653470][T14764] batman_adv: batadv0: Removing interface: batadv_slave_1
[  388.820285][T14783] FAULT_INJECTION: forcing a failure.
[  388.820285][T14783] name failslab, interval 1, probability 0, space 0, times 0
[  388.833049][T14783] CPU: 0 UID: 0 PID: 14783 Comm: syz.2.3159 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  388.833089][T14783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  388.833101][T14783] Call Trace:
[  388.833107][T14783]  <TASK>
[  388.833113][T14783]  __dump_stack+0x1d/0x30
[  388.833210][T14783]  dump_stack_lvl+0x95/0xd0
[  388.833236][T14783]  dump_stack+0x15/0x1b
[  388.833255][T14783]  should_fail_ex+0x265/0x280
[  388.833279][T14783]  should_failslab+0x8c/0xb0
[  388.833307][T14783]  __kvmalloc_node_noprof+0x149/0x6b0
[  388.833357][T14783]  ? nf_hook_entries_grow+0x1c1/0x460
[  388.833442][T14783]  nf_hook_entries_grow+0x1c1/0x460
[  388.833482][T14783]  __nf_register_net_hook+0x18e/0x480
[  388.833516][T14783]  nf_register_net_hook+0x88/0x130
[  388.833575][T14783]  nf_register_net_hooks+0x44/0x150
[  388.833672][T14783]  nf_ct_netns_do_get+0x2b1/0x380
[  388.833775][T14783]  nf_ct_netns_get+0x87/0xc0
[  388.833837][T14783]  connmark_mt_check+0x35/0xa0
[  388.833868][T14783]  xt_check_match+0x2ad/0x4f0
[  388.833966][T14783]  ? mutex_unlock+0x4f/0x90
[  388.833992][T14783]  ? xt_find_match+0x1d1/0x210
[  388.834027][T14783]  ? xt_find_match+0x1b5/0x210
[  388.834065][T14783]  translate_table+0xa9c/0xf90
[  388.834127][T14783]  do_ipt_set_ctl+0x66f/0x820
[  388.834162][T14783]  nf_setsockopt+0x199/0x1b0
[  388.834205][T14783]  ip_setsockopt+0x102/0x110
[  388.834245][T14783]  udp_setsockopt+0x99/0xb0
[  388.834284][T14783]  sock_common_setsockopt+0x69/0x80
[  388.834312][T14783]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  388.834361][T14783]  __sys_setsockopt+0x184/0x200
[  388.834391][T14783]  __x64_sys_setsockopt+0x64/0x80
[  388.834418][T14783]  x64_sys_call+0x21d5/0x3000
[  388.834481][T14783]  do_syscall_64+0xca/0x2b0
[  388.834529][T14783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.834556][T14783] RIP: 0033:0x7f129da7f749
[  388.834571][T14783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.834633][T14783] RSP: 002b:00007f129c4df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  388.834658][T14783] RAX: ffffffffffffffda RBX: 00007f129dcd5fa0 RCX: 00007f129da7f749
[  388.834672][T14783] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[  388.834684][T14783] RBP: 00007f129c4df090 R08: 0000000000000348 R09: 0000000000000000
[  388.834696][T14783] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.834708][T14783] R13: 00007f129dcd6038 R14: 00007f129dcd5fa0 R15: 00007ffc4dae71d8
[  388.834726][T14783]  </TASK>
[  389.083392][T14783] cannot load conntrack support for proto=2
[  389.110120][T14786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3161'.
[  389.119366][T14786] batadv2: left allmulticast mode
[  389.124474][T14786] batadv2: left promiscuous mode
[  389.129713][T14786] bridge0: port 4(batadv2) entered disabled state
[  389.137453][T14786] batadv1: left allmulticast mode
[  389.142518][T14786] batadv1: left promiscuous mode
[  389.147826][T14786] bridge0: port 3(batadv1) entered disabled state
[  389.154641][T11911] Bluetooth: hci1: command 0x1003 tx timeout
[  389.154732][ T3500] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  389.189471][T14786] bridge_slave_1: left allmulticast mode
[  389.195213][T14786] bridge_slave_1: left promiscuous mode
[  389.200925][T14786] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.220975][ T3008]  loop7: unable to read partition table
[  389.252609][T14793] loop4: detected capacity change from 0 to 1024
[  389.259951][T14793] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  389.271110][T14793] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  389.281278][T14797] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3165'.
[  389.291855][T14793] JBD2: no valid journal superblock found
[  389.293152][T14786] bridge_slave_0: left allmulticast mode
[  389.297847][T14793] EXT4-fs (loop4): Could not load journal inode
[  389.303321][T14786] bridge_slave_0: left promiscuous mode
[  389.315362][T14786] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.363406][T14793] netlink: 67 bytes leftover after parsing attributes in process `syz.4.3166'.
[  389.409313][T14801] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3167'.
[  389.439297][T14793] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  390.643142][   T29] kauditd_printk_skb: 284 callbacks suppressed
[  390.643158][   T29] audit: type=1326 audit(1767997106.381:46503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14818 comm="syz.4.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f629b2df783 code=0x7ffc0000
[  390.672957][   T29] audit: type=1326 audit(1767997106.391:46504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14818 comm="syz.4.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f629b2df783 code=0x7ffc0000
[  390.696650][   T29] audit: type=1326 audit(1767997106.391:46505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14818 comm="syz.4.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  390.720254][   T29] audit: type=1326 audit(1767997106.391:46506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14818 comm="syz.4.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f629b2df783 code=0x7ffc0000
[  390.743662][   T29] audit: type=1326 audit(1767997106.391:46507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14818 comm="syz.4.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f629b2df807 code=0x7ffc0000
[  390.768749][   T29] audit: type=1326 audit(1767997106.391:46508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14818 comm="syz.4.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f629b296bdd code=0x7ffc0000
[  390.792845][   T29] audit: type=1326 audit(1767997106.391:46509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14818 comm="syz.4.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f629b313e89 code=0x7ffc0000
[  390.816506][   T29] audit: type=1326 audit(1767997106.391:46510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14818 comm="syz.4.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f629b296c47 code=0x7ffc0000
[  390.840219][   T29] audit: type=1326 audit(1767997106.391:46511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14818 comm="syz.4.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  390.864011][   T29] audit: type=1326 audit(1767997106.391:46512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14818 comm="syz.4.3170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  391.871638][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.424360][T14837] sd 0:0:1:0: device reset
[  392.444572][T14830] sd 0:0:1:0: device reset
[  392.648894][ T4142] Bluetooth: hci0: Frame reassembly failed (-84)
[  392.717534][T14856] random: crng reseeded on system resumption
[  392.727687][T14856] Unrecognized hibernate image header format!
[  392.733800][T14856] PM: hibernation: Image mismatch: architecture specific data
[  392.832542][T14859] loop4: detected capacity change from 0 to 512
[  392.856724][T14859] EXT4-fs: dax option not supported
[  392.862861][T14860] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3180'.
[  392.884576][T14860] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  392.892013][T14860] batman_adv: batadv0: Removing interface: batadv_slave_0
[  392.903956][T14860] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  392.911474][T14860] batman_adv: batadv0: Removing interface: batadv_slave_1
[  392.924265][T14856] loop4: detected capacity change from 0 to 1024
[  392.948409][T14856] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  392.959367][T14856] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  392.997089][T14856] JBD2: no valid journal superblock found
[  393.002925][T14856] EXT4-fs (loop4): Could not load journal inode
[  393.265879][T14871] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3185'.
[  393.381764][T14856] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[  393.392563][T14856] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3181'.
[  393.446783][ T5885] Bluetooth: hci1: Frame reassembly failed (-84)
[  393.559932][T14890] netlink: 'syz.4.3192': attribute type 39 has an invalid length.
[  393.587960][T14895] loop1: detected capacity change from 0 to 512
[  393.606341][T14895] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  393.655515][T14895] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  393.663596][T14895] System zones: 1-12
[  393.672377][T14895] EXT4-fs (loop1): 1 truncate cleaned up
[  393.678923][T14895] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  393.802571][T14916] loop4: detected capacity change from 0 to 512
[  393.817243][T14916] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  393.828428][T14916] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  393.839423][T14916] System zones: 1-12
[  393.843996][T14916] EXT4-fs (loop4): 1 truncate cleaned up
[  393.851014][T14916] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  393.872838][T14920] netlink: 'syz.2.3199': attribute type 39 has an invalid length.
[  394.147514][T14928] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3200'.
[  394.159633][T14928] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  394.167090][T14928] batman_adv: batadv0: Removing interface: batadv_slave_0
[  394.522279][T14928] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  394.529752][T14928] batman_adv: batadv0: Removing interface: batadv_slave_1
[  394.598901][T14454] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.674532][ T3500] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  394.800482][T14129] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  394.954910][T14960] syzkaller1: entered promiscuous mode
[  394.960446][T14960] syzkaller1: entered allmulticast mode
[  395.223680][T14985] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3214'.
[  395.233365][T14985] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  395.241214][T14985] batman_adv: batadv0: Removing interface: batadv_slave_0
[  395.250506][T14985] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  395.257970][T14985] batman_adv: batadv0: Removing interface: batadv_slave_1
[  395.358586][T14988] SELinux:  Context @ is not valid (left unmapped).
[  395.468138][T14988] loop1: detected capacity change from 0 to 128
[  395.474911][   T44] Bluetooth: hci1: command 0x1003 tx timeout
[  395.481217][T11911] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  395.581818][T14996] netlink: 'syz.0.3218': attribute type 39 has an invalid length.
[  395.644932][   T29] kauditd_printk_skb: 947 callbacks suppressed
[  395.644949][   T29] audit: type=1326 audit(1767997112.031:47460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14958 comm="syz.2.3210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  395.698189][   T29] audit: type=1326 audit(1767997112.061:47461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14958 comm="syz.2.3210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  395.721878][   T29] audit: type=1326 audit(1767997112.061:47462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14958 comm="syz.2.3210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  395.745647][   T29] audit: type=1400 audit(1767997112.061:47464): avc:  denied  { write } for  pid=14987 comm="syz.1.3215" lport=8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  395.766059][   T29] audit: type=1326 audit(1767997112.061:47463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14958 comm="syz.2.3210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  395.789798][   T29] audit: type=1326 audit(1767997112.061:47465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14958 comm="syz.2.3210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  395.813489][   T29] audit: type=1326 audit(1767997112.061:47466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14958 comm="syz.2.3210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  395.837383][   T29] audit: type=1326 audit(1767997112.061:47467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14958 comm="syz.2.3210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  395.861290][   T29] audit: type=1326 audit(1767997112.061:47468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14958 comm="syz.2.3210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  395.884975][   T29] audit: type=1326 audit(1767997112.061:47469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14958 comm="syz.2.3210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  396.003874][T15021] syzkaller1: entered promiscuous mode
[  396.009493][T15021] syzkaller1: entered allmulticast mode
[  396.033262][T14988] syz.1.3215: attempt to access beyond end of device
[  396.033262][T14988] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128
[  396.106140][T14988] syz.1.3215: attempt to access beyond end of device
[  396.106140][T14988] loop1: rw=2049, sector=185, nr_sectors = 16 limit=128
[  396.120996][T14988] syz.1.3215: attempt to access beyond end of device
[  396.120996][T14988] loop1: rw=2049, sector=209, nr_sectors = 8 limit=128
[  396.140618][T14988] syz.1.3215: attempt to access beyond end of device
[  396.140618][T14988] loop1: rw=2049, sector=225, nr_sectors = 8 limit=128
[  396.183439][T15037] FAULT_INJECTION: forcing a failure.
[  396.183439][T15037] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  396.196573][T15037] CPU: 1 UID: 0 PID: 15037 Comm: syz.3.3230 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  396.196633][T15037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  396.196650][T15037] Call Trace:
[  396.196659][T15037]  <TASK>
[  396.196669][T15037]  __dump_stack+0x1d/0x30
[  396.196734][T15037]  dump_stack_lvl+0x95/0xd0
[  396.196767][T15037]  dump_stack+0x15/0x1b
[  396.196785][T15037]  should_fail_ex+0x265/0x280
[  396.196876][T15037]  should_fail+0xb/0x20
[  396.196898][T15037]  should_fail_usercopy+0x1a/0x20
[  396.196921][T15037]  _copy_to_user+0x20/0xa0
[  396.196947][T15037]  simple_read_from_buffer+0xb5/0x130
[  396.197016][T15037]  proc_fail_nth_read+0x10e/0x150
[  396.197045][T15037]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  396.197149][T15037]  vfs_read+0x1a8/0x770
[  396.197170][T15037]  ? __rcu_read_unlock+0x4f/0x70
[  396.197196][T15037]  ? __fget_files+0x184/0x1c0
[  396.197223][T15037]  ? mutex_lock+0x58/0x90
[  396.197256][T15037]  ksys_read+0xda/0x1a0
[  396.197277][T15037]  __x64_sys_read+0x40/0x50
[  396.197299][T15037]  x64_sys_call+0x2889/0x3000
[  396.197336][T15037]  do_syscall_64+0xca/0x2b0
[  396.197377][T15037]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.197481][T15037] RIP: 0033:0x7efff41ae15c
[  396.197566][T15037] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  396.197587][T15037] RSP: 002b:00007efff2c0f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  396.197610][T15037] RAX: ffffffffffffffda RBX: 00007efff4405fa0 RCX: 00007efff41ae15c
[  396.197625][T15037] RDX: 000000000000000f RSI: 00007efff2c0f0a0 RDI: 0000000000000006
[  396.197639][T15037] RBP: 00007efff2c0f090 R08: 0000000000000000 R09: 0000000000000000
[  396.197654][T15037] R10: 000000000000fdef R11: 0000000000000246 R12: 0000000000000001
[  396.197668][T15037] R13: 00007efff4406038 R14: 00007efff4405fa0 R15: 00007ffd042e76b8
[  396.197748][T15037]  </TASK>
[  396.336009][T14988] syz.1.3215: attempt to access beyond end of device
[  396.336009][T14988] loop1: rw=2049, sector=241, nr_sectors = 8 limit=128
[  396.414642][T15043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3227'.
[  396.443877][T14988] syz.1.3215: attempt to access beyond end of device
[  396.443877][T14988] loop1: rw=2049, sector=257, nr_sectors = 8 limit=128
[  396.483795][T14988] syz.1.3215: attempt to access beyond end of device
[  396.483795][T14988] loop1: rw=2049, sector=273, nr_sectors = 8 limit=128
[  396.497744][T14988] syz.1.3215: attempt to access beyond end of device
[  396.497744][T14988] loop1: rw=2049, sector=289, nr_sectors = 8 limit=128
[  396.520676][T15049] netlink: 'syz.3.3232': attribute type 39 has an invalid length.
[  396.529479][T14988] syz.1.3215: attempt to access beyond end of device
[  396.529479][T14988] loop1: rw=2049, sector=305, nr_sectors = 8 limit=128
[  396.555034][T14988] syz.1.3215: attempt to access beyond end of device
[  396.555034][T14988] loop1: rw=2049, sector=321, nr_sectors = 8 limit=128
[  396.603811][T15042] bridge0: entered promiscuous mode
[  396.621017][T15042] bridge0: port 3(macsec1) entered blocking state
[  396.627603][T15042] bridge0: port 3(macsec1) entered disabled state
[  396.643928][T15042] macsec1: entered allmulticast mode
[  396.649461][T15042] bridge0: entered allmulticast mode
[  396.657517][T15042] macsec1: left allmulticast mode
[  396.662848][T15042] bridge0: left allmulticast mode
[  396.677195][T15042] bridge0: left promiscuous mode
[  396.711197][T15050] loop4: detected capacity change from 0 to 1024
[  396.745473][T15050] EXT4-fs: Mount option(s) incompatible with ext3
[  396.831664][   T56] Bluetooth: hci0: Frame reassembly failed (-84)
[  396.945710][T15077] sd 0:0:1:0: device reset
[  397.092473][    C1] blk_print_req_error: 170 callbacks suppressed
[  397.092490][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  397.108440][    C1] buffer_io_error: 165 callbacks suppressed
[  397.108453][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  397.123381][    C1] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  397.133008][    C1] Buffer I/O error on dev loop7, logical block 1, async page read
[  397.140878][    C1] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  397.150460][    C1] Buffer I/O error on dev loop7, logical block 2, async page read
[  397.158309][    C1] I/O error, dev loop7, sector 3 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  397.167986][    C1] Buffer I/O error on dev loop7, logical block 3, async page read
[  397.175848][    C1] I/O error, dev loop7, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  397.185450][    C1] Buffer I/O error on dev loop7, logical block 4, async page read
[  397.193290][    C1] I/O error, dev loop7, sector 5 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  397.202889][    C1] Buffer I/O error on dev loop7, logical block 5, async page read
[  397.210731][    C1] I/O error, dev loop7, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  397.220332][    C1] Buffer I/O error on dev loop7, logical block 6, async page read
[  397.229406][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  397.239019][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  397.247227][    C1] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  397.256853][    C1] Buffer I/O error on dev loop7, logical block 1, async page read
[  397.264711][    C1] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  397.274302][    C1] Buffer I/O error on dev loop7, logical block 2, async page read
[  397.284856][ T3008]  loop7: unable to read partition table
[  397.364982][T15083] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3243'.
[  397.374218][T15083] bridge_slave_1: left allmulticast mode
[  397.380060][T15083] bridge_slave_1: left promiscuous mode
[  397.385965][T15083] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.397419][T15083] bridge_slave_0: left allmulticast mode
[  397.403105][T15083] bridge_slave_0: left promiscuous mode
[  397.408973][T15083] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.708253][T15086] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3244'.
[  397.808709][T15101] netlink: 'syz.0.3248': attribute type 39 has an invalid length.
[  397.847533][T15108] loop2: detected capacity change from 0 to 1024
[  397.865058][T15108] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  397.876102][T15108] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  397.907566][T15108] JBD2: no valid journal superblock found
[  397.913408][T15108] EXT4-fs (loop2): Could not load journal inode
[  397.983217][T15108] netlink: 79 bytes leftover after parsing attributes in process `syz.2.3250'.
[  398.021083][T15124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3254'.
[  398.030226][T15124] bridge_slave_1: left allmulticast mode
[  398.035945][T15124] bridge_slave_1: left promiscuous mode
[  398.041647][T15124] bridge0: port 2(bridge_slave_1) entered disabled state
[  398.060194][T15124] bridge_slave_0: left allmulticast mode
[  398.066042][T15124] bridge_slave_0: left promiscuous mode
[  398.071839][T15124] bridge0: port 1(bridge_slave_0) entered disabled state
[  398.202779][T15128] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3256'.
[  399.216778][T15157] sd 0:0:1:0: device reset
[  399.229969][T11911] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  399.407865][T15154] netlink: 'syz.1.3260': attribute type 7 has an invalid length.
[  399.415769][T15154] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3260'.
[  399.650563][T15176] loop3: detected capacity change from 0 to 1024
[  399.658256][T15176] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  399.669356][T15176] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  399.732173][T15176] JBD2: no valid journal superblock found
[  399.738232][T15176] EXT4-fs (loop3): Could not load journal inode
[  399.825928][T15176] netlink: 79 bytes leftover after parsing attributes in process `syz.3.3266'.
[  399.942303][T15191] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3270'.
[  400.102615][ T8754] Bluetooth: hci0: Frame reassembly failed (-84)
[  400.162920][ T4137] Bluetooth: hci1: Frame reassembly failed (-84)
[  400.283195][T15214] sd 0:0:1:0: device reset
[  400.938799][   T29] kauditd_printk_skb: 509 callbacks suppressed
[  400.938813][   T29] audit: type=1400 audit(1767997117.321:47976): avc:  denied  { create } for  pid=15238 comm="syz.2.3280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  400.965849][   T29] audit: type=1400 audit(1767997117.321:47977): avc:  denied  { write } for  pid=15238 comm="syz.2.3280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  400.989948][T15240] netlink: 'syz.2.3280': attribute type 39 has an invalid length.
[  401.055120][   T29] audit: type=1400 audit(1767997117.431:47978): avc:  denied  { block_suspend } for  pid=15238 comm="syz.2.3280" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  401.130464][T15244] netlink: 'syz.2.3282': attribute type 1 has an invalid length.
[  401.145988][   T29] audit: type=1400 audit(1767997117.511:47979): avc:  denied  { create } for  pid=15243 comm="syz.2.3282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  401.165865][   T29] audit: type=1400 audit(1767997117.511:47980): avc:  denied  { connect } for  pid=15243 comm="syz.2.3282" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  401.186852][   T29] audit: type=1400 audit(1767997117.511:47981): avc:  denied  { write } for  pid=15243 comm="syz.2.3282" laddr=::1 lport=255 faddr=::1 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  401.210396][   T29] audit: type=1400 audit(1767997117.521:47982): avc:  denied  { create } for  pid=15245 comm="syz.4.3281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  401.231439][T15246] loop4: detected capacity change from 0 to 1024
[  401.237812][   T29] audit: type=1400 audit(1767997117.551:47983): avc:  denied  { read } for  pid=15247 comm="syz.0.3283" dev="nsfs" ino=4026532380 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  401.237855][   T29] audit: type=1400 audit(1767997117.551:47984): avc:  denied  { open } for  pid=15247 comm="syz.0.3283" path="net:[4026532380]" dev="nsfs" ino=4026532380 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  401.237910][   T29] audit: type=1400 audit(1767997117.561:47985): avc:  denied  { create } for  pid=15247 comm="syz.0.3283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  401.306091][T15246] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  401.317298][T15246] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  401.327756][T15246] JBD2: no valid journal superblock found
[  401.333521][T15246] EXT4-fs (loop4): Could not load journal inode
[  401.348218][T15244] 8021q: adding VLAN 0 to HW filter on device bond1
[  401.364256][T15246] netlink: 79 bytes leftover after parsing attributes in process `syz.4.3281'.
[  401.409019][T15256] loop2: detected capacity change from 0 to 512
[  401.422902][T15256] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  401.439004][T15256] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  401.454632][T15256] System zones: 1-12
[  401.468145][T15256] EXT4-fs (loop2): 1 truncate cleaned up
[  401.475149][T15256] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  401.687248][T15283] netlink: 'syz.0.3292': attribute type 39 has an invalid length.
[  401.842007][T15289] sd 0:0:1:0: device reset
[  402.073743][T13766] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.114572][ T3500] Bluetooth: hci0: command 0x1003 tx timeout
[  402.154659][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  402.204583][   T44] Bluetooth: hci1: command 0x1003 tx timeout
[  402.214952][T11911] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  402.273622][T15298] netlink: 'syz.0.3297': attribute type 1 has an invalid length.
[  402.709255][T15298] 8021q: adding VLAN 0 to HW filter on device bond1
[  402.718902][T15305] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3298'.
[  402.729968][T15308] loop2: detected capacity change from 0 to 1024
[  402.733207][T15298] bond1: (slave ip6gretap1): making interface the new active one
[  402.745698][T15298] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  402.964637][T15308] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  402.975719][T15308] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  403.708317][T15308] JBD2: no valid journal superblock found
[  403.714177][T15308] EXT4-fs (loop2): Could not load journal inode
[  403.761180][T15308] netlink: 71 bytes leftover after parsing attributes in process `syz.2.3295'.
[  404.285248][T15309] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3299'.
[  404.328313][T15320] loop1: detected capacity change from 0 to 512
[  404.337686][T15320] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  404.357565][T15320] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  404.377155][T15320] System zones: 1-12
[  404.382098][T15320] EXT4-fs (loop1): 1 truncate cleaned up
[  404.388608][T15320] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  404.527797][T15327] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3300'.
[  404.568835][T15338] loop4: detected capacity change from 0 to 512
[  404.589827][T15338] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  404.614657][T15338] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  404.653225][T15338] System zones: 1-12
[  404.667588][T15338] EXT4-fs (loop4): 1 truncate cleaned up
[  404.690089][T15338] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  404.998627][T15353] netlink: 'syz.3.3311': attribute type 1 has an invalid length.
[  405.013421][T15352] syzkaller1: entered promiscuous mode
[  405.019009][T15352] syzkaller1: entered allmulticast mode
[  405.085019][T15353] 8021q: adding VLAN 0 to HW filter on device bond14
[  405.334651][T14454] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.371880][T15371] loop1: detected capacity change from 0 to 512
[  405.444826][T15371] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  405.570490][T15372] sd 0:0:1:0: device reset
[  405.715612][T15371] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  405.882959][T15371] System zones: 1-12
[  405.894228][T14129] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.947221][T15371] EXT4-fs (loop1): 1 truncate cleaned up
[  406.021680][   T29] kauditd_printk_skb: 529 callbacks suppressed
[  406.021699][   T29] audit: type=1400 audit(1767997122.401:48515): avc:  denied  { mounton } for  pid=15375 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  406.103053][T15371] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  406.141961][T15378] syzkaller0: entered promiscuous mode
[  406.147505][T15378] syzkaller0: entered allmulticast mode
[  406.217265][ T8754] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.228748][   T29] audit: type=1400 audit(1767997122.611:48516): avc:  denied  { setopt } for  pid=15376 comm="syz.0.3317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  406.348446][   T29] audit: type=1400 audit(1767997122.631:48517): avc:  denied  { setopt } for  pid=15370 comm="syz.1.3314" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  406.368249][   T29] audit: type=1326 audit(1767997122.701:48518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15387 comm="syz.2.3318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  406.391961][   T29] audit: type=1326 audit(1767997122.701:48519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15387 comm="syz.2.3318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  406.415836][   T29] audit: type=1326 audit(1767997122.701:48520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15387 comm="syz.2.3318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  406.439621][   T29] audit: type=1326 audit(1767997122.701:48521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15387 comm="syz.2.3318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  406.463242][   T29] audit: type=1326 audit(1767997122.701:48522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15387 comm="syz.2.3318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  406.486886][   T29] audit: type=1326 audit(1767997122.701:48523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15387 comm="syz.2.3318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  406.510650][   T29] audit: type=1326 audit(1767997122.701:48524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15387 comm="syz.2.3318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  406.539435][T15402] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3319'.
[  406.551341][ T8754] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.763176][T15404] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3320'.
[  406.831718][ T8754] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.929433][ T8754] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.962132][T15422] netlink: 'syz.4.3326': attribute type 39 has an invalid length.
[  406.989145][T15375] chnl_net:caif_netlink_parms(): no params data found
[  407.117525][T14454] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  407.247240][ T8754] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  407.257740][ T8754] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  407.267779][ T8754] bond0 (unregistering): Released all slaves
[  407.276567][T15427] loop1: detected capacity change from 0 to 512
[  407.278298][ T8754] bond1 (unregistering): Released all slaves
[  407.291550][T15427] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  407.293927][ T8754] bond2 (unregistering): Released all slaves
[  407.316877][ T8754] bond3 (unregistering): Released all slaves
[  407.332795][ T8754] bond4 (unregistering): Released all slaves
[  407.341760][ T8754] bond5 (unregistering): Released all slaves
[  407.357543][ T8754] bond6 (unregistering): Released all slaves
[  407.369570][ T8754] bond7 (unregistering): Released all slaves
[  407.379947][ T8754] bond8 (unregistering): Released all slaves
[  407.389419][ T8754] bond9 (unregistering): Released all slaves
[  407.400143][ T8754] bond10 (unregistering): Released all slaves
[  407.412213][ T8754] bond11 (unregistering): Released all slaves
[  407.437290][ T8754] bond12 (unregistering): Released all slaves
[  407.461022][ T8754] bond13 (unregistering): Released all slaves
[  407.481246][ T8754] bond14 (unregistering): Released all slaves
[  407.498731][T15444] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3330'.
[  407.528979][T15428] netem: change failed
[  407.618044][T15375] bridge0: port 1(bridge_slave_0) entered blocking state
[  407.625256][T15375] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.668886][T15375] bridge_slave_0: entered allmulticast mode
[  407.682803][T15375] bridge_slave_0: entered promiscuous mode
[  407.707428][ T8754] hsr_slave_0: left promiscuous mode
[  407.717383][ T8754] hsr_slave_1: left promiscuous mode
[  407.735856][ T8754] veth1_macvtap: left promiscuous mode
[  407.745885][ T8754] veth0_macvtap: left promiscuous mode
[  407.768794][ T8754] veth1_vlan: left promiscuous mode
[  407.775725][ T8754] veth0_vlan: left promiscuous mode
[  407.881609][ T8754] team0 (unregistering): Port device team_slave_1 removed
[  407.894098][ T8754] team0 (unregistering): Port device team_slave_0 removed
[  407.903300][ T4137] smc: removing ib device syz!
[  407.938773][T15375] bridge0: port 2(bridge_slave_1) entered blocking state
[  407.946172][T15375] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.954377][T15375] bridge_slave_1: entered allmulticast mode
[  407.961368][T15375] bridge_slave_1: entered promiscuous mode
[  408.029414][T15375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  408.054386][T15375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  408.087315][T15375] team0: Port device team_slave_0 added
[  408.105350][T15484] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3337'.
[  408.125436][T15375] team0: Port device team_slave_1 added
[  408.186455][T15375] batman_adv: batadv0: Adding interface: batadv_slave_0
[  408.193510][T15375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  408.219527][T15375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  408.286659][T15375] batman_adv: batadv0: Adding interface: batadv_slave_1
[  408.293689][T15375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  408.319772][T15375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  408.430136][T15375] hsr_slave_0: entered promiscuous mode
[  408.450376][T15375] hsr_slave_1: entered promiscuous mode
[  408.471434][T15375] debugfs: 'hsr0' already exists in 'hsr'
[  408.477360][T15375] Cannot create hsr debugfs directory
[  408.576280][T15479] infiniband syz!: set active
[  408.581039][T15479] infiniband syz!: added team_slave_0
[  408.714105][T15479] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR
[  408.714681][T15479] infiniband syz!: Couldn't open port 1
[  408.760206][T15479] RDS/IB: syz!: added
[  408.769760][T15479] smc: adding ib device syz! with port count 1
[  408.780422][T15479] smc:    ib device syz! port 1 has no pnetid
[  408.914626][T11911] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  408.916818][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  409.105035][T15375] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  409.137890][T15548] tipc: Started in network mode
[  409.142813][T15548] tipc: Node identity 7f000001, cluster identity 4711
[  409.155887][T15548] tipc: Enabled bearer <udp:syz2>, priority 10
[  409.162449][T15375] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  409.180626][T15548] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3341'.
[  409.192183][T15375] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  409.216139][T15375] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  409.231243][T15560] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3342'.
[  409.329137][T15574] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  409.337721][T15574] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  409.346226][T15574] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  409.388653][T15375] 8021q: adding VLAN 0 to HW filter on device bond0
[  409.421057][T15375] 8021q: adding VLAN 0 to HW filter on device team0
[  409.502679][T15375] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  409.513191][T15375] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  409.542853][T15574] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  409.551391][T15574] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  409.559973][T15574] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  409.571109][ T6975] bridge0: port 1(bridge_slave_0) entered blocking state
[  409.578318][ T6975] bridge0: port 1(bridge_slave_0) entered forwarding state
[  409.611541][ T6975] bridge0: port 2(bridge_slave_1) entered blocking state
[  409.618672][ T6975] bridge0: port 2(bridge_slave_1) entered forwarding state
[  409.744721][T15375] 8021q: adding VLAN 0 to HW filter on device batadv0
[  409.760654][T15574] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  409.769296][T15574] netlink: 16 bytes leftover after parsing attributes in process `+}[@'.
[  409.994864][T15375] veth0_vlan: entered promiscuous mode
[  410.003189][T15618] syz!: rxe_newlink: already configured on team_slave_0
[  410.041766][T15577] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  410.068219][T15375] veth1_vlan: entered promiscuous mode
[  410.098819][T15375] veth0_macvtap: entered promiscuous mode
[  410.112638][T15375] veth1_macvtap: entered promiscuous mode
[  410.131559][T15375] batman_adv: batadv0: Interface activated: batadv_slave_0
[  410.157415][    T9] tipc: Node number set to 2130706433
[  410.164791][T15375] batman_adv: batadv0: Interface activated: batadv_slave_1
[  410.186854][ T1010] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  410.220733][ T1010] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  410.247157][ T1010] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  410.280985][ T1010] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  410.293432][T15601] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  410.489655][T15658] loop2: detected capacity change from 0 to 512
[  410.705564][T15658] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  410.729999][T15663] FAULT_INJECTION: forcing a failure.
[  410.729999][T15663] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  410.743320][T15663] CPU: 1 UID: 0 PID: 15663 Comm: syz.1.3358 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  410.743427][T15663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  410.743455][T15663] Call Trace:
[  410.743461][T15663]  <TASK>
[  410.743469][T15663]  __dump_stack+0x1d/0x30
[  410.743593][T15663]  dump_stack_lvl+0x95/0xd0
[  410.743653][T15663]  dump_stack+0x15/0x1b
[  410.743679][T15663]  should_fail_ex+0x265/0x280
[  410.743824][T15663]  should_fail+0xb/0x20
[  410.743843][T15663]  should_fail_usercopy+0x1a/0x20
[  410.743865][T15663]  _copy_to_user+0x20/0xa0
[  410.743960][T15663]  simple_read_from_buffer+0xb5/0x130
[  410.743989][T15663]  proc_fail_nth_read+0x10e/0x150
[  410.744072][T15663]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  410.744107][T15663]  vfs_read+0x1a8/0x770
[  410.744201][T15663]  ? __rcu_read_unlock+0x4f/0x70
[  410.744226][T15663]  ? __fget_files+0x184/0x1c0
[  410.744280][T15663]  ? mutex_lock+0x58/0x90
[  410.744356][T15663]  ksys_read+0xda/0x1a0
[  410.744376][T15663]  __x64_sys_read+0x40/0x50
[  410.744394][T15663]  x64_sys_call+0x2889/0x3000
[  410.744427][T15663]  do_syscall_64+0xca/0x2b0
[  410.744522][T15663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.744544][T15663] RIP: 0033:0x7f6038fee15c
[  410.744559][T15663] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  410.744614][T15663] RSP: 002b:00007f6037a2e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  410.744633][T15663] RAX: ffffffffffffffda RBX: 00007f6039246090 RCX: 00007f6038fee15c
[  410.744701][T15663] RDX: 000000000000000f RSI: 00007f6037a2e0a0 RDI: 000000000000000d
[  410.744718][T15663] RBP: 00007f6037a2e090 R08: 0000000000000000 R09: 0000000000000000
[  410.744731][T15663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.744747][T15663] R13: 00007f6039246128 R14: 00007f6039246090 R15: 00007ffc76f09cd8
[  410.744836][T15663]  </TASK>
[  411.024743][T15658] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  411.032819][T15658] System zones: 1-12
[  411.034693][   T29] kauditd_printk_skb: 723 callbacks suppressed
[  411.034736][   T29] audit: type=1326 audit(1767997127.401:49248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15626 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  411.066645][   T29] audit: type=1326 audit(1767997127.401:49249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15626 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  411.090466][   T29] audit: type=1326 audit(1767997127.401:49250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15626 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  411.114104][   T29] audit: type=1326 audit(1767997127.401:49251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15626 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  411.137805][   T29] audit: type=1326 audit(1767997127.401:49252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15626 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  411.161534][   T29] audit: type=1326 audit(1767997127.401:49253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15626 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  411.185415][   T29] audit: type=1326 audit(1767997127.401:49254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15626 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  411.209150][   T29] audit: type=1326 audit(1767997127.401:49255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15626 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  411.232827][   T29] audit: type=1326 audit(1767997127.401:49256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15626 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  411.256622][   T29] audit: type=1326 audit(1767997127.401:49257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15626 comm="syz.4.3351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  411.286166][T15658] EXT4-fs (loop2): 1 truncate cleaned up
[  411.293545][T15658] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  411.361660][T15659] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  411.485357][T15677] syzkaller0: entered promiscuous mode
[  411.490982][T15677] syzkaller0: entered allmulticast mode
[  412.179149][T13766] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  412.445181][T15719] sd 0:0:1:0: device reset
[  412.861024][T15711] loop4: detected capacity change from 0 to 1024
[  413.054089][T15711] EXT4-fs: Mount option(s) incompatible with ext3
[  413.829160][T15740] netlink: 'syz.1.3379': attribute type 13 has an invalid length.
[  413.892797][T15742] sch_tbf: burst 22 is lower than device lo mtu (65550) !
[  414.012394][    C0] blk_print_req_error: 40 callbacks suppressed
[  414.012409][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  414.027607][T15730] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  414.029199][    C0] buffer_io_error: 39 callbacks suppressed
[  414.029248][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  414.049627][    C0] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  414.059242][    C0] Buffer I/O error on dev loop7, logical block 1, async page read
[  414.067218][    C0] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  414.077198][    C0] Buffer I/O error on dev loop7, logical block 2, async page read
[  414.085171][    C0] I/O error, dev loop7, sector 3 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  414.094808][    C0] Buffer I/O error on dev loop7, logical block 3, async page read
[  414.102885][    C0] I/O error, dev loop7, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  414.112692][    C0] Buffer I/O error on dev loop7, logical block 4, async page read
[  414.120579][    C0] I/O error, dev loop7, sector 5 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  414.130185][    C0] Buffer I/O error on dev loop7, logical block 5, async page read
[  414.138261][    C0] I/O error, dev loop7, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  414.147908][    C0] Buffer I/O error on dev loop7, logical block 6, async page read
[  414.156113][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  414.165898][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  414.176174][    C1] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  414.186099][    C1] Buffer I/O error on dev loop7, logical block 1, async page read
[  414.193973][    C1] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  414.203763][    C1] Buffer I/O error on dev loop7, logical block 2, async page read
[  414.217817][ T3008]  loop7: unable to read partition table
[  414.251207][T15759] IPv6: Can't replace route, no match found
[  414.349628][T11268] Bluetooth: hci0: Frame reassembly failed (-84)
[  414.477679][T15782] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  414.477679][T15782]    program syz.4.3390 not setting count and/or reply_len properly
[  414.525614][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811a99d400: rx timeout, send abort
[  414.534012][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811aa86e00: rx timeout, send abort
[  414.542496][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a99d400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  414.556857][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811aa86e00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  414.785608][T15805] netlink: 'syz.3.3399': attribute type 1 has an invalid length.
[  414.796376][T15805] __nla_validate_parse: 1 callbacks suppressed
[  414.796480][T15805] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3399'.
[  415.570933][T15831] loop1: detected capacity change from 0 to 512
[  415.587970][T15831] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  415.636285][T15831] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  415.696745][T15831] System zones: 1-12
[  415.718748][T15831] EXT4-fs (loop1): 1 truncate cleaned up
[  415.746511][T15831] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  415.767682][T15841] netlink: 'syz.4.3410': attribute type 1 has an invalid length.
[  415.983229][T15839] bridge0: entered promiscuous mode
[  415.990055][T15839] bridge0: port 3(macsec1) entered blocking state
[  415.996875][T15839] bridge0: port 3(macsec1) entered disabled state
[  416.003663][T15839] macsec1: entered allmulticast mode
[  416.009044][T15839] bridge0: entered allmulticast mode
[  416.016602][T15839] macsec1: left allmulticast mode
[  416.021697][T15839] bridge0: left allmulticast mode
[  416.054405][T15839] bridge0: left promiscuous mode
[  416.075773][T15844] loop3: detected capacity change from 0 to 1024
[  416.096064][T15844] EXT4-fs: Mount option(s) incompatible with ext3
[  416.321417][   T29] kauditd_printk_skb: 1374 callbacks suppressed
[  416.321434][   T29] audit: type=1400 audit(1767997132.434:50632): avc:  denied  { create } for  pid=15866 comm="syz.3.3418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  416.381099][   T29] audit: type=1326 audit(1767997132.490:50633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15876 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44909ef749 code=0x7ffc0000
[  416.406118][T15877] FAULT_INJECTION: forcing a failure.
[  416.406118][T15877] name failslab, interval 1, probability 0, space 0, times 0
[  416.418967][T15877] CPU: 0 UID: 0 PID: 15877 Comm: syz.3.3419 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  416.418998][T15877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  416.419015][T15877] Call Trace:
[  416.419023][T15877]  <TASK>
[  416.419032][T15877]  __dump_stack+0x1d/0x30
[  416.419063][T15877]  dump_stack_lvl+0x95/0xd0
[  416.419161][T15877]  dump_stack+0x15/0x1b
[  416.419187][T15877]  should_fail_ex+0x265/0x280
[  416.419216][T15877]  should_failslab+0x8c/0xb0
[  416.419248][T15877]  kmem_cache_alloc_noprof+0x69/0x4b0
[  416.419269][T15877]  ? audit_log_start+0x342/0x720
[  416.419441][T15877]  audit_log_start+0x342/0x720
[  416.419468][T15877]  ? kstrtouint+0x76/0xc0
[  416.419578][T15877]  audit_seccomp+0x48/0x100
[  416.419658][T15877]  ? __seccomp_filter+0x832/0x1260
[  416.419685][T15877]  __seccomp_filter+0x843/0x1260
[  416.419769][T15877]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  416.419807][T15877]  ? vfs_write+0x7e8/0x960
[  416.419830][T15877]  ? __rcu_read_unlock+0x4f/0x70
[  416.419850][T15877]  ? __fget_files+0x184/0x1c0
[  416.419952][T15877]  __secure_computing+0x82/0x150
[  416.420057][T15877]  syscall_trace_enter+0xcf/0x1e0
[  416.420114][T15877]  do_syscall_64+0xa4/0x2b0
[  416.420154][T15877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.420180][T15877] RIP: 0033:0x7f44909ef749
[  416.420200][T15877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.420219][T15877] RSP: 002b:00007f448f457038 EFLAGS: 00000246 ORIG_RAX: 0000000000000042
[  416.420237][T15877] RAX: ffffffffffffffda RBX: 00007f4490c45fa0 RCX: 00007f44909ef749
[  416.420311][T15877] RDX: 000000000000000c RSI: 0000000000000000 RDI: 0000000000000000
[  416.420331][T15877] RBP: 00007f448f457090 R08: 0000000000000000 R09: 0000000000000000
[  416.420347][T15877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.420364][T15877] R13: 00007f4490c46038 R14: 00007f4490c45fa0 R15: 00007ffd49526198
[  416.420442][T15877]  </TASK>
[  416.420452][T15877] audit: audit_lost=8 audit_rate_limit=0 audit_backlog_limit=64
[  416.435486][   T29] audit: type=1326 audit(1767997132.509:50634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15876 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44909ef749 code=0x7ffc0000
[  416.440815][T15877] audit: out of memory in audit_log_start
[  416.443991][   T29] audit: type=1326 audit(1767997132.509:50635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15876 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f44909edf90 code=0x7ffc0000
[  416.579190][T11911] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  416.585329][   T29] audit: type=1326 audit(1767997132.509:50636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15876 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f44909ee1ff code=0x7ffc0000
[  416.593444][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  416.718309][   T29] audit: type=1326 audit(1767997132.546:50637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15876 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f44909ee15c code=0x7ffc0000
[  416.741765][   T29] audit: type=1326 audit(1767997132.546:50638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15876 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f44909ee1ff code=0x7ffc0000
[  416.743620][T14454] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  416.765359][   T29] audit: type=1326 audit(1767997132.565:50639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15876 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f44909ee3aa code=0x7ffc0000
[  416.852257][T15892] loop3: detected capacity change from 0 to 512
[  416.864475][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811aa86e00: rx timeout, send abort
[  416.872850][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811aa87200: rx timeout, send abort
[  416.881157][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811aa86e00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  416.895599][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811aa87200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  416.910776][T15892] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  416.938734][T15892] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  416.976988][T15892] System zones: 1-12
[  416.983830][T15892] EXT4-fs (loop3): 1 truncate cleaned up
[  416.991139][T15892] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  417.459373][T15918] FAULT_INJECTION: forcing a failure.
[  417.459373][T15918] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  417.472683][T15918] CPU: 0 UID: 0 PID: 15918 Comm: syz.1.3429 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  417.472713][T15918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  417.472730][T15918] Call Trace:
[  417.472778][T15918]  <TASK>
[  417.472787][T15918]  __dump_stack+0x1d/0x30
[  417.472811][T15918]  dump_stack_lvl+0x95/0xd0
[  417.472905][T15918]  dump_stack+0x15/0x1b
[  417.472931][T15918]  should_fail_ex+0x265/0x280
[  417.473008][T15918]  should_fail+0xb/0x20
[  417.473067][T15918]  should_fail_usercopy+0x1a/0x20
[  417.473098][T15918]  _copy_from_user+0x1c/0xb0
[  417.473212][T15918]  ___sys_sendmsg+0xc1/0x1d0
[  417.473279][T15918]  __x64_sys_sendmsg+0xd4/0x160
[  417.473311][T15918]  x64_sys_call+0x17ba/0x3000
[  417.473385][T15918]  do_syscall_64+0xca/0x2b0
[  417.473428][T15918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.473496][T15918] RIP: 0033:0x7f6038fef749
[  417.473515][T15918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.473532][T15918] RSP: 002b:00007f6037a4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  417.473579][T15918] RAX: ffffffffffffffda RBX: 00007f6039245fa0 RCX: 00007f6038fef749
[  417.473591][T15918] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004
[  417.473603][T15918] RBP: 00007f6037a4f090 R08: 0000000000000000 R09: 0000000000000000
[  417.473620][T15918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.473635][T15918] R13: 00007f6039246038 R14: 00007f6039245fa0 R15: 00007ffc76f09cd8
[  417.473660][T15918]  </TASK>
[  417.729200][T15922] netlink: 'syz.4.3431': attribute type 7 has an invalid length.
[  417.737010][T15922] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3431'.
[  417.867211][T15375] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.361284][T15952] loop4: detected capacity change from 0 to 1024
[  418.392071][T15952] EXT4-fs: Mount option(s) incompatible with ext3
[  418.410761][T15955] netlink: 'syz.1.3442': attribute type 1 has an invalid length.
[  418.463682][T15955] 8021q: adding VLAN 0 to HW filter on device bond1
[  418.542741][ T6387] Bluetooth: hci0: Frame reassembly failed (-84)
[  418.561940][T15941] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  418.575647][T15955] macvlan2: entered promiscuous mode
[  418.581040][T15955] macvlan2: entered allmulticast mode
[  418.624245][T15955] bond1: entered promiscuous mode
[  418.637557][T15955] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  418.766959][T15955] bond1: left promiscuous mode
[  418.797358][T15968] macvlan2: entered promiscuous mode
[  418.802749][T15968] macvlan2: entered allmulticast mode
[  418.809097][T15968] bond1: entered promiscuous mode
[  419.670376][T15968] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  419.734096][T15968] bond1: left promiscuous mode
[  420.133143][T15969] netlink: 'syz.0.3445': attribute type 7 has an invalid length.
[  420.141036][T15969] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3445'.
[  420.307278][T15991] loop3: detected capacity change from 0 to 1024
[  420.334216][T15991] EXT4-fs: Ignoring removed oldalloc option
[  420.348091][T15990] loop1: detected capacity change from 0 to 1024
[  420.366366][T15991] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback.
[  420.381675][T15991] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  420.402189][T15990] EXT4-fs: Mount option(s) incompatible with ext3
[  420.473392][T15375] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  420.593871][T16015] syzkaller0: entered promiscuous mode
[  420.604852][T16015] syzkaller0: entered allmulticast mode
[  420.730021][T16018] sd 0:0:1:0: device reset
[  420.755526][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  420.765535][T11911] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  421.430762][T16024] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3459'.
[  421.572896][ T5186] Bluetooth: hci0: Frame reassembly failed (-84)
[  421.752055][   T29] kauditd_printk_skb: 1142 callbacks suppressed
[  421.752073][   T29] audit: type=1326 audit(1767997137.486:51782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16036 comm="syz.4.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  421.782046][   T29] audit: type=1326 audit(1767997137.486:51783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16036 comm="syz.4.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  421.983322][T16058] sd 0:0:1:0: device reset
[  422.016341][   T29] audit: type=1326 audit(1767997137.757:51784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16056 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  422.043818][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811a9a6c00: rx timeout, send abort
[  422.052079][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811a9a6000: rx timeout, send abort
[  422.060384][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a9a6c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  422.074710][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a9a6000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  422.101032][   T29] audit: type=1326 audit(1767997137.785:51785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16056 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  422.124909][   T29] audit: type=1326 audit(1767997137.785:51786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16056 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  422.148527][   T29] audit: type=1326 audit(1767997137.785:51787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16056 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  422.172150][   T29] audit: type=1326 audit(1767997137.785:51788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16056 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  422.195869][   T29] audit: type=1326 audit(1767997137.785:51789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16056 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  422.219702][   T29] audit: type=1326 audit(1767997137.785:51790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16056 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  422.243510][   T29] audit: type=1326 audit(1767997137.785:51791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16056 comm="syz.4.3467" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f629b2df749 code=0x7ffc0000
[  422.298542][T16060] loop4: detected capacity change from 0 to 1024
[  422.323151][T16060] EXT4-fs: Mount option(s) incompatible with ext3
[  422.389466][T16063] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3468'.
[  422.780956][T16077] syzkaller0: entered promiscuous mode
[  422.786524][T16077] syzkaller0: entered allmulticast mode
[  423.106343][T16090] IPv6: Can't replace route, no match found
[  423.161686][T16097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3480'.
[  423.170723][T16099] loop3: detected capacity change from 0 to 512
[  423.184765][T16099] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  423.278428][T16099] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  423.286743][T16099] System zones: 1-12
[  423.291290][T16099] EXT4-fs (loop3): 1 truncate cleaned up
[  423.297489][T16099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  424.198399][T16112] sd 0:0:1:0: device reset
[  424.230345][T16120] netlink: 'syz.1.3485': attribute type 7 has an invalid length.
[  424.238161][T16120] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3485'.
[  424.253596][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  424.296200][T11911] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  424.336839][T16121] netlink: 'syz.4.3486': attribute type 39 has an invalid length.
[  424.706754][T16129] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3487'.
[  424.752503][T16138] syzkaller0: entered promiscuous mode
[  424.758177][T16138] syzkaller0: entered allmulticast mode
[  424.925330][T16141] netlink: 71 bytes leftover after parsing attributes in process `syz.0.3491'.
[  425.171038][T16145] sd 0:0:1:0: device reset
[  425.357150][T16149] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3492'.
[  426.366208][T16159] netlink: 'syz.1.3495': attribute type 1 has an invalid length.
[  426.383462][T16159] 8021q: adding VLAN 0 to HW filter on device bond2
[  426.397529][T16159] macvlan2: entered promiscuous mode
[  426.403472][T16159] macvlan2: entered allmulticast mode
[  426.424197][T16159] bond2: entered promiscuous mode
[  426.440423][T16159] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  426.448657][T16159] bond2: left promiscuous mode
[  426.542980][T16166] macvlan2: entered promiscuous mode
[  426.548323][T16166] macvlan2: entered allmulticast mode
[  426.596362][T16166] bond2: entered promiscuous mode
[  426.601746][T16166] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  426.611812][T16166] bond2: left promiscuous mode
[  426.792329][T16177] netlink: 'syz.2.3498': attribute type 7 has an invalid length.
[  426.800434][T16177] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3498'.
[  427.586663][   T29] kauditd_printk_skb: 664 callbacks suppressed
[  427.586677][   T29] audit: type=1326 audit(1767997142.397:52456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16164 comm="syz.2.3498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  427.616581][   T29] audit: type=1326 audit(1767997142.510:52457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16164 comm="syz.2.3498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  427.640423][   T29] audit: type=1326 audit(1767997142.650:52458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16164 comm="syz.2.3498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f129dab2005 code=0x7ffc0000
[  427.664225][   T29] audit: type=1326 audit(1767997142.800:52459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16164 comm="syz.2.3498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  427.687894][   T29] audit: type=1326 audit(1767997142.968:52460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16164 comm="syz.2.3498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  427.711526][   T29] audit: type=1326 audit(1767997142.968:52461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16164 comm="syz.2.3498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  427.735165][   T29] audit: type=1326 audit(1767997142.968:52463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16164 comm="syz.2.3498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  427.758858][   T29] audit: type=1326 audit(1767997142.968:52462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16164 comm="syz.2.3498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  427.840541][T16178] sd 0:0:1:0: device reset
[  427.873833][   T29] audit: type=1326 audit(1767997143.165:52464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16164 comm="syz.2.3498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  427.918171][T16181] FAULT_INJECTION: forcing a failure.
[  427.918171][T16181] name failslab, interval 1, probability 0, space 0, times 0
[  427.930990][T16181] CPU: 0 UID: 0 PID: 16181 Comm: syz.2.3501 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  427.931021][T16181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  427.931046][T16181] Call Trace:
[  427.931054][T16181]  <TASK>
[  427.931063][T16181]  __dump_stack+0x1d/0x30
[  427.931170][T16181]  dump_stack_lvl+0x95/0xd0
[  427.931198][T16181]  dump_stack+0x15/0x1b
[  427.931229][T16181]  should_fail_ex+0x265/0x280
[  427.931288][T16181]  should_failslab+0x8c/0xb0
[  427.931309][T16181]  kmem_cache_alloc_noprof+0x69/0x4b0
[  427.931336][T16181]  ? getname_flags+0x80/0x3b0
[  427.931375][T16181]  getname_flags+0x80/0x3b0
[  427.931401][T16181]  user_path_at+0x28/0x130
[  427.931433][T16181]  __se_sys_chroot+0x45/0x230
[  427.931456][T16181]  __x64_sys_chroot+0x1f/0x30
[  427.931495][T16181]  x64_sys_call+0x2238/0x3000
[  427.931544][T16181]  do_syscall_64+0xca/0x2b0
[  427.931578][T16181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.931600][T16181] RIP: 0033:0x7f129da7f749
[  427.931616][T16181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  427.931634][T16181] RSP: 002b:00007f129c4df038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a1
[  427.931731][T16181] RAX: ffffffffffffffda RBX: 00007f129dcd5fa0 RCX: 00007f129da7f749
[  427.931747][T16181] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000003040
[  427.931759][T16181] RBP: 00007f129c4df090 R08: 0000000000000000 R09: 0000000000000000
[  427.931771][T16181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  427.931849][T16181] R13: 00007f129dcd6038 R14: 00007f129dcd5fa0 R15: 00007ffc4dae71d8
[  427.931868][T16181]  </TASK>
[  428.204259][T16185] netlink: 71 bytes leftover after parsing attributes in process `syz.0.3502'.
[  428.315386][T16194] IPv6: Can't replace route, no match found
[  428.323789][   T29] audit: type=1326 audit(1767997143.660:52465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16190 comm="syz.2.3506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f129da7f749 code=0x7ffc0000
[  428.495636][T15375] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  428.592936][T16205] sd 0:0:1:0: device reset
[  430.269399][T16212] netlink: 'syz.2.3512': attribute type 7 has an invalid length.
[  430.277306][T16212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3512'.
[  430.312086][T16208] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3507'.
[  430.494180][T16219] IPv6: Can't replace route, no match found
[  430.608403][T16226] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  430.608403][T16226]    program syz.3.3516 not setting count and/or reply_len properly
[  430.705873][T16231] loop3: detected capacity change from 0 to 1024
[  430.728186][T16231] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  430.733961][T16234] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3520'.
[  430.739844][T16231] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  430.770005][T16234] loop4: detected capacity change from 0 to 512
[  430.781976][T16234] EXT4-fs: dax option not supported
[  430.790041][T16231] JBD2: no valid journal superblock found
[  430.795896][T16231] EXT4-fs (loop3): Could not load journal inode
[  430.812827][T16231] ==================================================================
[  430.820946][T16231] BUG: KCSAN: data-race in blkdev_open / queue_limits_commit_update
[  430.828968][T16231] 
[  430.831305][T16231] read to 0xffff888102104c58 of 4 bytes by task 3524 on cpu 0:
[  430.838876][T16231]  blkdev_open+0x161/0x290
[  430.843413][T16231]  do_dentry_open+0x54b/0xa60
[  430.848124][T16231]  vfs_open+0x37/0x1e0
[  430.852228][T16231]  path_openat+0x1ddd/0x23b0
[  430.856872][T16231]  do_filp_open+0x109/0x230
[  430.861422][T16231]  do_sys_openat2+0xa6/0x150
[  430.866052][T16231]  __x64_sys_openat+0xf2/0x120
[  430.870846][T16231]  x64_sys_call+0x2b07/0x3000
[  430.875564][T16231]  do_syscall_64+0xca/0x2b0
[  430.880110][T16231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.886024][T16231] 
[  430.888369][T16231] write to 0xffff888102104bc8 of 192 bytes by task 16231 on cpu 1:
[  430.896274][T16231]  queue_limits_commit_update+0x4b/0x160
[  430.901924][T16231]  lo_release+0x1e9/0x400
[  430.906274][T16231]  bdev_release+0x373/0x3d0
[  430.910803][T16231]  blkdev_release+0x15/0x20
[  430.915338][T16231]  __fput+0x29b/0x650
[  430.919353][T16231]  fput_close_sync+0xad/0x190
[  430.924055][T16231]  __x64_sys_close+0x56/0xf0
[  430.928677][T16231]  x64_sys_call+0x2c25/0x3000
[  430.933373][T16231]  do_syscall_64+0xca/0x2b0
[  430.937911][T16231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.943836][T16231] 
[  430.946170][T16231] Reported by Kernel Concurrency Sanitizer on:
[  430.952334][T16231] CPU: 1 UID: 0 PID: 16231 Comm: syz.3.3519 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  430.962159][T16231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  430.972234][T16231] ==================================================================
[  431.037688][T16236] sd 0:0:1:0: device reset
[  431.071558][T16231] netlink: 71 bytes leftover after parsing attributes in process `syz.3.3519'.
[  431.119360][T16232] netlink: 'syz.2.3517': attribute type 1 has an invalid length.
[  431.157688][T16232] 8021q: adding VLAN 0 to HW filter on device bond2