last executing test programs:

23.210203805s ago: executing program 4 (id=186):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="1410000010000100008229d93d0000000000000a14000000060a0b040000620800a2da000200fffe14000018110001e5ff000000800000806800000a"], 0x3c}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES32], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x10, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000600)={@mcast2, 0x24, 0x0, 0x1, 0xa, 0x1002, 0x4}, 0x20)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000010c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0103000000200003feee15660000080006000200000018000180140002007665746830"], 0x34}}, 0x44800)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f00000004c0)={0x64, r3, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL={0x8}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0x80}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x6}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5}, @ETHTOOL_A_COALESCE_TX_USECS_HIGH={0x8}, @ETHTOOL_A_COALESCE_TX_USECS_HIGH={0x8, 0x15, 0x9}, @ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0x5}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0x8}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_IRQ={0x8, 0x5, 0x1c906b5e}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x1}]}, 0x64}, 0x1, 0x0, 0x0, 0x8814}, 0x850)
rt_sigpending(0x0, 0x0)
fstat(0xffffffffffffffff, 0x0)
r4 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
close(r4)
sendto$inet(r4, &(0x7f0000000640)="e615f5177a9038e9e03e9b0b3d26088239d71cc65a9f494e93f6a76afbcdadedef9ff6c2e18ef8", 0x27, 0x4040010, &(0x7f0000000680)={0x2, 0x4e21, @private=0xa010101}, 0x10)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000000, 0x30, r0, 0x6444a000)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000005c0)={0x6, &(0x7f0000000580)=[{0x0, 0x9, 0x6, 0x3}, {0x192, 0x4, 0x1, 0x1c45}, {0x6309, 0xb2, 0x80, 0x40}, {0x5, 0xfa, 0x8, 0x400}, {0x8, 0x2, 0x3, 0x2d8}, {0xd, 0x4, 0x0, 0x1}]})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
syz_emit_ethernet(0x32, &(0x7f00000000c0)={@random="5bb65d3f2511", @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0xe, 0x24, 0x65, 0x0, 0x3, 0x11, 0x0, @empty, @empty=0xe0000001}, {0x4e20, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x6, 0x100}}}}}}}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60242, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRES32=r6], 0x48)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="afa1180100181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x50, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8000, 0x0, 0x0, 0x401, 0x0, 0x4507}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2)

23.050265982s ago: executing program 4 (id=188):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
write(r0, 0x0, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000400)=0xa)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
clock_adjtime(0x1, &(0x7f0000000040)={0xd53, 0x3, 0x8, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, 0x100, 0xdf, 0x3ff, 0x0, 0xd, 0x0, 0x0, 0x0, 0x2000080, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
syz_emit_ethernet(0xf83, &(0x7f0000001180)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd606410a60f4d8900fc010000000000000000000000000000ff020000000000000000000000000001"], 0x0)

22.899477668s ago: executing program 4 (id=193):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x90, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x4c, 0x12, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0x8}, @NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0x7fff}]}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb8}, 0x1, 0x0, 0x0, 0x4044050}, 0x40)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e23, 0x8001, @empty, 0xffffff5d}, 0x1c)
listen(r2, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
r3 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000000200)=[{0x6, 0x1}]}, 0x10)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e23, 0x5, @empty, 0x4}, 0x1c)
listen(r3, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x20000000ec072, 0xffffffffffffffff, 0x0)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r5}, 0x10)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
socket$inet6(0xa, 0x800, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)

22.672270378s ago: executing program 4 (id=195):
mount(0x0, 0x0, &(0x7f00000001c0)='efivarfs\x00', 0x10a820, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socket(0x400000000010, 0x3, 0x2f)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3, 0x0, 0x3}, 0x18)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x8205, &(0x7f0000000080)={[{@user_xattr}]}, 0x81, 0x633, &(0x7f0000000600)="$eJzs3c9rHNcdAPDvzGplyVYruxRTm5YKerChWD9cU7c92b7UB0MN9aGUHiwsyRVe2cKSoXYNlqGHBhIIIdcQfMk/kHswueYWAkluOQecEBxySII3zOyMvKx25bWs3ZW9nw/s6s2bmX3vu6O3897Mzk4AQ2sqe0ojjkTE5SRismneRDRmThXLPf7m7pXskUS9/vevk0iKvHL5J8XfA9lTEjEWER+fi/hFZWu5a7fvXJuv1RvuRcysr6zOrN2+c2J5Zf7q4tXF63Mn/3Tq9Oyf507N7UqcZVznL/zt12/8799/XPqkdiKJM3Gp+t+F1jh2y1RMxZMixOb8kYg4nSXavC8vmzKEZMD1YGcqxf9jNSIOx2RUYt/mvMlYfn2glQN6ql6JqANDKtls/9XBVgTos7IfUI7tezEO3ssenW0MgLbGP9I4NhJj+dho/+MkHyeVsvHuwV0oPyvjx7tH38ke0eE4xMgulNPJxv2I+FW7+JO8bgfzozhZ/GmkTetl6dmIGC3ei3SH5U+1TPf7/+954m/eDlm8Z4q/Wf65HZY/6PgBGE4PzxY78o1s6un+L+sZlv2faOn/JMW5odZ9104Mev/Xuf9X7u/H8mPkaUs/LHsPLrZ/yWprxhevnX+rU/nN/b/skZVf9gX74dH9iKMt8f8/78wlm9s/adP/zRa53GUZf/30q/Od5g06/vqDiGNtxz9Pz2hlqZn1ldUyr+X85MzScm1xtvHctowPPvrXe53KH3T82faPDvFvt/2zvNUuy3j/4oOVTvMmnhl/+uVocilPjRY5/5lfX785FzGaXCgWaco/ubli24+ncpnyNbL4j/+uffvfJv58Q290Gf/qP649bqS2niXtevtv+VTJPal3WYdOsvgXdrj93+yyjO/+ees3LVnjZWK7+Me3vlTS7XsOAAAAAAAAwyjNz8Em6fRmOk2npxvX8P4y9qe1G2vrv1+6cev6QsTx/PuQ1bQ80z3ZmE6y6bni+7Dl9MmW6T9ExKGIeLsynk9PX7lRWxh08AAAAAAAAAAAAAAAAAAAALBHHCiu/y/vU/1tpXH9f1fWD/e4dkDP9fIGc8Depv3D8Mrbfxd3cN3Xh7oA/WX/D8NL+4fhpf3D8NL+YXg12n8XBwCBV479Pwwv7R+Gl/YPAAAAAK+kQ799+HkSERt/Gc8fmdFiXnWgNQN6rbmNj3W1xlTP6gL0V6WvqwF7yeapf9/+haHT1Rj/++LHAXtfHWAAknaZeeegvn3jf9h2TQAAAAAAAAAAAACgB44dcf0/DKs0Pnyexev1+r3eVQboqxe4kN9vAMBLzk//w/AyxgeedRV/x98GdP0/AAAAAAAAAAAAAPTNRP5I0uniFqATkabT0xE/i4iDUU2WlmuLsxHx84j4rFLdl03PDbrSAAAAAAAAAAAAAAAAAAAA8IpZu33n2nyttnizOfHDlpweJ8q7i3WzcIc6v0iivAtqP0PuNhFJ/wsdj4i9EHtvEiNNOUnERrbl90TFbq7FnqhGmldjgB9KAAAAAAAAAAAAAAAAAAAwpJquPW7v6Lt9rhEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9N/T+//vPJE843UGHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HL6KQAA//9SFzeV")
mount(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x2200830, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0xb, 0x2014, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x400000000000d07, 0x40}, 0x100b28, 0x6, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='bridge_slave_0\x00', 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x0, 0x0, &(0x7f0000000480)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x48}, 0x94)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$setregs(0xd, r6, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000040)={0x32b, @tick=0x440, 0xff, {}, 0x0, 0x0, 0x4b})

21.827099734s ago: executing program 4 (id=205):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10)
unshare(0x20000400) (async)
unshare(0x20000400)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r3, 0x11c, 0x4, 0x0, &(0x7f00000000c0)=0x28) (async)
getsockopt$inet6_mptcp_buf(r3, 0x11c, 0x4, 0x0, &(0x7f00000000c0)=0x28)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
setgid(0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300), 0x4) (async)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300), 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'syzkaller1\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="1000"/20, @ANYRES32=r5, @ANYRES32=r4, @ANYBLOB="0000000000000000000000000000000000000000ffffffe200000000"], 0x50)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r7}, 0x10)
socket$pppoe(0x18, 0x1, 0x0)
utime(&(0x7f0000000080)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r9)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="006db900000600040061b6000000001c00000000cf0b24d30fbb9e2f7b2a938bd0e0839ec9479de07c2301ddd7f9275477fee948910c09a4c6c445f21b4ee7fd0d3efaee2479cf63ebe8907ad9fba5f3db9d04a944109b31df3b730986f5646055e12a4e5075", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r12}, &(0x7f0000000000), &(0x7f0000000080)=r9}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r12}, &(0x7f0000000000), &(0x7f0000000080)=r9}, 0x20)
recvmsg$unix(r10, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001780)=""/4071, 0xfe7}], 0x1}, 0x40020000) (async)
recvmsg$unix(r10, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001780)=""/4071, 0xfe7}], 0x1}, 0x40020000)
sendmsg$inet(r11, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)='>', 0x1}], 0x1}, 0x4000000)

21.175597001s ago: executing program 4 (id=209):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x3, 0x4, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000380), 0x0, 0x0, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r4, 0x7ffe)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000020500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a40ffff"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r8 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {0xffff, 0xffff}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)

21.125518443s ago: executing program 32 (id=209):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
perf_event_open(&(0x7f0000000fc0)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x3, 0x4, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000380), 0x0, 0x0, 0xffffffffffffffff)
keyctl$set_timeout(0xf, r4, 0x7ffe)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000020500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a40ffff"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r8 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {0xffff, 0xffff}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)

5.003258458s ago: executing program 2 (id=413):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0, r0}, 0x18)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x5, 0x30}, 0xc)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000002700)={0x1, 0x2, 0x0, 0xfffffff8}, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x111, 0x5}}, 0x20)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x5, 0x3, 0xf06, 0x1, 0x94, 0xfffffffd, 0x5}, 0x9c)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x13f, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000480)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty}}, 0xffffec47, 0x9, 0xffff1896, 0x100, 0x25, 0x7fff}, 0x9c)

4.814994596s ago: executing program 3 (id=418):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1000000}, 0x50)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
syz_clone(0x800211, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x8a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x2}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x12, 0xa, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r4, &(0x7f00000001c0), 0x0}, 0x20)

4.72781889s ago: executing program 3 (id=420):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x4}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0) (fail_nth: 2)

4.72678603s ago: executing program 2 (id=422):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x9204, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x9, 0x0, 0x0, 0x7, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/136], 0x110)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x3}, 0x800)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x0, 0x0})
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18)
capget(0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0xe0b, 0xfefffffc, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x9}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}]}}]}, 0x3c}}, 0x0)
sendto$packet(r5, &(0x7f0000000080)="05031600d3fc140000004788031c0810", 0x10, 0x24000880, &(0x7f0000000140)={0x11, 0x86dd, r8, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x2)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070000000900020063797a31000000000500010007000000340007801800018014000240fc000000000000000000000000000000060004400e1f00000500070088000000060005404e1f0000"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$loop(0x0, 0xe649, 0x410000)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045)
io_uring_setup(0x4ff2, &(0x7f0000000040)={0x0, 0x2cb5, 0x8, 0xd, 0xe1, 0x0, r3})

3.226753263s ago: executing program 2 (id=430):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1000000}, 0x50)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
syz_clone(0x800211, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x8a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x2}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x12, 0xa, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r4, &(0x7f00000001c0), 0x0}, 0x20)

2.690854656s ago: executing program 2 (id=435):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0xfead, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000004040)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@nombcache}, {@nodelalloc}, {@block_validity}, {@lazytime}, {@journal_dev}, {@dax_always}, {@init_itable_val={'init_itable', 0x3d, 0x81}}, {@data_ordered}, {@dax_inode}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}], [{@fsmagic={'fsmagic', 0x3d, 0x2}}, {@flag='dirsync'}, {@subj_type={'subj_type', 0x3d, '!'}}, {@hash}]}, 0x0, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
rename(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00')
signalfd(r1, &(0x7f0000000000)={[0xffffffffffffa896]}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
r3 = io_uring_setup(0x5ffd, &(0x7f0000000080)={0x0, 0x3551, 0x800, 0x1, 0x20000115})
close_range(r3, r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000240)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000140)=@gcm_256={{0x304}, "32f058ec27d46898", "d40f86fd02541c95afec379bdb3cc0d5646e20975202603a18fe7474dc4c3d7b", '\"\vEX', "cc5e65fb4e966cb6"}, 0x38)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r4)
r5 = open(&(0x7f0000000180)='.\x00', 0x0, 0x4)
flock(r5, 0x2)
r6 = open(&(0x7f0000000300)='.\x00', 0x102000, 0x0)
flock(r6, 0x1)
r7 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r7, 0x2)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x60d6, 0x5})

2.468757806s ago: executing program 5 (id=437):
socket(0xa, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='children\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xaf)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000300)='kfree\x00', r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r4 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a5, 0x1c0c0, 0xb, 0xc1})
io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7fff}, 0x18)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r1, <r6=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000500)=r2}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@call={0x85, 0x0, 0x0, 0x7b}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x10000}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='GPL\x00', 0xc, 0xad, &(0x7f0000000300)=""/173, 0x41000, 0x20, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000003c0)={0x4, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000005c0)=[r1, r6, r1, r1, r1, r1], &(0x7f0000000600)=[{0x0, 0x3, 0x10, 0xb}, {0x5, 0x5, 0xe, 0x1}, {0x2, 0x3, 0x0, 0xb}], 0x10, 0xde}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r7, &(0x7f0000000040), 0x10)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x10000})
listen(r7, 0x5)
r8 = socket(0x28, 0x5, 0x0)
setrlimit(0x40000000000008, &(0x7f0000000000))
connect$vsock_stream(r8, &(0x7f0000000080), 0x10)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="180000000000000000000000000093d518110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002480)=@deltfilter={0x24, 0x2d, 0x4, 0x70bd2f, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0x1, 0x2}, {0x4, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004885}, 0x40004)
setsockopt$sock_linger(r8, 0x1, 0x3c, &(0x7f00000000c0)={0x1, 0x79e}, 0x8)
sendmmsg(r8, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="24000000390059737514b388d067478403"], 0x24}}, 0x0)

2.36643106s ago: executing program 5 (id=438):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0xffffffff)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000200), 0x3)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000340)='kmem_cache_free\x00'}, 0x18)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
r2 = getpid()
fcntl$setownex(r1, 0xf, &(0x7f0000000300)={0x1, r2})
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet_sctp(0x2, 0x5, 0x84)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xe}, 0x0, 0x10000, 0x100, 0x6, 0x7, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d40)=@newqdisc={0x3a8, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x378, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x64, 0x2, 0x3, 0x17, 0xd, 0x8, 0x1}}, @TCA_CHOKE_MAX_P={0x8, 0x3, 0x2}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "dc542b4e237011fb38ddb228806571a8633206e26df63a43bbc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebecf00dec5deff737b59f0c1f0b57cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109ffbc52469cffd2cf5df7773f7a4c72ae167485315c326281efc4"}, @TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "a2a88faa7ec665a571a9ad3d1f9512e3c591df4a4554c6c2e2cc6cb4d9aee4579684743ad4888f1522a47ddaff3d4f9450d288e8559bc4f795aa0d1bc74d926038adb808cba6e90535b2eb8ba3e8ff927207d17a86b10d604e77a459df67e7f0c842d463ca5977b7e2eb55fbb9881d15633717817c735da52a1da7d64bb22e58550d8ee20883e41ec2f119a6a6364d68900c1cce4a3b3225a9ce9e1e00b444e9e7bcd10e1dec202ce7786aa7cf10d4dd6bbcee586d7903a6239ff90b49cd7fddb0c67ddab326cdb2d0fa48a783f691be9ebaa1243b21afd04a372650aa7eb46a2675cc67ae12d3b99c9acb4d9fb7c78081d269b443affd86eededd4867311221"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x1ffff}}, @TCA_CHOKE_STAB={0x104, 0x2, "554b956aa3fcfbc4a187baf0437163b5d33108db016465f92a93480d2c246d90f03741da6ee916f7c9917dbd81da67d6150151679559af8402b932745d19fbfbd679c133c4714565f91cd05790d990818bac85598b6a844cb2c2d277aaca9a88ee0e6a834ba02b4e549f11fb13e9fe33730c55997f2d3b7e6469210db81587fc522295f49a78f4e08ddfb01172b12a19b303a0c47fa3500cdc3e6725a79dcd3731c37083c3bbe73c43e7e2ea82c72986a1499c677c565ea1cfc874e7e978e4ebe8d338f0b37807d40333ee570133982998623ec809826f1009856a9d9d8e839c65d3ead78c6b3cb8f7beee8e59f19de93d06628a2cdfa4333d96882b96c36cc3"}]}}]}, 0x3a8}}, 0x0)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_BT_FLUSHABLE(r8, 0x112, 0x8, 0x0, 0x0)
ioctl$KDGETKEYCODE(0xffffffffffffffff, 0x4b4c, &(0x7f0000000000)={0x8, 0x800})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r9=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000080)={r9, 0x1, 0x10}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="180000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="440000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001000600000008000a"], 0x44}}, 0x0)

2.366204s ago: executing program 3 (id=439):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000001"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0xb, r2}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x3, r2}, 0x38)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c00080001030000160014000100450000340063000000849078640100fdac1414aa02000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="840100419078001c080900000008000000080000ebf536de179365d29110281ebafd550951d7da33dafb2706fce8b2f4135dfb8970296474b327eaac76efdca79e9e42f69813167b2ea07bb968742065e72e0a37e2a27d1e1105e867ee75eb86552928c2fbf2c3f359b821e7f9b5779a3c25f395e3e04e0a18e9bba47dc3e863e1d427fa4cb645a6c1e1634da8becb19df0e859aa038a5996c46cad069539089cae832576768f6a497470c14d58528ffff0000fa646bff2b2494ae273c3f3c175bb40d1cc297520a522b4a5df85a2bfed87432c5c646641c057e9d2f6c5593acb78ce55af526c75a925608906a2b9f"], 0x42)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010103}]}, &(0x7f0000000380)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r6=>0x0]}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f00000002c0)={r6, 0x9}, 0x8)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
close(r0)

2.36550431s ago: executing program 1 (id=440):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x441, 0x0)
write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xe64, 0x5, 0x50, "0062ba7d82000000000000000000f7ffffff00"})
ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000000c0))
r1 = syz_open_pts(r0, 0x0)
dup3(r1, r0, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000000), 0x9, 0x10200)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r5, 0x0, 0x401}, 0x18)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000bc0)="0100000200373a4541062101a59ea940d2cb0b36b8f5020000a00000050000000000eb000000a5e5be21c44e328e68f3922af831e4e51bfb30f7788fd57e51bc464355bd646d037ccc16ddb08a7b3a697aedb66ddd793acf37119e61f502d8bbb016f701890700000068d945af468c1c9090c76906b94e0f27761c75e58c82da54d010078660684a4106855beaf5e813ed18aa4acabb5bee7f082d24a16b01fc91471eba59152e716af8776ab90ac48bcbee6570df22513808ecab7a9680aa613a56aa11bfa73af4c4e94b5cfc855f0e910186d7e68ac24f8b125140ac5f7f4819168ce1c25550c6773b41011999d8d9827757d96c5e8aa4617cc54c5e67060a92661f84e698d1fe3cee10a85882cbecb29f2a22535ac50e64d95ecbab66f54373b94475e05b79a0a61bc2ae1e", 0x12d, r4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES16=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000240)='4', 0x1}, {&(0x7f00000000c0)="86", 0x1}], 0x2)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=@newtaction={0x80, 0x30, 0x300, 0x0, 0x25dfdbfc, {}, [{0x6c, 0x1, [@m_csum={0x68, 0x1, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x0, 0x0, 0x400}, 0x2d}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x7, 0x4, 0x6, 0xfffffff9}, 0x64}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x2, 0x81, 0x24, 0x5}, {0x40, 0x0, 0x6, 0xfffffff7}]})
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f0000000180)={'wpan1\x00', <r11=>0x0})
r12 = getpid()
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x24, r10, 0x1, 0x70bd27, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_PID={0x8, 0x1c, r12}]}, 0x24}}, 0x0)
prlimit64(r12, 0x1, &(0x7f0000000280)={0x0, 0x45870548}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x18)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x10c)
fcntl$setlease(r6, 0x400, 0x0)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r3, 0xf507, 0x0)
ioctl$HIDIOCGREPORTINFO(r2, 0xc00c4809, &(0x7f0000000040)={0x2, 0x2, 0x7ff})

2.051771373s ago: executing program 1 (id=443):
socket$inet6_sctp(0xa, 0x5, 0x84)
iopl(0x3)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
iopl(0x52)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x9})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80800)
vmsplice(r2, &(0x7f0000000040)=[{&(0x7f0000000000)="e3", 0x1}], 0x1, 0x1)
fcntl$setpipe(r1, 0x407, 0x176)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x9, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x6}, {}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, 0x10]}}, &(0x7f0000000180)=""/129, 0x3d, 0x81, 0x1}, 0x20)
vmsplice(r2, &(0x7f0000000480)=[{&(0x7f00000000c0)='{', 0x1}], 0x1, 0xd)

1.812238303s ago: executing program 2 (id=444):
socket$inet6_sctp(0xa, 0x5, 0x84)
iopl(0x3)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
iopl(0x52)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x9})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80800)
vmsplice(r2, &(0x7f0000000040)=[{&(0x7f0000000000)="e3", 0x1}], 0x1, 0x1)
fcntl$setpipe(r1, 0x407, 0x176)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x9, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x6}, {}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, 0x10]}}, &(0x7f0000000180)=""/129, 0x3d, 0x81, 0x1}, 0x20)
vmsplice(r2, &(0x7f0000000480)=[{&(0x7f00000000c0)='{', 0x1}], 0x1, 0xd)

1.526246366s ago: executing program 5 (id=445):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1000000}, 0x50)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
syz_clone(0x800211, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x8a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x2}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x12, 0xa, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r4, &(0x7f00000001c0), 0x0}, 0x20)

1.525814625s ago: executing program 5 (id=447):
r0 = socket$l2tp(0x2, 0x2, 0x73)
setresuid(0xee01, 0xee00, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x400)
r1 = getuid()
socket(0x10, 0x3, 0x0)
setreuid(r1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = eventfd2(0x0, 0x1)
io_setup(0x6, &(0x7f0000000200)=<r4=>0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES16=<r5=>r4, @ANYRES64=r4, @ANYRESOCT, @ANYRESDEC=r0, @ANYRES64=r4, @ANYRESHEX=r3, @ANYRESHEX=r2, @ANYRES8=r2], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB='\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
pipe2$9p(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44080)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000240)=ANY=[@ANYRES16=r5], 0x0, 0x2000000, 0x0, 0x0, 0x41100, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffff8}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
kexec_load(0x3, 0x1, &(0x7f0000000140)=[{0x0, 0x0, 0x116094000, 0x41000000}], 0x0)
io_submit(r4, 0x0, &(0x7f00000000c0))

1.493258417s ago: executing program 3 (id=448):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0, 0x0, 0x401}, 0x18)
unshare(0x6020400)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000240)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x61c, 0xfffffff3}}, './bus\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, 0x0)
bind$vsock_stream(r1, 0x0, 0x0)
r3 = dup2(r2, r2)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r1)
sendmsg$ETHTOOL_MSG_EEE_SET(r3, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x3c, r5, 0x1, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8, 0x7, 0x8000}, @ETHTOOL_A_EEE_ENABLED={0x5}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5, 0x6, 0x1}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x90}, 0x4)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./bus\x00', 0x0, 0x2000, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x150, 0x168, 0x9, 0x150, 0xb, 0x250, 0x250, 0x250, 0x250, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [], 'veth0_to_bridge\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x108, 0x150, 0x0, {0x0, 0x28e}, [@common=@inet=@ipcomp={{0x30}, {[], 0x74c8aad696aabd1d}}, @common=@inet=@ipcomp={{0x30}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'dvmrp0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x2}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)

1.42367088s ago: executing program 3 (id=449):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140145a4418fe4acfc6300000000000000000000000a00000a78000000060a0b04000000000000000001000000200004801c0001800b00010065787468647200000c000640000000020930000000000900020073797a32000000002c00058008000140000088e5080001400000003a080001400000930008000140000000890800014000000007140000001100010000000000000000000300000a5a0b10dce3876f03dbc8e82509d87bad0442abe841e50ac7304d3b3e4d98f1307979f1d6e50c7f410c3548b5c248239eddb683529962ef4700"/225], 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r3, 0x0, 0x4}, 0x18)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140004800800024000000000080001400000000568000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073797a3000"], 0xf0}}, 0x0)
gettid()
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
socket$inet6_sctp(0xa, 0x801, 0x84)
close(0x3)
socket(0x2, 0x80805, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in6={{0xa, 0x3, 0x4, @dev={0xfe, 0x80, '\x00', 0xf}, 0x8}}}, &(0x7f0000000040)=0x84)
r6 = syz_open_procfs(0x0, &(0x7f0000000400)='pagemap\x00')
pread64(r6, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)

1.281841146s ago: executing program 0 (id=450):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0xa04254, &(0x7f0000000080)=ANY=[], 0x5, 0x32e, &(0x7f0000000480)="$eJzs3L9rG2cYwPFHPyxLMtZpKC0tFL+0S9vhsNXOpaLYUCqosa1Su1A426dW6CoZnXBRKXU7dS2dumbJYDx6CYYk/4CXbMmSJZuXQIY4weSCdHfWr5NiZMuy4+8Hwr16n/c5vYcu4nmF7z364d9fSwVbLxg1CceVhEREjkXSEhZf6IW02hKTdn/Jp1PPHn64vLr2bTaXm19SaiG78nlGKZWaufvbHwlv2MGkHKZ/OnqaeXL47uH7R69WfinaqmircqWmDLVeeVwz1i1TbRbtkq7UomUatqmKZdusuvGKGy9Yla2tujLKm9PJrapp28oo11XJrKtaRdWqdWX8bBTLStd1NZ2UILHA3psqv7u0ZGSHTN644MlgWC8dxxkQdkJZIyIiiZ5Ifnek8wIAAFdSd/0fbpT03fW/d2z0xLvyW/W/pJr1f2Nwq/7f++h+ber7/ZRX/x/Egur/Lx655+qo/xtvNIL6v1NvRXTt7fSNpHq7zlX/42qY6V3ThjpeVatZI+n9/236+8e92WaD+h8AAAAAAAAAAAAAAAAAAAAAgOvg2HE0x3E0/+j9+6w1wu0b5xwxOn0+f23Se9bLfz3ueWI0llfXJN58cC+aErH+2c5v592jF/cHzoomJ837wdNo+08eqYa03LN2vPyd7XykGckWpCiWmDInmqS78x1n4Zvc/JxydeZPSLI9PyOavBOcnwnMj8knH7fl66LJgw2piCWbjfv6xDnN/3NOqa+/y3XlJ5rjAAAAAAB4G+jqVOD6Xdf7xd380/V15+8DIm3r89nA9XlU+yA63msHAAAAAOCmsOu/lwzLMqsDGgl585jhG9Hh0icGjYm0XeFZTxjz9jYe3ZUOaPh/SFGKtYXicsvrHubM/vWPZs5hGSZrRpxJd1bneXf/Z6M7/wePkcVRf17RPqH3/rv9fLgzh7xde9tDX+77u21f+g05caYvDydyzm8fAAAAAJfJL/oTtt/z1XgnBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADTRgG7DoRW0nNu5rBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK6K1wEAAP//PJcC3g==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$tipc(r3, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040018}, 0x0)
sendmsg$inet(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0xff0f}], 0x1}, 0x0)
recvmsg(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x101042, 0x0)

990.324898ms ago: executing program 0 (id=451):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5309, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1, 0x0, 0xff}, 0x18)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000340)={0x2a, 0xffffffff00000002, 0x7fff}, 0xc)
bind$qrtr(r2, &(0x7f0000000500)={0x2a, 0x1, 0x1}, 0xc)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x2040, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r3, 0x40103d0b, &(0x7f00000003c0)={0x8, 0x4})
syz_mount_image$ext4(&(0x7f0000002800)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000002880), 0x1, 0x5fd, &(0x7f0000002ec0)="$eJzs3c9vFFUcAPDv7LalpWALMSoepIkxkCgtLWCI8QBXYxr8ES9erLQgoUDT1mjRhJLgxcR4McbEkwfxv1AiV0960YMXT4aEqOFo4prZ7vTnbH8s7Q4wn0+y7My8ebw3LN++t6/vzQRQWgPpH5WIAxExlUT0JfOLaR3RSBxYOO/ePx+fTV9J1Gpv/JVE0jiWnZ803nsbmbsj4ucfk9hfXVvuzNzVi2OTkxPTjf2h2UtTQzNzV49cuDR2fuL8xOWRF0dOnjh+4uTw0Zau69raQ2l1Puj7dPTtb7/+Nxn+7vfRJE7FK40Tl1/HdhmIgfq/SbI2qffkdhdWkGrj/8nyjzjpKLBCbEn2+XVGxJPRF9VY+vD64pPXCq0csKNqSUQNKKlE/ENJZf2A7Lv96u/BlUJ6JUA73D29MACwNv47FsYGo7s+NrD7XhLLh3WSiGhtZG6lPRHx0+3RG+duj96Y3rsz43BAvvnrEfHUsvjvylKSevz3R3f01+O/siL+037BmcZ7evz1FstfPVQs/qF9FuK/O6f9X4r/aBL/7yyL/3dbLH9gafO9nhXx39PqJQEAAAAAAEBp3TodES/kzf+pLM7/iZz5P70RcWobyh9Ytb/29/+VO9tQDJDj7umIl3Pn/1aiujD7t7/a+D3/3vp8gM7k3IXJiaMR8VhEHI7OXen+8DplHPls/1fN0gYa8/+yV1p++r50RuVOx66VecbHZsfu97qBiLvXI57Onf+bLLb/SU77n/48mNpkGfufu3mmWdrG8Q/slNo3EYdy2/+lu1Yk69+fY6jeHxjKegVrPfPR5983K7/V+HeLCbh/afu/e/3470+W369nZutlHJvrqDVLa7X/35W8Wb/lTLZc4cOx2dnp4Yie5NVqenTF8ZGt1xkeRVk8ZPGSxv/hZ9cf/8vr//dExPyqvzv5e+Wa4swT//X+0aw++v9QnDT+x7fU/jfdSOYjcpNGbvb/0Kz8zbX/x+tt/eHGEeN/sODLLEy7Vh7PCdCOvKR21xcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgWViNgTSWVwcbtSGRyM6I2Ix2N3ZfLKzOzz5668f3k8Tas//7+SPem3b2E/yZ7/379sf2TV/rGI2BcRX1R76vuDZ69Mjhd98QAAAAAAAAAAAAAAAAAAAPCA6G2y/j/1Z7Xo2gE7rqPoCgCFyYn/X4qoB9B+2n8oL/EP5SX+obzEP5SX+IfyEv9QXuIfykv8AwAAAADAI2XfwVu/JREx/1JP/ZXqaqR1FlozYKdViq4AUBi3+IHyMvUHyst3fCDZIL27aaaNcjbLnJo6u3FmAAAAAAAAAAAAACBz6ID1/1BW1v9DeVn/D+WVrf8/WHA9gPZr+Tt+0zW9wMNovZX8zcN9E+v/AQAAAAAAAAAAAIBtMTN39eLY5OTEdPs2fm089Cv3nJ6IaHN9so23iii02I1arXat/lE8IPV5yDeyqfCbz9WdHwU7s5Gt9dtcroJ+IAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGv8HwAA//+xpBxA")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r5, &(0x7f0000004200)='t', 0x1)
sendfile(r5, r4, 0x0, 0x7ffff000)
r6 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bond0\x00'})
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=r3, @ANYBLOB='\x00'/20, @ANYRES8, @ANYRES32=0x0, @ANYRESOCT=r3], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70200001400ea00b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ftruncate(0xffffffffffffffff, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x578410e9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r8}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x4e}, [@ldst={0x0, 0x0, 0x2, 0x0, 0x0, 0x74}]}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xb579, &(0x7f000000cf3d)=""/195}, 0x23)
r9 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000140)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, '\x00', 0x2d}, 0xfffffff8}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000080)="8d46f0", 0x3}], 0x1000000000000166}}], 0x1, 0x48000)
sendmsg$nl_route_sched(r9, 0x0, 0x0)

983.951098ms ago: executing program 1 (id=452):
r0 = syz_io_uring_setup(0x5777, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0xffffffff, 0x171}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x24, 0x2007, @fd, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

763.643608ms ago: executing program 2 (id=453):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000400)=ANY=[@ANYBLOB="020300030f0000002cbd7040fcdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af030006000000000002004e22ac1414bb000000000000000002000100000000000000070c00000080030005000000000002004e22ac14140a0000000000000000020013"], 0x78}, 0x1, 0x7}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000014c0)=ANY=[@ANYBLOB="2871e13cc4167c6c8723a3cebd017d2ca4edf0369eaad50664bcf30000e51199cad9007245050a69ec378a40bf", @ANYRES16=r3, @ANYBLOB="00012abd7000fbdbdf25210000000c0099000c000000750000000400ec000a000600080211000000000038008480340000802400068008000000050000000800010005000000080001000400000008000300000000000a0001000101010101010000"], 0x68}, 0x1, 0x0, 0x0, 0x4000044}, 0x4000000)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000a40)='GPL\x00')
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r5, 0x0, 0xfffffffffffffffc}, 0x18)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a3b370086d04ae"], 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000000000040000000000000000850000000e000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='io_uring_cqe_overflow\x00', r6}, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r7 = io_uring_setup(0x409, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xe2})
io_uring_enter(r7, 0x2219, 0x7721, 0x16, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0xb1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r8, &(0x7f0000000380)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
sendto$inet(r8, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x1100)

573.313266ms ago: executing program 5 (id=454):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x4008032, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000040), &(0x7f0000000080)=r2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2, 0x0, 0x6}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x9a167000)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010025bd7000fedbdf2518"], 0x34}, 0x1, 0x0, 0x0, 0x14}, 0x40080)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYRES16=r0], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x94, 0x7fff0000}]})
mlockall(0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000240)='tlb_flush\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)

572.864576ms ago: executing program 1 (id=455):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
r2 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r2, 0x0, 0xfe33)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x200003, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="ec000000", @ANYRES16=r4, @ANYBLOB="01000000000000000000010000000800050001000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5420800050000000000900008808c00008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c640009801c000080060001000200000008000200ffffffff05000300030000001c000080060001000200000008000200ac141427050003"], 0xec}, 0x1, 0x0, 0x0, 0x4084}, 0x24000010)
syz_genetlink_get_family_id$batadv(0x0, r3)
unshare(0x20400)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x300}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)

516.699578ms ago: executing program 1 (id=456):
r0 = syz_io_uring_setup(0x5777, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0xffffffff, 0x171}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x24, 0x2007, @fd, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

480.01025ms ago: executing program 3 (id=457):
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="43b7f928160725b2b55a77b6af28283989cfe21f55763b2a6f613665e448c43a76f791dd4bf4f59d670ae2d45c961e54bd47280e6a3c1be18ee55feb3c60cbb8909621a7ba61154d0398af0320583cb3bb1decec86a6a834049544a25f13d6f4ab39ccec4b4fd2070a325cb2ac2808640e7b77c4e0cb6c6f46b8e85c6868746afc27329b461aa2", 0x87, 0xffffffffffffffff)
r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000400)={'syz', 0x3}, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
r1 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xafUD\x9dA\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x35, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000018000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond_slave_0\x00'})
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r6}, &(0x7f00000008c0), &(0x7f0000000880)=r7}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffad, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000a00)='fib_table_lookup\x00', r8}, 0x18)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r9}, 0x10)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmsg$nl_route(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="2000000013000500000000000000000007000000", @ANYRESOCT=r0], 0x20}, 0x1, 0x0, 0x0, 0x604c050}, 0x0)
munmap(&(0x7f0000001000/0x2000)=nil, 0x2000)
r10 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r10)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r10)
ptrace$peeksig(0x4209, r10, &(0x7f0000000140)={0x0, 0x0, 0x4e}, &(0x7f0000000fc0))
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000800000004000000000000120000000003000000000000080100000000000000000000020200000000002e2e5f"], 0x0, 0x44}, 0x20)
mq_timedsend(r1, 0x0, 0x0, 0x6, 0x0)

310.430487ms ago: executing program 0 (id=458):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000004c0)='thermal_power_allocator_pid\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000010000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r3=>r0}, './file0\x00'})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000040000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095", @ANYRES8=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000700)='signal_generate\x00', r4}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getuid()

272.840239ms ago: executing program 1 (id=459):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000600000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
timerfd_settime(r2, 0x1, &(0x7f0000000300)={{0x77359400}, {0x77359400}}, &(0x7f0000000340))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r1}, 0x18)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRESOCT], 0x5c}}, 0x0)
copy_file_range(r0, &(0x7f0000000100)=0x8, r0, &(0x7f0000000140)=0x9d2, 0x8, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdir(&(0x7f0000001a80)='./file0\x00', 0xd2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x18)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000400)='sys_enter\x00', r4}, 0x18)
getrandom(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x0, &(0x7f0000000180)})
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000300)={0x1, 0x1000}, 0x4)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg$tipc(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0x73220c8b}], 0x1}, 0x0)
recvmmsg(r8, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000680)=""/248, 0xf8}], 0x1}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}], 0x2, 0x0, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(r2, 0x114, 0x7, &(0x7f0000000900)={@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, {&(0x7f00000007c0)=""/149, 0x95}, &(0x7f0000000180), 0x2}, 0xa0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'lo\x00', <r11=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "00000000000000000001000f0e00"}}}]}, 0x48}}, 0x0)

251.9478ms ago: executing program 0 (id=460):
r0 = perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffd, 0x1, @perf_bp={&(0x7f0000000480)}, 0x2, 0x10000, 0xba, 0x6, 0x8, 0xa8, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r2 = gettid()
r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018118000", @ANYRES32=r4, @ANYRES64=r3], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="f2a7da9ae0fb9ec695a7c4b3d0d07bb5224644a739687949d852104e7c0767cc830c09502b6f5a3c1034480c57c16e8eeda3a222ced28ecc889829f9468175d45b197c2882545f3c1b46"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket(0x1e, 0x5, 0x0)
connect$tipc(r6, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
recvmmsg(r6, &(0x7f0000001400)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000740)=""/245, 0xf5}], 0x1, &(0x7f0000000a00)=""/225, 0xe1}, 0x3}], 0x1, 0x20, 0x0)
sendmmsg$inet(r6, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000080)="bf6f", 0x2}], 0x1}}, {{0x0, 0x10, &(0x7f0000000700)=[{&(0x7f00000005c0)="d91e42c42c19bc979aec39eda5f227c569ee8c5d0726d35839be5df50165c41e5f564757b66ea79fabce98b19055210f71b645b4ce5d53097350ec250158ee8baebead8cfd92354874a23c5cad022af3a3eec75a83e7efb4a07a424b1f30f2e3aefa86bef221ff3586b72a87d0a8e61176d00a369c62702e716ba94c6a0dce9f85dd979c33a441a4e534", 0x8a}], 0x1}}], 0x2, 0x40480dc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
r7 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
r8 = syz_io_uring_setup(0x3d9d, &(0x7f00000001c0)={0x0, 0x10ac, 0x80, 0x2, 0x143}, &(0x7f0000000100), &(0x7f0000000240))
r9 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x8000, 0x2, 0x1f9, 0x0, r8}, &(0x7f0000000000)=<r10=>0x0, &(0x7f0000000300)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r9, 0x0, &(0x7f00000003c0)='./file0\x00', 0x64, 0x2, 0x12345})
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x50)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000380), 0x4)
r12 = semget$private(0x0, 0x20000000102, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x7, 0x8, &(0x7f0000000d40)=ANY=[@ANYRESHEX=r5, @ANYRESHEX=r12, @ANYBLOB="0000000000008300b703000000000000850000001b000000b7000000551ab40000000095feaf3699acfce79895eb55d23a0cfd4d389f412b42f4c68467b2d37b850f4df6b24835ac0a39609f8f3308d7a4ac8cf19d972b9a2912b072c7bee258f44561220451ebd007f4deac3286a6e8faf3f9e6f33962afdfa5ddf7f49f32c42d5cd8dccd95d2aaa79475e14bc16bc7bbb983ece3d8a0eaa0d9a92ca38c507babbd3ae0f505bdc34391f4a95910c4eef06ceb25389f936f80333b1cfeb2ec8c608951dddf8814a5f87ce77356af4bbda02be6140ef6e6ebda08966b0f1d23b202d531c7fb2851aa"], &(0x7f00000008c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0x9, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x94)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
io_uring_enter(r9, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$MON_IOCX_GETX(r7, 0x4018920a, &(0x7f00000000c0)={0x0, 0x0})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f00000004c0)=0x2)
write$binfmt_elf64(r1, &(0x7f0000000cc0)=ANY=[@ANYBLOB="7f454c4603040000ff7f08000000000002003e00ecffffff980300000000000040000000000000005600000000000000070000000000380001000000020000000300"], 0x678)
close(r8)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file1\x00', 0x0, 0x8, r0}, 0x18)

108.597076ms ago: executing program 0 (id=461):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x1, @perf_bp={0x0, 0x2}, 0x8800, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000440)={0x2e}, 0x8)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x34, r2, 0x1, 0x270bd2c, 0x5, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaac}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}]}, 0x34}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000951c34a9a5edc57c97014a5d403b9d6d8924577c85730394a96b755195ff7593df2d30fcb705677de7e49b1fc47fd82335193375dfe45ae123e0abbd8c1f8464fe1e388fa653adec52b2d72f66f330cee97236201c03eb15a66bdc5ef243573db9981d29d845a2bb067e5c2ec4e8079af3e6e41905ce1527a6c2c326c18afb1116b83bc456db63331bedd944d82c7fff3b26eafdf647a01cb8d0285e812aac8d7294421f0f72e4865d8860e293055a9ad6"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x2c4, 0x30, 0xc96f2b0dc02612b1, 0x71bd2b, 0x25dfdbff, {}, [{0x1a0, 0x1, [@m_csum={0xd8, 0x19, 0x0, 0x0, {{0x9}, {0x74, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x3, 0x8000, 0xffffffffffffffff, 0xb8b8, 0x3}, 0x65}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7f, 0x4, 0x6, 0x1000, 0x101}, 0x37}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x6, 0x1, 0xfffffffffffffff9, 0x9, 0x80000001}, 0x14}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x274bcf77, 0x5, 0x6, 0x8, 0x101}, 0x7d}}]}, {0x39, 0x6, "99599a989bd1b1fba50a4a29ffa7c682e6cfa07125a1335f6cc53bfcbdd0cec4b739e8072ad58b5153a6189bec7e227f7f9f2cb5c1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_skbmod={0x44, 0x1, 0x0, 0x0, {{0xb}, {0x18, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @broadcast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x4}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_bpf={0x80, 0x0, 0x0, 0x0, {{0x8}, {0x40, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x2, 0x2, 0x4, 0x6, 0x4}}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x19, 0x6, "12df59202984a7d58c1b88abb797475ada8903aa97"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}]}, {0x110, 0x1, [@m_nat={0x10c, 0x17, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x7, 0x8, 0x7, 0x3, 0x80000000}, @private=0xa010101, @remote, 0xff000000, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x1, 0x3, 0xffffffffffffffff, 0x3, 0x4}, @remote, @rand_addr=0x64010100, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x5, 0x3, 0x2, 0x128, 0x4}, @broadcast, @broadcast, 0xffffff00}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x6, 0x5, 0x3, 0xfce3, 0xf0}, @multicast2, @private=0xa010101, 0xffffffff, 0x10000001}}]}, {0x41, 0x6, "b7e5307681464d8557d780071307f7c6a1d3bec6226e063b395b3cd3cc6acbf3f57c019041a22a7fc6709a114f627684942cab7868f369b56956160b81"}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x2c4}, 0x1, 0x0, 0x0, 0x4004000}, 0x50)
r7 = socket(0x10, 0x803, 0x0)
sendto(r7, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b00)={r9, 0x2000002, 0x88, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000100000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r10, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x7, 0x0})

16.176159ms ago: executing program 0 (id=462):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000020500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a40ffff"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {0xffff, 0xffff}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

0s ago: executing program 5 (id=463):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
socket$caif_stream(0x25, 0x1, 0x0)
syz_io_uring_setup(0x179a, &(0x7f00000000c0)={0x0, 0xfb29, 0x100, 0x2, 0x2f5}, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000ffffffff00000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r6}, 0x10)
getrlimit(0xe, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
socket$inet(0xa, 0x801, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000240), &(0x7f00000003c0)}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r2, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)=ANY=[@ANYBLOB="8aaaaaaaaa8e00000000000086dd600a843500142f00fe80000000000000000000000000003bfe8000000000000000000000000000aa000022eb", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)

kernel console output (not intermixed with test programs):

etdevsim netdevsim4 netdevsim1: renamed from eth1
[   36.392642][ T3314] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   36.402172][ T3314] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   36.430221][ T3326] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   36.438911][ T3326] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   36.447984][ T3326] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   36.464084][ T3326] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   36.498973][ T3315] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   36.520124][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.527174][ T3315] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   36.536473][ T3315] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   36.545449][ T3315] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   36.571671][ T3319] 8021q: adding VLAN 0 to HW filter on device team0
[   36.600501][ T3322] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   36.609539][ T3322] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   36.621836][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.628925][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.639307][ T3322] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   36.649097][ T3322] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   36.660659][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.667766][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.678932][ T3326] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.702666][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.725095][ T3314] 8021q: adding VLAN 0 to HW filter on device team0
[   36.733587][ T3326] 8021q: adding VLAN 0 to HW filter on device team0
[   36.766323][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.773415][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.782097][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.789189][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.797931][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.805041][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.813837][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.820878][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.855865][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.880722][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0
[   36.899072][ T3315] 8021q: adding VLAN 0 to HW filter on device team0
[   36.916548][ T3322] 8021q: adding VLAN 0 to HW filter on device team0
[   36.928634][ T3314] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   36.946707][  T295] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.953874][  T295] bridge0: port 1(bridge_slave_0) entered forwarding state
[   36.973333][  T295] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.980415][  T295] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.004020][ T2033] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.011514][ T2033] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.021166][ T2033] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.028316][ T2033] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.040418][ T3319] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.062215][ T3326] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.072182][ T3315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   37.124985][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.221192][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.240494][ T3326] veth0_vlan: entered promiscuous mode
[   37.258235][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.268455][ T3326] veth1_vlan: entered promiscuous mode
[   37.290514][ T3319] veth0_vlan: entered promiscuous mode
[   37.315573][ T3319] veth1_vlan: entered promiscuous mode
[   37.328300][ T3326] veth0_macvtap: entered promiscuous mode
[   37.344820][ T3326] veth1_macvtap: entered promiscuous mode
[   37.372744][ T3319] veth0_macvtap: entered promiscuous mode
[   37.391210][ T3319] veth1_macvtap: entered promiscuous mode
[   37.401124][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.416900][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.429523][ T3314] veth0_vlan: entered promiscuous mode
[   37.439287][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.452597][ T3322] veth0_vlan: entered promiscuous mode
[   37.464852][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.475374][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   37.488495][ T3322] veth1_vlan: entered promiscuous mode
[   37.497235][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   37.509038][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   37.518129][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   37.527008][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   37.535941][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   37.549041][ T3315] veth0_vlan: entered promiscuous mode
[   37.555079][ T3314] veth1_vlan: entered promiscuous mode
[   37.562831][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   37.578351][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   37.593294][ T3315] veth1_vlan: entered promiscuous mode
[   37.615734][ T3322] veth0_macvtap: entered promiscuous mode
[   37.634056][ T3319] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   37.643580][ T3322] veth1_macvtap: entered promiscuous mode
[   37.658510][ T3315] veth0_macvtap: entered promiscuous mode
[   37.665807][ T3315] veth1_macvtap: entered promiscuous mode
[   37.675160][ T3314] veth0_macvtap: entered promiscuous mode
[   37.686287][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.696277][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.708657][ T3314] veth1_macvtap: entered promiscuous mode
[   37.734716][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0
[   37.742129][ T3483] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1'.
[   37.752581][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.772817][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.781387][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1
[   37.791379][  T126] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   37.802445][  T126] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   37.802481][  T126] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   37.802550][  T126] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   37.833248][ T3487] loop3: detected capacity change from 0 to 4096
[   37.860123][  T126] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   37.879026][ T3487] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.895036][  T126] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   37.915525][   T52] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   37.933937][ T3495] --map-set only usable from mangle table
[   37.966141][   T52] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   37.976010][  T295] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.001777][  T295] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.012637][   T29] kauditd_printk_skb: 38 callbacks suppressed
[   38.012653][   T29] audit: type=1326 audit(1764502178.257:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3486 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4768ecf749 code=0x7ffc0000
[   38.060879][   T52] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.080849][ T3502] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   38.081046][ T3495] 9pnet: Could not find request transport: r
[   38.100160][   T29] audit: type=1326 audit(1764502178.257:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3486 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4768ecf749 code=0x7ffc0000
[   38.123515][   T29] audit: type=1400 audit(1764502178.327:112): avc:  denied  { create } for  pid=3501 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   38.130504][   T52] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.142743][   T29] audit: type=1400 audit(1764502178.327:113): avc:  denied  { write } for  pid=3501 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   38.170667][   T29] audit: type=1400 audit(1764502178.327:114): avc:  denied  { create } for  pid=3501 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   38.206041][   T29] audit: type=1400 audit(1764502178.437:115): avc:  denied  { create } for  pid=3501 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   38.225483][   T29] audit: type=1400 audit(1764502178.437:116): avc:  denied  { create } for  pid=3503 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   38.244759][   T29] audit: type=1400 audit(1764502178.447:117): avc:  denied  { write } for  pid=3503 comm="syz.2.3" name="vlan0" dev="proc" ino=4026533286 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   38.267203][   T29] audit: type=1400 audit(1764502178.447:118): avc:  denied  { create } for  pid=3499 comm="syz.0.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   38.287319][   T29] audit: type=1400 audit(1764502178.447:119): avc:  denied  { write } for  pid=3499 comm="syz.0.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   38.289471][ T3512] FAULT_INJECTION: forcing a failure.
[   38.289471][ T3512] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   38.320581][ T3512] CPU: 0 UID: 0 PID: 3512 Comm: syz.4.9 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   38.320610][ T3512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   38.320700][ T3512] Call Trace:
[   38.320707][ T3512]  <TASK>
[   38.320716][ T3512]  __dump_stack+0x1d/0x30
[   38.320744][ T3512]  dump_stack_lvl+0xe8/0x140
[   38.320769][ T3512]  dump_stack+0x15/0x1b
[   38.320800][ T3512]  should_fail_ex+0x265/0x280
[   38.320883][ T3512]  should_fail+0xb/0x20
[   38.320903][ T3512]  should_fail_usercopy+0x1a/0x20
[   38.320929][ T3512]  _copy_from_user+0x1c/0xb0
[   38.320958][ T3512]  ___sys_sendmsg+0xc1/0x1d0
[   38.320990][ T3512]  __x64_sys_sendmsg+0xd4/0x160
[   38.321042][ T3512]  x64_sys_call+0x191e/0x3000
[   38.321071][ T3512]  do_syscall_64+0xd2/0x200
[   38.321094][ T3512]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   38.321127][ T3512]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   38.321165][ T3512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   38.321192][ T3512] RIP: 0033:0x7ff16612f749
[   38.321209][ T3512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   38.321267][ T3512] RSP: 002b:00007ff164b8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   38.321370][ T3512] RAX: ffffffffffffffda RBX: 00007ff166385fa0 RCX: 00007ff16612f749
[   38.321381][ T3512] RDX: 0000000000008010 RSI: 0000200000000000 RDI: 0000000000000004
[   38.321395][ T3512] RBP: 00007ff164b8f090 R08: 0000000000000000 R09: 0000000000000000
[   38.321407][ T3512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   38.321418][ T3512] R13: 00007ff166386038 R14: 00007ff166385fa0 R15: 00007ffc55199978
[   38.321436][ T3512]  </TASK>
[   38.348132][ T3514] netlink: 7 bytes leftover after parsing attributes in process `syz.2.8'.
[   38.360251][ T3502] netlink: 'syz.1.2': attribute type 7 has an invalid length.
[   38.510803][ T3502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'.
[   38.523835][ T3514] netlink: 7 bytes leftover after parsing attributes in process `syz.2.8'.
[   38.541463][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.581329][ T3522] loop0: detected capacity change from 0 to 1024
[   38.604907][ T3522] EXT4-fs: Ignoring removed nomblk_io_submit option
[   38.633503][ T3529] netlink: 2012 bytes leftover after parsing attributes in process `syz.1.14'.
[   38.642510][ T3529] netlink: 24 bytes leftover after parsing attributes in process `syz.1.14'.
[   38.668771][ T3526] Zero length message leads to an empty skb
[   38.680030][ T3522] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.696442][ T3529] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   38.735620][ T3522] netlink: 'syz.0.13': attribute type 30 has an invalid length.
[   38.835046][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.896091][ T3543] netlink: 256 bytes leftover after parsing attributes in process `syz.0.18'.
[   39.073920][ T3549] hub 6-0:1.0: USB hub found
[   39.079449][ T3549] hub 6-0:1.0: 8 ports detected
[   39.131311][ T3547] netlink: 'syz.4.20': attribute type 1 has an invalid length.
[   39.139010][ T3547] netlink: 224 bytes leftover after parsing attributes in process `syz.4.20'.
[   39.186891][ T3551] loop4: detected capacity change from 0 to 1024
[   39.213159][ T3551] =======================================================
[   39.213159][ T3551] WARNING: The mand mount option has been deprecated and
[   39.213159][ T3551]          and is ignored by this kernel. Remove the mand
[   39.213159][ T3551]          option from the mount to silence this warning.
[   39.213159][ T3551] =======================================================
[   39.253667][ T3551] EXT4-fs: Ignoring removed nomblk_io_submit option
[   39.260355][ T3551] EXT4-fs: Ignoring removed orlov option
[   39.266149][ T3551] ext2: Bad value for 'mb_optimize_scan'
[   39.371489][ T3551] veth1_to_bridge: entered allmulticast mode
[   39.380097][  T126] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.399414][ T3567] loop0: detected capacity change from 0 to 1024
[   39.406472][ T3567] EXT4-fs: Ignoring removed nomblk_io_submit option
[   39.439399][ T3567] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.441034][ T3569] netlink: 20 bytes leftover after parsing attributes in process `syz.1.24'.
[   39.468278][ T3567] netlink: 'syz.0.23': attribute type 30 has an invalid length.
[   39.510296][ T3575] loop1: detected capacity change from 0 to 512
[   39.529750][ T3575] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   39.548417][ T3575] EXT4-fs (loop1): 1 truncate cleaned up
[   39.555058][ T3575] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.589061][ T3575] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   39.605497][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.723172][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.779184][ T3585] loop0: detected capacity change from 0 to 512
[   39.788479][ T3590] loop1: detected capacity change from 0 to 512
[   39.804090][ T3585] EXT4-fs: Ignoring removed i_version option
[   39.810266][ T3585] EXT4-fs: Ignoring removed bh option
[   39.824770][ T3590] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   39.839985][ T3585] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[   39.867125][ T3585] netlink: 96 bytes leftover after parsing attributes in process `+}[@'.
[   39.877008][ T3590] EXT4-fs (loop1): orphan cleanup on readonly fs
[   39.909217][ T3590] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.29: Failed to acquire dquot type 1
[   39.928855][ T3590] EXT4-fs (loop1): Remounting filesystem read-only
[   39.939835][ T3590] EXT4-fs (loop1): 1 truncate cleaned up
[   39.946215][ T3590] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   39.961428][ T3596] loop2: detected capacity change from 0 to 1024
[   39.969795][ T3596] EXT4-fs: Ignoring removed nomblk_io_submit option
[   39.985570][ T3596] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.007449][ T3596] netlink: 'syz.2.32': attribute type 30 has an invalid length.
[   40.032190][ T3603] loop4: detected capacity change from 0 to 2048
[   40.067060][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.077040][ T3485]  loop4: p1 < > p3 p4
[   40.100728][ T3485] loop4: p3 start 458752 is beyond EOD, truncated
[   40.107246][ T3485] loop4: p4 start 268435456 is beyond EOD, truncated
[   40.141525][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.153766][ T3603]  loop4: p1 < > p3 p4
[   40.158679][ T3603] loop4: p3 start 458752 is beyond EOD, truncated
[   40.165229][ T3603] loop4: p4 start 268435456 is beyond EOD, truncated
[   40.243715][ T3610] Cannot find add_set index 0 as target
[   40.260684][ T3604] loop0: detected capacity change from 0 to 32768
[   40.303749][ T3485]  loop0: p1 p2 p3 < p5 p6 >
[   40.311525][ T3485] loop0: p2 size 16775168 extends beyond EOD, truncated
[   40.322108][ T3611] syz.0.33 uses obsolete (PF_INET,SOCK_PACKET)
[   40.333541][ T3485] loop0: p5 start 4294970168 is beyond EOD, truncated
[   40.349654][ T3604]  loop0: p1 p2 p3 < p5 p6 >
[   40.355429][ T3604] loop0: p2 size 16775168 extends beyond EOD, truncated
[   40.364913][ T3604] loop0: p5 start 4294970168 is beyond EOD, truncated
[   40.441783][ T3624] loop2: detected capacity change from 0 to 1024
[   40.454665][ T3622] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.465568][ T3485] udevd[3485]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[   40.478170][ T3303] udevd[3303]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[   40.479941][ T3624] EXT4-fs: Ignoring removed nomblk_io_submit option
[   40.490858][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[   40.503124][ T3625] udevd[3625]: inotify_add_watch(7, /dev/loop0p6, 10) failed: No such file or directory
[   40.521355][ T3485] udevd[3485]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[   40.521391][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[   40.536068][ T3625] udevd[3625]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory
[   40.552696][ T3303] udevd[3303]: inotify_add_watch(7, /dev/loop0p6, 10) failed: No such file or directory
[   40.566455][ T3624] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.581656][ T3622] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.595950][ T3624] netlink: 'syz.2.40': attribute type 30 has an invalid length.
[   40.608431][ T2033] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   40.623136][ T3622] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.634898][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.646539][ T2033] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   40.684777][ T2033] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   40.698531][ T3622] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.712404][ T2033] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   40.721384][ T3634] netlink: 'syz.2.43': attribute type 12 has an invalid length.
[   40.779798][ T2033] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   40.812247][ T2033] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   40.837342][ T2033] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   40.848379][ T2033] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.886725][ T3646] bridge1: entered promiscuous mode
[   40.891980][ T3646] bridge1: entered allmulticast mode
[   40.940493][ T3646] netlink: 'syz.0.49': attribute type 7 has an invalid length.
[   41.100732][ T3668] loop1: detected capacity change from 0 to 1024
[   41.129524][ T3668] EXT4-fs: Ignoring removed nomblk_io_submit option
[   41.166322][ T3675] loop2: detected capacity change from 0 to 512
[   41.194436][ T3680] loop0: detected capacity change from 0 to 512
[   41.213620][ T3668] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.219252][ T3680] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   41.238783][ T3680] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   41.253747][ T3668] netlink: 'syz.1.57': attribute type 30 has an invalid length.
[   41.335861][ T3688] FAULT_INJECTION: forcing a failure.
[   41.335861][ T3688] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   41.349078][ T3688] CPU: 0 UID: 0 PID: 3688 Comm: syz.2.63 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   41.349106][ T3688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   41.349122][ T3688] Call Trace:
[   41.349128][ T3688]  <TASK>
[   41.349135][ T3688]  __dump_stack+0x1d/0x30
[   41.349161][ T3688]  dump_stack_lvl+0xe8/0x140
[   41.349181][ T3688]  dump_stack+0x15/0x1b
[   41.349221][ T3688]  should_fail_ex+0x265/0x280
[   41.349241][ T3688]  should_fail+0xb/0x20
[   41.349258][ T3688]  should_fail_usercopy+0x1a/0x20
[   41.349315][ T3688]  _copy_from_user+0x1c/0xb0
[   41.349340][ T3688]  kstrtouint_from_user+0x69/0xf0
[   41.349360][ T3688]  ? 0xffffffff81000000
[   41.349408][ T3688]  ? selinux_file_permission+0x1e4/0x320
[   41.349440][ T3688]  proc_fail_nth_write+0x50/0x160
[   41.349554][ T3688]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   41.349585][ T3688]  vfs_write+0x269/0x960
[   41.349614][ T3688]  ? vfs_read+0x4e6/0x770
[   41.349637][ T3688]  ? __rcu_read_unlock+0x4f/0x70
[   41.349677][ T3688]  ? __fget_files+0x184/0x1c0
[   41.349708][ T3688]  ksys_write+0xda/0x1a0
[   41.349778][ T3688]  __x64_sys_write+0x40/0x50
[   41.349804][ T3688]  x64_sys_call+0x2802/0x3000
[   41.349826][ T3688]  do_syscall_64+0xd2/0x200
[   41.349905][ T3688]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   41.349933][ T3688]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   41.350095][ T3688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.350116][ T3688] RIP: 0033:0x7f7a6418e1ff
[   41.350130][ T3688] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   41.350148][ T3688] RSP: 002b:00007f7a62bf7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   41.350166][ T3688] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7a6418e1ff
[   41.350248][ T3688] RDX: 0000000000000001 RSI: 00007f7a62bf70a0 RDI: 0000000000000006
[   41.350259][ T3688] RBP: 00007f7a62bf7090 R08: 0000000000000000 R09: 0000000000000000
[   41.350271][ T3688] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[   41.350333][ T3688] R13: 00007f7a643e6038 R14: 00007f7a643e5fa0 R15: 00007fffa46ff8f8
[   41.350351][ T3688]  </TASK>
[   41.350601][ T3680] EXT4-fs (loop0): 1 truncate cleaned up
[   41.569977][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.583206][ T3680] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.617432][ T3691] bond0: (slave bond_slave_1): Releasing backup interface
[   41.631062][ T3680] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.730870][ T3709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   41.745972][ T3707] loop1: detected capacity change from 0 to 1024
[   41.766615][ T3707] EXT4-fs: Ignoring removed nomblk_io_submit option
[   41.780915][ T3709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   41.804683][ T3707] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.842948][ T3709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   41.854238][ T3709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   41.864077][ T3707] netlink: 'syz.1.71': attribute type 30 has an invalid length.
[   41.874247][   T52] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   41.874707][   T52] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   41.912686][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.914175][   T52] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   41.914282][   T52] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   41.971092][ T3734] loop1: detected capacity change from 0 to 1024
[   41.989077][ T3734] EXT4-fs: Ignoring removed nomblk_io_submit option
[   42.002204][ T3739] loop0: detected capacity change from 0 to 1024
[   42.017136][ T3734] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.104665][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.128897][ T3749] loop4: detected capacity change from 0 to 512
[   42.138227][ T3749] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[   42.147283][ T3749] EXT4-fs (loop4): 1 truncate cleaned up
[   42.153520][ T3749] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.167631][ T3749] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   42.200298][ T3751] loop1: detected capacity change from 0 to 512
[   42.215850][ T3751] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.78: corrupted inode contents
[   42.227641][ T3751] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #3: comm syz.1.78: mark_inode_dirty error
[   42.239704][ T3751] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #3: comm syz.1.78: corrupted inode contents
[   42.251809][ T3751] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #3: comm syz.1.78: mark_inode_dirty error
[   42.263692][ T3751] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.78: Failed to acquire dquot type 0
[   42.275540][ T3751] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.78: corrupted inode contents
[   42.287593][ T3751] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #16: comm syz.1.78: mark_inode_dirty error
[   42.299402][ T3751] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.78: corrupted inode contents
[   42.311711][ T3751] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.78: mark_inode_dirty error
[   42.323275][ T3751] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.78: corrupted inode contents
[   42.335284][ T3751] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem
[   42.344164][ T3751] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #16: comm syz.1.78: corrupted inode contents
[   42.356317][ T3751] EXT4-fs error (device loop1): ext4_truncate:4637: inode #16: comm syz.1.78: mark_inode_dirty error
[   42.367844][ T3751] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem
[   42.378208][ T3751] EXT4-fs (loop1): 1 truncate cleaned up
[   42.384439][ T3751] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.397030][ T3751] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   42.485050][    C0] hrtimer: interrupt took 25864 ns
[   42.660293][ T3768] loop3: detected capacity change from 0 to 8192
[   42.679453][ T3768] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.737398][ T3768] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.777451][ T3768] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.830845][ T3768] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   42.842847][ T3770] loop2: detected capacity change from 0 to 512
[   42.860167][ T3770] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.83: invalid indirect mapped block 1024 (level 0)
[   42.880741][ T3770] EXT4-fs (loop2): Remounting filesystem read-only
[   42.892850][ T3770] EXT4-fs (loop2): 1 truncate cleaned up
[   42.900312][ T3770] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.916240][ T3778] __nla_validate_parse: 10 callbacks suppressed
[   42.916268][ T3778] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   42.931002][ T3778] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   42.944004][  T126] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   42.955766][ T2033] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   42.964136][ T3778] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   42.964554][ T3751] syz.1.78 (3751) used greatest stack depth: 9624 bytes left
[   42.972749][ T3778] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   42.990381][ T3778] nfs: Unknown parameter '\$�'
[   43.009274][  T126] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   43.023457][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.030707][  T126] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   43.042178][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.074344][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.112491][ T3785] syzkaller1: entered promiscuous mode
[   43.118180][ T3785] syzkaller1: entered allmulticast mode
[   43.133874][ T3789] netlink: 20 bytes leftover after parsing attributes in process `syz.4.89'.
[   43.146597][   T29] kauditd_printk_skb: 365 callbacks suppressed
[   43.146622][   T29] audit: type=1400 audit(1764502183.397:481): avc:  denied  { name_bind } for  pid=3781 comm="syz.3.88" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   43.147129][ T3792] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5137 sclass=netlink_route_socket pid=3792 comm=syz.3.88
[   43.215627][ T3795] netlink: 20 bytes leftover after parsing attributes in process `syz.4.91'.
[   43.245389][ T3798] netlink: 224 bytes leftover after parsing attributes in process `syz.4.92'.
[   43.257892][   T29] audit: type=1400 audit(1764502183.507:482): avc:  denied  { create } for  pid=3797 comm="syz.4.92" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   43.296421][ T3803] netlink: 14 bytes leftover after parsing attributes in process `syz.4.94'.
[   43.308932][ T3804] loop3: detected capacity change from 0 to 164
[   43.316210][ T3803] hsr_slave_0: left promiscuous mode
[   43.322773][ T3803] hsr_slave_1: left promiscuous mode
[   43.330420][   T29] audit: type=1400 audit(1764502183.577:483): avc:  denied  { mount } for  pid=3802 comm="syz.3.93" name="/" dev="loop3" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   43.366757][   T29] audit: type=1400 audit(1764502183.607:484): avc:  denied  { unmount } for  pid=3326 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   43.400006][ T3807] loop3: detected capacity change from 0 to 1024
[   43.410455][ T3807] EXT4-fs: Ignoring removed nomblk_io_submit option
[   43.417577][   T29] audit: type=1400 audit(1764502183.617:485): avc:  denied  { write } for  pid=3801 comm="syz.4.94" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[   43.454175][ T3807] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.496500][ T3807] netlink: 8 bytes leftover after parsing attributes in process `syz.3.95'.
[   43.505564][ T3807] validate_nla: 4 callbacks suppressed
[   43.505578][ T3807] netlink: 'syz.3.95': attribute type 30 has an invalid length.
[   43.529348][   T29] audit: type=1400 audit(1764502183.767:486): avc:  denied  { write } for  pid=3810 comm="syz.4.96" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   43.551985][   T29] audit: type=1400 audit(1764502183.767:487): avc:  denied  { ioctl } for  pid=3810 comm="syz.4.96" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   43.584153][  T295] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   43.603211][  T295] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   43.614776][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.639342][  T295] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   43.653071][  T126] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   43.696060][ T3815] loop3: detected capacity change from 0 to 512
[   43.754966][ T3815] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.771643][ T3815] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.786385][ T3816] gre0: entered allmulticast mode
[   43.805792][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.821640][ T3822] loop4: detected capacity change from 0 to 1024
[   43.829143][ T3822] EXT4-fs: Ignoring removed nomblk_io_submit option
[   43.840595][   T29] audit: type=1400 audit(1764502184.037:488): avc:  denied  { create } for  pid=3814 comm="syz.3.97" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   43.859924][   T29] audit: type=1400 audit(1764502184.047:489): avc:  denied  { ioctl } for  pid=3814 comm="syz.3.97" path="socket:[6603]" dev="sockfs" ino=6603 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   43.903590][ T3822] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.921793][ T3822] netlink: 'syz.4.100': attribute type 30 has an invalid length.
[   43.989821][ T3827] loop3: detected capacity change from 0 to 512
[   44.010125][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.027989][ T3830] netlink: 20 bytes leftover after parsing attributes in process `syz.2.102'.
[   44.058966][   T29] audit: type=1400 audit(1764502184.297:490): avc:  denied  { ioctl } for  pid=3828 comm="syz.1.103" path="socket:[5559]" dev="sockfs" ino=5559 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   44.122029][ T3835] 9pnet: Could not find request transport: f
[   44.136051][ T3835] loop0: detected capacity change from 0 to 1024
[   44.223472][ T3835] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   44.242068][ T3827] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[   44.253713][ T3827] EXT4-fs (loop3): 1 truncate cleaned up
[   44.259993][ T3827] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.278112][ T3835] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.279085][ T3827] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   44.312607][ T3850] loop2: detected capacity change from 0 to 1024
[   44.339369][ T3850] EXT4-fs: Ignoring removed nomblk_io_submit option
[   44.390465][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   44.404277][ T3850] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.465490][ T3864] FAULT_INJECTION: forcing a failure.
[   44.465490][ T3864] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   44.478800][ T3864] CPU: 1 UID: 0 PID: 3864 Comm: syz.0.112 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   44.478850][ T3864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   44.478881][ T3864] Call Trace:
[   44.478890][ T3864]  <TASK>
[   44.478899][ T3864]  __dump_stack+0x1d/0x30
[   44.478926][ T3864]  dump_stack_lvl+0xe8/0x140
[   44.478954][ T3864]  dump_stack+0x15/0x1b
[   44.478977][ T3864]  should_fail_ex+0x265/0x280
[   44.479002][ T3864]  should_fail_alloc_page+0xf2/0x100
[   44.479073][ T3864]  __alloc_frozen_pages_noprof+0xff/0x360
[   44.479116][ T3864]  alloc_pages_mpol+0xb3/0x260
[   44.479135][ T3864]  ? __rcu_read_lock+0x37/0x50
[   44.479228][ T3864]  vma_alloc_folio_noprof+0x1aa/0x300
[   44.479330][ T3864]  handle_mm_fault+0xec2/0x2be0
[   44.479357][ T3864]  ? vma_start_read+0x141/0x1f0
[   44.479425][ T3864]  do_user_addr_fault+0x630/0x1080
[   44.479456][ T3864]  ? fpregs_assert_state_consistent+0xb4/0xe0
[   44.479500][ T3864]  exc_page_fault+0x62/0xa0
[   44.479532][ T3864]  asm_exc_page_fault+0x26/0x30
[   44.479578][ T3864] RIP: 0033:0x7fce710c0943
[   44.479596][ T3864] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[   44.479618][ T3864] RSP: 002b:00007fce6fc664a0 EFLAGS: 00010206
[   44.479637][ T3864] RAX: 0000000000016000 RBX: 00007fce6fc66540 RCX: 00007fce67847000
[   44.479652][ T3864] RDX: 00007fce6fc666e0 RSI: 0000000000000001 RDI: 00007fce6fc665e0
[   44.479705][ T3864] RBP: 0000000000000085 R08: 0000000000000007 R09: 0000000000000059
[   44.479785][ T3864] R10: 0000000000000062 R11: 00007fce6fc66540 R12: 0000000000000001
[   44.479800][ T3864] R13: 00007fce7129fc40 R14: 000000000000002e R15: 00007fce6fc665e0
[   44.479823][ T3864]  </TASK>
[   44.479832][ T3864] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   44.661596][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.671103][ T3864] loop0: detected capacity change from 0 to 512
[   44.702481][ T3850] netlink: 'syz.2.108': attribute type 30 has an invalid length.
[   44.836640][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.983072][ T3889] capability: warning: `syz.1.122' uses deprecated v2 capabilities in a way that may be insecure
[   45.029909][ T3881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   45.038540][ T3881] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   45.051181][ T3892] syzkaller0: entered promiscuous mode
[   45.056814][ T3892] syzkaller0: entered allmulticast mode
[   45.347930][ T3856] syz.4.110 (3856) used greatest stack depth: 7032 bytes left
[   45.445825][ T3959] $H�: renamed from bond0 (while UP)
[   45.460331][ T3959] $H�: entered promiscuous mode
[   45.465476][ T3959] bond_slave_0: entered promiscuous mode
[   45.476201][ T3961] loop1: detected capacity change from 0 to 512
[   45.482751][ T3961] EXT4-fs: dax option not supported
[   45.557217][ T3965] loop4: detected capacity change from 0 to 512
[   45.567797][ T3965] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[   45.580651][ T3965] EXT4-fs (loop4): 1 truncate cleaned up
[   45.624146][ T3965] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.689881][ T3965] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   45.763794][ T3979] FAULT_INJECTION: forcing a failure.
[   45.763794][ T3979] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   45.777079][ T3979] CPU: 1 UID: 0 PID: 3979 Comm: syz.0.135 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   45.777111][ T3979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   45.777124][ T3979] Call Trace:
[   45.777131][ T3979]  <TASK>
[   45.777186][ T3979]  __dump_stack+0x1d/0x30
[   45.777214][ T3979]  dump_stack_lvl+0xe8/0x140
[   45.777240][ T3979]  dump_stack+0x15/0x1b
[   45.777261][ T3979]  should_fail_ex+0x265/0x280
[   45.777287][ T3979]  should_fail+0xb/0x20
[   45.777307][ T3979]  should_fail_usercopy+0x1a/0x20
[   45.777410][ T3979]  fpu__restore_sig+0x12d/0xaa0
[   45.777526][ T3979]  ? should_fail_ex+0xdb/0x280
[   45.777552][ T3979]  __ia32_sys_rt_sigreturn+0x29f/0x350
[   45.777642][ T3979]  x64_sys_call+0x2d4b/0x3000
[   45.777667][ T3979]  do_syscall_64+0xd2/0x200
[   45.777693][ T3979]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   45.777760][ T3979]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   45.777797][ T3979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.777821][ T3979] RIP: 0033:0x7fce711ff747
[   45.777835][ T3979] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[   45.777852][ T3979] RSP: 002b:00007fce6fc67038 EFLAGS: 00000246
[   45.777867][ T3979] RAX: 00000000000001c1 RBX: 00007fce71455fa0 RCX: 00007fce711ff749
[   45.777931][ T3979] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000001080
[   45.777946][ T3979] RBP: 00007fce6fc67090 R08: 0000000000000001 R09: 0000000000000000
[   45.777960][ T3979] R10: 0000200000001100 R11: 0000000000000246 R12: 0000000000000002
[   45.777975][ T3979] R13: 00007fce71456038 R14: 00007fce71455fa0 R15: 00007fffe315b0a8
[   45.777993][ T3979]  </TASK>
[   46.032314][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.264396][ T4003] batadv_slave_0: entered promiscuous mode
[   46.491584][ T4002] batadv_slave_0: left promiscuous mode
[   46.637020][ T4018] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4018 comm=GPL
[   46.649023][ T4018] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4018 comm=GPL
[   46.671950][ T4024] loop3: detected capacity change from 0 to 512
[   46.682664][ T4024] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[   46.693646][ T4024] EXT4-fs (loop3): 1 truncate cleaned up
[   46.699772][ T4024] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.792231][ T4028] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 !
[   46.802445][ T4024] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   46.923621][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.040384][ T4043] loop1: detected capacity change from 0 to 4096
[   47.081755][ T4043] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.107035][ T4046] 9pnet_fd: Insufficient options for proto=fd
[   47.171608][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.268980][ T4048] netlink: 'syz.0.156': attribute type 1 has an invalid length.
[   47.283493][ T4048] loop0: detected capacity change from 0 to 1024
[   47.292419][ T4048] EXT4-fs: Ignoring removed nomblk_io_submit option
[   47.299126][ T4048] EXT4-fs: Ignoring removed orlov option
[   47.304871][ T4048] ext2: Bad value for 'mb_optimize_scan'
[   47.364894][ T4053] veth1_to_bridge: entered allmulticast mode
[   47.392680][ T3955] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.408310][ T4057] loop1: detected capacity change from 0 to 1024
[   47.456248][ T4057] EXT4-fs: Ignoring removed nomblk_io_submit option
[   47.481815][ T4057] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.520244][ T4057] netlink: 'syz.1.158': attribute type 30 has an invalid length.
[   47.762443][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.029785][ T4079] __nla_validate_parse: 14 callbacks suppressed
[   48.029802][ T4079] netlink: 20 bytes leftover after parsing attributes in process `syz.3.165'.
[   48.032523][ T4078] loop0: detected capacity change from 0 to 512
[   48.080897][ T4078] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[   48.110999][ T4078] EXT4-fs (loop0): 1 truncate cleaned up
[   48.117378][ T4078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.132280][ T4078] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   48.169044][   T29] kauditd_printk_skb: 265 callbacks suppressed
[   48.169058][   T29] audit: type=1400 audit(1764502188.417:756): avc:  denied  { cpu } for  pid=4071 comm="syz.2.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   48.232771][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.246501][ T4087] SELinux:  Context system_u:object_r:crontab_exec_t:s0 is not valid (left unmapped).
[   48.246491][   T29] audit: type=1400 audit(1764502188.497:757): avc:  denied  { relabelfrom } for  pid=4086 comm="syz.1.167" name="" dev="pipefs" ino=6949 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   48.279143][   T29] audit: type=1400 audit(1764502188.527:758): avc:  denied  { relabelto } for  pid=4086 comm="syz.1.167" name="" dev="pipefs" ino=6949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:crontab_exec_t:s0"
[   48.337104][   T29] audit: type=1400 audit(1764502188.587:759): avc:  denied  { watch watch_reads } for  pid=4088 comm="syz.0.168" path="<no_memory>" dev="tmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   48.441048][ T4096] FAULT_INJECTION: forcing a failure.
[   48.441048][ T4096] name failslab, interval 1, probability 0, space 0, times 0
[   48.454173][ T4096] CPU: 0 UID: 0 PID: 4096 Comm: syz.1.171 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   48.454204][ T4096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   48.454290][ T4096] Call Trace:
[   48.454296][ T4096]  <TASK>
[   48.454304][ T4096]  __dump_stack+0x1d/0x30
[   48.454361][ T4096]  dump_stack_lvl+0xe8/0x140
[   48.454388][ T4096]  dump_stack+0x15/0x1b
[   48.454405][ T4096]  should_fail_ex+0x265/0x280
[   48.454424][ T4096]  should_failslab+0x8c/0xb0
[   48.454489][ T4096]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   48.454608][ T4096]  ? __alloc_skb+0x101/0x320
[   48.454678][ T4096]  __alloc_skb+0x101/0x320
[   48.454770][ T4096]  alloc_skb_with_frags+0x7d/0x470
[   48.454812][ T4096]  ? kernel_text_address+0x94/0xb0
[   48.454848][ T4096]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   48.454893][ T4096]  ? __kernel_text_address+0xd/0x40
[   48.454927][ T4096]  sock_alloc_send_pskb+0x430/0x4e0
[   48.454962][ T4096]  __ip_append_data+0x18bd/0x2440
[   48.454999][ T4096]  ? __sys_sendmmsg+0x178/0x300
[   48.455078][ T4096]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   48.455246][ T4096]  ? ipv4_mtu+0x210/0x230
[   48.455279][ T4096]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   48.455341][ T4096]  ip_make_skb+0x137/0x2c0
[   48.455374][ T4096]  udp_sendmsg+0x1013/0x13c0
[   48.455404][ T4096]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   48.455470][ T4096]  ? __pfx_udp_sendmsg+0x10/0x10
[   48.455494][ T4096]  inet_sendmsg+0xac/0xd0
[   48.455515][ T4096]  __sock_sendmsg+0x102/0x180
[   48.455538][ T4096]  ____sys_sendmsg+0x345/0x4e0
[   48.455648][ T4096]  ___sys_sendmsg+0x17b/0x1d0
[   48.455750][ T4096]  __sys_sendmmsg+0x178/0x300
[   48.455843][ T4096]  __x64_sys_sendmmsg+0x57/0x70
[   48.455911][ T4096]  x64_sys_call+0x1c4a/0x3000
[   48.455939][ T4096]  do_syscall_64+0xd2/0x200
[   48.455963][ T4096]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   48.455989][ T4096]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   48.456043][ T4096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.456067][ T4096] RIP: 0033:0x7fa3c61bf749
[   48.456085][ T4096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.456133][ T4096] RSP: 002b:00007fa3c4c1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   48.456155][ T4096] RAX: ffffffffffffffda RBX: 00007fa3c6415fa0 RCX: 00007fa3c61bf749
[   48.456169][ T4096] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000004
[   48.456181][ T4096] RBP: 00007fa3c4c1f090 R08: 0000000000000000 R09: 0000000000000000
[   48.456191][ T4096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   48.456205][ T4096] R13: 00007fa3c6416038 R14: 00007fa3c6415fa0 R15: 00007ffc7795a578
[   48.456228][ T4096]  </TASK>
[   48.733295][ T4100] loop2: detected capacity change from 0 to 1024
[   48.740174][ T4100] EXT4-fs: Ignoring removed nomblk_io_submit option
[   48.756265][ T4100] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.782597][ T4100] netlink: 'syz.2.173': attribute type 30 has an invalid length.
[   48.827920][ T4108] netlink: 'syz.4.174': attribute type 1 has an invalid length.
[   48.835704][ T4108] netlink: 224 bytes leftover after parsing attributes in process `syz.4.174'.
[   48.851858][ T4103] loop4: detected capacity change from 0 to 1024
[   48.860289][ T4103] EXT4-fs: Ignoring removed nomblk_io_submit option
[   48.867006][ T4103] EXT4-fs: Ignoring removed orlov option
[   48.872686][ T4103] ext2: Bad value for 'mb_optimize_scan'
[   48.889707][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.950923][   T29] audit: type=1326 audit(1764502189.197:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   48.974633][   T29] audit: type=1326 audit(1764502189.197:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   48.999903][ T4116] loop2: detected capacity change from 0 to 512
[   49.006947][   T29] audit: type=1326 audit(1764502189.197:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   49.030275][   T29] audit: type=1326 audit(1764502189.197:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   49.053573][   T29] audit: type=1326 audit(1764502189.197:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   49.059974][ T4116] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[   49.076989][   T29] audit: type=1326 audit(1764502189.197:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   49.099628][ T4116] EXT4-fs (loop2): 1 truncate cleaned up
[   49.115957][ T4116] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.142127][ T4116] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   49.299488][ T4128] loop0: detected capacity change from 0 to 512
[   49.306890][ T4128] EXT4-fs: Mount option(s) incompatible with ext3
[   49.352722][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.902201][ T4147] FAULT_INJECTION: forcing a failure.
[   49.902201][ T4147] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.915440][ T4147] CPU: 0 UID: 0 PID: 4147 Comm: syz.1.189 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.915469][ T4147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   49.915481][ T4147] Call Trace:
[   49.915486][ T4147]  <TASK>
[   49.915493][ T4147]  __dump_stack+0x1d/0x30
[   49.915534][ T4147]  dump_stack_lvl+0xe8/0x140
[   49.915554][ T4147]  dump_stack+0x15/0x1b
[   49.915592][ T4147]  should_fail_ex+0x265/0x280
[   49.915613][ T4147]  should_fail+0xb/0x20
[   49.915628][ T4147]  should_fail_usercopy+0x1a/0x20
[   49.915650][ T4147]  _copy_from_user+0x1c/0xb0
[   49.915705][ T4147]  copy_from_sockptr_offset+0x66/0xa0
[   49.915728][ T4147]  do_ipt_set_ctl+0x5c8/0x820
[   49.915772][ T4147]  ? _raw_spin_unlock_bh+0x36/0x40
[   49.915832][ T4147]  ? tcp_release_cb+0xf1/0x370
[   49.915888][ T4147]  nf_setsockopt+0x199/0x1b0
[   49.915914][ T4147]  ip_setsockopt+0x102/0x110
[   49.915958][ T4147]  tcp_setsockopt+0x98/0xb0
[   49.915979][ T4147]  sock_common_setsockopt+0x69/0x80
[   49.916006][ T4147]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   49.916092][ T4147]  __sys_setsockopt+0x184/0x200
[   49.916183][ T4147]  __x64_sys_setsockopt+0x64/0x80
[   49.916223][ T4147]  x64_sys_call+0x20ec/0x3000
[   49.916246][ T4147]  do_syscall_64+0xd2/0x200
[   49.916267][ T4147]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   49.916296][ T4147]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   49.916384][ T4147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.916456][ T4147] RIP: 0033:0x7fa3c61bf749
[   49.916471][ T4147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.916489][ T4147] RSP: 002b:00007fa3c4c1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   49.916508][ T4147] RAX: ffffffffffffffda RBX: 00007fa3c6415fa0 RCX: 00007fa3c61bf749
[   49.916520][ T4147] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[   49.916532][ T4147] RBP: 00007fa3c4c1f090 R08: 00000000000004f8 R09: 0000000000000000
[   49.916624][ T4147] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[   49.916636][ T4147] R13: 00007fa3c6416038 R14: 00007fa3c6415fa0 R15: 00007ffc7795a578
[   49.916656][ T4147]  </TASK>
[   50.016676][ T4155] loop1: detected capacity change from 0 to 512
[   50.182683][ T4155] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   50.194513][ T4155] EXT4-fs (loop1): 1 truncate cleaned up
[   50.200640][ T4155] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.232005][ T4155] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   50.278784][ T4166] loop4: detected capacity change from 0 to 1024
[   50.289839][ T4166] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[   50.334280][ T4166] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   50.355682][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.366400][ T4166] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   50.389604][ T4176] FAULT_INJECTION: forcing a failure.
[   50.389604][ T4176] name failslab, interval 1, probability 0, space 0, times 0
[   50.402278][ T4176] CPU: 1 UID: 0 PID: 4176 Comm: syz.1.198 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   50.402322][ T4176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   50.402334][ T4176] Call Trace:
[   50.402341][ T4176]  <TASK>
[   50.402349][ T4176]  __dump_stack+0x1d/0x30
[   50.402376][ T4176]  dump_stack_lvl+0xe8/0x140
[   50.402403][ T4176]  dump_stack+0x15/0x1b
[   50.402489][ T4176]  should_fail_ex+0x265/0x280
[   50.402520][ T4176]  ? __pfx_shmem_alloc_inode+0x10/0x10
[   50.402628][ T4176]  should_failslab+0x8c/0xb0
[   50.402661][ T4176]  kmem_cache_alloc_lru_noprof+0x55/0x490
[   50.402689][ T4176]  ? shmem_alloc_inode+0x34/0x50
[   50.402713][ T4176]  ? __pfx_shmem_alloc_inode+0x10/0x10
[   50.402807][ T4176]  shmem_alloc_inode+0x34/0x50
[   50.402827][ T4176]  alloc_inode+0x40/0x170
[   50.402861][ T4176]  new_inode+0x1d/0xe0
[   50.402895][ T4176]  shmem_get_inode+0x244/0x750
[   50.402974][ T4176]  __shmem_file_setup+0x113/0x210
[   50.403001][ T4176]  shmem_file_setup+0x3b/0x50
[   50.403024][ T4176]  __se_sys_memfd_create+0x2c3/0x590
[   50.403127][ T4176]  __x64_sys_memfd_create+0x31/0x40
[   50.403150][ T4176]  x64_sys_call+0x2ac2/0x3000
[   50.403180][ T4176]  do_syscall_64+0xd2/0x200
[   50.403243][ T4176]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   50.403279][ T4176]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   50.403381][ T4176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.403405][ T4176] RIP: 0033:0x7fa3c61bf749
[   50.403420][ T4176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.403437][ T4176] RSP: 002b:00007fa3c4c1ed68 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   50.403519][ T4176] RAX: ffffffffffffffda RBX: 0000000000004080 RCX: 00007fa3c61bf749
[   50.403535][ T4176] RDX: 00007fa3c4c1edec RSI: 0000000000000000 RDI: 00007fa3c6244960
[   50.403551][ T4176] RBP: 0000200000000000 R08: 00007fa3c4c1eb07 R09: 0000000000000000
[   50.403566][ T4176] R10: 000000000000000a R11: 0000000000000202 R12: 0000000000000001
[   50.403581][ T4176] R13: 00007fa3c4c1edec R14: 00007fa3c4c1edf0 R15: 00007ffc7795a578
[   50.403666][ T4176]  </TASK>
[   50.443410][ T4166] EXT4-fs (loop4): orphan cleanup on readonly fs
[   50.518555][ T4179] netlink: 2 bytes leftover after parsing attributes in process `syz.2.197'.
[   50.556594][ T4166] EXT4-fs error (device loop4): ext4_read_inode_bitmap:167: comm syz.4.195: Inode bitmap for bg 0 marked uninitialized
[   50.571921][ T4179] lo: entered promiscuous mode
[   50.616192][ T4166] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   50.621278][ T4179] lo: entered allmulticast mode
[   50.671611][ T4166] EXT4-fs (loop4): ext4_remount: Checksum for group 0 failed (32298!=35945)
[   50.672650][ T4179] tunl0: entered promiscuous mode
[   50.685687][ T4179] tunl0: entered allmulticast mode
[   50.701421][ T4179] gre0: entered promiscuous mode
[   50.706448][ T4179] gre0: entered allmulticast mode
[   50.712725][ T4179] gretap0: entered promiscuous mode
[   50.718145][ T4179] gretap0: entered allmulticast mode
[   50.738576][ T4179] erspan0: entered promiscuous mode
[   50.743904][ T4179] erspan0: entered allmulticast mode
[   50.750616][ T4179] ip_vti0: entered promiscuous mode
[   50.755944][ T4179] ip_vti0: entered allmulticast mode
[   50.763879][ T4179] ip6_vti0: entered promiscuous mode
[   50.769213][ T4179] ip6_vti0: entered allmulticast mode
[   50.779717][ T4179] sit0: entered promiscuous mode
[   50.784829][ T4179] sit0: entered allmulticast mode
[   50.793916][ T4179] ip6tnl0: entered promiscuous mode
[   50.799160][ T4179] ip6tnl0: entered allmulticast mode
[   50.806425][ T4179] ip6gre0: entered promiscuous mode
[   50.811762][ T4179] ip6gre0: entered allmulticast mode
[   50.825807][ T4179] syz_tun: entered promiscuous mode
[   50.831064][ T4179] syz_tun: entered allmulticast mode
[   50.838003][ T4179] ip6gretap0: entered promiscuous mode
[   50.843554][ T4179] ip6gretap0: entered allmulticast mode
[   50.851985][ T4195] loop1: detected capacity change from 0 to 128
[   50.858854][ T4195] vfat: Unknown parameter '	'
[   50.871095][ T4179] bridge0: entered promiscuous mode
[   50.876375][ T4179] bridge0: entered allmulticast mode
[   50.883922][ T4179] vcan0: entered promiscuous mode
[   50.889036][ T4179] vcan0: entered allmulticast mode
[   50.899014][ T4179] bond0: entered promiscuous mode
[   50.904181][ T4179] bond_slave_0: entered promiscuous mode
[   50.910184][ T4179] bond_slave_1: entered promiscuous mode
[   50.916063][ T4179] bond0: entered allmulticast mode
[   50.921236][ T4179] bond_slave_0: entered allmulticast mode
[   50.927048][ T4179] bond_slave_1: entered allmulticast mode
[   50.936950][ T4179] team0: entered promiscuous mode
[   50.942024][ T4179] team_slave_0: entered promiscuous mode
[   50.947925][ T4179] team_slave_1: entered promiscuous mode
[   50.953700][ T4179] team0: entered allmulticast mode
[   50.958832][ T4179] team_slave_0: entered allmulticast mode
[   50.964595][ T4179] team_slave_1: entered allmulticast mode
[   50.980653][ T4179] dummy0: entered promiscuous mode
[   50.985869][ T4179] dummy0: entered allmulticast mode
[   50.992655][ T4179] nlmon0: entered promiscuous mode
[   50.997848][ T4179] nlmon0: entered allmulticast mode
[   51.005030][ T4179] caif0: entered promiscuous mode
[   51.010095][ T4179] caif0: entered allmulticast mode
[   51.018406][ T4179] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   51.106829][ T3314] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 16: comm syz-executor: path /39/file0: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[   51.151775][ T3314] EXT4-fs error (device loop4): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 11
[   51.157472][ T4209] loop2: detected capacity change from 0 to 1024
[   51.170162][ T4189] loop3: detected capacity change from 0 to 32768
[   51.177147][ T3314] EXT4-fs error (device loop4): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 11
[   51.194152][ T4210] netlink: 36 bytes leftover after parsing attributes in process `syz.1.204'.
[   51.223593][ T3485]  loop3: p1 p2 p3 < p5 p6 >
[   51.233247][ T3485] loop3: p2 size 16775168 extends beyond EOD, truncated
[   51.251768][ T4209] EXT4-fs: Ignoring removed nobh option
[   51.272985][ T4209] EXT4-fs: Ignoring removed orlov option
[   51.274976][ T3485] loop3: p5 start 4294970168 is beyond EOD, truncated
[   51.278682][ T4209] EXT4-fs: Ignoring removed i_version option
[   51.295348][ T4189]  loop3: p1 p2 p3 < p5 p6 >
[   51.298662][ T4209] journal_path: Non-blockdev passed as './file1'
[   51.300585][ T4189] loop3: p2 size 16775168 extends beyond EOD, 
[   51.306352][ T4209] EXT4-fs: error: could not find journal device path
[   51.306356][ T4189] truncated
[   51.317972][ T4189] loop3: p5 start 4294970168 is beyond EOD, truncated
[   51.379651][ T4209] loop2: detected capacity change from 0 to 128
[   51.504225][ T3303] udevd[3303]: inotify_add_watch(7, /dev/loop3p6, 10) failed: No such file or directory
[   51.516416][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   51.530118][ T3625] udevd[3625]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   51.551466][ T3485] udevd[3485]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   51.680456][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   51.680556][ T3303] udevd[3303]: inotify_add_watch(7, /dev/loop3p6, 10) failed: No such file or directory
[   51.691833][ T3625] udevd[3625]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   51.711412][ T4194] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.722521][ T3485] udevd[3485]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   51.736343][ T3934] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   51.795620][ T3934] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   51.865729][ T3934] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.007579][ T4209] syz.2.206: attempt to access beyond end of device
[   52.007579][ T4209] loop2: rw=2049, sector=138, nr_sectors = 112 limit=128
[   52.247660][ T4237] loop1: detected capacity change from 0 to 1024
[   52.256164][ T3934] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.275541][ T4237] EXT4-fs: Ignoring removed nomblk_io_submit option
[   52.310618][ T4237] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.343724][ T4237] netlink: 'syz.1.213': attribute type 30 has an invalid length.
[   52.479148][ T3934] bridge_slave_1: left allmulticast mode
[   52.485069][ T3934] bridge_slave_1: left promiscuous mode
[   52.491089][ T3934] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.499198][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.533994][ T3934] bridge_slave_0: left allmulticast mode
[   52.539710][ T3934] bridge_slave_0: left promiscuous mode
[   52.545502][ T3934] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.588947][ T4269] loop1: detected capacity change from 0 to 128
[   52.604606][ T4266] loop3: detected capacity change from 0 to 2048
[   52.619254][ T4266] EXT4-fs: Ignoring removed mblk_io_submit option
[   52.632957][ T4269] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[   52.665763][ T4266] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.718536][ T3326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.762751][ T3934] $H� (unregistering): (slave bond_slave_0): Releasing backup interface
[   52.777492][ T3934] bond_slave_0: left promiscuous mode
[   52.793907][ T3934] $H� (unregistering): Released all slaves
[   52.846386][ T3934] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   52.853960][ T3934] batman_adv: batadv0: Removing interface: batadv_slave_0
[   52.871981][ T3934] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   52.879419][ T3934] batman_adv: batadv0: Removing interface: batadv_slave_1
[   52.881802][ T4290] loop2: detected capacity change from 0 to 1024
[   52.896449][ T3934] veth1_macvtap: left promiscuous mode
[   52.903122][ T3934] veth0_macvtap: left promiscuous mode
[   52.908642][ T3934] veth1_vlan: left promiscuous mode
[   52.923209][ T3934] veth0_vlan: left promiscuous mode
[   52.953414][ T4290] EXT4-fs: Ignoring removed nomblk_io_submit option
[   53.013885][ T4290] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   53.119138][ T3934] team0 (unregistering): Port device team_slave_1 removed
[   53.187404][ T3934] team0 (unregistering): Port device team_slave_0 removed
[   53.221218][ T4299] loop1: detected capacity change from 0 to 8192
[   53.287654][ T4290] netlink: 'syz.2.224': attribute type 30 has an invalid length.
[   53.366999][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.394851][   T29] kauditd_printk_skb: 633 callbacks suppressed
[   53.394934][   T29] audit: type=1326 audit(1764502193.647:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4312 comm="syz.0.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce711ff749 code=0x7ffc0000
[   53.424559][   T29] audit: type=1326 audit(1764502193.647:1398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4312 comm="syz.0.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce711ff749 code=0x7ffc0000
[   53.493688][ T4313] loop1: detected capacity change from 0 to 8192
[   53.595799][   T29] audit: type=1326 audit(1764502193.717:1399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4312 comm="syz.0.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fce711ff749 code=0x7ffc0000
[   53.619267][   T29] audit: type=1326 audit(1764502193.717:1400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4312 comm="syz.0.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce711ff749 code=0x7ffc0000
[   53.642691][   T29] audit: type=1326 audit(1764502193.717:1401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4312 comm="syz.0.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce711ff749 code=0x7ffc0000
[   53.666229][   T29] audit: type=1326 audit(1764502193.717:1402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4312 comm="syz.0.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fce711ff749 code=0x7ffc0000
[   53.689554][   T29] audit: type=1326 audit(1764502193.717:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4312 comm="syz.0.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce711ff749 code=0x7ffc0000
[   53.695164][ T4230] chnl_net:caif_netlink_parms(): no params data found
[   53.713075][   T29] audit: type=1326 audit(1764502193.717:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4312 comm="syz.0.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce711ff749 code=0x7ffc0000
[   53.743232][   T29] audit: type=1326 audit(1764502193.717:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4312 comm="syz.0.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fce711ff749 code=0x7ffc0000
[   53.766569][   T29] audit: type=1326 audit(1764502193.717:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4312 comm="syz.0.230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce711ff749 code=0x7ffc0000
[   53.799201][ T4340] netlink: 7 bytes leftover after parsing attributes in process `syz.1.233'.
[   53.813797][ T4340] netlink: 7 bytes leftover after parsing attributes in process `syz.1.233'.
[   53.868608][ T4346] netlink: 7 bytes leftover after parsing attributes in process `syz.0.230'.
[   53.896860][ T4346] netlink: 7 bytes leftover after parsing attributes in process `syz.0.230'.
[   53.920659][ T4230] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.927811][ T4230] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.934908][ T4230] bridge_slave_0: entered allmulticast mode
[   53.942146][ T4230] bridge_slave_0: entered promiscuous mode
[   54.014582][ T4230] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.021681][ T4230] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.057755][ T4230] bridge_slave_1: entered allmulticast mode
[   54.070097][ T4230] bridge_slave_1: entered promiscuous mode
[   54.085441][ T4361] FAULT_INJECTION: forcing a failure.
[   54.085441][ T4361] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.098710][ T4361] CPU: 1 UID: 0 PID: 4361 Comm: syz.1.236 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   54.098739][ T4361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   54.098754][ T4361] Call Trace:
[   54.098762][ T4361]  <TASK>
[   54.098770][ T4361]  __dump_stack+0x1d/0x30
[   54.098792][ T4361]  dump_stack_lvl+0xe8/0x140
[   54.098811][ T4361]  dump_stack+0x15/0x1b
[   54.098881][ T4361]  should_fail_ex+0x265/0x280
[   54.098953][ T4361]  should_fail+0xb/0x20
[   54.099049][ T4361]  should_fail_usercopy+0x1a/0x20
[   54.099076][ T4361]  _copy_from_user+0x1c/0xb0
[   54.099108][ T4361]  ___sys_sendmsg+0xc1/0x1d0
[   54.099151][ T4361]  __x64_sys_sendmsg+0xd4/0x160
[   54.099181][ T4361]  x64_sys_call+0x191e/0x3000
[   54.099223][ T4361]  do_syscall_64+0xd2/0x200
[   54.099250][ T4361]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   54.099286][ T4361]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   54.099321][ T4361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.099374][ T4361] RIP: 0033:0x7fa3c61bf749
[   54.099390][ T4361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.099411][ T4361] RSP: 002b:00007fa3c4c1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   54.099434][ T4361] RAX: ffffffffffffffda RBX: 00007fa3c6415fa0 RCX: 00007fa3c61bf749
[   54.099449][ T4361] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[   54.099464][ T4361] RBP: 00007fa3c4c1f090 R08: 0000000000000000 R09: 0000000000000000
[   54.099478][ T4361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   54.099552][ T4361] R13: 00007fa3c6416038 R14: 00007fa3c6415fa0 R15: 00007ffc7795a578
[   54.099577][ T4361]  </TASK>
[   54.335562][ T4365] netlink: 36 bytes leftover after parsing attributes in process `syz.1.238'.
[   54.346716][ T4230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.361583][ T4230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.399337][ T4230] team0: Port device team_slave_0 added
[   54.406231][ T4230] team0: Port device team_slave_1 added
[   54.424392][ T4230] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.431369][ T4230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.457320][ T4230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.478231][ T4363] loop3: detected capacity change from 0 to 8192
[   54.488299][ T4230] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.495388][ T4230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.521932][ T4230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.629052][ T4230] hsr_slave_0: entered promiscuous mode
[   54.653277][ T4230] hsr_slave_1: entered promiscuous mode
[   54.666113][ T4230] debugfs: 'hsr0' already exists in 'hsr'
[   54.671910][ T4230] Cannot create hsr debugfs directory
[   54.703305][ T4383] FAULT_INJECTION: forcing a failure.
[   54.703305][ T4383] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.716424][ T4383] CPU: 1 UID: 0 PID: 4383 Comm: syz.3.239 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   54.716476][ T4383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   54.716491][ T4383] Call Trace:
[   54.716498][ T4383]  <TASK>
[   54.716507][ T4383]  __dump_stack+0x1d/0x30
[   54.716534][ T4383]  dump_stack_lvl+0xe8/0x140
[   54.716575][ T4383]  dump_stack+0x15/0x1b
[   54.716592][ T4383]  should_fail_ex+0x265/0x280
[   54.716638][ T4383]  should_fail+0xb/0x20
[   54.716658][ T4383]  should_fail_usercopy+0x1a/0x20
[   54.716684][ T4383]  _copy_from_user+0x1c/0xb0
[   54.716776][ T4383]  __se_sys_mount+0x10d/0x2e0
[   54.716806][ T4383]  ? fput+0x8f/0xc0
[   54.716828][ T4383]  ? ksys_write+0x192/0x1a0
[   54.716910][ T4383]  __x64_sys_mount+0x67/0x80
[   54.716960][ T4383]  x64_sys_call+0x2b51/0x3000
[   54.716984][ T4383]  do_syscall_64+0xd2/0x200
[   54.717004][ T4383]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   54.717117][ T4383]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   54.717170][ T4383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.717284][ T4383] RIP: 0033:0x7f4768ecf749
[   54.717302][ T4383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.717420][ T4383] RSP: 002b:00007f4767937038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   54.717444][ T4383] RAX: ffffffffffffffda RBX: 00007f4769125fa0 RCX: 00007f4768ecf749
[   54.717459][ T4383] RDX: 0000200000000100 RSI: 0000200000000500 RDI: 0000000000000000
[   54.717474][ T4383] RBP: 00007f4767937090 R08: 0000200000000a40 R09: 0000000000000000
[   54.717489][ T4383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   54.717504][ T4383] R13: 00007f4769126038 R14: 00007f4769125fa0 R15: 00007ffd96d14288
[   54.717662][ T4383]  </TASK>
[   54.992631][ T4230] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   55.027398][ T4391] loop3: detected capacity change from 0 to 128
[   55.037059][ T4391] netlink: 24 bytes leftover after parsing attributes in process `syz.3.241'.
[   55.050551][ T4230] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   55.118443][ T4230] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   55.132065][ T4230] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   55.195725][ T4402] loop0: detected capacity change from 0 to 1024
[   55.210472][ T4402] EXT4-fs: Ignoring removed nobh option
[   55.223735][ T4402] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   55.253244][ T4408] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   55.263666][ T4408] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.274407][ T4402] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #11: comm syz.0.244: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   55.311894][ T4402] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.244: couldn't read orphan inode 11 (err -117)
[   55.326072][ T4230] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.338142][ T4230] 8021q: adding VLAN 0 to HW filter on device team0
[   55.348140][ T4402] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.365375][ T4408] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   55.375719][ T4408] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.387794][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.406935][ T3945] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.414101][ T3945] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.452083][ T4062] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.459243][ T4062] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.472274][ T4408] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   55.482666][ T4408] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.557298][ T4408] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   55.567789][ T4408] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   55.617754][ T4230] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.662493][ T3907] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   55.670833][ T3907] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.706706][ T4062] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   55.715038][ T4062] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.767984][ T4062] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   55.776344][ T4062] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.818850][ T3907] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   55.827219][ T3907] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.838615][ T4434] netlink: 'syz.0.248': attribute type 1 has an invalid length.
[   55.846363][ T4434] netlink: 224 bytes leftover after parsing attributes in process `syz.0.248'.
[   55.921676][ T4438] loop0: detected capacity change from 0 to 1024
[   55.977478][ T4438] EXT4-fs: Ignoring removed nomblk_io_submit option
[   55.984298][ T4438] EXT4-fs: Ignoring removed orlov option
[   55.990781][ T4438] ext2: Bad value for 'mb_optimize_scan'
[   56.055275][ T4230] veth0_vlan: entered promiscuous mode
[   56.082605][ T4230] veth1_vlan: entered promiscuous mode
[   56.088805][ T4452] loop3: detected capacity change from 0 to 512
[   56.137336][ T4452] netlink: 36 bytes leftover after parsing attributes in process `+}[@'.
[   56.218466][ T4230] veth0_macvtap: entered promiscuous mode
[   56.236694][ T4230] veth1_macvtap: entered promiscuous mode
[   56.259309][ T4230] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.270838][ T4456] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   56.280732][ T4456] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.295967][ T4230] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.307955][ T3934] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.319542][ T3934] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.329893][ T4456] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   56.339777][ T4456] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.354344][ T3934] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.379355][ T3934] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.409455][ T4456] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   56.419387][ T4456] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.484894][ T4456] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   56.494722][ T4456] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   56.564464][ T3934] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   56.572755][ T3934] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.589093][ T3934] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   56.597360][ T3934] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.625643][ T3934] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   56.633916][ T3934] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.671121][ T3934] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   56.679374][ T3934] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.688458][ T4480] netlink: 'syz.0.261': attribute type 12 has an invalid length.
[   56.696405][ T4480] netlink: 'syz.0.261': attribute type 29 has an invalid length.
[   56.704163][ T4480] netlink: 148 bytes leftover after parsing attributes in process `syz.0.261'.
[   56.713267][ T4480] netlink: 'syz.0.261': attribute type 2 has an invalid length.
[   56.736262][ T4478] SELinux: failed to load policy
[   56.855096][ T4495] loop1: detected capacity change from 0 to 1024
[   56.867012][ T4495] EXT4-fs: Ignoring removed nomblk_io_submit option
[   57.016088][ T4495] netlink: 'syz.1.267': attribute type 30 has an invalid length.
[   57.157567][ T4511] netlink: 'syz.0.271': attribute type 1 has an invalid length.
[   57.165460][ T4511] netlink: 224 bytes leftover after parsing attributes in process `syz.0.271'.
[   57.203677][ T4511] loop0: detected capacity change from 0 to 1024
[   57.224261][ T4511] EXT4-fs: Ignoring removed nomblk_io_submit option
[   57.230909][ T4511] EXT4-fs: Ignoring removed orlov option
[   57.236690][ T4511] ext2: Bad value for 'mb_optimize_scan'
[   57.310604][ T4525] 9pnet: Could not find request transport: fd<r=
[   57.450154][ T4538] loop9: detected capacity change from 0 to 7
[   57.475953][ T3485] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.492243][ T3485] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.500209][ T3485]  loop9: unable to read partition table
[   57.508967][ T4538] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.526122][ T4538] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.534083][ T4538]  loop9: unable to read partition table
[   57.541964][ T4538] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   57.541964][ T4538] 
) failed (rc=-5)
[   57.543929][ T3485] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.585975][ T3485] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.603093][ T3485] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.618821][ T3485] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.643597][ T3485] Buffer I/O error on dev loop9, logical block 0, async page read
[   57.755056][ T4549] loop3: detected capacity change from 0 to 512
[   57.776595][ T4549] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.282: bad orphan inode 11862016
[   57.797751][ T4549] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   57.802795][ T4540] xt_hashlimit: size too large, truncated to 1048576
[   58.364500][ T4579] netem: change failed
[   58.404171][   T29] kauditd_printk_skb: 537 callbacks suppressed
[   58.404186][   T29] audit: type=1326 audit(1764502198.657:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4559 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7a641865e7 code=0x7ffc0000
[   58.541578][   T29] audit: type=1326 audit(1764502198.687:1945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4559 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a6412b829 code=0x7ffc0000
[   58.565019][   T29] audit: type=1326 audit(1764502198.687:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4559 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7a641865e7 code=0x7ffc0000
[   58.588255][   T29] audit: type=1326 audit(1764502198.687:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4559 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a6412b829 code=0x7ffc0000
[   58.611664][   T29] audit: type=1326 audit(1764502198.687:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4559 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f7a6418f749 code=0x7ffc0000
[   58.635161][   T29] audit: type=1326 audit(1764502198.757:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4559 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7a641865e7 code=0x7ffc0000
[   58.658390][   T29] audit: type=1326 audit(1764502198.757:1950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4559 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a6412b829 code=0x7ffc0000
[   58.681625][   T29] audit: type=1326 audit(1764502198.757:1951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4559 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f7a6418f749 code=0x7ffc0000
[   58.705224][   T29] audit: type=1326 audit(1764502198.767:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4559 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7a641865e7 code=0x7ffc0000
[   58.728491][   T29] audit: type=1326 audit(1764502198.767:1953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4559 comm="syz.2.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a6412b829 code=0x7ffc0000
[   58.915691][ T4604] netlink: 'syz.5.295': attribute type 1 has an invalid length.
[   58.923447][ T4604] __nla_validate_parse: 6 callbacks suppressed
[   58.923463][ T4604] netlink: 224 bytes leftover after parsing attributes in process `syz.5.295'.
[   59.019318][ T4608] x_tables: unsorted underflow at hook 2
[   59.027416][ T4596] loop5: detected capacity change from 0 to 1024
[   59.044745][ T4596] EXT4-fs: Ignoring removed nomblk_io_submit option
[   59.051526][ T4596] EXT4-fs: Ignoring removed orlov option
[   59.057411][ T4596] ext2: Bad value for 'mb_optimize_scan'
[   59.088702][ T4617] smc: net device bond0 applied user defined pnetid SYZ0
[   59.098524][ T4617] netlink: 'syz.3.301': attribute type 2 has an invalid length.
[   59.135267][ T4604] veth1_to_bridge: entered allmulticast mode
[   59.144372][ T3934] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.403912][ T4619] loop3: detected capacity change from 0 to 32768
[   59.427456][ T4625] netlink: 19 bytes leftover after parsing attributes in process `syz.1.303'.
[   59.444337][ T4619]  loop3: p1 p2 p3 < > p4 < p5 p6 >
[   59.461842][ T4619] loop3: p1 start 460800 is beyond EOD, truncated
[   59.468454][ T4619] loop3: p2 size 83886080 extends beyond EOD, truncated
[   59.478266][ T4619] loop3: p5 start 460800 is beyond EOD, truncated
[   59.484846][ T4619] loop3: p6 size 83886080 extends beyond EOD, truncated
[   59.578489][ T4629] bridge: RTM_NEWNEIGH with invalid ether address
[   59.719971][ T4632] loop5: detected capacity change from 0 to 512
[   59.939242][ T4649] netlink: 'syz.5.311': attribute type 1 has an invalid length.
[   59.947103][ T4649] netlink: 224 bytes leftover after parsing attributes in process `syz.5.311'.
[   60.130799][ T4645] loop5: detected capacity change from 0 to 1024
[   60.142024][ T4658] netlink: 'syz.2.317': attribute type 1 has an invalid length.
[   60.149032][ T4645] EXT4-fs: Ignoring removed nomblk_io_submit option
[   60.149762][ T4658] netlink: 224 bytes leftover after parsing attributes in process `syz.2.317'.
[   60.156333][ T4645] EXT4-fs: Ignoring removed orlov option
[   60.171048][ T4645] ext2: Bad value for 'mb_optimize_scan'
[   60.199664][ T4660] loop2: detected capacity change from 0 to 1024
[   60.210334][ T4660] EXT4-fs: Ignoring removed nomblk_io_submit option
[   60.217035][ T4660] EXT4-fs: Ignoring removed orlov option
[   60.222838][ T4660] ext2: Bad value for 'mb_optimize_scan'
[   60.284237][ T4665] loop1: detected capacity change from 0 to 764
[   60.290823][ T4665] iso9660: Unknown parameter 'LLl����M����~V�'
[   60.309422][ T4665] loop1: detected capacity change from 0 to 1024
[   60.317696][ T4658] veth1_to_bridge: entered allmulticast mode
[   60.326639][ T3938] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.339648][ T4665] EXT4-fs: Ignoring removed orlov option
[   60.345880][ T4665] EXT4-fs: Ignoring removed orlov option
[   60.376826][ T4665] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   60.391629][ T4667] netlink: 19 bytes leftover after parsing attributes in process `syz.3.315'.
[   60.403272][ T4665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.318'.
[   60.440681][ T4671] netlink: 48 bytes leftover after parsing attributes in process `syz.1.319'.
[   60.532357][ T4679] FAULT_INJECTION: forcing a failure.
[   60.532357][ T4679] name failslab, interval 1, probability 0, space 0, times 0
[   60.545282][ T4679] CPU: 0 UID: 0 PID: 4679 Comm: GPL Not tainted syzkaller #0 PREEMPT(voluntary) 
[   60.545361][ T4679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   60.545376][ T4679] Call Trace:
[   60.545384][ T4679]  <TASK>
[   60.545392][ T4679]  __dump_stack+0x1d/0x30
[   60.545415][ T4679]  dump_stack_lvl+0xe8/0x140
[   60.545491][ T4679]  dump_stack+0x15/0x1b
[   60.545513][ T4679]  should_fail_ex+0x265/0x280
[   60.545537][ T4679]  should_failslab+0x8c/0xb0
[   60.545579][ T4679]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   60.545626][ T4679]  ? __alloc_skb+0x101/0x320
[   60.545657][ T4679]  __alloc_skb+0x101/0x320
[   60.545695][ T4679]  tcp_stream_alloc_skb+0x2d/0x1d0
[   60.545781][ T4679]  tcp_sendmsg_locked+0xcbf/0x2c00
[   60.545844][ T4679]  ? mntput_no_expire+0x6f/0x440
[   60.545866][ T4679]  ? __rcu_read_unlock+0x4f/0x70
[   60.545906][ T4679]  ? __pfx_tcp_sendmsg+0x10/0x10
[   60.545943][ T4679]  tcp_sendmsg+0x2f/0x50
[   60.546119][ T4679]  inet_sendmsg+0x76/0xd0
[   60.546144][ T4679]  __sock_sendmsg+0x102/0x180
[   60.546195][ T4679]  __sys_sendto+0x268/0x330
[   60.546287][ T4679]  __x64_sys_sendto+0x76/0x90
[   60.546316][ T4679]  x64_sys_call+0x2d14/0x3000
[   60.546337][ T4679]  do_syscall_64+0xd2/0x200
[   60.546359][ T4679]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   60.546422][ T4679]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   60.546543][ T4679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.546569][ T4679] RIP: 0033:0x7fa3c61bf749
[   60.546586][ T4679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.546619][ T4679] RSP: 002b:00007fa3c4c1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   60.546636][ T4679] RAX: ffffffffffffffda RBX: 00007fa3c6415fa0 RCX: 00007fa3c61bf749
[   60.546648][ T4679] RDX: ffffffffffffff94 RSI: 0000200000000000 RDI: 0000000000000007
[   60.546659][ T4679] RBP: 00007fa3c4c1f090 R08: 0000000000000000 R09: 0000000000001100
[   60.546670][ T4679] R10: 000000000000000b R11: 0000000000000246 R12: 0000000000000001
[   60.546682][ T4679] R13: 00007fa3c6416038 R14: 00007fa3c6415fa0 R15: 00007ffc7795a578
[   60.546705][ T4679]  </TASK>
[   60.860829][ T4688] lo speed is unknown, defaulting to 1000
[   60.866754][ T4688] lo speed is unknown, defaulting to 1000
[   60.872719][ T4688] lo speed is unknown, defaulting to 1000
[   60.879350][ T4688] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   60.887105][ T4688] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   60.900298][ T4688] lo speed is unknown, defaulting to 1000
[   60.912112][ T4688] lo speed is unknown, defaulting to 1000
[   60.918437][ T4688] lo speed is unknown, defaulting to 1000
[   60.925014][ T4688] lo speed is unknown, defaulting to 1000
[   60.931093][ T4688] lo speed is unknown, defaulting to 1000
[   61.024847][ T4694] 9pnet_fd: Insufficient options for proto=fd
[   61.040679][ T4701] netlink: 48 bytes leftover after parsing attributes in process `syz.2.331'.
[   61.049938][ T4698] netlink: 2 bytes leftover after parsing attributes in process `syz.5.330'.
[   61.059264][ T4698] lo: entered promiscuous mode
[   61.064155][ T4698] lo: entered allmulticast mode
[   61.086763][ T4698] tunl0: entered promiscuous mode
[   61.091859][ T4698] tunl0: entered allmulticast mode
[   61.106823][ T4705] 9pnet_fd: Insufficient options for proto=fd
[   61.112014][ T4698] gre0: entered promiscuous mode
[   61.117280][ T4709] loop2: detected capacity change from 0 to 164
[   61.118359][ T4698] gre0: entered allmulticast mode
[   61.129661][ T4709] ISOFS: unable to read i-node block
[   61.135151][ T4709] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[   61.138231][ T4698] gretap0: entered promiscuous mode
[   61.149039][ T4705] loop0: detected capacity change from 0 to 512
[   61.149544][ T4698] gretap0: entered allmulticast mode
[   61.163797][ T4698] erspan0: entered promiscuous mode
[   61.169093][ T4698] erspan0: entered allmulticast mode
[   61.179513][ T4705] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   61.182437][ T4698] ip_vti0: entered promiscuous mode
[   61.192707][ T4698] ip_vti0: entered allmulticast mode
[   61.200417][ T4698] ip6_vti0: entered promiscuous mode
[   61.202683][ T4705] EXT4-fs (loop0): orphan cleanup on readonly fs
[   61.205821][ T4698] ip6_vti0: entered allmulticast mode
[   61.207091][ T4698] sit0: entered promiscuous mode
[   61.222614][ T4698] sit0: entered allmulticast mode
[   61.229368][ T4698] ip6tnl0: entered promiscuous mode
[   61.234636][ T4698] ip6tnl0: entered allmulticast mode
[   61.241244][ T4698] ip6gre0: entered promiscuous mode
[   61.246582][ T4698] ip6gre0: entered allmulticast mode
[   61.252369][ T4705] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.333: corrupted inode contents
[   61.253742][ T4698] syz_tun: entered promiscuous mode
[   61.269889][ T4698] syz_tun: entered allmulticast mode
[   61.276951][ T4698] ip6gretap0: entered promiscuous mode
[   61.277710][ T4713] FAULT_INJECTION: forcing a failure.
[   61.277710][ T4713] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   61.282505][ T4698] ip6gretap0: entered allmulticast mode
[   61.284571][ T4698] bridge0: entered promiscuous mode
[   61.296294][ T4713] CPU: 0 UID: 0 PID: 4713 Comm: syz.2.335 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   61.296336][ T4713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   61.296353][ T4713] Call Trace:
[   61.296362][ T4713]  <TASK>
[   61.296371][ T4713]  __dump_stack+0x1d/0x30
[   61.296422][ T4713]  dump_stack_lvl+0xe8/0x140
[   61.296450][ T4713]  dump_stack+0x15/0x1b
[   61.296474][ T4713]  should_fail_ex+0x265/0x280
[   61.296576][ T4713]  should_fail+0xb/0x20
[   61.296632][ T4713]  should_fail_usercopy+0x1a/0x20
[   61.296661][ T4713]  _copy_from_user+0x1c/0xb0
[   61.296694][ T4713]  ____sys_sendmsg+0x1c5/0x4e0
[   61.296726][ T4713]  ___sys_sendmsg+0x17b/0x1d0
[   61.296811][ T4713]  __x64_sys_sendmsg+0xd4/0x160
[   61.296843][ T4713]  x64_sys_call+0x191e/0x3000
[   61.296952][ T4713]  do_syscall_64+0xd2/0x200
[   61.296982][ T4713]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   61.297138][ T4713]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.297168][ T4713] RIP: 0033:0x7f7a6418f749
[   61.297188][ T4713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.297259][ T4713] RSP: 002b:00007f7a62bf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   61.297284][ T4713] RAX: ffffffffffffffda RBX: 00007f7a643e5fa0 RCX: 00007f7a6418f749
[   61.297357][ T4713] RDX: 0000000004004881 RSI: 0000200000000600 RDI: 0000000000000007
[   61.297374][ T4713] RBP: 00007f7a62bf7090 R08: 0000000000000000 R09: 0000000000000000
[   61.297390][ T4713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   61.297407][ T4713] R13: 00007f7a643e6038 R14: 00007f7a643e5fa0 R15: 00007fffa46ff8f8
[   61.297509][ T4713]  </TASK>
[   61.306229][ T4705] EXT4-fs (loop0): Remounting filesystem read-only
[   61.306595][ T4698] bridge0: entered allmulticast mode
[   61.321413][ T4705] EXT4-fs (loop0): 1 truncate cleaned up
[   61.328347][ T4698] vcan0: entered promiscuous mode
[   61.331557][ T3934] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   61.332580][ T4698] vcan0: entered allmulticast mode
[   61.333630][ T4698] bond0: entered promiscuous mode
[   61.337097][ T3934] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[   61.341585][ T4698] bond_slave_0: entered promiscuous mode
[   61.341710][ T4698] bond_slave_1: entered promiscuous mode
[   61.368883][ T3934] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started
[   61.369682][ T4698] bond0: entered allmulticast mode
[   61.452660][ T4715] loop3: detected capacity change from 0 to 128
[   61.456949][ T4698] bond_slave_0: entered allmulticast mode
[   61.568820][ T4698] bond_slave_1: entered allmulticast mode
[   61.587203][ T4698] team0: entered promiscuous mode
[   61.592276][ T4698] team_slave_0: entered promiscuous mode
[   61.598109][ T4698] team_slave_1: entered promiscuous mode
[   61.603844][ T4698] team0: entered allmulticast mode
[   61.609013][ T4698] team_slave_0: entered allmulticast mode
[   61.614798][ T4698] team_slave_1: entered allmulticast mode
[   61.630466][ T4722] loop1: detected capacity change from 0 to 512
[   61.647493][ T4698] dummy0: entered promiscuous mode
[   61.652655][ T4698] dummy0: entered allmulticast mode
[   61.660075][ T4698] nlmon0: entered promiscuous mode
[   61.665327][ T4698] nlmon0: entered allmulticast mode
[   61.689196][ T4698] caif0: entered promiscuous mode
[   61.694388][ T4698] caif0: entered allmulticast mode
[   61.699532][ T4698] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   61.787898][ T4717] mmap: syz.2.337 (4717) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   61.803084][ T4717] loop2: detected capacity change from 0 to 512
[   61.918980][ T4739] netlink: 'syz.5.340': attribute type 1 has an invalid length.
[   61.926716][ T4739] netlink: 224 bytes leftover after parsing attributes in process `syz.5.340'.
[   61.997367][ T4736] loop5: detected capacity change from 0 to 1024
[   62.046230][ T4736] EXT4-fs: Ignoring removed nomblk_io_submit option
[   62.053116][ T4736] EXT4-fs: Ignoring removed orlov option
[   62.058853][ T4736] ext2: Bad value for 'mb_optimize_scan'
[   62.305174][ T4750] loop3: detected capacity change from 0 to 2048
[   62.343088][ T4752] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[   62.370657][ T4753] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[   62.413789][ T4750]  loop3: p1 < > p4
[   62.418448][ T4750] loop3: p4 size 8388608 extends beyond EOD, truncated
[   62.892989][ T4763] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   63.124992][ T4765] netem: change failed
[   63.395924][ T4794] FAULT_INJECTION: forcing a failure.
[   63.395924][ T4794] name failslab, interval 1, probability 0, space 0, times 0
[   63.408648][ T4794] CPU: 0 UID: 0 PID: 4794 Comm: syz.0.359 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   63.408687][ T4794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   63.408707][ T4794] Call Trace:
[   63.408716][ T4794]  <TASK>
[   63.408760][ T4794]  __dump_stack+0x1d/0x30
[   63.408788][ T4794]  dump_stack_lvl+0xe8/0x140
[   63.408814][ T4794]  dump_stack+0x15/0x1b
[   63.408833][ T4794]  should_fail_ex+0x265/0x280
[   63.408860][ T4794]  should_failslab+0x8c/0xb0
[   63.408932][ T4794]  __kmalloc_noprof+0xa5/0x570
[   63.408969][ T4794]  ? iter_file_splice_write+0xf9/0xa60
[   63.409084][ T4794]  iter_file_splice_write+0xf9/0xa60
[   63.409118][ T4794]  ? _raw_spin_unlock+0x26/0x50
[   63.409154][ T4794]  ? __schedule+0x6b9/0xb30
[   63.409184][ T4794]  ? __pfx_iter_file_splice_write+0x10/0x10
[   63.409218][ T4794]  direct_splice_actor+0x156/0x2a0
[   63.409281][ T4794]  ? shmem_file_splice_read+0x1/0x600
[   63.409319][ T4794]  splice_direct_to_actor+0x312/0x680
[   63.409421][ T4794]  ? __pfx_direct_splice_actor+0x10/0x10
[   63.409449][ T4794]  do_splice_direct+0xda/0x150
[   63.409600][ T4794]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   63.409652][ T4794]  do_sendfile+0x380/0x650
[   63.409697][ T4794]  __x64_sys_sendfile64+0x105/0x150
[   63.409734][ T4794]  x64_sys_call+0x2bb4/0x3000
[   63.409755][ T4794]  do_syscall_64+0xd2/0x200
[   63.409779][ T4794]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   63.409808][ T4794]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   63.409921][ T4794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.409941][ T4794] RIP: 0033:0x7fce711ff749
[   63.409973][ T4794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   63.409990][ T4794] RSP: 002b:00007fce6fc67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   63.410009][ T4794] RAX: ffffffffffffffda RBX: 00007fce71455fa0 RCX: 00007fce711ff749
[   63.410022][ T4794] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005
[   63.410037][ T4794] RBP: 00007fce6fc67090 R08: 0000000000000000 R09: 0000000000000000
[   63.410052][ T4794] R10: 00008000fffffffc R11: 0000000000000246 R12: 0000000000000001
[   63.410066][ T4794] R13: 00007fce71456038 R14: 00007fce71455fa0 R15: 00007fffe315b0a8
[   63.410128][ T4794]  </TASK>
[   63.801872][ T4798] netlink: 'syz.0.360': attribute type 1 has an invalid length.
[   63.826689][ T4799] netlink: 'syz.1.361': attribute type 2 has an invalid length.
[   63.851126][ T4798] loop0: detected capacity change from 0 to 1024
[   63.858081][   T29] kauditd_printk_skb: 333 callbacks suppressed
[   63.858094][   T29] audit: type=1326 audit(1764502204.077:2281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   63.887679][   T29] audit: type=1326 audit(1764502204.077:2282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   63.911106][   T29] audit: type=1326 audit(1764502204.077:2283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   63.933545][ T4798] EXT4-fs: Ignoring removed nomblk_io_submit option
[   63.934414][   T29] audit: type=1326 audit(1764502204.077:2284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   63.941063][ T4798] EXT4-fs: Ignoring removed orlov option
[   63.964280][   T29] audit: type=1326 audit(1764502204.077:2285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   63.970010][ T4798] ext2: Bad value for 'mb_optimize_scan'
[   63.999031][   T29] audit: type=1326 audit(1764502204.077:2286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   64.022365][   T29] audit: type=1326 audit(1764502204.077:2287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   64.045703][   T29] audit: type=1326 audit(1764502204.077:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   64.069014][   T29] audit: type=1326 audit(1764502204.087:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   64.092443][   T29] audit: type=1326 audit(1764502204.087:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4796 comm="syz.1.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   64.130626][ T4800] FAULT_INJECTION: forcing a failure.
[   64.130626][ T4800] name failslab, interval 1, probability 0, space 0, times 0
[   64.143468][ T4800] CPU: 0 UID: 0 PID: 4800 Comm: syz.3.362 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   64.143495][ T4800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   64.143507][ T4800] Call Trace:
[   64.143514][ T4800]  <TASK>
[   64.143523][ T4800]  __dump_stack+0x1d/0x30
[   64.143549][ T4800]  dump_stack_lvl+0xe8/0x140
[   64.143574][ T4800]  dump_stack+0x15/0x1b
[   64.143591][ T4800]  should_fail_ex+0x265/0x280
[   64.143609][ T4800]  should_failslab+0x8c/0xb0
[   64.143645][ T4800]  kmem_cache_alloc_noprof+0x50/0x480
[   64.143673][ T4800]  ? vm_area_dup+0x33/0x2c0
[   64.143707][ T4800]  vm_area_dup+0x33/0x2c0
[   64.143746][ T4800]  dup_mmap+0x501/0xf20
[   64.143787][ T4800]  copy_mm+0x11a/0x370
[   64.143819][ T4800]  copy_process+0xd08/0x2000
[   64.143853][ T4800]  kernel_clone+0x16c/0x5c0
[   64.143887][ T4800]  ? vfs_write+0x7e8/0x960
[   64.143920][ T4800]  __x64_sys_clone+0xe6/0x120
[   64.143968][ T4800]  x64_sys_call+0x119c/0x3000
[   64.143991][ T4800]  do_syscall_64+0xd2/0x200
[   64.144011][ T4800]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   64.144041][ T4800]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   64.144084][ T4800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.144111][ T4800] RIP: 0033:0x7f4768ecf749
[   64.144129][ T4800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.144149][ T4800] RSP: 002b:00007f4767936fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   64.144167][ T4800] RAX: ffffffffffffffda RBX: 00007f4769125fa0 RCX: 00007f4768ecf749
[   64.144179][ T4800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000630c1000
[   64.144190][ T4800] RBP: 00007f4767937090 R08: 0000000000000000 R09: 0000000000000000
[   64.144201][ T4800] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   64.144215][ T4800] R13: 00007f4769126038 R14: 00007f4769125fa0 R15: 00007ffd96d14288
[   64.144239][ T4800]  </TASK>
[   64.377626][ T4812] loop5: detected capacity change from 0 to 2048
[   64.384271][ T4800] loop3: detected capacity change from 0 to 512
[   64.420140][ T4800] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2803: inode #11: comm syz.3.362: corrupted xattr block 95: invalid header
[   64.434571][ T4800] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 11. Delete some EAs or run e2fsck.
[   64.459409][ T4800] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.362: bg 0: block 7: invalid block bitmap
[   64.465127][ T3625] Alternate GPT is invalid, using primary GPT.
[   64.478002][ T3625]  loop5: p2 p3 p7
[   64.483160][ T4800] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6667: Corrupt filesystem
[   64.493647][ T4800] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2967: inode #11: comm syz.3.362: corrupted xattr block 95: invalid header
[   64.513956][ T4812] Alternate GPT is invalid, using primary GPT.
[   64.520395][ T4812]  loop5: p2 p3 p7
[   64.529129][ T4800] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117)
[   64.611961][ T4800] EXT4-fs (loop3): 1 orphan inode deleted
[   64.790654][ T4824] loop5: detected capacity change from 0 to 1024
[   64.816936][ T4824] EXT4-fs: Ignoring removed nomblk_io_submit option
[   64.851182][ T4828] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub
[   64.877169][ T4824] __nla_validate_parse: 11 callbacks suppressed
[   64.877186][ T4824] netlink: 24 bytes leftover after parsing attributes in process `syz.5.369'.
[   64.976206][ T4838] loop5: detected capacity change from 0 to 128
[   65.004833][ T4818] 9pnet_fd: Insufficient options for proto=fd
[   65.040754][ T4838] ext4 filesystem being mounted at /23/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   65.267104][ T4856] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=14385 sclass=netlink_route_socket pid=4856 comm=syz.5.375
[   65.468996][ T4871] netlink: 'syz.2.379': attribute type 13 has an invalid length.
[   65.476872][ T4871] netlink: 24859 bytes leftover after parsing attributes in process `syz.2.379'.
[   66.065133][ T4887] netlink: 2 bytes leftover after parsing attributes in process `syz.5.385'.
[   66.272843][ T4887] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   66.453350][ T4905] netlink: 12 bytes leftover after parsing attributes in process `syz.1.387'.
[   66.498671][ T4913] loop5: detected capacity change from 0 to 1024
[   66.529149][ T4913] EXT4-fs: inline encryption not supported
[   66.557905][ T4913] EXT4-fs: Ignoring removed nobh option
[   66.604409][ T4913] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0003]
[   66.694768][ T4913] System zones: 1-12
[   67.115155][ T1036] kernel write not supported for file /snd/seq (pid: 1036 comm: kworker/1:2)
[   67.207760][ T4962] netlink: 2 bytes leftover after parsing attributes in process `syz.5.399'.
[   67.257775][ T4962] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   67.385870][ T4979] loop0: detected capacity change from 0 to 128
[   67.392768][ T4979] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   67.408778][ T4979] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   67.420075][ T4977] loop2: detected capacity change from 0 to 2048
[   67.443158][ T4983] loop9: detected capacity change from 0 to 7
[   67.450242][ T3308] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.458299][ T3308] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.466290][ T3308]  loop9: unable to read partition table
[   67.472500][ T4983] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.480621][ T4983] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.483850][ T4977] Alternate GPT is invalid, using primary GPT.
[   67.488568][ T4983]  loop9: unable to read partition table
[   67.494916][ T4977]  loop2: p1 p2 p3
[   67.504081][ T4977] loop2: partition table partially beyond EOD, truncated
[   67.504350][ T4983] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   67.504350][ T4983] 
) failed (rc=-5)
[   67.539229][ T3308] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.547322][ T3308] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.555461][ T3308] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.582320][ T3308] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.603803][ T3308] Buffer I/O error on dev loop9, logical block 0, async page read
[   67.802504][ T4996] loop5: detected capacity change from 0 to 8192
[   67.817943][ T4996] vfat: Unknown parameter '4'
[   67.932235][ T3005] Alternate GPT is invalid, using primary GPT.
[   67.938629][ T3005]  loop2: p1 p2 p3
[   67.942377][ T3005] loop2: partition table partially beyond EOD, truncated
[   68.018516][ T3625] udevd[3625]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[   68.020895][ T3485] udevd[3485]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   68.029869][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[   68.063530][ T5013] netlink: 272 bytes leftover after parsing attributes in process `syz.3.416'.
[   68.074121][ T5013] Option '    ' to dns_resolver key: bad/missing value
[   68.284089][ T5024] netlink: 'syz.1.421': attribute type 13 has an invalid length.
[   68.292400][ T3945] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   68.346838][ T5031] loop9: detected capacity change from 0 to 7
[   68.359832][ T5029] netlink: 12 bytes leftover after parsing attributes in process `syz.2.422'.
[   68.378352][ T5024] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   68.398483][ T5031] Buffer I/O error on dev loop9, logical block 0, async page read
[   68.416650][ T5032] FAULT_INJECTION: forcing a failure.
[   68.416650][ T5032] name failslab, interval 1, probability 0, space 0, times 0
[   68.423504][ T5031]  loop9: unable to read partition table
[   68.429388][ T5032] CPU: 0 UID: 0 PID: 5032 Comm: syz.3.420 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   68.429427][ T5032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   68.429446][ T5032] Call Trace:
[   68.429455][ T5032]  <TASK>
[   68.429466][ T5032]  __dump_stack+0x1d/0x30
[   68.429501][ T5032]  dump_stack_lvl+0xe8/0x140
[   68.429543][ T5032]  dump_stack+0x15/0x1b
[   68.429566][ T5032]  should_fail_ex+0x265/0x280
[   68.429748][ T5032]  should_failslab+0x8c/0xb0
[   68.429789][ T5032]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[   68.429833][ T5032]  ? perf_event_alloc+0x14c/0x1740
[   68.429938][ T5032]  perf_event_alloc+0x14c/0x1740
[   68.429982][ T5032]  __se_sys_perf_event_open+0x615/0x11c0
[   68.430060][ T5032]  ? __rcu_read_unlock+0x4f/0x70
[   68.430105][ T5032]  __x64_sys_perf_event_open+0x67/0x80
[   68.430143][ T5032]  x64_sys_call+0x7bd/0x3000
[   68.430172][ T5032]  do_syscall_64+0xd2/0x200
[   68.430237][ T5032]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   68.430275][ T5032]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   68.430326][ T5032]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.430357][ T5032] RIP: 0033:0x7f4768ecf749
[   68.430385][ T5032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.430456][ T5032] RSP: 002b:00007f47678f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[   68.430482][ T5032] RAX: ffffffffffffffda RBX: 00007f4769126180 RCX: 00007f4768ecf749
[   68.430499][ T5032] RDX: fffbffffffffffff RSI: 0000000000000000 RDI: 0000200000000100
[   68.430517][ T5032] RBP: 00007f47678f5090 R08: 0000000000000000 R09: 0000000000000000
[   68.430533][ T5032] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[   68.430550][ T5032] R13: 00007f4769126218 R14: 00007f4769126180 R15: 00007ffd96d14288
[   68.430612][ T5032]  </TASK>
[   68.620037][ T5034] netlink: 8 bytes leftover after parsing attributes in process `syz.0.423'.
[   68.647200][ T5031] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   68.647200][ T5031] 
) failed (rc=-5)
[   68.698632][ T5039] netlink: 14 bytes leftover after parsing attributes in process `syz.1.425'.
[   68.743084][ T5039] hsr_slave_0: left promiscuous mode
[   68.750906][ T5039] hsr_slave_1: left promiscuous mode
[   68.779705][ T5041] netlink: 8 bytes leftover after parsing attributes in process `syz.1.425'.
[   69.009073][ T5047] loop0: detected capacity change from 0 to 128
[   69.022301][ T5047] syz.0.426: attempt to access beyond end of device
[   69.022301][ T5047] loop0: rw=2049, sector=138, nr_sectors = 112 limit=128
[   69.050412][ T5047] syz.0.426: attempt to access beyond end of device
[   69.050412][ T5047] loop0: rw=2049, sector=142, nr_sectors = 2 limit=128
[   69.515514][   T29] kauditd_printk_skb: 102 callbacks suppressed
[   69.521767][   T29] audit: type=1326 audit(1764502209.767:2393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   69.545160][   T29] audit: type=1326 audit(1764502209.767:2394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   69.568599][   T29] audit: type=1326 audit(1764502209.767:2395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   69.592940][   T29] audit: type=1326 audit(1764502209.767:2396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   69.616934][   T29] audit: type=1326 audit(1764502209.767:2397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   69.640372][   T29] audit: type=1326 audit(1764502209.767:2398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   69.663831][   T29] audit: type=1326 audit(1764502209.767:2399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   69.687255][   T29] audit: type=1326 audit(1764502209.767:2400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   69.710592][   T29] audit: type=1326 audit(1764502209.767:2401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   69.734000][   T29] audit: type=1326 audit(1764502209.767:2402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5052 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa3c61bf749 code=0x7ffc0000
[   69.941829][ T5058] FAULT_INJECTION: forcing a failure.
[   69.941829][ T5058] name failslab, interval 1, probability 0, space 0, times 0
[   69.954573][ T5058] CPU: 0 UID: 0 PID: 5058 Comm: syz.0.432 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   69.954626][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   69.954638][ T5058] Call Trace:
[   69.954644][ T5058]  <TASK>
[   69.954650][ T5058]  __dump_stack+0x1d/0x30
[   69.954677][ T5058]  dump_stack_lvl+0xe8/0x140
[   69.954700][ T5058]  dump_stack+0x15/0x1b
[   69.954788][ T5058]  should_fail_ex+0x265/0x280
[   69.954807][ T5058]  should_failslab+0x8c/0xb0
[   69.954841][ T5058]  __kvmalloc_node_noprof+0x12e/0x670
[   69.954877][ T5058]  ? io_alloc_cache_init+0x36/0xb0
[   69.954903][ T5058]  io_alloc_cache_init+0x36/0xb0
[   69.954956][ T5058]  io_ring_ctx_alloc+0x2a3/0x670
[   69.954991][ T5058]  io_uring_create+0x134/0x630
[   69.955019][ T5058]  __se_sys_io_uring_setup+0x1f7/0x210
[   69.955069][ T5058]  __x64_sys_io_uring_setup+0x31/0x40
[   69.955111][ T5058]  x64_sys_call+0x2b25/0x3000
[   69.955140][ T5058]  do_syscall_64+0xd2/0x200
[   69.955183][ T5058]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   69.955246][ T5058]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   69.955336][ T5058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.955357][ T5058] RIP: 0033:0x7fce711ff749
[   69.955388][ T5058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.955480][ T5058] RSP: 002b:00007fce6fc66fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[   69.955498][ T5058] RAX: ffffffffffffffda RBX: 00007fce71455fa0 RCX: 00007fce711ff749
[   69.955567][ T5058] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000002c0c
[   69.955579][ T5058] RBP: 0000200000000400 R08: 0000000000000000 R09: 0000000000000000
[   69.955591][ T5058] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[   69.955606][ T5058] R13: 0000000000000000 R14: 0000000000002c0c R15: 0000000000000000
[   69.955627][ T5058]  </TASK>
[   70.286799][ T5066] loop2: detected capacity change from 0 to 1024
[   70.309308][ T5066] EXT4-fs: dax option not supported
[   70.466923][ T5069] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   70.475482][ T5069] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   70.498502][ T5075] netlink: 12 bytes leftover after parsing attributes in process `syz.5.437'.
[   70.516417][ T5069] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   70.524926][ T5069] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   70.546075][ T5069] nfs: Unknown parameter '\$�'
[   70.662588][ T5081] bond1: entered promiscuous mode
[   70.667820][ T5081] bond1: entered allmulticast mode
[   70.673469][ T5081] 8021q: adding VLAN 0 to HW filter on device bond1
[   70.705024][ T5081] bond1 (unregistering): Released all slaves
[   71.466683][ T5104] xt_ipcomp: unknown flags 1D
[   71.675664][ T5110] loop0: detected capacity change from 0 to 128
[   71.704639][ T5110] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[   71.899626][ T3907] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[   71.932089][ T5114] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   71.974470][ T5114] loop0: detected capacity change from 0 to 1024
[   72.010906][ T5114] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.451: bad orphan inode 134217728
[   72.023490][ T5114] EXT4-fs mount: 22 callbacks suppressed
[   72.023507][ T5114] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.212637][ T5122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   72.248227][ T5122] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   72.579749][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.931217][ T5147] loop0: detected capacity change from 0 to 1024
[   72.945157][ T3005] ==================================================================
[   72.953280][ T3005] BUG: KCSAN: data-race in set_nlink / set_nlink
[   72.959628][ T3005] 
[   72.961950][ T3005] read to 0xffff8881071315f0 of 4 bytes by task 3625 on cpu 0:
[   72.969520][ T3005]  set_nlink+0x29/0xb0
[   72.973597][ T3005]  kernfs_iop_permission+0x1e2/0x220
[   72.978899][ T3005]  inode_permission+0x1ca/0x310
[   72.983769][ T3005]  link_path_walk+0x162/0x900
[   72.988463][ T3005]  path_openat+0x1de/0x2170
[   72.992969][ T3005]  do_filp_open+0x109/0x230
[   72.997483][ T3005]  do_sys_openat2+0xa6/0x110
[   73.002078][ T3005]  __x64_sys_openat+0xf2/0x120
[   73.006858][ T3005]  x64_sys_call+0x2eab/0x3000
[   73.011543][ T3005]  do_syscall_64+0xd2/0x200
[   73.016053][ T3005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.021953][ T3005] 
[   73.024295][ T3005] write to 0xffff8881071315f0 of 4 bytes by task 3005 on cpu 1:
[   73.031932][ T3005]  set_nlink+0x99/0xb0
[   73.036009][ T3005]  kernfs_iop_permission+0x1e2/0x220
[   73.041306][ T3005]  inode_permission+0x1ca/0x310
[   73.046173][ T3005]  link_path_walk+0x162/0x900
[   73.050867][ T3005]  path_lookupat+0x63/0x2a0
[   73.055408][ T3005]  filename_lookup+0x147/0x340
[   73.060190][ T3005]  vfs_statx+0x9d/0x390
[   73.064360][ T3005]  vfs_fstatat+0x115/0x170
[   73.068795][ T3005]  __se_sys_newfstatat+0x55/0x260
[   73.073841][ T3005]  __x64_sys_newfstatat+0x55/0x70
[   73.078920][ T3005]  x64_sys_call+0x135a/0x3000
[   73.083603][ T3005]  do_syscall_64+0xd2/0x200
[   73.088124][ T3005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.094023][ T3005] 
[   73.096345][ T3005] value changed: 0x00000008 -> 0x00000009
[   73.102090][ T3005] 
[   73.104415][ T3005] Reported by Kernel Concurrency Sanitizer on:
[   73.110561][ T3005] CPU: 1 UID: 0 PID: 3005 Comm: udevd Not tainted syzkaller #0 PREEMPT(voluntary) 
[   73.119850][ T3005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   73.129912][ T3005] ==================================================================
[   73.142834][ T5147] EXT4-fs: Ignoring removed nomblk_io_submit option
[   73.170856][ T5147] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.186373][ T5147] netlink: 24 bytes leftover after parsing attributes in process `syz.0.462'.
[   73.204871][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.