last executing test programs:

5.896719963s ago: executing program 2 (id=771):
r0 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095b69fb11a8f66c511129e99fe09ab00387b5ccdcc2b57d1aa3f2649430e3532b1963fb890e2b5e10906f9a2d12e893285c5b22577afac20d89d46069ba4771d1056a4e675a8acb4d7b9f56603ea5446c6c67f575ca52bc4dccef9c449225a914ec4a7a48761880a5e28554c11d1029f32f867f75b210ef285f8be"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
fsopen(&(0x7f0000000200)='exofs\x00', 0x1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000580)='erofs_lookup\x00', r4}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00'})
r6 = socket$kcm(0x10, 0x2, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000300)=ANY=[@ANYBLOB="0000000000000000000000008100220008004919004c006700007f06907864010101ac1414bb4410cc700000000500000003000000080000000000000000000000000000000300004e2200004e200000000200000003000000000000000009a4250893"], &(0x7f0000000240)={0x0, 0x1, [0x6cb, 0x7ef, 0x962, 0xacd]})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000480)={{{@in=@multicast1, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@empty}, 0x0, @in=@remote}}, &(0x7f0000000180)=0xfffffffffffffddc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', r7, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x18)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r10}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r9}, &(0x7f0000000200), &(0x7f0000000240)=r10}, 0x20)
r11 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r11, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10)
connect$vsock_stream(r11, &(0x7f0000000400)={0x28, 0x0, 0x2710, @host}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000"], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
getpgid(0x0)

5.651586708s ago: executing program 2 (id=773):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = fsmount(0xffffffffffffffff, 0x0, 0x6)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000400)='track_foreign_dirty\x00', r0, 0x0, 0xdf}, 0x18)
r2 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f00000005c0)={[{@noblock_validity}, {@min_batch_time={'min_batch_time', 0x3d, 0x8}}, {@data_err_ignore}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@nodiscard}, {@inlinecrypt}, {@i_version}]}, 0x0, 0x60a, &(0x7f00000008c0)="$eJzs3c1rHOUfAPDvzGbzS9r0l1ZEbBEMeGhBmia1WPViWw/2ULBgDx48NDRJDd2+0ESwtWAKHhQURLyK9OI/4F169yaCevMsVJGKgkpXZne23Wx20zXN7iaZzwc2+7zs7vN8d/JkntnJsxNAYU1kP9KIvRH3ziYR4011Y1GvnMgfd/e3G+eyWxLV6uu/JpHkZY3HJ/n9zjwzEhHfnoh4rLS63cVr1y/MVKp170UcWrp45dDitesHFy7OnJ87P3dp+vALR45OvTh9ZHpD4tyZ35889dpTH7//1vPz31UOJnEszpTfnY2WODbKREzEvTzE5vKhiDiaJdq8L1vNNgih0Er572M5Ip6I8SjVcnXjsfDRQDsH9FS1FFEFCiox/qGgGvOAxrF9d8fBZ3o8K+mfO8frB0Cr4x+qfzYSI7Vjox13k6Yjo/pnG7s3oP2sjX9u7Ps8u8WKzyH+vL91hjagnU6Wb0bEk+3iT2p9212LNIs/XdGPJCKmImI4798rj9CHpCndi89h1rLe+NOIOJbfZ+Un1tn+REu+3/EDUEy3j+c78uUs92D/l809GvOfaDP/GWuz71qPQe//Os//Gvv7kdpn5GnLPCybs5xu/5Ll1oKfPjz5aaf2m+d/2S1rvzEX7Ic7NyP2tcT/QRZsPv/J4k/abP/sIWePddfGq9//crJT3aDjr96K2N/2+OfBrDRLrXF+8tD8QmVuqv6zbRtff/Pml53aH3T82fbf0SH+pu2ftj4ve0+udNnGV6dvXexUN/bQ+NOfh5P68eZwXvLOzNLS1emI4eRU/pCm8sNr96XxmMZrZPEfeKb9+F/x+39z5euMNv5kduHKGxfudqpbz/ZvOpl8r9pVD3Z1rMnin3349l81/rOyT7pqO+KPpHPdWvGPdvn6AAAAAAAAQF1aOwebpJP302k6OVlfL/t47EgrlxeXnp2//Pal2YgDtf+HLKeNM93j9XyS5afz/4dt5A+35J+LiD0R8VlptJafPHe5Mjvo4AEAAAAAAAAAAAAAAAAAAGCT2Jmv/29cp/r3Un39P1AQvbzAHLC5Gf9QXLXxv+oST0AR2P9DcRn/UFxdj/9ur3gKbBn2/1Bcxj8Ul/EPxWX8Q3EZ/wAAAACwLe15+vaPSUQsvzRau2WG8zorgmB7Kw+6A8DAlAbdAWBg7p/6N9mHwulq/v9X/uWAve8OMABJu8La5KC69uC/3faZAAAAAAAAAAAAAEAP7N/bef2/tcGwvVn2B8X1COv/fXUAbHG++h+KyzE+8LBV/COdKqz/BwAAAAAAAAAAAIC+GavdknQyXws8Fmk6ORmxKyJ2RzmZX6jMTUXE/yPih1L5f1l+etCdBgAAAAAAAAAAAAAAAAAAgG1m8dr1CzOVytzV5sTfq0o2LlGOXr3y+hONq6D2oa2X4z8+K5L+vy2jEbGqKjbhhltXYqipJIlYzrb8pujY1cXYHN2oJQb8hwkAAAAAAAAAAAAAAAAAAAqoae1xe/u+6HOPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKD/Hlz/v3eJQccIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGxN/wYAAP//FW4+Iw==")
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000100)=0x4)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x6, '\x00', 0x0, r1, 0x5, 0x3, 0x2}, 0x50)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00')
pread64(r5, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000004c0)=@bpf_tracing={0x1a, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1143}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @alu={0x4, 0x8ac2559590cfa671, 0x9, 0x1, 0x1, 0x20, 0xfffffffffffffffc}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x14, '\x00', r3, 0x1c, r2, 0x8, &(0x7f0000000140)={0x9, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x1f029, 0xffffffffffffffff, 0x1, &(0x7f00000001c0)=[r1, r1, r4, r1, r1, r1, r5, r1], &(0x7f0000000440)=[{0x4, 0x1, 0xa, 0x3}], 0x10, 0x9}, 0x94)

5.389661614s ago: executing program 2 (id=776):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000001c0)={<r1=>0x0, @loopback, @dev}, &(0x7f0000000280)=0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x9, 0xb, &(0x7f0000000500)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x200000, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000180)='sys_enter\x00', r2, 0x0, 0x5}, 0xffffffffffffffb2)
r3 = shmget$private(0x0, 0x3000, 0x1, &(0x7f0000ffd000/0x3000)=nil)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4000, &(0x7f0000000400)=0x734ad393, 0x7f, 0x1)
shmctl$SHM_UNLOCK(r3, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x3, @none, 0x0, 0x1}, 0xe)
getsockopt$bt_BT_RCVMTU(r5, 0x112, 0xd, &(0x7f0000000080)=0x4, &(0x7f00000000c0)=0x2)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x3, &(0x7f0000000000)='source', &(0x7f0000000100)='[\x8b\xa4[\x13\x9b\x00w#\x9b\x94\xb6@\x874L\xf5U\xd7\xcb+3,\x999\xa9\":|\x98\xc5\x93\xba\x8d\xff\x14\x8ag+\xcd\xb1\x96d&\x8dn\x00\xdb\xd2\r!A\x1dZ\x16\xa3\x84\xa1\f\\%$\xd3\x9f\xf4a\xdb\x10\xd1&\x83\xba\x9d\x91\xf7\x92\xfb}\x91\x8d\xfav5{\xe4M;\xa2:\xe0\xfc\xa2G\xd3bBM\xe3i\xfc\x01\xc2\xa1|\x90\xd5\x8d;U\xe2', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
ioprio_get$uid(0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="4400000010003b1528bd70000100002000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000300000000000500110001"], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000080)=0x8)
ioctl$TCSETSW2(r7, 0x402c542c, &(0x7f00000000c0)={0xfffffff8, 0x0, 0xfffbfffd, 0x981, 0x47, "0441920887e8d2b791f19dd026d76d7fcb3678", 0x4, 0x200})
ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000005c0)=0x2)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x8800, &(0x7f00000006c0)={[{@errors_remount}, {@sysvgroups}, {@minixdf}]}, 0x1, 0x50b, &(0x7f0000000700)="$eJzs3U9sG1kZAPBvnDj/mt1klz0AEmxhFwqq6iTubrTaAyxHhFZC2iNI3ZC4URQ7jmJn2YQesmeuSFTiBEe4c+6JAzcuCG5cygGJPxGoQeJgNONx6qZ2EzWJHcW/nzSaefOm/r4XZ97rvNZ+AYysmxFxEBETEfFxRMzl55N8iw/aW3rdk8MHq0eHD1aTaLU++meS1afnouvPpG5krzn/m875HyXPx23s7W+uVKuVnby80KxtLzT29u9s1FbWK+uVrXJ5eWl58b2775YvrK1v1ibyoy89/sPBN3+SpjWbn+lux0VqN714HCc1HhHfu4xgQzCWt2di2InwUgoR8XpEfDW7/+diLHs3AYDrrNWai9ZcdxkAuO4K2RxYUijlcwGzUSiUSu05vDdiplCtN5q379d3t9bac2XzUSzc36hWFvO5wvkoJml5KTt+Wi6fKN+NiNci4meT01m5tFqvrg3zLz4AMMJunBj//zPZHv8BgGtuatgJAAAD12f8Pxh0HgDA4Hj+B4DRY/wHgNHTHv+nh50GADBAnv8BYPQY/wFgpHz/ww/TrXWUf//12id7u5v1T+6sVRqbpdruamm1vrNdWq/X17Pv7Kmd9nrVen176Z3Y/XT+W9uN5kJjb/9erb671byXfa/3vUoxu8onCwBgmF5789Gfk3REfn8626JrLYfiUDMDLlth2AkAQzM27ASAobHaF4yuczzjmx6AayJfoneyX/1Urw8ItVqt1uWmBVyiW18w/w+jqmv+3/8ChhFj/h9Gl/l/GF2tVnLWNf/j+MLxS1uOGAAYAHP8QNL79Ov5/tf5Pw78cO3kFQ8vMysAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC42jrr/5bytcBno1AolSJeiYj5KCb3N6qVxYh4NSL+NFmcTMtLQ84ZADivwt+SfP2vW3Nvzz5T9eUbx4cTEfHjX3z0809Xms2dP0ZMJP+a7JxvPszPlwefPQBwus44ne27HuSfHD5Y7WyDzOfv34mIqXb8o8OJODqOPx7j2X4qihEx8+8kL7clXXMX53HwWUR8vlf7k5jN5kDaK5+ejJ/GfmWg8QvPxC9kde19+rP43AXkAqPmUdr/fNDr/ivEzWzf+/6fynqo88v7v/SlVo+yPvBp/E7/N9an/7t51hjv/O677aPp5+s+i/jieEQn9lFX/9OJn/SJ//YZ4/9ltn9d65cRt6J3/O5YC83a9kJjb//ORm1lvbJe2SqXl5eWF9+7+255IZujXug/Gvzj/duv9qtL2z/TJ/7UKe3/2hnb/6v/ffyDr7wg/jfe6hW/EG+8IH46Jn79jPFXZn471a8ujb/Wp/2nvf+3zxj/8V/3n1s2HAAYnsbe/uZKtVrZGcmDONvFv89/WFci55E+SN+FK5BGz4NvDyrWRPSu+ulb7V/TyYjuX+xW66Vi9esxLmLWDbgKjm/6iPjvsJMBAAAAAAAAAAAAAAB6GsQnlobdRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK6v/wcAAP//pnfJeA==")
r8 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x80)
getdents64(r8, 0x0, 0x0)

4.780349196s ago: executing program 2 (id=784):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000280)='./file0\x00', 0x2000414, &(0x7f0000000900)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRESDEC, @ANYRESDEC, @ANYRES16], 0x1, 0x2a1, &(0x7f0000000540)="$eJzs3MFqE18Ux/Hzb/pv0pQ2EURQUA+60c3QxgfQIC2IAaU2RV0IUzvRkDEpM0MlIjYbcetzFJfuBPUFuhE37t0VQXDThTjiTKZN2rSmbdLE9PuBck9y7o+5bdNyUuis3339pFRwjYLpyVBCZUikJhsi6T9V3X/1dSioR6RRTS6P/fhy9s69+zezudz0rOpMdu5KRlUnzr9/+vzNhY/e2PzbiXdxWUs/WP+e+bp2au30+q+5x0VXi66WK56aulCpeOaCbeli0S0Zqrdty3QtLZZdy2nqF+zK0lJVzfLieHLJsVxXzXJVS1ZVvYp6TlXNR2axrIZh6HhSjrfhNvbkV2dnzeyubT/W0ROh60ZbPek42VrrZn71CM4EAAD6zN7zfzjr7z7/5+bDtcPzvwjzf5fUmh79Zf7HQHCcrJms//w2Y/4HAAAAAAAAAAAAAAAAAAAAAOBfsOH7Kd/3U9EafcRFJCEi0eNenxPdccDv/9UeHRcd1vCPewkR+9VyfjkfrmE/W5Ci2GLJpKTkZ/B6qAvrmRu56UkNpOWDvVLPryznYxKP8pF0q/y5E1NhXpvz/0uy8foZScnJ1tfPtMyPyKWLDXlDUvLpoVTElsXgdb2VfzGlev1Wblt+NNgHAAAAAMAgMHTTjvfvQT/YkJCd/TC/j78PbHt/PSxn2rlFJQAAAAAAODS3+qxk2rblHKCIi8gh4oNaxKQvjrGtuCYifXCMoyoSIhI+oweJf9uMt5Xy29gzLCI9/7Lso+j1byYAAAAAnbY19O8j9PllF08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDx0+79wKL9O1pRY494w+ViR/4JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH3kdwAAAP//R8IgDA==")
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000040000000a"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x39, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x9eab468be0795f8a, 0x0, 0x0, 0x0, &(0x7f0000000000))
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
umount2(0x0, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f00000001c0), &(0x7f0000000200)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff})
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r6=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, 0x0, r6)
sendmsg$unix(r4, &(0x7f0000002700)={0x0, 0x0, 0x0, 0x0, &(0x7f00000026c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, r6}}}], 0x20, 0x8c1}, 0xc014)
r7 = syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000dc0)={[{@sb={'sb', 0x3d, 0x3}}, {}, {@grpid}, {@nouser_xattr}, {@journal_async_commit}, {@user_xattr}, {@init_itable}, {@noblock_validity}], [{@euid_eq={'euid', 0x3d, r6}}, {@permit_directio}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r8 = signalfd4(r7, &(0x7f0000000180)={[0x6]}, 0x8, 0x0)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000c00), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_GET(r8, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x3c, r9, 0x10, 0x70bd27, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2400c445}, 0x4081)
r10 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ftruncate(r10, 0x2007ffc)
sendfile(r10, r10, 0x0, 0x800000009)

4.287508175s ago: executing program 2 (id=788):
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0xff83)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb01001800000000000c0000000400000002000000000000080000000000006100"], 0x0, 0x28}, 0x20)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000100))
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r2, 0x0, 0x0)
unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0)
read$qrtrtun(r3, 0x0, 0xeffd)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB], 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001000)='tcp_probe\x00', r6, 0x0, 0x1}, 0x18)
socket(0x9, 0x3, 0x0)
keyctl$chown(0x4, 0x0, 0xee01, 0xee00)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0xfc, 0x2, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x6, 0x1}, 0x2012, 0x10000, 0x8, 0x1, 0x8, 0x20008, 0xb, 0x0, 0x8, 0x0, 0x20000003}, 0x0, 0xffffffffffffffff, r6, 0x2)
kexec_load(0x3e00, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x0)
unshare(0x2040400)
r7 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
unshare(0x2000400)
r8 = fsmount(r7, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000025c0)={0xa, 0x1d, &(0x7f0000001140)=ANY=[@ANYBLOB="180000000100000000000000faffffff85200000040000001800000000100000000000000600000018270000", @ANYRES32, @ANYBLOB="001d000007000000954d00000000000000181100", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000085100000f9ffffff180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000600000085000000060000001800000001000000000000000900000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f0000001240)='GPL\x00', 0xfffffffe, 0xa4, &(0x7f0000002340)=""/164, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x8, &(0x7f00000012c0)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000002580)={0x0, 0x5, 0x9, 0x6}, 0x10, 0x0, r8, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
pipe2$9p(&(0x7f0000000000), 0x80800)

3.261840146s ago: executing program 2 (id=796):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000640)=ANY=[@ANYRESDEC=r0, @ANYRESDEC=r0, @ANYBLOB="0000000000f464e5da6012000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x8040)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f00000000c0)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$caif_stream(0x25, 0x1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/protocols\x00')
preadv(r4, &(0x7f0000002540)=[{&(0x7f0000001140)=""/4096, 0x1000}], 0x1, 0x47fff, 0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000001a00010000000000000000000a000000000000000000000006001d000000000006001c000000000008001900", @ANYRES32], 0x44}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x23, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0xe, 0xffff}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0xcb, 0xffff, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xfffff7ffbfffffff, 0xffffffffffffffff, 0x1)
r7 = mq_open(&(0x7f0000000a00)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xeeux\x00\xbf@\xf4\x1c\xbce\xca\x97\xd5pkv\x88L\xe8$\xef\xfeI\xdaW1\xfcg\xa1\xdb$,0y$\xcd{zl.\xae\x805\xa8\xd6\x85\x15\xd2\x0e~\xcc\x90\x97\xe8h\v\x1a9X\a\xca{\x11#\x95m{U\xe5-\xabRw\xcafy\xe6\aNhX4Ll[\x14\x15<z\xb2\x03d\xad\x925\xbfP\x1b\xea\vt\xe9C\xe9\xb4R\x85*\xdc\xc4@\xee\xd2\xae\x06\x1a\xe1\xd2s\x01\xb8\xf3\xf2\rr\x01mq\xd2\xaf\xe2{\xe4\x1a\xd3Z\x01C\xfbW', 0x6e93ebbbcc0884f2, 0x1c4, &(0x7f0000000040)={0x0, 0x2, 0x4, 0x3})
mq_timedreceive(r7, &(0x7f0000000280)=""/211, 0xd3, 0x800000000000, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x3ed7, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x94eb2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
gettid()

3.226146766s ago: executing program 32 (id=796):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000640)=ANY=[@ANYRESDEC=r0, @ANYRESDEC=r0, @ANYBLOB="0000000000f464e5da6012000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x8040)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f00000000c0)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$caif_stream(0x25, 0x1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/protocols\x00')
preadv(r4, &(0x7f0000002540)=[{&(0x7f0000001140)=""/4096, 0x1000}], 0x1, 0x47fff, 0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000001a00010000000000000000000a000000000000000000000006001d000000000006001c000000000008001900", @ANYRES32], 0x44}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x23, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0xe, 0xffff}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0xcb, 0xffff, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xfffff7ffbfffffff, 0xffffffffffffffff, 0x1)
r7 = mq_open(&(0x7f0000000a00)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xeeux\x00\xbf@\xf4\x1c\xbce\xca\x97\xd5pkv\x88L\xe8$\xef\xfeI\xdaW1\xfcg\xa1\xdb$,0y$\xcd{zl.\xae\x805\xa8\xd6\x85\x15\xd2\x0e~\xcc\x90\x97\xe8h\v\x1a9X\a\xca{\x11#\x95m{U\xe5-\xabRw\xcafy\xe6\aNhX4Ll[\x14\x15<z\xb2\x03d\xad\x925\xbfP\x1b\xea\vt\xe9C\xe9\xb4R\x85*\xdc\xc4@\xee\xd2\xae\x06\x1a\xe1\xd2s\x01\xb8\xf3\xf2\rr\x01mq\xd2\xaf\xe2{\xe4\x1a\xd3Z\x01C\xfbW', 0x6e93ebbbcc0884f2, 0x1c4, &(0x7f0000000040)={0x0, 0x2, 0x4, 0x3})
mq_timedreceive(r7, &(0x7f0000000280)=""/211, 0xd3, 0x800000000000, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x3ed7, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x94eb2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
gettid()

2.885582203s ago: executing program 0 (id=803):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000d00)='kfree\x00', r0}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000d80)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000220000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x3ff, 0x2, 0x5}, 0x1c)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bind$inet6(r3, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

2.626755678s ago: executing program 0 (id=807):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000)

2.609605358s ago: executing program 0 (id=808):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000640)=ANY=[@ANYRESDEC=r0, @ANYRESDEC=r0, @ANYBLOB="0000000000f464e5da6012000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x8040)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f00000000c0)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$caif_stream(0x25, 0x1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/protocols\x00')
preadv(r4, &(0x7f0000002540)=[{&(0x7f0000001140)=""/4096, 0x1000}], 0x1, 0x47fff, 0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000001a00010000000000000000000a000000000000000000000006001d000000000006001c000000000008001900", @ANYRES32], 0x44}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x23, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0xe, 0xffff}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0xcb, 0xffff, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xfffff7ffbfffffff, 0xffffffffffffffff, 0x1)
mq_timedreceive(0xffffffffffffffff, &(0x7f0000000280)=""/211, 0xd3, 0x800000000000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r7 = gettid()
process_vm_writev(r7, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)

2.305626035s ago: executing program 1 (id=817):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000)

2.170905607s ago: executing program 1 (id=819):
creat(0x0, 0x0)
io_setup(0x202, &(0x7f0000000200))
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x80002, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000001480)={'syzkaller0\x00', 0xc101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x1b, &(0x7f0000000080), 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000b80)={@local, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x300, 0x0, 0x0, 0x6c, 0x0, @private}, {{}, {}, {}, {}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6}}}}}}}}, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
io_setup(0x8, &(0x7f00000002c0)=<r6=>0x0)
r7 = openat$sysfs(0xffffff9c, &(0x7f00000008c0)='/sys/power/image_size', 0x480, 0x50)
io_submit(r6, 0x1, &(0x7f0000000300)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x8, r7, &(0x7f0000000000)='k', 0x1, 0xa, 0x0, 0x0, r7}])
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002c00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x76a9bba1a690db0f, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3cb140bb}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_POLICY={0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
sendto$inet6(r8, &(0x7f00000009c0)='\\', 0x1, 0x20000081, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c)

1.694823946s ago: executing program 4 (id=824):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000dc0), &(0x7f0000002380)='./file1\x00', 0x3a0cc0a, &(0x7f00000023c0)=ANY=[@ANYBLOB='hide,dmode=0x0000000000000005,map=normal,map=normal,session=0x000000000000000e,overriderockperm,showassoc,nocompress,utf8,map=normal,session=0x0000000000000006,map=acorn,mode=0x0000000000000086,uid=', @ANYRESDEC=0x0, @ANYBLOB='\x00\x00', @ANYRESDEC, @ANYRESDEC, @ANYRES8, @ANYRESDEC], 0x43, 0xa02, &(0x7f0000003640)="$eJzs3U9sXdWdB/DvfbYTj4lCgAyTQUBewgQMZBzbGcJEbCaxnxMz/jOyHYloNCIMSaooVqmgSIAqNZWqroraRdUF3SF10xUSG9hU2bXbbrqoVLHuDnUVddFX3fueYzv283MSxzbh87Ge3/3zu+f8zrv33SNfv3dP+CZrNpvV4x7nL/xmO5Nl9zk7/tWnn31cPn50I3vSk1eKL5L+JPWkN8mhJGPjc7PTXQq6nlxKcjMpkuxN63lTLqX4WfYtz99M8auq3tKFe2wYm9LkW22njz8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiNirHx4eGRIlOTMxfeqHdWDQHeaWVtubwvq1G/iy+71psU5SP9/UtDfR86uLz6yfLX0Tzdmnu6GpA8/fnokScPvPZEb21p+w0Svht/bw+GfNcbvvfhR9ffWly88m6H9T3t5tx3hrvUucbM5Pzs5PSZc4365Pxs/fSpU8Mnzk/M1ycmpxrzF+cXGtP1sbnGmYXZufrg2Iv1kdOnT9YbQxdnL8ycGx+aaiwtfPXfR4eHT9VfH/qfxpm5+dmZE68PzY+dn5yampw5V8WUq8uYV8sD8b8nF+oLjTPT9frVa4tXTq7KaJ2Xugwa6daSMmi0W9Do8OjoyMjo6MipV06/8urwcO/ygp5UC4bvkDWb3D5os+/hPS6+hT6pbSKoPDnWt/DsDfen1u7/M5XJzORC3kh93Z+xjGcus5nusL5tqf8/dqKxYb0r+/+lXv7Q8uqnUvX/z7bmnu3U/3fIZft+3suH+SjX81YWs5greXfV2r33UGKzuX6rfv2H1mux0y1e/XMujcxkMvOZzWSmc6ZaUm8vqed0TuVUhvNmzmci86lnIpOZSiPzuZj5LKRRHVFjmUsjZ7LQ22rjYMbyYuoZyemczsnU08hQLmY2FzKTcxnPmaqUq7lWve4nN8jxdtDIZoJGNwjaoP9vL7iL/p9vqa0+hcM9a7b7/z13LK+tDR0c266kAAAAgC31r7/P/oOP/+7PSV+eqa6xAwAAAA+b6uN6T5dPfeXUMykmJqcaw2sD39/+3AAAAICtUVTfsSuSDORwa2rpm1DrXAQAAAAAvomq//8/Wz4NlFOHU/j7HwAAAB423e+x3zWiOJ56bpSr6pdbkZfbEe37/A5MTE41hsZmp14byfPVXQaqbxqsKa0nB5Lq6wcv5Ugr6shA63lgdYn9ZdTI0Gsj6c/RdkMGnyufnhtcJ3K0jHwpL7QiX1iK7M+ayJNlJAA87I5u0B9vtv9/KcdbEcefqm7f3vvUOn3wcKtn/eEOtRMAWNZ9jJ2uEcV/LA3/0+Hv/55cPdz6SMFQ3s47WczlHK++bVB94qBdam4WWS51YMXHEI53uRowsGKEl+NL1wMO71v3esDAioFejq+5ItAp9uS6r12x5XsDALbH0TX98Ab9f7PZmlpz/X/jv/8HfKQQAHaV2yPYP8CJO+vs25mmAgBtnXvpDfQ8wIQAAAAAAAAAAAAAAAAAAAAAAAAAAADgIfAg7/9fS/JgRxa4j4kbSXZBGts88Zf2bl+zqr38xo5nuGJib+6/nP5tGeHiw//bs4sP9Xub2MGTEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANumSHrWW15L9ia9w0lObH9WD86NnU5ghxW3cisfZP9O5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LBp3/+/ltbzI61F6a0lx5JcSvK/O53jVrq10wnssBX3/y/3eZpFelu7PUXf2Pjc7HS5+7O3XP/Vp599XD7upZ6ygLKGVYNLtGvovNVj1VYD41feu/79d75XHz9bJXl2YWJqfPrc3H8tBz5ZfJ7U03osWcr3B0X7KF7d8s/Llnavt6xloqp3fG29/7Le1rfrPfbbn3du27LlNK4tXhkta1povLHw/nevfbAi6PEcSZ4bTAZX1/Sd8tGhpiPp26je4uviJ8X+/DKXqv1fplE0i3IXPZrsSe2frl5bvDL09juLlzvkdCCHk1xO+jef0+G1e2JJddTV+spah6ug8tfBLuVt6JGe/c1mq8SRDm14rDpkBu6qDfXObah0ed3bbTzZIaMn8vxd7+nnu9TY9rdmS2uu+Lr4U3E+f8yPV4z/USv3/7Fs5t1ZxlSRK46Uzm0+ttzy0ZUr3rwzsuO7kgfgp/n//Oft/V9bcf5v76vtOR+tqPGBvS+KVi/UVk0fvKNHap99OmXZzvNgK6pDnv+cl9du1yXPl7ucUbbo/b9a8XXxSTGYv+aG8X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdr0h61lteS44lOZDk0XK+njS3or7aQLEVxWzSnjVLbmxj7btH7fZUcSu38kH272g6AAAAAAAAAGyZs+NfffrZx+Wj+n98T/6t+CLpb/2nvzfJgeIXfWPjc7PTXQrqSy4luVlO999dDuV22bc8f7OcO3T3bQEANucfAQAA//+INm5i")
name_to_handle_at(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000), 0x0)

1.649855877s ago: executing program 4 (id=825):
r0 = socket$key(0xf, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0202000311000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000bb000000000000000002000100000007000000000b000000000200090000000000000000000000000005000600000000000a00000000000000fe8800000000000000000000000000010000000000000000010018"], 0x88}}, 0x0)

1.045455119s ago: executing program 1 (id=827):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x3, 0xfc, 0x4000000}]})
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x18)
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r3, r3, 0x0, 0x800000009)
ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000000)={'veth0_to_bridge\x00'})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x14, 0x9, 0xa, 0x0, 0x0, 0x1, 0x1ff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x50)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r4, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x5c, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fallocate(r0, 0x18, 0xfffffffffffff6a8, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r6}, 0x10)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f7c000/0x3000)=nil, 0x3000, 0x14)

1.029356809s ago: executing program 4 (id=828):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000)

992.06466ms ago: executing program 4 (id=830):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000d00)='kfree\x00', r0}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000d80)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000220000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x3ff, 0x2, 0x5}, 0x1c)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bind$inet6(r3, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

933.527401ms ago: executing program 0 (id=831):
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4, 0x0, 0xfffffffffffffffe}, 0x18)
syz_emit_ethernet(0x86, &(0x7f0000000180)={@local, @random="ce3500590a7f", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e23, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "a1ee206bf1c7506f731484b6a8ad6ba5fec73600c960a5e1e5c011531c7d96f6", "5f8d1da3bea3c456fef675c1b12460de", {"f9e400d5e0eec96a2ba94b486b52a6d4", "3942bc09e9bc342016741b7f661232b2"}}}}}}}, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000380)={@broadcast, @random="67eaa8fce250", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x0, 0x24, 0x0, 0xe000, 0x3, 0x11, 0x0, @empty, @empty}, {0x4, 0x0, 0x10, 0x0, @opaque="b5ace4c70521b9b4"}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x2c, r6, 0x705, 0x70bd2b, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40008d0}, 0x0)

766.654955ms ago: executing program 1 (id=833):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000003b00)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x1}}}}}}}, 0x0)

675.763317ms ago: executing program 1 (id=834):
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000003b00)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x1}}}}}}}, 0x0)

656.179947ms ago: executing program 4 (id=835):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r2 = socket$inet6(0xa, 0x3, 0x7f)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000c00)={{{@in=@dev={0xac, 0x14, 0x14, 0x2e}, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x200000000, 0x40000000007, 0x20000a0de, 0x40000000000004, 0x2, 0x200000003, 0x400}, {0x40000000000005, 0x0, 0x0, 0x5}, 0x4, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@local, 0x3502, 0x1, 0x8, 0x0, 0x9075}}, 0xe8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x4}}}, 0x1c)

652.703887ms ago: executing program 1 (id=836):
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0xff83)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb01001800000000000c0000000400000002000000000000080000000000006100"], 0x0, 0x28}, 0x20)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000100))
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r2, 0x0, 0x0)
unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0)
read$qrtrtun(r3, 0x0, 0xeffd)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002000000"], 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB], 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001000)='tcp_probe\x00', r6, 0x0, 0x1}, 0x18)
socket(0x9, 0x3, 0x0)
keyctl$chown(0x4, 0x0, 0xee01, 0xee00)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0xfc, 0x2, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x6, 0x1}, 0x2012, 0x10000, 0x8, 0x1, 0x8, 0x20008, 0xb, 0x0, 0x8, 0x0, 0x20000003}, 0x0, 0xffffffffffffffff, r6, 0x2)
kexec_load(0x3e00, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x0)
unshare(0x2040400)
r7 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
r8 = fsmount(r7, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000025c0)={0xa, 0x1d, &(0x7f0000001140)=ANY=[@ANYBLOB="180000000100000000000000faffffff85200000040000001800000000100000000000000600000018270000", @ANYRES32, @ANYBLOB="001d000007000000954d00000000000000181100", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000085100000f9ffffff180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000600000085000000060000001800000001000000000000000900000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f0000001240)='GPL\x00', 0xfffffffe, 0xa4, &(0x7f0000002340)=""/164, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x8, &(0x7f00000012c0)={0x4, 0x4}, 0x8, 0x10, &(0x7f0000002580)={0x0, 0x5, 0x9, 0x6}, 0x10, 0x0, r8, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
pipe2$9p(&(0x7f0000000000), 0x80800)

618.467168ms ago: executing program 4 (id=837):
creat(0x0, 0x0)
io_setup(0x202, &(0x7f0000000200))
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x80002, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000001480)={'syzkaller0\x00', 0xc101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x1b, &(0x7f0000000080), 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000b80)={@local, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x300, 0x0, 0x0, 0x6c, 0x0, @private}, {{}, {}, {}, {}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6}}}}}}}}, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
io_setup(0x8, &(0x7f00000002c0)=<r6=>0x0)
r7 = openat$sysfs(0xffffff9c, &(0x7f00000008c0)='/sys/power/image_size', 0x480, 0x50)
io_submit(r6, 0x1, &(0x7f0000000300)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x8, r7, &(0x7f0000000000)='k', 0x1, 0xa, 0x0, 0x0, r7}])
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002c00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x76a9bba1a690db0f, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3cb140bb}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_POLICY={0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
sendto$inet6(r8, &(0x7f00000009c0)='\\', 0x1, 0x20000081, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c)

566.291009ms ago: executing program 0 (id=838):
r0 = socket$key(0xf, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70300000000000085"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0202000311000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000bb000000000000000002000100000007000000000b000000000200090000000000000000000000000005000600000000000a00000000000000fe8800000000000000000000000000010000000000000000010018"], 0x88}}, 0x0)

565.730849ms ago: executing program 3 (id=839):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2, 0x0, 0xfffffffffffffffc}, 0x18)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0202000311000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000bb000000000000000002000100000007000000000b000000000200090000000000000000000000000005000600000000000a00000000000000fe8800000000000000000000000000010000000000000000010018"], 0x88}}, 0x0)

456.282911ms ago: executing program 3 (id=840):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000)

452.787491ms ago: executing program 0 (id=841):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000640)=ANY=[@ANYRESDEC=r0, @ANYRESDEC=r0, @ANYBLOB="0000000000f464e5da6012000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x8040)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f00000000c0)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$caif_stream(0x25, 0x1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/protocols\x00')
preadv(r4, &(0x7f0000002540)=[{&(0x7f0000001140)=""/4096, 0x1000}], 0x1, 0x47fff, 0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="440000001a00010000000000000000000a000000000000000000000006001d000000000006001c000000000008001900", @ANYRES32], 0x44}}, 0x0)
r7 = mq_open(&(0x7f0000000a00)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xeeux\x00\xbf@\xf4\x1c\xbce\xca\x97\xd5pkv\x88L\xe8$\xef\xfeI\xdaW1\xfcg\xa1\xdb$,0y$\xcd{zl.\xae\x805\xa8\xd6\x85\x15\xd2\x0e~\xcc\x90\x97\xe8h\v\x1a9X\a\xca{\x11#\x95m{U\xe5-\xabRw\xcafy\xe6\aNhX4Ll[\x14\x15<z\xb2\x03d\xad\x925\xbfP\x1b\xea\vt\xe9C\xe9\xb4R\x85*\xdc\xc4@\xee\xd2\xae\x06\x1a\xe1\xd2s\x01\xb8\xf3\xf2\rr\x01mq\xd2\xaf\xe2{\xe4\x1a\xd3Z\x01C\xfbW', 0x6e93ebbbcc0884f2, 0x1c4, &(0x7f0000000040)={0x0, 0x2, 0x4, 0x3})
mq_timedreceive(r7, &(0x7f0000000280)=""/211, 0xd3, 0x800000000000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r8 = gettid()
process_vm_writev(r8, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)

433.567611ms ago: executing program 3 (id=842):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x3, 0xfc, 0x4000000}]})
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x18)
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r3, r3, 0x0, 0x800000009)
ioctl$TUNGETIFF(r1, 0x800454d2, &(0x7f0000000000)={'veth0_to_bridge\x00'})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x14, 0x9, 0xa, 0x0, 0x0, 0x1, 0x1ff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x5}, 0x50)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r4, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x5c, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fallocate(r0, 0x18, 0xfffffffffffff6a8, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r6}, 0x10)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f7c000/0x3000)=nil, 0x3000, 0x14)

283.493264ms ago: executing program 3 (id=843):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000dc0), &(0x7f0000002380)='./file1\x00', 0x3a0cc0a, &(0x7f00000023c0)=ANY=[@ANYBLOB='hide,dmode=0x0000000000000005,map=normal,map=normal,session=0x000000000000000e,overriderockperm,showassoc,nocompress,utf8,map=normal,session=0x0000000000000006,map=acorn,mode=0x0000000000000086,uid=', @ANYRESDEC=0x0, @ANYBLOB='\x00\x00', @ANYRESDEC, @ANYRESDEC, @ANYRES8, @ANYRESDEC], 0x43, 0xa02, &(0x7f0000003640)="$eJzs3U9sXdWdB/DvfbYTj4lCgAyTQUBewgQMZBzbGcJEbCaxnxMz/jOyHYloNCIMSaooVqmgSIAqNZWqroraRdUF3SF10xUSG9hU2bXbbrqoVLHuDnUVddFX3fueYzv283MSxzbh87Ge3/3zu+f8zrv33SNfv3dP+CZrNpvV4x7nL/xmO5Nl9zk7/tWnn31cPn50I3vSk1eKL5L+JPWkN8mhJGPjc7PTXQq6nlxKcjMpkuxN63lTLqX4WfYtz99M8auq3tKFe2wYm9LkW22njz8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiNirHx4eGRIlOTMxfeqHdWDQHeaWVtubwvq1G/iy+71psU5SP9/UtDfR86uLz6yfLX0Tzdmnu6GpA8/fnokScPvPZEb21p+w0Svht/bw+GfNcbvvfhR9ffWly88m6H9T3t5tx3hrvUucbM5Pzs5PSZc4365Pxs/fSpU8Mnzk/M1ycmpxrzF+cXGtP1sbnGmYXZufrg2Iv1kdOnT9YbQxdnL8ycGx+aaiwtfPXfR4eHT9VfH/qfxpm5+dmZE68PzY+dn5yampw5V8WUq8uYV8sD8b8nF+oLjTPT9frVa4tXTq7KaJ2Xugwa6daSMmi0W9Do8OjoyMjo6MipV06/8urwcO/ygp5UC4bvkDWb3D5os+/hPS6+hT6pbSKoPDnWt/DsDfen1u7/M5XJzORC3kh93Z+xjGcus5nusL5tqf8/dqKxYb0r+/+lXv7Q8uqnUvX/z7bmnu3U/3fIZft+3suH+SjX81YWs5greXfV2r33UGKzuX6rfv2H1mux0y1e/XMujcxkMvOZzWSmc6ZaUm8vqed0TuVUhvNmzmci86lnIpOZSiPzuZj5LKRRHVFjmUsjZ7LQ22rjYMbyYuoZyemczsnU08hQLmY2FzKTcxnPmaqUq7lWve4nN8jxdtDIZoJGNwjaoP9vL7iL/p9vqa0+hcM9a7b7/z13LK+tDR0c266kAAAAgC31r7/P/oOP/+7PSV+eqa6xAwAAAA+b6uN6T5dPfeXUMykmJqcaw2sD39/+3AAAAICtUVTfsSuSDORwa2rpm1DrXAQAAAAAvomq//8/Wz4NlFOHU/j7HwAAAB423e+x3zWiOJ56bpSr6pdbkZfbEe37/A5MTE41hsZmp14byfPVXQaqbxqsKa0nB5Lq6wcv5Ugr6shA63lgdYn9ZdTI0Gsj6c/RdkMGnyufnhtcJ3K0jHwpL7QiX1iK7M+ayJNlJAA87I5u0B9vtv9/KcdbEcefqm7f3vvUOn3wcKtn/eEOtRMAWNZ9jJ2uEcV/LA3/0+Hv/55cPdz6SMFQ3s47WczlHK++bVB94qBdam4WWS51YMXHEI53uRowsGKEl+NL1wMO71v3esDAioFejq+5ItAp9uS6r12x5XsDALbH0TX98Ab9f7PZmlpz/X/jv/8HfKQQAHaV2yPYP8CJO+vs25mmAgBtnXvpDfQ8wIQAAAAAAAAAAAAAAAAAAAAAAAAAAADgIfAg7/9fS/JgRxa4j4kbSXZBGts88Zf2bl+zqr38xo5nuGJib+6/nP5tGeHiw//bs4sP9Xub2MGTEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANumSHrWW15L9ia9w0lObH9WD86NnU5ghxW3cisfZP9O5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LBp3/+/ltbzI61F6a0lx5JcSvK/O53jVrq10wnssBX3/y/3eZpFelu7PUXf2Pjc7HS5+7O3XP/Vp599XD7upZ6ygLKGVYNLtGvovNVj1VYD41feu/79d75XHz9bJXl2YWJqfPrc3H8tBz5ZfJ7U03osWcr3B0X7KF7d8s/Llnavt6xloqp3fG29/7Le1rfrPfbbn3du27LlNK4tXhkta1povLHw/nevfbAi6PEcSZ4bTAZX1/Sd8tGhpiPp26je4uviJ8X+/DKXqv1fplE0i3IXPZrsSe2frl5bvDL09juLlzvkdCCHk1xO+jef0+G1e2JJddTV+spah6ug8tfBLuVt6JGe/c1mq8SRDm14rDpkBu6qDfXObah0ed3bbTzZIaMn8vxd7+nnu9TY9rdmS2uu+Lr4U3E+f8yPV4z/USv3/7Fs5t1ZxlSRK46Uzm0+ttzy0ZUr3rwzsuO7kgfgp/n//Oft/V9bcf5v76vtOR+tqPGBvS+KVi/UVk0fvKNHap99OmXZzvNgK6pDnv+cl9du1yXPl7ucUbbo/b9a8XXxSTGYv+aG8X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdr0h61lteS44lOZDk0XK+njS3or7aQLEVxWzSnjVLbmxj7btH7fZUcSu38kH272g6AAAAAAAAAGyZs+NfffrZx+Wj+n98T/6t+CLpb/2nvzfJgeIXfWPjc7PTXQrqSy4luVlO999dDuV22bc8f7OcO3T3bQEANucfAQAA//+INm5i")
name_to_handle_at(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000), 0x0)

171.399996ms ago: executing program 5 (id=797):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r2, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r2], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x79}}, 0x800)
sendmsg$nl_route_sched(r1, 0x0, 0x400c8b4)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x10)

113.440408ms ago: executing program 5 (id=844):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000003b00)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x1}}}}}}}, 0x0)

112.965318ms ago: executing program 3 (id=845):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000d00)='kfree\x00', r0}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000d80)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000220000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x3ff, 0x2, 0x5}, 0x1c)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bind$inet6(r3, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

72.991078ms ago: executing program 5 (id=846):
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000003b00)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x1}}}}}}}, 0x0)

34.447059ms ago: executing program 5 (id=847):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r2 = socket$inet6(0xa, 0x3, 0x7f)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000c00)={{{@in=@dev={0xac, 0x14, 0x14, 0x2e}, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x200000000, 0x40000000007, 0x20000a0de, 0x40000000000004, 0x2, 0x200000003, 0x400}, {0x40000000000005, 0x0, 0x0, 0x5}, 0x4, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@local, 0x3502, 0x1, 0x8, 0x0, 0x9075}}, 0xe8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x4}}}, 0x1c)

16.57356ms ago: executing program 5 (id=848):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1)

0s ago: executing program 3 (id=849):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001280)=ANY=[@ANYBLOB="0a00000004000000080000000600000810880000e0e94120b35939ab4f3ea887254a64ea20073761c125bbb2e277822e8cfd8b78c5acac3f80b2d1da01c4ff5758c65da32a4c3f7c0513dd7772d322f1fcd3a6a735f2f34532abefb9dee1124e443c533c67ca6ef7079af77eaeeba80996e4eee8b1c1d8c05aa59e3e90e54881f339d73ef939c2e9655fc470e938df350d300e4fdbe5ed4a", @ANYBLOB="0000ff0000ff0000000000ffffffffffffffffe9a82ea3464f706a35cf91318686df78", @ANYRES32=r0, @ANYRES8=r0], 0x50)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0)
pread64(r2, &(0x7f00000001c0)=""/200, 0xc8, 0x0)
read$char_usb(0xffffffffffffffff, &(0x7f0000001000)=""/131, 0x83)
r3 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
dup3(r3, r4, 0x0)
mount$nfs(&(0x7f0000000e00)='\x04\x00.\xe0\x97\xb4\xca>\xb5<\x9a\x8b\bXk\x10\xf0\x80\x8e)l\xd7\x05\xaf\xa4\xf5vb\xf1\xa1q\xa4\xbb\x02Z\x95\xc8\xe8\xa8,\t\xbf=\x9a\x90hjl\xcdR\x1f\xe9\xcenb\xb6\xc9\x90\xb2\xfb\xe0C\r@\x98\x13J\x04c\xfd\xef\x1b;J]6\x05\x88>y\xea\xbaNk\xffx\x1do\xedow\t1)\xe6\xc6\xc3f\xa9\xe3\xb8Q;\xc0\x80\xe7\x86AU\xd7\xdd\xc9\x8aQ*\x02q\xb1\xb3\xb7\x00+\xb0$_\xd2\x87\xef\x0e5+\x9b\f\xa0\x06\xb4W`\x83N\xe1\xfd\xcf\x9e\xfb2+\xc2VK>\r~\xc3 \x91U\xe8\xca\x92\xb1bt\xd5[\x93\xe2\xcd\xa9\xd7rl\xf4\xb7\xda\xc5|\xa8\xef\xbbS\xd4\x00\xe1\xe7\xf1\xf8\x16\x15\x1d\x85\x87\r\x1d\xcb\xb97\x85\xf7W`\xbe\xe5', &(0x7f0000000140)='./file1\x00', 0x0, 0x202040, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x1a, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xfc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r1}, &(0x7f0000000800), &(0x7f0000000840)}, 0x20)
socket(0x36, 0xa, 0x2)

kernel console output (not intermixed with test programs):

 ? __fget_files+0x184/0x1c0
[   51.138234][ T4767]  __secure_computing+0x82/0x150
[   51.138253][ T4767]  syscall_trace_enter+0xcf/0x1e0
[   51.138288][ T4767]  do_syscall_64+0xac/0x200
[   51.138323][ T4767]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   51.138349][ T4767]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   51.138432][ T4767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.138458][ T4767] RIP: 0033:0x7fa2050feba9
[   51.138476][ T4767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.138495][ T4767] RSP: 002b:00007fa203b67038 EFLAGS: 00000246 ORIG_RAX: 000000000000001f
[   51.138517][ T4767] RAX: ffffffffffffffda RBX: 00007fa205345fa0 RCX: 00007fa2050feba9
[   51.138532][ T4767] RDX: 0000200000000500 RSI: 000000000000000f RDI: 0000000000000000
[   51.138544][ T4767] RBP: 00007fa203b67090 R08: 0000000000000000 R09: 0000000000000000
[   51.138584][ T4767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   51.138617][ T4767] R13: 00007fa205346038 R14: 00007fa205345fa0 R15: 00007ffcd08c4208
[   51.138633][ T4767]  </TASK>
[   51.414871][ T4765] netlink: 4 bytes leftover after parsing attributes in process `syz.4.390'.
[   51.483551][ T4772] netlink: 16 bytes leftover after parsing attributes in process `syz.2.392'.
[   51.484303][ T4774] loop1: detected capacity change from 0 to 1024
[   51.566008][ T4784] program syz.0.397 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   51.585809][ T4784] loop0: detected capacity change from 0 to 1764
[   51.652212][ T4774] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   51.678033][ T4790] program syz.0.399 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   51.756797][ T4790] loop0: detected capacity change from 0 to 1764
[   51.826690][ T4794] loop1: detected capacity change from 0 to 512
[   52.053485][ T4806] program syz.1.403 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   52.072377][ T4806] loop1: detected capacity change from 0 to 1764
[   52.303226][ T4813] bridge_slave_0: left allmulticast mode
[   52.309422][ T4813] bridge_slave_0: left promiscuous mode
[   52.315487][ T4813] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.351095][ T4813] bridge_slave_1: left allmulticast mode
[   52.356839][ T4813] bridge_slave_1: left promiscuous mode
[   52.362565][ T4813] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.374499][ T4813] bond0: (slave bond_slave_0): Releasing backup interface
[   52.401991][ T4813] bond0: (slave bond_slave_1): Releasing backup interface
[   52.445925][ T4813] team0: Port device team_slave_0 removed
[   52.504237][ T4813] team0: Port device team_slave_1 removed
[   52.532086][ T4813] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   52.539896][ T4813] batman_adv: batadv0: Removing interface: batadv_slave_0
[   52.551243][ T4819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.408'.
[   52.568582][ T4819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.408'.
[   52.582207][ T4813] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   52.589885][ T4813] batman_adv: batadv0: Removing interface: batadv_slave_1
[   52.620187][ T4769] syz.2.392 (4769) used greatest stack depth: 6408 bytes left
[   52.639566][ T4824] loop1: detected capacity change from 0 to 1024
[   52.650550][ T4813] team0: Port device batadv1 removed
[   52.678328][ T4826] loop2: detected capacity change from 0 to 1024
[   52.701691][ T4824] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   52.766846][ T4826] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   52.805418][ T4836] netlink: 16 bytes leftover after parsing attributes in process `syz.0.413'.
[   52.856037][ T4840] loop1: detected capacity change from 0 to 1024
[   52.906774][ T4845] loop2: detected capacity change from 0 to 512
[   52.997738][ T4845] FAULT_INJECTION: forcing a failure.
[   52.997738][ T4845] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   53.011351][ T4845] CPU: 1 UID: 0 PID: 4845 Comm: syz.2.417 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   53.011384][ T4845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   53.011398][ T4845] Call Trace:
[   53.011407][ T4845]  <TASK>
[   53.011449][ T4845]  __dump_stack+0x1d/0x30
[   53.011470][ T4845]  dump_stack_lvl+0xe8/0x140
[   53.011489][ T4845]  dump_stack+0x15/0x1b
[   53.011509][ T4845]  should_fail_ex+0x265/0x280
[   53.011537][ T4845]  should_fail+0xb/0x20
[   53.011562][ T4845]  should_fail_usercopy+0x1a/0x20
[   53.011667][ T4845]  _copy_to_iter+0x251/0xe70
[   53.011715][ T4845]  ? seq_list_next+0x32/0x50
[   53.011736][ T4845]  seq_read_iter+0x76a/0x940
[   53.011772][ T4845]  seq_read+0x270/0x2b0
[   53.011880][ T4845]  ? __pfx_seq_read+0x10/0x10
[   53.011906][ T4845]  proc_reg_read+0x128/0x1c0
[   53.011966][ T4845]  ? __pfx_proc_reg_read+0x10/0x10
[   53.011998][ T4845]  vfs_readv+0x3fb/0x690
[   53.012040][ T4845]  __x64_sys_preadv+0xfd/0x1c0
[   53.012076][ T4845]  x64_sys_call+0x282a/0x2ff0
[   53.012164][ T4845]  do_syscall_64+0xd2/0x200
[   53.012218][ T4845]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   53.012244][ T4845]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   53.012275][ T4845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.012312][ T4845] RIP: 0033:0x7f32d5a8eba9
[   53.012326][ T4845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   53.012343][ T4845] RSP: 002b:00007f32d44ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   53.012362][ T4845] RAX: ffffffffffffffda RBX: 00007f32d5cd5fa0 RCX: 00007f32d5a8eba9
[   53.012374][ T4845] RDX: 0000000000000001 RSI: 00002000000015c0 RDI: 0000000000000006
[   53.012385][ T4845] RBP: 00007f32d44ef090 R08: 000000000000d215 R09: 0000000000000000
[   53.012443][ T4845] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000001
[   53.012454][ T4845] R13: 00007f32d5cd6038 R14: 00007f32d5cd5fa0 R15: 00007ffcee5f6d58
[   53.012470][ T4845]  </TASK>
[   53.260891][ T4850] program syz.2.419 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   53.303772][ T4850] loop2: detected capacity change from 0 to 1764
[   53.341603][ T4853] netlink: 4 bytes leftover after parsing attributes in process `syz.1.418'.
[   53.552491][ T4875] loop1: detected capacity change from 0 to 1764
[   53.614426][ T4880] loop1: detected capacity change from 0 to 1024
[   53.678939][ T4880] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   54.034286][ T4911] loop3: detected capacity change from 0 to 1024
[   54.070797][ T4911] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   54.119247][ T4832] syz.0.413 (4832) used greatest stack depth: 6216 bytes left
[   54.428170][ T4946] FAULT_INJECTION: forcing a failure.
[   54.428170][ T4946] name failslab, interval 1, probability 0, space 0, times 0
[   54.441195][ T4946] CPU: 0 UID: 0 PID: 4946 Comm: syz.4.446 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   54.441226][ T4946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   54.441239][ T4946] Call Trace:
[   54.441246][ T4946]  <TASK>
[   54.441254][ T4946]  __dump_stack+0x1d/0x30
[   54.441352][ T4946]  dump_stack_lvl+0xe8/0x140
[   54.441375][ T4946]  dump_stack+0x15/0x1b
[   54.441393][ T4946]  should_fail_ex+0x265/0x280
[   54.441429][ T4946]  should_failslab+0x8c/0xb0
[   54.441456][ T4946]  kmem_cache_alloc_noprof+0x50/0x310
[   54.441551][ T4946]  ? __kernfs_iattrs+0x69/0x1a0
[   54.441578][ T4946]  __kernfs_iattrs+0x69/0x1a0
[   54.441603][ T4946]  kernfs_vfs_xattr_set+0x47/0xb0
[   54.441629][ T4946]  ? __pfx_kernfs_vfs_xattr_set+0x10/0x10
[   54.441685][ T4946]  __vfs_removexattr+0x2c4/0x2f0
[   54.441712][ T4946]  __vfs_removexattr_locked+0x18a/0x1d0
[   54.441740][ T4946]  vfs_removexattr+0x75/0x170
[   54.441767][ T4946]  path_removexattrat+0x2c6/0x570
[   54.441876][ T4946]  __x64_sys_removexattr+0x38/0x50
[   54.441906][ T4946]  x64_sys_call+0x242f/0x2ff0
[   54.441929][ T4946]  do_syscall_64+0xd2/0x200
[   54.442012][ T4946]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   54.442089][ T4946]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   54.442264][ T4946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.442286][ T4946] RIP: 0033:0x7f54808eeba9
[   54.442300][ T4946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.442315][ T4946] RSP: 002b:00007f547f357038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5
[   54.442333][ T4946] RAX: ffffffffffffffda RBX: 00007f5480b35fa0 RCX: 00007f54808eeba9
[   54.442344][ T4946] RDX: 0000000000000000 RSI: 0000200000000980 RDI: 0000200000000200
[   54.442400][ T4946] RBP: 00007f547f357090 R08: 0000000000000000 R09: 0000000000000000
[   54.442438][ T4946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   54.442449][ T4946] R13: 00007f5480b36038 R14: 00007f5480b35fa0 R15: 00007ffefcb64e98
[   54.442463][ T4946]  </TASK>
[   54.748989][ T4949] FAULT_INJECTION: forcing a failure.
[   54.748989][ T4949] name failslab, interval 1, probability 0, space 0, times 0
[   54.761906][ T4949] CPU: 0 UID: 0 PID: 4949 Comm: syz.3.447 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   54.762016][ T4949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   54.762028][ T4949] Call Trace:
[   54.762039][ T4949]  <TASK>
[   54.762048][ T4949]  __dump_stack+0x1d/0x30
[   54.762075][ T4949]  dump_stack_lvl+0xe8/0x140
[   54.762098][ T4949]  dump_stack+0x15/0x1b
[   54.762116][ T4949]  should_fail_ex+0x265/0x280
[   54.762187][ T4949]  should_failslab+0x8c/0xb0
[   54.762214][ T4949]  kmem_cache_alloc_node_noprof+0x57/0x320
[   54.762247][ T4949]  ? __alloc_skb+0x101/0x320
[   54.762269][ T4949]  ? __rcu_read_unlock+0x4f/0x70
[   54.762373][ T4949]  __alloc_skb+0x101/0x320
[   54.762394][ T4949]  netlink_dump+0x10d/0x8a0
[   54.762421][ T4949]  ? __kfree_skb+0x109/0x150
[   54.762446][ T4949]  ? nlmon_xmit+0x4f/0x60
[   54.762547][ T4949]  ? consume_skb+0x49/0x150
[   54.762574][ T4949]  __netlink_dump_start+0x43e/0x520
[   54.762599][ T4949]  ? __pfx_neightbl_dump_info+0x10/0x10
[   54.762623][ T4949]  rtnetlink_rcv_msg+0x552/0x6d0
[   54.762656][ T4949]  ? __pfx_neightbl_dump_info+0x10/0x10
[   54.762691][ T4949]  ? __pfx_rtnl_dumpit+0x10/0x10
[   54.762722][ T4949]  ? __pfx_neightbl_dump_info+0x10/0x10
[   54.762749][ T4949]  netlink_rcv_skb+0x123/0x220
[   54.762770][ T4949]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   54.762858][ T4949]  rtnetlink_rcv+0x1c/0x30
[   54.762929][ T4949]  netlink_unicast+0x5bd/0x690
[   54.763017][ T4949]  netlink_sendmsg+0x58b/0x6b0
[   54.763071][ T4949]  ? __pfx_netlink_sendmsg+0x10/0x10
[   54.763190][ T4949]  __sock_sendmsg+0x142/0x180
[   54.763229][ T4949]  ____sys_sendmsg+0x31e/0x4e0
[   54.763271][ T4949]  ___sys_sendmsg+0x17b/0x1d0
[   54.763311][ T4949]  __x64_sys_sendmsg+0xd4/0x160
[   54.763343][ T4949]  x64_sys_call+0x191e/0x2ff0
[   54.763367][ T4949]  do_syscall_64+0xd2/0x200
[   54.763451][ T4949]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   54.763514][ T4949]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   54.763603][ T4949]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.763672][ T4949] RIP: 0033:0x7fe311f9eba9
[   54.763765][ T4949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.763784][ T4949] RSP: 002b:00007fe3109ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   54.763806][ T4949] RAX: ffffffffffffffda RBX: 00007fe3121e5fa0 RCX: 00007fe311f9eba9
[   54.763820][ T4949] RDX: 0000000000000004 RSI: 0000200000000240 RDI: 0000000000000007
[   54.763834][ T4949] RBP: 00007fe3109ff090 R08: 0000000000000000 R09: 0000000000000000
[   54.763848][ T4949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   54.763878][ T4949] R13: 00007fe3121e6038 R14: 00007fe3121e5fa0 R15: 00007ffd6a8e4118
[   54.763898][ T4949]  </TASK>
[   55.260138][ T4969] loop3: detected capacity change from 0 to 1024
[   55.267278][ T4971] FAULT_INJECTION: forcing a failure.
[   55.267278][ T4971] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   55.280439][ T4971] CPU: 0 UID: 0 PID: 4971 Comm: syz.0.456 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   55.280472][ T4971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   55.280485][ T4971] Call Trace:
[   55.280493][ T4971]  <TASK>
[   55.280501][ T4971]  __dump_stack+0x1d/0x30
[   55.280548][ T4971]  dump_stack_lvl+0xe8/0x140
[   55.280616][ T4971]  dump_stack+0x15/0x1b
[   55.280634][ T4971]  should_fail_ex+0x265/0x280
[   55.280728][ T4971]  should_fail+0xb/0x20
[   55.280749][ T4971]  should_fail_usercopy+0x1a/0x20
[   55.280804][ T4971]  _copy_to_user+0x20/0xa0
[   55.280844][ T4971]  simple_read_from_buffer+0xb5/0x130
[   55.280869][ T4971]  proc_fail_nth_read+0x10e/0x150
[   55.280978][ T4971]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   55.281063][ T4971]  vfs_read+0x1a8/0x770
[   55.281084][ T4971]  ? __rcu_read_unlock+0x4f/0x70
[   55.281107][ T4971]  ? __fget_files+0x184/0x1c0
[   55.281135][ T4971]  ksys_read+0xda/0x1a0
[   55.281188][ T4971]  __x64_sys_read+0x40/0x50
[   55.281224][ T4971]  x64_sys_call+0x27bc/0x2ff0
[   55.281245][ T4971]  do_syscall_64+0xd2/0x200
[   55.281332][ T4971]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   55.281354][ T4971]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   55.281410][ T4971]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.281431][ T4971] RIP: 0033:0x7fa2050fd5bc
[   55.281447][ T4971] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   55.281464][ T4971] RSP: 002b:00007fa203b67030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   55.281485][ T4971] RAX: ffffffffffffffda RBX: 00007fa205345fa0 RCX: 00007fa2050fd5bc
[   55.281502][ T4971] RDX: 000000000000000f RSI: 00007fa203b670a0 RDI: 0000000000000004
[   55.281515][ T4971] RBP: 00007fa203b67090 R08: 0000000000000000 R09: 0000000000000000
[   55.281529][ T4971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.281542][ T4971] R13: 00007fa205346038 R14: 00007fa205345fa0 R15: 00007ffcd08c4208
[   55.281561][ T4971]  </TASK>
[   55.597513][ T4969] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   55.727166][   T29] kauditd_printk_skb: 453 callbacks suppressed
[   55.727212][   T29] audit: type=1326 audit(1757658197.105:2228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4991 comm="syz.3.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe311f9eba9 code=0x7ffc0000
[   55.763246][ T4993] loop4: detected capacity change from 0 to 1024
[   55.774822][ T4995] netlink: 'syz.3.462': attribute type 1 has an invalid length.
[   55.782754][ T4995] __nla_validate_parse: 6 callbacks suppressed
[   55.782784][ T4995] netlink: 80 bytes leftover after parsing attributes in process `syz.3.462'.
[   55.785047][ T1036] usb 3-1: enqueue for inactive port 0
[   55.799320][ T4995] vlan2: entered allmulticast mode
[   55.808795][ T4995] bridge_slave_0: entered allmulticast mode
[   55.814577][   T29] audit: type=1326 audit(1757658197.105:2229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4991 comm="syz.3.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe311f9eba9 code=0x7ffc0000
[   55.839263][   T29] audit: type=1326 audit(1757658197.105:2230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4991 comm="syz.3.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7fe311f9eba9 code=0x7ffc0000
[   55.862718][   T29] audit: type=1326 audit(1757658197.105:2231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4991 comm="syz.3.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe311f9eba9 code=0x7ffc0000
[   55.886528][   T29] audit: type=1326 audit(1757658197.105:2232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4991 comm="syz.3.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe311f9eba9 code=0x7ffc0000
[   55.913387][ T1036] usb 3-1: enqueue for inactive port 0
[   55.931905][   T29] audit: type=1326 audit(1757658197.315:2233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4924 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32d5a8eba9 code=0x7ffc0000
[   55.956163][   T29] audit: type=1326 audit(1757658197.315:2234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4924 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32d5a8eba9 code=0x7ffc0000
[   55.993526][ T1036] vhci_hcd: vhci_device speed not set
[   56.019645][   T29] audit: type=1326 audit(1757658197.385:2235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4924 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7f32d5a8eba9 code=0x7ffc0000
[   56.087903][   T29] audit: type=1326 audit(1757658197.465:2236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4924 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32d5a8eba9 code=0x7ffc0000
[   56.111826][   T29] audit: type=1326 audit(1757658197.465:2237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4924 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32d5a8eba9 code=0x7ffc0000
[   56.162532][ T5003] 9pnet_fd: Insufficient options for proto=fd
[   56.237878][ T4924] syz.2.441 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[   56.249129][ T4924] CPU: 0 UID: 0 PID: 4924 Comm: syz.2.441 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   56.249160][ T4924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   56.249174][ T4924] Call Trace:
[   56.249180][ T4924]  <TASK>
[   56.249188][ T4924]  __dump_stack+0x1d/0x30
[   56.249217][ T4924]  dump_stack_lvl+0xe8/0x140
[   56.249238][ T4924]  dump_stack+0x15/0x1b
[   56.249256][ T4924]  dump_header+0x81/0x220
[   56.249288][ T4924]  oom_kill_process+0x342/0x400
[   56.249392][ T4924]  out_of_memory+0x979/0xb80
[   56.249427][ T4924]  try_charge_memcg+0x5e6/0x9e0
[   56.249457][ T4924]  charge_memcg+0x51/0xc0
[   56.249478][ T4924]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[   56.249518][ T4924]  __read_swap_cache_async+0x1df/0x350
[   56.249632][ T4924]  swap_cluster_readahead+0x277/0x3e0
[   56.249737][ T4924]  swapin_readahead+0xde/0x6f0
[   56.249773][ T4924]  ? __filemap_get_folio+0x4f7/0x6b0
[   56.249796][ T4924]  ? swap_cache_get_folio+0x77/0x200
[   56.249869][ T4924]  do_swap_page+0x301/0x2430
[   56.249894][ T4924]  ? css_rstat_updated+0xb7/0x240
[   56.249991][ T5006] loop3: detected capacity change from 0 to 128
[   56.249927][ T4924]  ? __pfx_default_wake_function+0x10/0x10
[   56.250025][ T4924]  handle_mm_fault+0x9a5/0x2c20
[   56.250057][ T4924]  do_user_addr_fault+0x636/0x1090
[   56.250115][ T4924]  ? fpregs_assert_state_consistent+0xb4/0xe0
[   56.250283][ T4924]  exc_page_fault+0x62/0xa0
[   56.250371][ T4924]  asm_exc_page_fault+0x26/0x30
[   56.250394][ T4924] RIP: 0033:0x7f32d594d9ef
[   56.250412][ T4924] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 fb 44 8d 56 04 4c 8d 0d 22 46 37 00 89 f0 4c 8d 05 19 26 37 00 89 c2 81 e2 ff 1f 00 00 <49> 8b 0c d1 48 39 f1 74 28 48 85 c9 74 29 45 38 1c 10 75 23 83 c0
[   56.250432][ T4924] RSP: 002b:00007ffcee5f6d88 EFLAGS: 00010202
[   56.250452][ T4924] RAX: 0000000081560820 RBX: 00007f32d6805720 RCX: 000000000000000a
[   56.250541][ T4924] RDX: 0000000000000820 RSI: ffffffff81560820 RDI: 000000000000001c
[   56.250554][ T4924] RBP: ffffffff81560820 R08: 00007f32d5cc0000 R09: 00007f32d5cc2000
[   56.250567][ T4924] R10: 0000000081560824 R11: 000000000000001c R12: 000000000000001c
[   56.250580][ T4924] R13: 0000000000000000 R14: ffffffff81560c2c R15: 000000000000000a
[   56.250593][ T4924]  ? audit_log_start+0x2c/0x6c0
[   56.250623][ T4924]  ? audit_send_list_thread+0x10/0x230
[   56.250677][ T4924]  ? audit_send_list_thread+0x10/0x230
[   56.250707][ T4924]  </TASK>
[   56.250909][ T4924] memory: usage 307200kB, limit 307200kB, failcnt 1716
[   56.346280][ T5006] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   56.346974][ T4924] memory+swap: usage 307712kB, limit 9007199254740988kB, failcnt 0
[   56.347069][ T4924] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0
[   56.347083][ T4924] Memory cgroup stats for /syz2:
[   56.380915][ T4924] cache 0
[   56.531169][ T4924] rss 0
[   56.533952][ T4924] shmem 0
[   56.536913][ T4924] mapped_file 0
[   56.540553][ T4924] dirty 0
[   56.543621][ T4924] writeback 8192
[   56.547380][ T4924] workingset_refault_anon 121
[   56.552129][ T4924] workingset_refault_file 627
[   56.557064][ T4924] swap 524288
[   56.560501][ T4924] swapcached 8192
[   56.564816][ T4924] pgpgin 12651
[   56.568379][ T4924] pgpgout 12648
[   56.572098][ T4924] pgfault 20652
[   56.575591][ T4924] pgmajfault 67
[   56.579229][ T4924] inactive_anon 8192
[   56.583170][ T4924] active_anon 0
[   56.586892][ T4924] inactive_file 4096
[   56.591180][ T4924] active_file 0
[   56.594648][ T4924] unevictable 0
[   56.598117][ T4924] hierarchical_memory_limit 314572800
[   56.603675][ T4924] hierarchical_memsw_limit 9223372036854771712
[   56.609989][ T4924] total_cache 0
[   56.613470][ T4924] total_rss 0
[   56.616854][ T4924] total_shmem 0
[   56.620447][ T4924] total_mapped_file 0
[   56.624628][ T4924] total_dirty 0
[   56.628216][ T4924] total_writeback 8192
[   56.632561][ T4924] total_workingset_refault_anon 121
[   56.638039][ T4924] total_workingset_refault_file 627
[   56.643245][ T4924] total_swap 524288
[   56.647104][ T4924] total_swapcached 8192
[   56.651300][ T4924] total_pgpgin 12651
[   56.655522][ T4924] total_pgpgout 12648
[   56.659487][ T4924] total_pgfault 20652
[   56.663575][ T4924] total_pgmajfault 67
[   56.667606][ T4924] total_inactive_anon 8192
[   56.672320][ T4924] total_active_anon 0
[   56.676394][ T4924] total_inactive_file 4096
[   56.680902][ T4924] total_active_file 0
[   56.685012][ T4924] total_unevictable 0
[   56.689166][ T4924] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.441,pid=4924,uid=0
[   56.704232][ T4924] Memory cgroup out of memory: Killed process 4924 (syz.2.441) total-vm:94024kB, anon-rss:1072kB, file-rss:22440kB, shmem-rss:228kB, UID:0 pgtables:152kB oom_score_adj:1000
[   56.723212][ T5013] netlink: 4 bytes leftover after parsing attributes in process `syz.0.469'.
[   56.745477][ T5013] netlink: 4 bytes leftover after parsing attributes in process `syz.0.469'.
[   56.779408][ T5018] loop3: detected capacity change from 0 to 1024
[   56.830419][ T5018] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   56.916221][ T5027] netlink: 4 bytes leftover after parsing attributes in process `syz.0.472'.
[   56.925599][ T5027] netlink: 348 bytes leftover after parsing attributes in process `syz.0.472'.
[   56.934611][ T5027] netlink: 4 bytes leftover after parsing attributes in process `syz.0.472'.
[   56.943465][ T5027] netlink: 348 bytes leftover after parsing attributes in process `syz.0.472'.
[   56.959145][ T5027] netlink: 4 bytes leftover after parsing attributes in process `syz.0.472'.
[   56.976523][ T5029] IPv6: NLM_F_CREATE should be specified when creating new route
[   57.007027][ T5029] FAULT_INJECTION: forcing a failure.
[   57.007027][ T5029] name failslab, interval 1, probability 0, space 0, times 0
[   57.019950][ T5029] CPU: 0 UID: 0 PID: 5029 Comm: syz.1.474 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   57.019981][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   57.020047][ T5029] Call Trace:
[   57.020053][ T5029]  <TASK>
[   57.020060][ T5029]  __dump_stack+0x1d/0x30
[   57.020081][ T5029]  dump_stack_lvl+0xe8/0x140
[   57.020112][ T5029]  dump_stack+0x15/0x1b
[   57.020132][ T5029]  should_fail_ex+0x265/0x280
[   57.020165][ T5029]  ? inet6_rtm_newroute+0x5af/0x1020
[   57.020201][ T5029]  should_failslab+0x8c/0xb0
[   57.020230][ T5029]  __kmalloc_cache_noprof+0x4c/0x320
[   57.020266][ T5029]  inet6_rtm_newroute+0x5af/0x1020
[   57.020295][ T5029]  ? __memcg_slab_free_hook+0x135/0x230
[   57.020339][ T5029]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   57.020411][ T5029]  rtnetlink_rcv_msg+0x5fb/0x6d0
[   57.020449][ T5029]  netlink_rcv_skb+0x123/0x220
[   57.020606][ T5029]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   57.020641][ T5029]  rtnetlink_rcv+0x1c/0x30
[   57.020698][ T5029]  netlink_unicast+0x5bd/0x690
[   57.020724][ T5029]  netlink_sendmsg+0x58b/0x6b0
[   57.020770][ T5029]  ? __pfx_netlink_sendmsg+0x10/0x10
[   57.020801][ T5029]  __sock_sendmsg+0x142/0x180
[   57.020843][ T5029]  ____sys_sendmsg+0x31e/0x4e0
[   57.020897][ T5029]  ___sys_sendmsg+0x17b/0x1d0
[   57.021007][ T5029]  __x64_sys_sendmsg+0xd4/0x160
[   57.021034][ T5029]  x64_sys_call+0x191e/0x2ff0
[   57.021059][ T5029]  do_syscall_64+0xd2/0x200
[   57.021165][ T5029]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   57.021261][ T5029]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   57.021288][ T5029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.021387][ T5029] RIP: 0033:0x7effd149eba9
[   57.021406][ T5029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.021431][ T5029] RSP: 002b:00007effcff07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   57.021455][ T5029] RAX: ffffffffffffffda RBX: 00007effd16e5fa0 RCX: 00007effd149eba9
[   57.021468][ T5029] RDX: 0000000020040844 RSI: 0000200000000340 RDI: 0000000000000003
[   57.021480][ T5029] RBP: 00007effcff07090 R08: 0000000000000000 R09: 0000000000000000
[   57.021492][ T5029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.021504][ T5029] R13: 00007effd16e6038 R14: 00007effd16e5fa0 R15: 00007ffcb851c538
[   57.021597][ T5029]  </TASK>
[   57.264627][ T5032] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[   57.271422][ T5032] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   57.279041][ T5032] vhci_hcd vhci_hcd.0: Device attached
[   57.296201][ T5032] loop2: detected capacity change from 0 to 512
[   57.312625][ T5032] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.475: iget: bad i_size value: 38620345925642
[   57.325717][ T5027] netlink: 4 bytes leftover after parsing attributes in process `syz.0.472'.
[   57.334947][ T5027] netlink: 348 bytes leftover after parsing attributes in process `syz.0.472'.
[   57.336707][ T5032] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.475: couldn't read orphan inode 15 (err -117)
[   57.456248][ T5032] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   57.480702][ T5032] EXT4-fs (loop2): changing journal_checksum during remount not supported; ignoring
[   57.503804][ T5032] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   57.536590][   T23] usb 5-1: new high-speed USB device number 2 using vhci_hcd
[   57.628841][ T5057] rdma_op ffff88811d5ed980 conn xmit_rdma 0000000000000000
[   57.654374][ T5033] vhci_hcd: connection reset by peer
[   57.670273][   T51] vhci_hcd: stop threads
[   57.674675][   T51] vhci_hcd: release socket
[   57.679127][   T51] vhci_hcd: disconnect device
[   57.852275][ T5066] loop3: detected capacity change from 0 to 512
[   57.862898][ T5066] EXT4-fs: Ignoring removed oldalloc option
[   57.878259][ T5066] EXT4-fs (loop3): orphan cleanup on readonly fs
[   57.884857][ T5066] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[   57.893948][ T5066] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[   57.909226][ T5066] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.484: attempt to clear invalid blocks 2 len 1
[   57.922832][ T5066] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.484: invalid indirect mapped block 1819239214 (level 0)
[   57.938956][ T5066] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.484: invalid indirect mapped block 1819239214 (level 1)
[   57.954658][ T5066] EXT4-fs (loop3): 1 truncate cleaned up
[   57.965496][ T5066] EXT4-fs (loop3): shut down requested (1)
[   57.974794][ T5066] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   57.985166][ T5066] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   57.997066][ T5066] lo speed is unknown, defaulting to 1000
[   58.003979][ T5066] lo speed is unknown, defaulting to 1000
[   58.013572][ T5066] lo speed is unknown, defaulting to 1000
[   58.021848][ T5066] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   58.030069][ T5066] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   58.045973][ T5066] lo speed is unknown, defaulting to 1000
[   58.056565][ T5066] lo speed is unknown, defaulting to 1000
[   58.065414][ T5066] lo speed is unknown, defaulting to 1000
[   58.072573][ T5066] lo speed is unknown, defaulting to 1000
[   58.079674][ T5066] lo speed is unknown, defaulting to 1000
[   58.228733][ T5076] loop2: detected capacity change from 0 to 512
[   58.321427][ T5076] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   58.339849][ T5076] EXT4-fs (loop2): orphan cleanup on readonly fs
[   58.358082][ T5076] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.488: Failed to acquire dquot type 1
[   58.548639][ T5076] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.488: bg 0: block 40: padding at end of block bitmap is not set
[   58.685142][ T5076] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   58.746944][ T5076] EXT4-fs (loop2): 1 truncate cleaned up
[   58.872855][ T5076] serio: Serial port ptm0
[   58.955663][ T5097] unsupported nla_type 65024
[   58.979736][ T5097] EXT4-fs (loop2): shut down requested (1)
[   59.003725][ T5097] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=16
[   59.086445][ T5097] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=16
[   59.093147][ T5100] FAULT_INJECTION: forcing a failure.
[   59.093147][ T5100] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   59.108934][ T5100] CPU: 1 UID: 0 PID: 5100 Comm: syz.1.494 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   59.108964][ T5100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   59.108976][ T5100] Call Trace:
[   59.108984][ T5100]  <TASK>
[   59.108994][ T5100]  __dump_stack+0x1d/0x30
[   59.109020][ T5100]  dump_stack_lvl+0xe8/0x140
[   59.109040][ T5100]  dump_stack+0x15/0x1b
[   59.109059][ T5100]  should_fail_ex+0x265/0x280
[   59.109081][ T5100]  should_fail+0xb/0x20
[   59.109100][ T5100]  should_fail_usercopy+0x1a/0x20
[   59.109125][ T5100]  _copy_from_iter+0xd2/0xe80
[   59.109203][ T5100]  ? __build_skb_around+0x1a0/0x200
[   59.109228][ T5100]  ? __alloc_skb+0x223/0x320
[   59.109281][ T5100]  netlink_sendmsg+0x471/0x6b0
[   59.109311][ T5100]  ? __pfx_netlink_sendmsg+0x10/0x10
[   59.109337][ T5100]  __sock_sendmsg+0x142/0x180
[   59.109440][ T5100]  ____sys_sendmsg+0x31e/0x4e0
[   59.109470][ T5100]  ___sys_sendmsg+0x17b/0x1d0
[   59.109520][ T5100]  __x64_sys_sendmsg+0xd4/0x160
[   59.109570][ T5100]  x64_sys_call+0x191e/0x2ff0
[   59.109595][ T5100]  do_syscall_64+0xd2/0x200
[   59.109625][ T5100]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   59.109723][ T5100]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   59.109755][ T5100]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.109779][ T5100] RIP: 0033:0x7effd149eba9
[   59.109797][ T5100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.109817][ T5100] RSP: 002b:00007effcff07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   59.109850][ T5100] RAX: ffffffffffffffda RBX: 00007effd16e5fa0 RCX: 00007effd149eba9
[   59.109863][ T5100] RDX: 000000002400c800 RSI: 0000200000000cc0 RDI: 0000000000000004
[   59.109875][ T5100] RBP: 00007effcff07090 R08: 0000000000000000 R09: 0000000000000000
[   59.109887][ T5100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.109899][ T5100] R13: 00007effd16e6038 R14: 00007effd16e5fa0 R15: 00007ffcb851c538
[   59.109919][ T5100]  </TASK>
[   59.440480][ T5108] loop2: detected capacity change from 0 to 512
[   59.471446][ T5108] EXT4-fs: Ignoring removed oldalloc option
[   59.527033][ T5108] EXT4-fs (loop2): orphan cleanup on readonly fs
[   59.533748][ T5108] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[   59.543961][ T5104] SELinux: failed to load policy
[   59.561834][ T5108] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[   59.586788][ T5108] EXT4-fs error (device loop2): ext4_clear_blocks:876: inode #13: comm syz.2.496: attempt to clear invalid blocks 2 len 1
[   59.630885][ T5108] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.496: invalid indirect mapped block 1819239214 (level 0)
[   59.655485][ T5108] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.496: invalid indirect mapped block 1819239214 (level 1)
[   59.677714][ T5117] loop0: detected capacity change from 0 to 1024
[   59.685099][ T5108] EXT4-fs (loop2): 1 truncate cleaned up
[   59.727080][ T5108] EXT4-fs (loop2): shut down requested (1)
[   59.735020][ T5108] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=12
[   59.750594][ T5108] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=12
[   59.778182][ T5108] siw: device registration error -23
[   59.884452][ T5142] FAULT_INJECTION: forcing a failure.
[   59.884452][ T5142] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   59.897968][ T5142] CPU: 1 UID: 0 PID: 5142 Comm: syz.2.509 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   59.897999][ T5142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   59.898011][ T5142] Call Trace:
[   59.898047][ T5142]  <TASK>
[   59.898055][ T5142]  __dump_stack+0x1d/0x30
[   59.898079][ T5142]  dump_stack_lvl+0xe8/0x140
[   59.898100][ T5142]  dump_stack+0x15/0x1b
[   59.898119][ T5142]  should_fail_ex+0x265/0x280
[   59.898145][ T5142]  should_fail+0xb/0x20
[   59.898168][ T5142]  should_fail_usercopy+0x1a/0x20
[   59.898199][ T5142]  _copy_from_iter+0xd2/0xe80
[   59.898229][ T5142]  ? __build_skb_around+0x1a0/0x200
[   59.898254][ T5142]  ? __alloc_skb+0x223/0x320
[   59.898280][ T5142]  netlink_sendmsg+0x471/0x6b0
[   59.898368][ T5142]  ? __pfx_netlink_sendmsg+0x10/0x10
[   59.898404][ T5142]  __sock_sendmsg+0x142/0x180
[   59.898498][ T5142]  ____sys_sendmsg+0x31e/0x4e0
[   59.898530][ T5142]  ___sys_sendmsg+0x17b/0x1d0
[   59.898589][ T5142]  __x64_sys_sendmsg+0xd4/0x160
[   59.898620][ T5142]  x64_sys_call+0x191e/0x2ff0
[   59.898687][ T5142]  do_syscall_64+0xd2/0x200
[   59.898719][ T5142]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   59.898750][ T5142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.898775][ T5142] RIP: 0033:0x7f32d5a8eba9
[   59.898793][ T5142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.898813][ T5142] RSP: 002b:00007f32d44ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   59.898835][ T5142] RAX: ffffffffffffffda RBX: 00007f32d5cd5fa0 RCX: 00007f32d5a8eba9
[   59.898848][ T5142] RDX: 0000000024040810 RSI: 0000200000000000 RDI: 0000000000000003
[   59.898863][ T5142] RBP: 00007f32d44ef090 R08: 0000000000000000 R09: 0000000000000000
[   59.898876][ T5142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.898912][ T5142] R13: 00007f32d5cd6038 R14: 00007f32d5cd5fa0 R15: 00007ffcee5f6d58
[   59.898930][ T5142]  </TASK>
[   60.516016][ T5163] loop2: detected capacity change from 0 to 1024
[   60.596247][ T5163] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   60.803013][ T5169] __nla_validate_parse: 9 callbacks suppressed
[   60.803033][ T5169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.520'.
[   61.007161][ T5171] netlink: 4 bytes leftover after parsing attributes in process `syz.2.521'.
[   61.014107][   T29] kauditd_printk_skb: 109 callbacks suppressed
[   61.014123][   T29] audit: type=1400 audit(1757658202.395:2345): avc:  denied  { watch watch_reads } for  pid=5172 comm="syz.4.522" path="/proc/277" dev="proc" ino=9283 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   61.048166][ T5171] netlink: 28 bytes leftover after parsing attributes in process `syz.2.521'.
[   61.067785][ T5171] FAULT_INJECTION: forcing a failure.
[   61.067785][ T5171] name failslab, interval 1, probability 0, space 0, times 0
[   61.080677][ T5171] CPU: 1 UID: 0 PID: 5171 Comm: syz.2.521 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   61.080771][ T5171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   61.080864][ T5171] Call Trace:
[   61.080873][ T5171]  <TASK>
[   61.080882][ T5171]  __dump_stack+0x1d/0x30
[   61.080909][ T5171]  dump_stack_lvl+0xe8/0x140
[   61.080951][ T5171]  dump_stack+0x15/0x1b
[   61.081043][ T5171]  should_fail_ex+0x265/0x280
[   61.081066][ T5171]  should_failslab+0x8c/0xb0
[   61.081137][ T5171]  kmem_cache_alloc_noprof+0x50/0x310
[   61.081162][ T5171]  ? skb_clone+0x151/0x1f0
[   61.081194][ T5171]  skb_clone+0x151/0x1f0
[   61.081333][ T5171]  __netlink_deliver_tap+0x2c9/0x500
[   61.081464][ T5171]  ? netlink_attachskb+0x2d0/0x610
[   61.081488][ T5171]  netlink_sendskb+0x126/0x150
[   61.081514][ T5171]  netlink_unicast+0x2a2/0x690
[   61.081577][ T5171]  netlink_ack+0x4c8/0x500
[   61.081602][ T5171]  netlink_rcv_skb+0x192/0x220
[   61.081622][ T5171]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   61.081728][ T5171]  rtnetlink_rcv+0x1c/0x30
[   61.081759][ T5171]  netlink_unicast+0x5bd/0x690
[   61.081781][ T5171]  netlink_sendmsg+0x58b/0x6b0
[   61.081831][ T5171]  ? __pfx_netlink_sendmsg+0x10/0x10
[   61.081862][ T5171]  __sock_sendmsg+0x142/0x180
[   61.081956][ T5171]  ____sys_sendmsg+0x31e/0x4e0
[   61.081988][ T5171]  ___sys_sendmsg+0x17b/0x1d0
[   61.082040][ T5171]  __x64_sys_sendmsg+0xd4/0x160
[   61.082076][ T5171]  x64_sys_call+0x191e/0x2ff0
[   61.082134][ T5171]  do_syscall_64+0xd2/0x200
[   61.082165][ T5171]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   61.082190][ T5171]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   61.082267][ T5171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.082286][ T5171] RIP: 0033:0x7f32d5a8eba9
[   61.082374][ T5171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.082391][ T5171] RSP: 002b:00007f32d44ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   61.082412][ T5171] RAX: ffffffffffffffda RBX: 00007f32d5cd5fa0 RCX: 00007f32d5a8eba9
[   61.082424][ T5171] RDX: 0000000000000000 RSI: 0000200000005840 RDI: 0000000000000006
[   61.082436][ T5171] RBP: 00007f32d44ef090 R08: 0000000000000000 R09: 0000000000000000
[   61.082459][ T5171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   61.082470][ T5171] R13: 00007f32d5cd6038 R14: 00007f32d5cd5fa0 R15: 00007ffcee5f6d58
[   61.082500][ T5171]  </TASK>
[   61.413838][ T5177] netlink: 'syz.4.525': attribute type 3 has an invalid length.
[   61.420955][   T29] audit: type=1326 audit(1757658202.785:2346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5178 comm="syz.0.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2050feba9 code=0x7ffc0000
[   61.421743][ T5177] netlink: 132 bytes leftover after parsing attributes in process `syz.4.525'.
[   61.445788][   T29] audit: type=1326 audit(1757658202.785:2347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5178 comm="syz.0.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2050feba9 code=0x7ffc0000
[   61.478706][   T29] audit: type=1326 audit(1757658202.785:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5178 comm="syz.0.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7fa2050feba9 code=0x7ffc0000
[   61.503864][   T29] audit: type=1326 audit(1757658202.785:2349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5178 comm="syz.0.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2050feba9 code=0x7ffc0000
[   61.558491][ T5185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.526'.
[   61.583874][ T5185] netlink: 312 bytes leftover after parsing attributes in process `syz.0.526'.
[   61.593227][ T5185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.526'.
[   61.608661][ T5188] netlink: 8 bytes leftover after parsing attributes in process `syz.1.528'.
[   61.718985][   T29] audit: type=1326 audit(1757658203.005:2350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5186 comm="syz.2.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32d5a8eba9 code=0x7ffc0000
[   61.742470][   T29] audit: type=1326 audit(1757658203.015:2351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5186 comm="syz.2.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f32d5a8eba9 code=0x7ffc0000
[   61.766214][   T29] audit: type=1326 audit(1757658203.015:2352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5186 comm="syz.2.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32d5a8eba9 code=0x7ffc0000
[   61.790243][   T29] audit: type=1326 audit(1757658203.095:2353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5186 comm="syz.2.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f32d5a8eba9 code=0x7ffc0000
[   61.814336][   T29] audit: type=1326 audit(1757658203.095:2354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5186 comm="syz.2.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32d5a8eba9 code=0x7ffc0000
[   61.991093][ T5193] loop4: detected capacity change from 0 to 512
[   62.045929][ T5193] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   62.113184][ T5193] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   62.165798][ T5193] EXT4-fs (loop4): 1 truncate cleaned up
[   62.420596][ T5191] SELinux: failed to load policy
[   62.463116][ T5204] netlink: 4 bytes leftover after parsing attributes in process `syz.2.531'.
[   62.516849][ T5204] netlink: 4 bytes leftover after parsing attributes in process `syz.2.531'.
[   62.652314][   T23] vhci_hcd: vhci_device speed not set
[   62.720106][ T5207] FAULT_INJECTION: forcing a failure.
[   62.720106][ T5207] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   62.733491][ T5207] CPU: 1 UID: 0 PID: 5207 Comm: syz.2.533 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   62.733583][ T5207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   62.733648][ T5207] Call Trace:
[   62.733656][ T5207]  <TASK>
[   62.733666][ T5207]  __dump_stack+0x1d/0x30
[   62.733690][ T5207]  dump_stack_lvl+0xe8/0x140
[   62.733709][ T5207]  dump_stack+0x15/0x1b
[   62.733753][ T5207]  should_fail_ex+0x265/0x280
[   62.733781][ T5207]  should_fail+0xb/0x20
[   62.733805][ T5207]  should_fail_usercopy+0x1a/0x20
[   62.733834][ T5207]  _copy_from_iter+0xd2/0xe80
[   62.733877][ T5207]  ? __build_skb_around+0x1a0/0x200
[   62.733921][ T5207]  ? __alloc_skb+0x223/0x320
[   62.733957][ T5207]  netlink_sendmsg+0x471/0x6b0
[   62.734094][ T5207]  ? __pfx_netlink_sendmsg+0x10/0x10
[   62.734124][ T5207]  __sock_sendmsg+0x142/0x180
[   62.734167][ T5207]  ____sys_sendmsg+0x31e/0x4e0
[   62.734295][ T5207]  ___sys_sendmsg+0x17b/0x1d0
[   62.734329][ T5207]  __x64_sys_sendmsg+0xd4/0x160
[   62.734429][ T5207]  x64_sys_call+0x191e/0x2ff0
[   62.734479][ T5207]  do_syscall_64+0xd2/0x200
[   62.734513][ T5207]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   62.734546][ T5207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.734616][ T5207] RIP: 0033:0x7f32d5a8eba9
[   62.734632][ T5207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.734648][ T5207] RSP: 002b:00007f32d44ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   62.734692][ T5207] RAX: ffffffffffffffda RBX: 00007f32d5cd5fa0 RCX: 00007f32d5a8eba9
[   62.734706][ T5207] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[   62.734717][ T5207] RBP: 00007f32d44ef090 R08: 0000000000000000 R09: 0000000000000000
[   62.734729][ T5207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   62.734740][ T5207] R13: 00007f32d5cd6038 R14: 00007f32d5cd5fa0 R15: 00007ffcee5f6d58
[   62.734771][ T5207]  </TASK>
[   63.103246][ T5225] loop1: detected capacity change from 0 to 128
[   63.133769][ T5225] ext4 filesystem being mounted at /115/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   63.311251][ T5244] loop1: detected capacity change from 0 to 512
[   63.976735][ T5257] FAULT_INJECTION: forcing a failure.
[   63.976735][ T5257] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   63.990260][ T5257] CPU: 1 UID: 0 PID: 5257 Comm: syz.3.547 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   63.990289][ T5257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   63.990301][ T5257] Call Trace:
[   63.990309][ T5257]  <TASK>
[   63.990357][ T5257]  __dump_stack+0x1d/0x30
[   63.990381][ T5257]  dump_stack_lvl+0xe8/0x140
[   63.990423][ T5257]  dump_stack+0x15/0x1b
[   63.990439][ T5257]  should_fail_ex+0x265/0x280
[   63.990461][ T5257]  should_fail+0xb/0x20
[   63.990484][ T5257]  should_fail_usercopy+0x1a/0x20
[   63.990560][ T5257]  strncpy_from_user+0x25/0x230
[   63.990593][ T5257]  __se_sys_request_key+0x57/0x290
[   63.990620][ T5257]  ? __secure_computing+0x82/0x150
[   63.990730][ T5257]  __x64_sys_request_key+0x55/0x70
[   63.990752][ T5257]  x64_sys_call+0x1d98/0x2ff0
[   63.990776][ T5257]  do_syscall_64+0xd2/0x200
[   63.990816][ T5257]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   63.990893][ T5257]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   63.991002][ T5257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.991025][ T5257] RIP: 0033:0x7fe311f9eba9
[   63.991117][ T5257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   63.991137][ T5257] RSP: 002b:00007fe3109ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9
[   63.991158][ T5257] RAX: ffffffffffffffda RBX: 00007fe3121e5fa0 RCX: 00007fe311f9eba9
[   63.991197][ T5257] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   63.991216][ T5257] RBP: 00007fe3109ff090 R08: 0000000000000000 R09: 0000000000000000
[   63.991230][ T5257] R10: fffffffffffffffe R11: 0000000000000246 R12: 0000000000000001
[   63.991245][ T5257] R13: 00007fe3121e6038 R14: 00007fe3121e5fa0 R15: 00007ffd6a8e4118
[   63.991288][ T5257]  </TASK>
[   64.257761][ T5259] loop2: detected capacity change from 0 to 512
[   64.272259][ T2994] udevd[2994]: worker [3889] terminated by signal 33 (Unknown signal 33)
[   64.284525][ T5259] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   64.298206][ T5273] FAULT_INJECTION: forcing a failure.
[   64.298206][ T5273] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   64.311599][ T5273] CPU: 1 UID: 0 PID: 5273 Comm: syz.4.551 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   64.311627][ T5273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   64.311675][ T5273] Call Trace:
[   64.311682][ T5273]  <TASK>
[   64.311690][ T5273]  __dump_stack+0x1d/0x30
[   64.311711][ T5273]  dump_stack_lvl+0xe8/0x140
[   64.311733][ T5273]  dump_stack+0x15/0x1b
[   64.311752][ T5273]  should_fail_ex+0x265/0x280
[   64.311832][ T5273]  should_fail+0xb/0x20
[   64.311851][ T5273]  should_fail_usercopy+0x1a/0x20
[   64.311876][ T5273]  _copy_from_iter+0xd2/0xe80
[   64.311967][ T5273]  ? __build_skb_around+0x1a0/0x200
[   64.311989][ T5273]  ? __alloc_skb+0x223/0x320
[   64.312015][ T5273]  netlink_sendmsg+0x471/0x6b0
[   64.312043][ T5273]  ? __pfx_netlink_sendmsg+0x10/0x10
[   64.312071][ T5273]  __sock_sendmsg+0x142/0x180
[   64.312131][ T5273]  ____sys_sendmsg+0x31e/0x4e0
[   64.312158][ T5273]  ___sys_sendmsg+0x17b/0x1d0
[   64.312193][ T5273]  __x64_sys_sendmsg+0xd4/0x160
[   64.312227][ T5273]  x64_sys_call+0x191e/0x2ff0
[   64.312249][ T5273]  do_syscall_64+0xd2/0x200
[   64.312281][ T5273]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   64.312308][ T5273]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   64.312339][ T5273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.312402][ T5273] RIP: 0033:0x7f54808eeba9
[   64.312433][ T5273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.312451][ T5273] RSP: 002b:00007f547f336038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   64.312472][ T5273] RAX: ffffffffffffffda RBX: 00007f5480b36090 RCX: 00007f54808eeba9
[   64.312487][ T5273] RDX: 00000000040040d0 RSI: 0000200000000100 RDI: 0000000000000006
[   64.312501][ T5273] RBP: 00007f547f336090 R08: 0000000000000000 R09: 0000000000000000
[   64.312514][ T5273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.312528][ T5273] R13: 00007f5480b36128 R14: 00007f5480b36090 R15: 00007ffefcb64e98
[   64.312580][ T5273]  </TASK>
[   64.542205][ T5259] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.548: bg 0: block 4: invalid block bitmap
[   64.559859][ T5259] EXT4-fs (loop2): Remounting filesystem read-only
[   64.567591][ T5259] EXT4-fs (loop2): 1 truncate cleaned up
[   64.694448][ T5284] loop3: detected capacity change from 0 to 128
[   64.738845][ T5290] loop1: detected capacity change from 0 to 1024
[   64.779103][ T5296] loop3: detected capacity change from 0 to 128
[   64.784081][ T5290] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   64.786261][ T5296] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   64.816400][ T5298] netlink: 'syz.0.563': attribute type 27 has an invalid length.
[   64.869978][ T5306] netlink: 'syz.0.565': attribute type 27 has an invalid length.
[   64.900613][ T5306] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.910581][ T5306] 8021q: adding VLAN 0 to HW filter on device team0
[   64.919882][ T5306] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   65.070745][ T5323] bond0: entered allmulticast mode
[   65.076189][ T5323] bond_slave_1: entered allmulticast mode
[   65.082297][ T5323] team0: entered allmulticast mode
[   65.087622][ T5323] team_slave_0: entered allmulticast mode
[   65.093545][ T5323] team_slave_1: entered allmulticast mode
[   65.099725][ T5323] syz_tun: entered allmulticast mode
[   65.239674][ T5333] loop4: detected capacity change from 0 to 1024
[   65.302604][ T5333] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   65.306411][ T5346] IPv6: NLM_F_CREATE should be specified when creating new route
[   65.371432][ T5354] netlink: 'syz.0.583': attribute type 1 has an invalid length.
[   65.388335][ T5354] sch_fq: defrate 4294967295 ignored.
[   65.573620][ T5369] ip6_vti0: entered allmulticast mode
[   65.613487][ T5373] lo speed is unknown, defaulting to 1000
[   65.715212][ T5390] IPv6: NLM_F_CREATE should be specified when creating new route
[   65.736209][ T5390] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   65.743967][ T5390] IPv6: NLM_F_CREATE should be set when creating new route
[   65.758853][ T5373] loop3: detected capacity change from 0 to 8192
[   65.815080][ T5392] __nla_validate_parse: 11 callbacks suppressed
[   65.815106][ T5392] netlink: 8 bytes leftover after parsing attributes in process `syz.4.599'.
[   65.840937][ T5395] netlink: 28 bytes leftover after parsing attributes in process `syz.1.600'.
[   65.885451][ T5400] lo speed is unknown, defaulting to 1000
[   65.917180][ T5407] loop4: detected capacity change from 0 to 1024
[   66.037212][   T29] kauditd_printk_skb: 433 callbacks suppressed
[   66.037231][   T29] audit: type=1400 audit(1757658207.415:2788): avc:  denied  { create } for  pid=5406 comm="syz.4.605" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   66.147862][   T29] audit: type=1400 audit(1757658207.525:2789): avc:  denied  { unlink } for  pid=3311 comm="syz-executor" name="file0" dev="tmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   66.176844][   T29] audit: type=1326 audit(1757658207.565:2790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5420 comm="syz.1.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   66.205170][   T29] audit: type=1326 audit(1757658207.565:2791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5420 comm="syz.1.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   66.257429][   T29] audit: type=1326 audit(1757658207.565:2792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5420 comm="syz.1.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   66.283418][   T29] audit: type=1326 audit(1757658207.565:2793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5420 comm="syz.1.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   66.315276][   T29] audit: type=1326 audit(1757658207.565:2794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5420 comm="syz.1.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   66.342610][   T29] audit: type=1326 audit(1757658207.565:2795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5420 comm="syz.1.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   66.367630][   T29] audit: type=1326 audit(1757658207.565:2796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5420 comm="syz.1.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   66.392623][   T29] audit: type=1326 audit(1757658207.565:2797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5420 comm="syz.1.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   66.535169][ T5442] netlink: 16 bytes leftover after parsing attributes in process `syz.2.615'.
[   66.547503][ T5442] vxcan3: entered allmulticast mode
[   66.555420][ T5443] batadv0: vlans aren't supported yet for dev_uc|mc_add()
[   66.563047][ T5442] batadv0: vlans aren't supported yet for dev_uc|mc_add()
[   66.570504][ T5444] netlink: 11391 bytes leftover after parsing attributes in process `syz.2.615'.
[   66.584156][ T5439] netlink: 8 bytes leftover after parsing attributes in process `syz.0.614'.
[   66.623886][ T5453] FAULT_INJECTION: forcing a failure.
[   66.623886][ T5453] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   66.638072][ T5453] CPU: 1 UID: 0 PID: 5453 Comm: syz.2.618 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   66.638098][ T5453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   66.638107][ T5453] Call Trace:
[   66.638113][ T5453]  <TASK>
[   66.638119][ T5453]  __dump_stack+0x1d/0x30
[   66.638131][ T5453]  dump_stack_lvl+0xe8/0x140
[   66.638142][ T5453]  dump_stack+0x15/0x1b
[   66.638159][ T5453]  should_fail_ex+0x265/0x280
[   66.638188][ T5453]  should_fail+0xb/0x20
[   66.638198][ T5453]  should_fail_usercopy+0x1a/0x20
[   66.638210][ T5453]  _copy_to_user+0x20/0xa0
[   66.638225][ T5453]  simple_read_from_buffer+0xb5/0x130
[   66.638237][ T5453]  proc_fail_nth_read+0x10e/0x150
[   66.638339][ T5453]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   66.638352][ T5453]  vfs_read+0x1a8/0x770
[   66.638363][ T5453]  ? __rcu_read_unlock+0x4f/0x70
[   66.638441][ T5453]  ? __fget_files+0x184/0x1c0
[   66.638455][ T5453]  ksys_read+0xda/0x1a0
[   66.638467][ T5453]  __x64_sys_read+0x40/0x50
[   66.638478][ T5453]  x64_sys_call+0x27bc/0x2ff0
[   66.638528][ T5453]  do_syscall_64+0xd2/0x200
[   66.638544][ T5453]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   66.638556][ T5453]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   66.638570][ T5453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.638631][ T5453] RIP: 0033:0x7f32d5a8d5bc
[   66.638644][ T5453] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   66.638658][ T5453] RSP: 002b:00007f32d44ef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   66.638675][ T5453] RAX: ffffffffffffffda RBX: 00007f32d5cd5fa0 RCX: 00007f32d5a8d5bc
[   66.638685][ T5453] RDX: 000000000000000f RSI: 00007f32d44ef0a0 RDI: 0000000000000004
[   66.638746][ T5453] RBP: 00007f32d44ef090 R08: 0000000000000000 R09: 0000000000000000
[   66.638756][ T5453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.638765][ T5453] R13: 00007f32d5cd6038 R14: 00007f32d5cd5fa0 R15: 00007ffcee5f6d58
[   66.638781][ T5453]  </TASK>
[   66.962035][ T5459] netlink: 4 bytes leftover after parsing attributes in process `syz.3.620'.
[   67.027748][ T5467] pim6reg: left allmulticast mode
[   67.028040][ T5468] IPv6: NLM_F_CREATE should be specified when creating new route
[   67.041699][ T5468] FAULT_INJECTION: forcing a failure.
[   67.041699][ T5468] name failslab, interval 1, probability 0, space 0, times 0
[   67.054795][ T5468] CPU: 1 UID: 0 PID: 5468 Comm: syz.1.623 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   67.054841][ T5468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   67.054847][ T5468] Call Trace:
[   67.054852][ T5468]  <TASK>
[   67.054857][ T5468]  __dump_stack+0x1d/0x30
[   67.054931][ T5468]  dump_stack_lvl+0xe8/0x140
[   67.054941][ T5468]  dump_stack+0x15/0x1b
[   67.054950][ T5468]  should_fail_ex+0x265/0x280
[   67.054965][ T5468]  ? ip_fib_metrics_init+0x64/0x470
[   67.055052][ T5468]  should_failslab+0x8c/0xb0
[   67.055065][ T5468]  __kmalloc_cache_noprof+0x4c/0x320
[   67.055080][ T5468]  ? should_fail_ex+0xdb/0x280
[   67.055091][ T5468]  ip_fib_metrics_init+0x64/0x470
[   67.055104][ T5468]  ? fib6_info_alloc+0x2e/0x90
[   67.055203][ T5468]  ip6_route_info_create+0x113/0x390
[   67.055215][ T5468]  ip6_route_add+0x49/0x170
[   67.055275][ T5468]  inet6_rtm_newroute+0x112/0x1020
[   67.055290][ T5468]  ? __rcu_read_unlock+0x4f/0x70
[   67.055313][ T5468]  ? selinux_capable+0x31/0x40
[   67.055327][ T5468]  ? security_capable+0x83/0x90
[   67.055418][ T5468]  ? ns_capable+0x7d/0xb0
[   67.055428][ T5468]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[   67.055444][ T5468]  rtnetlink_rcv_msg+0x5fb/0x6d0
[   67.055461][ T5468]  netlink_rcv_skb+0x123/0x220
[   67.055477][ T5468]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   67.055494][ T5468]  rtnetlink_rcv+0x1c/0x30
[   67.055508][ T5468]  netlink_unicast+0x5bd/0x690
[   67.055520][ T5468]  netlink_sendmsg+0x58b/0x6b0
[   67.055558][ T5468]  ? __pfx_netlink_sendmsg+0x10/0x10
[   67.055672][ T5468]  __sock_sendmsg+0x142/0x180
[   67.055688][ T5468]  ____sys_sendmsg+0x31e/0x4e0
[   67.055701][ T5468]  ___sys_sendmsg+0x17b/0x1d0
[   67.055720][ T5468]  __x64_sys_sendmsg+0xd4/0x160
[   67.055795][ T5468]  x64_sys_call+0x191e/0x2ff0
[   67.055830][ T5468]  do_syscall_64+0xd2/0x200
[   67.055906][ T5468]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   67.055995][ T5468]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   67.056009][ T5468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.056021][ T5468] RIP: 0033:0x7effd149eba9
[   67.056030][ T5468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.056103][ T5468] RSP: 002b:00007effcff07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   67.056152][ T5468] RAX: ffffffffffffffda RBX: 00007effd16e5fa0 RCX: 00007effd149eba9
[   67.056159][ T5468] RDX: 0000000020040844 RSI: 0000200000000340 RDI: 0000000000000003
[   67.056171][ T5468] RBP: 00007effcff07090 R08: 0000000000000000 R09: 0000000000000000
[   67.056177][ T5468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   67.056183][ T5468] R13: 00007effd16e6038 R14: 00007effd16e5fa0 R15: 00007ffcb851c538
[   67.056195][ T5468]  </TASK>
[   67.057867][ T5461] loop2: detected capacity change from 0 to 256
[   67.199463][ T5470] Illegal XDP return value 4294967274 on prog  (id 395) dev syz_tun, expect packet loss!
[   67.360123][ T5461] syz.2.619: attempt to access beyond end of device
[   67.360123][ T5461] loop2: rw=2049, sector=256, nr_sectors = 68 limit=256
[   67.424763][ T5478] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5478 comm=syz.4.627
[   67.442414][ T5487] netlink: 4 bytes leftover after parsing attributes in process `syz.1.629'.
[   67.463286][ T5490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.628'.
[   67.522291][ T5489] loop3: detected capacity change from 0 to 8192
[   67.551806][ T5496] vlan2: entered allmulticast mode
[   67.557242][ T5496] dummy0: entered allmulticast mode
[   67.566425][ T5489] FAULT_INJECTION: forcing a failure.
[   67.566425][ T5489] name failslab, interval 1, probability 0, space 0, times 0
[   67.579397][ T5489] CPU: 1 UID: 0 PID: 5489 Comm: syz.3.630 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   67.579485][ T5489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   67.579497][ T5489] Call Trace:
[   67.579505][ T5489]  <TASK>
[   67.579513][ T5489]  __dump_stack+0x1d/0x30
[   67.579576][ T5489]  dump_stack_lvl+0xe8/0x140
[   67.579593][ T5489]  dump_stack+0x15/0x1b
[   67.579608][ T5489]  should_fail_ex+0x265/0x280
[   67.579630][ T5489]  ? audit_log_d_path+0x8d/0x150
[   67.579657][ T5489]  should_failslab+0x8c/0xb0
[   67.579837][ T5489]  __kmalloc_cache_noprof+0x4c/0x320
[   67.579864][ T5489]  audit_log_d_path+0x8d/0x150
[   67.579956][ T5489]  audit_log_d_path_exe+0x42/0x70
[   67.580070][ T5489]  audit_log_task+0x1e9/0x250
[   67.580105][ T5489]  audit_seccomp+0x61/0x100
[   67.580127][ T5489]  ? __seccomp_filter+0x68c/0x10d0
[   67.580147][ T5489]  __seccomp_filter+0x69d/0x10d0
[   67.580167][ T5489]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   67.580232][ T5489]  ? vfs_write+0x7e8/0x960
[   67.580322][ T5489]  ? __rcu_read_unlock+0x4f/0x70
[   67.580341][ T5489]  ? __fget_files+0x184/0x1c0
[   67.580366][ T5489]  __secure_computing+0x82/0x150
[   67.580385][ T5489]  syscall_trace_enter+0xcf/0x1e0
[   67.580475][ T5489]  do_syscall_64+0xac/0x200
[   67.580504][ T5489]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   67.580525][ T5489]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   67.580617][ T5489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.580636][ T5489] RIP: 0033:0x7fe311f9eba9
[   67.580652][ T5489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.580717][ T5489] RSP: 002b:00007fe3109ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   67.580736][ T5489] RAX: ffffffffffffffda RBX: 00007fe3121e5fa0 RCX: 00007fe311f9eba9
[   67.580748][ T5489] RDX: ffffffffffffffff RSI: 0000000000000000 RDI: ffffffffffffffff
[   67.580759][ T5489] RBP: 00007fe3109ff090 R08: 0000000000000007 R09: 0000000000000009
[   67.580770][ T5489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   67.580781][ T5489] R13: 00007fe3121e6038 R14: 00007fe3121e5fa0 R15: 00007ffd6a8e4118
[   67.580817][ T5489]  </TASK>
[   67.804007][ T5498] loop1: detected capacity change from 0 to 128
[   67.810783][ T5500] loop4: detected capacity change from 0 to 2048
[   68.026639][ T5512] netlink: 16 bytes leftover after parsing attributes in process `syz.3.637'.
[   68.027426][ T5510] netlink: 16 bytes leftover after parsing attributes in process `syz.2.636'.
[   68.456737][ T5524] SELinux:  Context system_u:object_r:modules_dep_t:s0 is not valid (left unmapped).
[   68.520386][ T5535] 9pnet_fd: Insufficient options for proto=fd
[   68.603471][ T5543] netlink: 'syz.1.647': attribute type 10 has an invalid length.
[   68.611591][ T5543] dummy0: entered promiscuous mode
[   68.617939][ T5543] bridge0: port 3(dummy0) entered blocking state
[   68.624789][ T5543] bridge0: port 3(dummy0) entered disabled state
[   68.631981][ T5543] dummy0: entered allmulticast mode
[   68.638012][ T5543] bridge0: port 3(dummy0) entered blocking state
[   68.644556][ T5543] bridge0: port 3(dummy0) entered forwarding state
[   69.134956][ T5556] loop3: detected capacity change from 0 to 1024
[   69.159294][ T5556] EXT4-fs mount: 66 callbacks suppressed
[   69.159311][ T5556] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.250029][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.327638][ T5573] loop3: detected capacity change from 0 to 512
[   69.393983][ T5577] FAT-fs (loop3): error, corrupted directory (invalid entries)
[   69.740096][ T5591] loop0: detected capacity change from 0 to 1024
[   69.764490][ T5591] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.866411][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.192201][ T5621] FAULT_INJECTION: forcing a failure.
[   70.192201][ T5621] name failslab, interval 1, probability 0, space 0, times 0
[   70.204994][ T5621] CPU: 1 UID: 0 PID: 5621 Comm: syz.3.674 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.205020][ T5621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   70.205031][ T5621] Call Trace:
[   70.205036][ T5621]  <TASK>
[   70.205049][ T5621]  __dump_stack+0x1d/0x30
[   70.205062][ T5621]  dump_stack_lvl+0xe8/0x140
[   70.205072][ T5621]  dump_stack+0x15/0x1b
[   70.205080][ T5621]  should_fail_ex+0x265/0x280
[   70.205092][ T5621]  should_failslab+0x8c/0xb0
[   70.205183][ T5621]  kmem_cache_alloc_noprof+0x50/0x310
[   70.205352][ T5621]  ? skb_clone+0x151/0x1f0
[   70.205387][ T5621]  skb_clone+0x151/0x1f0
[   70.205399][ T5621]  __netlink_deliver_tap+0x2c9/0x500
[   70.205415][ T5621]  netlink_unicast+0x66b/0x690
[   70.205427][ T5621]  netlink_sendmsg+0x58b/0x6b0
[   70.205515][ T5621]  ? __pfx_netlink_sendmsg+0x10/0x10
[   70.205528][ T5621]  __sock_sendmsg+0x142/0x180
[   70.205543][ T5621]  sock_write_iter+0x165/0x1b0
[   70.205592][ T5621]  do_iter_readv_writev+0x499/0x540
[   70.205606][ T5621]  vfs_writev+0x2df/0x8b0
[   70.205624][ T5621]  do_writev+0xe7/0x210
[   70.205694][ T5621]  __x64_sys_writev+0x45/0x50
[   70.205705][ T5621]  x64_sys_call+0x1e9a/0x2ff0
[   70.205716][ T5621]  do_syscall_64+0xd2/0x200
[   70.205808][ T5621]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   70.205840][ T5621]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   70.205854][ T5621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.205864][ T5621] RIP: 0033:0x7fe311f9eba9
[   70.205873][ T5621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.205955][ T5621] RSP: 002b:00007fe3109ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   70.205966][ T5621] RAX: ffffffffffffffda RBX: 00007fe3121e5fa0 RCX: 00007fe311f9eba9
[   70.205977][ T5621] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000007
[   70.206035][ T5621] RBP: 00007fe3109ff090 R08: 0000000000000000 R09: 0000000000000000
[   70.206041][ T5621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.206047][ T5621] R13: 00007fe3121e6038 R14: 00007fe3121e5fa0 R15: 00007ffd6a8e4118
[   70.206057][ T5621]  </TASK>
[   70.206069][ T5621] netlink: 'syz.3.674': attribute type 4 has an invalid length.
[   70.255912][ T5623] loop2: detected capacity change from 0 to 512
[   70.307429][   T23] lo speed is unknown, defaulting to 1000
[   70.314734][ T5623] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   70.315082][   T23] syz0: Port: 1 Link DOWN
[   70.322822][ T5623] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.471572][ T5623] ext4 filesystem being mounted at /125/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.487246][ T5628] loop3: detected capacity change from 0 to 164
[   70.515554][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.697884][ T5654] loop2: detected capacity change from 0 to 1024
[   70.723370][ T5654] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.752838][ T5654] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   70.801495][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.803437][ T5659] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   70.817988][ T5659] IPv6: NLM_F_CREATE should be set when creating new route
[   70.854077][ T5661] loop2: detected capacity change from 0 to 1024
[   70.882489][ T5661] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.899387][ T5667] FAULT_INJECTION: forcing a failure.
[   70.899387][ T5667] name failslab, interval 1, probability 0, space 0, times 0
[   70.912647][ T5667] CPU: 1 UID: 0 PID: 5667 Comm: syz.4.691 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   70.912725][ T5667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   70.912737][ T5667] Call Trace:
[   70.912745][ T5667]  <TASK>
[   70.912752][ T5667]  __dump_stack+0x1d/0x30
[   70.912776][ T5667]  dump_stack_lvl+0xe8/0x140
[   70.912797][ T5667]  dump_stack+0x15/0x1b
[   70.912861][ T5667]  should_fail_ex+0x265/0x280
[   70.912886][ T5667]  should_failslab+0x8c/0xb0
[   70.912910][ T5667]  kmem_cache_alloc_node_noprof+0x57/0x320
[   70.913015][ T5667]  ? __alloc_skb+0x101/0x320
[   70.913096][ T5667]  __alloc_skb+0x101/0x320
[   70.913126][ T5667]  netlink_dump+0x10d/0x8a0
[   70.913173][ T5667]  ? __kfree_skb+0x109/0x150
[   70.913198][ T5667]  ? nlmon_xmit+0x4f/0x60
[   70.913229][ T5667]  ? consume_skb+0x49/0x150
[   70.913257][ T5667]  __netlink_dump_start+0x43e/0x520
[   70.913354][ T5667]  ? __pfx_neightbl_dump_info+0x10/0x10
[   70.913375][ T5667]  rtnetlink_rcv_msg+0x552/0x6d0
[   70.913423][ T5667]  ? __pfx_neightbl_dump_info+0x10/0x10
[   70.913447][ T5667]  ? __pfx_rtnl_dumpit+0x10/0x10
[   70.913477][ T5667]  ? __pfx_neightbl_dump_info+0x10/0x10
[   70.913533][ T5667]  netlink_rcv_skb+0x123/0x220
[   70.913555][ T5667]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   70.913592][ T5667]  rtnetlink_rcv+0x1c/0x30
[   70.913698][ T5667]  netlink_unicast+0x5bd/0x690
[   70.913767][ T5667]  netlink_sendmsg+0x58b/0x6b0
[   70.913796][ T5667]  ? __pfx_netlink_sendmsg+0x10/0x10
[   70.913823][ T5667]  __sock_sendmsg+0x142/0x180
[   70.913970][ T5667]  ____sys_sendmsg+0x31e/0x4e0
[   70.913996][ T5667]  ___sys_sendmsg+0x17b/0x1d0
[   70.914035][ T5667]  __x64_sys_sendmsg+0xd4/0x160
[   70.914073][ T5667]  x64_sys_call+0x191e/0x2ff0
[   70.914116][ T5667]  do_syscall_64+0xd2/0x200
[   70.914216][ T5667]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   70.914303][ T5667]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   70.914329][ T5667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.914348][ T5667] RIP: 0033:0x7f54808eeba9
[   70.914425][ T5667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.914441][ T5667] RSP: 002b:00007f547f357038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   70.914461][ T5667] RAX: ffffffffffffffda RBX: 00007f5480b35fa0 RCX: 00007f54808eeba9
[   70.914472][ T5667] RDX: 0000000000000004 RSI: 0000200000000240 RDI: 0000000000000007
[   70.914484][ T5667] RBP: 00007f547f357090 R08: 0000000000000000 R09: 0000000000000000
[   70.914495][ T5667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   70.914566][ T5667] R13: 00007f5480b36038 R14: 00007f5480b35fa0 R15: 00007ffefcb64e98
[   70.914582][ T5667]  </TASK>
[   71.224251][   T29] kauditd_printk_skb: 425 callbacks suppressed
[   71.224271][   T29] audit: type=1326 audit(1757658212.595:3223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5673 comm="syz.4.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54808eeba9 code=0x7ffc0000
[   71.255021][   T29] audit: type=1326 audit(1757658212.595:3224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5673 comm="syz.4.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54808eeba9 code=0x7ffc0000
[   71.278857][   T29] audit: type=1326 audit(1757658212.595:3225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5673 comm="syz.4.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54808eeba9 code=0x7ffc0000
[   71.303233][   T29] audit: type=1326 audit(1757658212.595:3226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5673 comm="syz.4.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54808eeba9 code=0x7ffc0000
[   71.326908][   T29] audit: type=1326 audit(1757658212.595:3227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5673 comm="syz.4.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54808eeba9 code=0x7ffc0000
[   71.350804][   T29] audit: type=1326 audit(1757658212.595:3228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5673 comm="syz.4.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54808eeba9 code=0x7ffc0000
[   71.375534][   T29] audit: type=1326 audit(1757658212.595:3229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5673 comm="syz.4.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54808eeba9 code=0x7ffc0000
[   71.400057][   T29] audit: type=1326 audit(1757658212.595:3230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5673 comm="syz.4.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54808eeba9 code=0x7ffc0000
[   71.423730][   T29] audit: type=1326 audit(1757658212.595:3231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5673 comm="syz.4.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54808eeba9 code=0x7ffc0000
[   71.447423][   T29] audit: type=1326 audit(1757658212.595:3232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5673 comm="syz.4.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54808eeba9 code=0x7ffc0000
[   71.494904][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.506455][ T5676] __nla_validate_parse: 7 callbacks suppressed
[   71.506473][ T5676] netlink: 8 bytes leftover after parsing attributes in process `syz.4.694'.
[   71.607698][ T5692] loop1: detected capacity change from 0 to 1024
[   71.684257][ T5692] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.729372][ T5692] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   71.759831][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.786991][   T36] hid_parser_main: 46 callbacks suppressed
[   71.787039][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   71.796020][ T5716] 9pnet: Could not find request transport: rdma¤h?ZëNÛµzP%ÌÊž
[   71.800852][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   71.816020][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   71.823479][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   71.830930][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   71.838368][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   71.846256][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   71.853871][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   71.861436][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   71.869008][   T36] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   71.869623][ T5724] mmap: syz.1.705 (5724) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   71.877228][   T36] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   71.912775][ T5726] netlink: 20 bytes leftover after parsing attributes in process `syz.2.708'.
[   71.977601][ T5730] loop2: detected capacity change from 0 to 256
[   71.996810][ T5730] ref_ctr_offset mismatch. inode: 0x7 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000
[   72.008775][ T5730] netlink: 'syz.2.710': attribute type 4 has an invalid length.
[   72.099693][ T5732] netlink: 8 bytes leftover after parsing attributes in process `syz.1.711'.
[   72.213370][ T5740] netlink: 7 bytes leftover after parsing attributes in process `syz.1.713'.
[   72.258409][ T5748] loop2: detected capacity change from 0 to 1024
[   72.273030][ T5748] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.299997][ T5748] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   72.333069][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.347461][ T5746] FAULT_INJECTION: forcing a failure.
[   72.347461][ T5746] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.360950][ T5746] CPU: 1 UID: 0 PID: 5746 Comm: syz.1.715 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.360980][ T5746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   72.361071][ T5746] Call Trace:
[   72.361078][ T5746]  <TASK>
[   72.361086][ T5746]  __dump_stack+0x1d/0x30
[   72.361111][ T5746]  dump_stack_lvl+0xe8/0x140
[   72.361199][ T5746]  dump_stack+0x15/0x1b
[   72.361215][ T5746]  should_fail_ex+0x265/0x280
[   72.361237][ T5746]  should_fail+0xb/0x20
[   72.361260][ T5746]  should_fail_usercopy+0x1a/0x20
[   72.361359][ T5746]  _copy_to_user+0x20/0xa0
[   72.361431][ T5746]  simple_read_from_buffer+0xb5/0x130
[   72.361454][ T5746]  proc_fail_nth_read+0x10e/0x150
[   72.361538][ T5746]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   72.361628][ T5746]  vfs_read+0x1a8/0x770
[   72.361651][ T5746]  ? __rcu_read_unlock+0x4f/0x70
[   72.361674][ T5746]  ? __fget_files+0x184/0x1c0
[   72.361742][ T5746]  ksys_read+0xda/0x1a0
[   72.361767][ T5746]  __x64_sys_read+0x40/0x50
[   72.361792][ T5746]  x64_sys_call+0x27bc/0x2ff0
[   72.361814][ T5746]  do_syscall_64+0xd2/0x200
[   72.361909][ T5746]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   72.361937][ T5746]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   72.361971][ T5746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.361996][ T5746] RIP: 0033:0x7effd149d5bc
[   72.362012][ T5746] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   72.362028][ T5746] RSP: 002b:00007effcff07030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   72.362111][ T5746] RAX: ffffffffffffffda RBX: 00007effd16e5fa0 RCX: 00007effd149d5bc
[   72.362125][ T5746] RDX: 000000000000000f RSI: 00007effcff070a0 RDI: 0000000000000006
[   72.362208][ T5746] RBP: 00007effcff07090 R08: 0000000000000000 R09: 0000000000000000
[   72.362219][ T5746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.362228][ T5746] R13: 00007effd16e6038 R14: 00007effd16e5fa0 R15: 00007ffcb851c538
[   72.362277][ T5746]  </TASK>
[   72.677961][ T5764] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   72.710696][ T5766] FAULT_INJECTION: forcing a failure.
[   72.710696][ T5766] name failslab, interval 1, probability 0, space 0, times 0
[   72.723899][ T5766] CPU: 1 UID: 0 PID: 5766 Comm: syz.1.722 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   72.723985][ T5766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   72.723994][ T5766] Call Trace:
[   72.723999][ T5766]  <TASK>
[   72.724006][ T5766]  __dump_stack+0x1d/0x30
[   72.724023][ T5766]  dump_stack_lvl+0xe8/0x140
[   72.724153][ T5766]  dump_stack+0x15/0x1b
[   72.724174][ T5766]  should_fail_ex+0x265/0x280
[   72.724191][ T5766]  ? audit_log_d_path+0x8d/0x150
[   72.724215][ T5766]  should_failslab+0x8c/0xb0
[   72.724370][ T5766]  __kmalloc_cache_noprof+0x4c/0x320
[   72.724426][ T5766]  audit_log_d_path+0x8d/0x150
[   72.724519][ T5766]  audit_log_d_path_exe+0x42/0x70
[   72.724604][ T5766]  audit_log_task+0x1e9/0x250
[   72.724634][ T5766]  audit_seccomp+0x61/0x100
[   72.724658][ T5766]  ? __seccomp_filter+0x68c/0x10d0
[   72.724693][ T5766]  __seccomp_filter+0x69d/0x10d0
[   72.724716][ T5766]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   72.724747][ T5766]  ? vfs_write+0x7e8/0x960
[   72.724838][ T5766]  ? __rcu_read_unlock+0x4f/0x70
[   72.724861][ T5766]  ? __fget_files+0x184/0x1c0
[   72.724962][ T5766]  __secure_computing+0x82/0x150
[   72.724985][ T5766]  syscall_trace_enter+0xcf/0x1e0
[   72.725042][ T5766]  do_syscall_64+0xac/0x200
[   72.725073][ T5766]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   72.725098][ T5766]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   72.725256][ T5766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.725280][ T5766] RIP: 0033:0x7effd149eba9
[   72.725299][ T5766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.725318][ T5766] RSP: 002b:00007effcff07038 EFLAGS: 00000246 ORIG_RAX: 00000000000001cc
[   72.725343][ T5766] RAX: ffffffffffffffda RBX: 00007effd16e5fa0 RCX: 00007effd149eba9
[   72.725402][ T5766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000064
[   72.725416][ T5766] RBP: 00007effcff07090 R08: 0000000000000000 R09: 0000000000000000
[   72.725430][ T5766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.725443][ T5766] R13: 00007effd16e6038 R14: 00007effd16e5fa0 R15: 00007ffcb851c538
[   72.725463][ T5766]  </TASK>
[   72.965484][ T5768] netlink: 8 bytes leftover after parsing attributes in process `syz.4.723'.
[   72.996938][ T5772] loop2: detected capacity change from 0 to 1024
[   73.010704][ T5778] capability: warning: `syz.1.726' uses deprecated v2 capabilities in a way that may be insecure
[   73.025783][ T5772] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.052521][ T5783] loop3: detected capacity change from 0 to 1764
[   73.101966][ T5793] loop3: detected capacity change from 0 to 1024
[   73.113206][ T5793] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.140147][ T5793] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   73.159811][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.183506][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.435504][ T5830] loop2: detected capacity change from 0 to 128
[   73.451814][ T5830] EXT4-fs error (device loop2): __ext4_fill_super:5504: inode #2: comm syz.2.741: iget: checksum invalid
[   73.466752][ T5830] EXT4-fs (loop2): get root inode failed
[   73.472708][ T5830] EXT4-fs (loop2): mount failed
[   73.480469][ T5830] SELinux:  Context system_u:object_r:syslogd_var_lib_t:s0 is not valid (left unmapped).
[   73.482067][ T5834] netlink: 4 bytes leftover after parsing attributes in process `syz.0.742'.
[   73.491868][ T5830] netlink: 8 bytes leftover after parsing attributes in process `syz.2.741'.
[   73.499756][ T5834] netlink: 4 bytes leftover after parsing attributes in process `syz.0.742'.
[   73.529174][ T5834] tipc: Started in network mode
[   73.534135][ T5834] tipc: Node identity ac14140f, cluster identity 6
[   73.541008][ T5834] tipc: New replicast peer: 255.255.255.255
[   73.547419][ T5834] tipc: Enabled bearer <udp:s >, priority 10
[   73.574246][ T5840] loop0: detected capacity change from 0 to 1024
[   73.593464][ T5840] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.622505][ T5840] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   73.651541][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.703457][ T5855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.749'.
[   73.746826][ T5860] FAULT_INJECTION: forcing a failure.
[   73.746826][ T5860] name failslab, interval 1, probability 0, space 0, times 0
[   73.760045][ T5860] CPU: 0 UID: 0 PID: 5860 Comm: syz.2.751 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   73.760137][ T5860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   73.760149][ T5860] Call Trace:
[   73.760154][ T5860]  <TASK>
[   73.760162][ T5860]  __dump_stack+0x1d/0x30
[   73.760183][ T5860]  dump_stack_lvl+0xe8/0x140
[   73.760204][ T5860]  dump_stack+0x15/0x1b
[   73.760224][ T5860]  should_fail_ex+0x265/0x280
[   73.760329][ T5860]  should_failslab+0x8c/0xb0
[   73.760356][ T5860]  __kmalloc_node_noprof+0xa9/0x410
[   73.760382][ T5860]  ? crypto_create_tfm_node+0x5c/0x250
[   73.760464][ T5860]  crypto_create_tfm_node+0x5c/0x250
[   73.760487][ T5860]  ? crypto_mod_get+0x5a/0x90
[   73.760578][ T5860]  crypto_spawn_tfm2+0x43/0x80
[   73.760624][ T5860]  crypto_gcm_init_tfm+0x56/0x120
[   73.760652][ T5860]  ? __pfx_crypto_gcm_init_tfm+0x10/0x10
[   73.760678][ T5860]  crypto_aead_init_tfm+0x9d/0xc0
[   73.760715][ T5860]  crypto_create_tfm_node+0x108/0x250
[   73.760805][ T5860]  crypto_alloc_tfm_node+0xdc/0x2b0
[   73.760838][ T5860]  crypto_alloc_aead+0x2d/0x40
[   73.760867][ T5860]  tls_set_sw_offload+0x65a/0xba0
[   73.760982][ T5860]  tls_setsockopt+0x9b9/0xce0
[   73.761010][ T5860]  sock_common_setsockopt+0x69/0x80
[   73.761091][ T5860]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   73.761249][ T5860]  __sys_setsockopt+0x181/0x200
[   73.761345][ T5860]  __x64_sys_setsockopt+0x64/0x80
[   73.761371][ T5860]  x64_sys_call+0x20ec/0x2ff0
[   73.761392][ T5860]  do_syscall_64+0xd2/0x200
[   73.761426][ T5860]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   73.761502][ T5860]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   73.761580][ T5860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.761605][ T5860] RIP: 0033:0x7f32d5a8eba9
[   73.761624][ T5860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.761642][ T5860] RSP: 002b:00007f32d44ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   73.761661][ T5860] RAX: ffffffffffffffda RBX: 00007f32d5cd5fa0 RCX: 00007f32d5a8eba9
[   73.761677][ T5860] RDX: 0000000000000001 RSI: 000000000000011a RDI: 0000000000000004
[   73.761691][ T5860] RBP: 00007f32d44ef090 R08: 0000000000000028 R09: 0000000000000000
[   73.761704][ T5860] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   73.761765][ T5860] R13: 00007f32d5cd6038 R14: 00007f32d5cd5fa0 R15: 00007ffcee5f6d58
[   73.761782][ T5860]  </TASK>
[   74.027246][ T5863] loop4: detected capacity change from 0 to 512
[   74.035878][ T5863] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[   74.044206][ T5863] EXT4-fs (loop4): orphan cleanup on readonly fs
[   74.052428][ T5863] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[   74.069421][ T5863] EXT4-fs (loop4): Cannot turn on quotas: error -22
[   74.077168][ T5863] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #13: comm syz.4.752: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[   74.096768][ T5863] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.752: couldn't read orphan inode 13 (err -117)
[   74.109359][ T5863] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   74.136914][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.217037][ T5877] loop2: detected capacity change from 0 to 1024
[   74.235255][ T5882] loop0: detected capacity change from 0 to 512
[   74.258840][ T5885] loop3: detected capacity change from 0 to 512
[   74.267063][ T5882] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.759: iget: bad i_size value: 38620345925642
[   74.271822][ T5888] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 649
[   74.281835][ T5882] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.759: couldn't read orphan inode 15 (err -117)
[   74.291811][ T5885] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.760: iget: bad i_size value: 38620345925642
[   74.317711][ T5882] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.334648][ T5877] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.346962][ T5885] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.760: couldn't read orphan inode 15 (err -117)
[   74.361189][ T5885] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.381825][ T5885] EXT4-fs error (device loop3): ext4_lookup:1787: inode #15: comm syz.3.760: iget: bad i_size value: 38620345925642
[   74.384195][ T5877] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   74.414517][ T5891] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.759: bg 0: block 5: invalid block bitmap
[   74.432897][ T5885] dvmrp0: entered allmulticast mode
[   74.449501][ T5891] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 456 with error 28
[   74.462196][ T5891] EXT4-fs (loop0): This should not happen!! Data will be lost
[   74.462196][ T5891] 
[   74.472434][ T5891] EXT4-fs (loop0): Total free blocks count 0
[   74.478711][ T5891] EXT4-fs (loop0): Free/Dirty block details
[   74.484752][ T5891] EXT4-fs (loop0): free_blocks=0
[   74.489790][ T5891] EXT4-fs (loop0): dirty_blocks=456
[   74.495038][ T5891] EXT4-fs (loop0): Block reservation details
[   74.501194][ T5891] EXT4-fs (loop0): i_reserved_data_blocks=456
[   74.518837][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.536116][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.548637][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.549706][ T5896] loop3: detected capacity change from 0 to 1024
[   74.560905][   T10] tipc: Node number set to 2886997007
[   74.577533][ T5898] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125
[   74.593575][ T5896] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.607370][ T5898] loop2: detected capacity change from 0 to 128
[   74.646530][ T5896] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   74.694479][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.747677][ T5914] bridge0: entered promiscuous mode
[   74.753385][ T5914] macsec1: entered promiscuous mode
[   74.759755][ T5914] bridge0: port 4(macsec1) entered blocking state
[   74.766510][ T5914] bridge0: port 4(macsec1) entered disabled state
[   74.773570][ T5914] macsec1: entered allmulticast mode
[   74.779015][ T5914] bridge0: entered allmulticast mode
[   74.785453][ T5914] macsec1: left allmulticast mode
[   74.790698][ T5914] bridge0: left allmulticast mode
[   74.797675][ T5914] bridge0: left promiscuous mode
[   74.901066][ T5924] bridge_slave_0: left allmulticast mode
[   74.906821][ T5924] bridge_slave_0: left promiscuous mode
[   74.912765][ T5924] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.922115][ T5924] bridge_slave_1: left allmulticast mode
[   74.927861][ T5924] bridge_slave_1: left promiscuous mode
[   74.933824][ T5924] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.944333][ T5924] bond0: (slave bond_slave_0): Releasing backup interface
[   74.958146][ T5924] bond0: (slave bond_slave_1): Releasing backup interface
[   74.980877][ T5924] team0: Port device team_slave_0 removed
[   74.997320][ T5924] team0: Port device team_slave_1 removed
[   75.004709][ T5924] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   75.012199][ T5924] batman_adv: batadv0: Removing interface: batadv_slave_0
[   75.020727][ T5924] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   75.028238][ T5924] batman_adv: batadv0: Removing interface: batadv_slave_1
[   75.092684][ T5928] loop2: detected capacity change from 0 to 1024
[   75.099922][ T5928] EXT4-fs: inline encryption not supported
[   75.105837][ T5928] EXT4-fs: Ignoring removed i_version option
[   75.113627][ T5928] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   75.136434][ T5928] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.773: lblock 2 mapped to illegal pblock 2 (length 1)
[   75.154544][ T5931] netlink: 8 bytes leftover after parsing attributes in process `syz.4.774'.
[   75.163848][ T5928] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.773: lblock 0 mapped to illegal pblock 48 (length 1)
[   75.190055][ T5933] loop4: detected capacity change from 0 to 164
[   75.190979][ T5928] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.773: Failed to acquire dquot type 0
[   75.218611][ T5928] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[   75.228644][ T5928] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.773: mark_inode_dirty error
[   75.231614][ T5933] vlan2: entered allmulticast mode
[   75.240636][ T5935] loop1: detected capacity change from 0 to 1024
[   75.255023][ T5928] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   75.265498][ T5928] EXT4-fs (loop2): 1 orphan inode deleted
[   75.272050][ T5928] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.272890][ T5935] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.284459][ T3453] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[   75.312173][ T3453] EXT4-fs error (device loop2): ext4_release_dquot:6973: comm kworker/u8:8: Failed to release dquot type 0
[   75.338667][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.348250][ T3304] EXT4-fs error (device loop2): __ext4_get_inode_loc:4861: comm syz-executor: Invalid inode table block 1 in block_group 0
[   75.362342][ T3304] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem
[   75.374330][ T3304] EXT4-fs error (device loop2): ext4_quota_off:7221: inode #3: comm syz-executor: mark_inode_dirty error
[   75.396167][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.448414][ T5940] loop2: detected capacity change from 0 to 512
[   75.457441][ T5940] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.470952][ T5940] ext4 filesystem being mounted at /156/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   75.514922][ T5950] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.545197][ T5940] EXT4-fs error (device loop2): ext4_readdir:264: inode #12: block 32: comm syz.2.776: path /156/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   75.646051][ T5950] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.670453][ T5940] EXT4-fs (loop2): Remounting filesystem read-only
[   75.811205][ T5950] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.885762][ T5950] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.961398][ T3304] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.985744][   T51] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.007999][   T51] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.021709][   T51] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.036846][   T51] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.050242][ T5971] loop2: detected capacity change from 0 to 128
[   76.057842][ T5971] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   76.070932][ T5973] FAULT_INJECTION: forcing a failure.
[   76.070932][ T5973] name failslab, interval 1, probability 0, space 0, times 0
[   76.083803][ T5973] CPU: 0 UID: 0 PID: 5973 Comm: syz.0.786 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   76.083834][ T5973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   76.083846][ T5973] Call Trace:
[   76.083873][ T5973]  <TASK>
[   76.083933][ T5973]  __dump_stack+0x1d/0x30
[   76.083956][ T5973]  dump_stack_lvl+0xe8/0x140
[   76.083978][ T5973]  dump_stack+0x15/0x1b
[   76.083993][ T5973]  should_fail_ex+0x265/0x280
[   76.084016][ T5973]  should_failslab+0x8c/0xb0
[   76.084039][ T5973]  kmem_cache_alloc_noprof+0x50/0x310
[   76.084178][ T5973]  ? skb_clone+0x151/0x1f0
[   76.084206][ T5973]  skb_clone+0x151/0x1f0
[   76.084234][ T5973]  __netlink_deliver_tap+0x2c9/0x500
[   76.084275][ T5973]  ? netlink_attachskb+0x2d0/0x610
[   76.084306][ T5973]  netlink_sendskb+0x126/0x150
[   76.084329][ T5973]  netlink_unicast+0x2a2/0x690
[   76.084428][ T5973]  netlink_ack+0x4c8/0x500
[   76.084456][ T5973]  netlink_rcv_skb+0x192/0x220
[   76.084477][ T5973]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   76.084510][ T5973]  rtnetlink_rcv+0x1c/0x30
[   76.084578][ T5973]  netlink_unicast+0x5bd/0x690
[   76.084603][ T5973]  netlink_sendmsg+0x58b/0x6b0
[   76.084632][ T5973]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.084661][ T5973]  __sock_sendmsg+0x142/0x180
[   76.084713][ T5973]  ____sys_sendmsg+0x31e/0x4e0
[   76.084740][ T5973]  ___sys_sendmsg+0x17b/0x1d0
[   76.084780][ T5973]  __x64_sys_sendmsg+0xd4/0x160
[   76.084808][ T5973]  x64_sys_call+0x191e/0x2ff0
[   76.084833][ T5973]  do_syscall_64+0xd2/0x200
[   76.084881][ T5973]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   76.084957][ T5973]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   76.084988][ T5973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.085073][ T5973] RIP: 0033:0x7fa2050feba9
[   76.085088][ T5973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.085105][ T5973] RSP: 002b:00007fa203b67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.085125][ T5973] RAX: ffffffffffffffda RBX: 00007fa205345fa0 RCX: 00007fa2050feba9
[   76.085137][ T5973] RDX: 0000000024040084 RSI: 0000200000006040 RDI: 0000000000000008
[   76.085150][ T5973] RBP: 00007fa203b67090 R08: 0000000000000000 R09: 0000000000000000
[   76.085224][ T5973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.085236][ T5973] R13: 00007fa205346038 R14: 00007fa205345fa0 R15: 00007ffcd08c4208
[   76.085253][ T5973]  </TASK>
[   76.143719][ T5971] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   76.322374][ T5977] loop0: detected capacity change from 0 to 1024
[   76.358460][   T29] kauditd_printk_skb: 396 callbacks suppressed
[   76.358478][   T29] audit: type=1400 audit(1757658217.735:3626): avc:  denied  { mounton } for  pid=5970 comm="syz.2.784" path="/157/file0/file0" dev="loop2" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[   76.388576][ T5942] syz.4.778 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[   76.403599][ T5942] CPU: 0 UID: 0 PID: 5942 Comm: syz.4.778 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   76.403631][ T5942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   76.403645][ T5942] Call Trace:
[   76.403653][ T5942]  <TASK>
[   76.403662][ T5942]  __dump_stack+0x1d/0x30
[   76.403686][ T5942]  dump_stack_lvl+0xe8/0x140
[   76.403718][ T5942]  dump_stack+0x15/0x1b
[   76.403734][ T5942]  dump_header+0x81/0x220
[   76.403766][ T5942]  oom_kill_process+0x342/0x400
[   76.403813][ T5942]  out_of_memory+0x979/0xb80
[   76.403878][ T5942]  try_charge_memcg+0x5e6/0x9e0
[   76.403906][ T5942]  obj_cgroup_charge_pages+0xa6/0x150
[   76.403967][ T5942]  __memcg_kmem_charge_page+0x9f/0x170
[   76.404058][ T5942]  __alloc_frozen_pages_noprof+0x188/0x360
[   76.404205][ T5942]  alloc_pages_mpol+0xb3/0x250
[   76.404266][ T5942]  alloc_pages_noprof+0x90/0x130
[   76.404299][ T5942]  __vmalloc_node_range_noprof+0x6f2/0xe00
[   76.404408][ T5942]  __kvmalloc_node_noprof+0x30f/0x4e0
[   76.404442][ T5942]  ? ip_set_alloc+0x1f/0x30
[   76.404467][ T5942]  ? ip_set_alloc+0x1f/0x30
[   76.404490][ T5942]  ? __kmalloc_cache_noprof+0x189/0x320
[   76.404583][ T5942]  ip_set_alloc+0x1f/0x30
[   76.404602][ T5942]  hash_netiface_create+0x282/0x740
[   76.404631][ T5942]  ? __pfx_hash_netiface_create+0x10/0x10
[   76.404657][ T5942]  ip_set_create+0x3c9/0x960
[   76.404750][ T5942]  ? __nla_parse+0x40/0x60
[   76.404820][ T5942]  nfnetlink_rcv_msg+0x4c3/0x590
[   76.404858][ T5942]  netlink_rcv_skb+0x123/0x220
[   76.404990][ T5942]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   76.405017][ T5942]  nfnetlink_rcv+0x16b/0x1690
[   76.405040][ T5942]  ? nlmon_xmit+0x4f/0x60
[   76.405138][ T5942]  ? consume_skb+0x49/0x150
[   76.405164][ T5942]  ? nlmon_xmit+0x4f/0x60
[   76.405240][ T5942]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   76.405272][ T5942]  ? __dev_queue_xmit+0x1200/0x2000
[   76.405368][ T5942]  ? __dev_queue_xmit+0x182/0x2000
[   76.405397][ T5942]  ? __alloc_frozen_pages_noprof+0x188/0x360
[   76.405496][ T5942]  ? ref_tracker_free+0x37d/0x3e0
[   76.405594][ T5942]  ? __netlink_deliver_tap+0x4dc/0x500
[   76.405626][ T5942]  netlink_unicast+0x5bd/0x690
[   76.405653][ T5942]  netlink_sendmsg+0x58b/0x6b0
[   76.405716][ T5942]  ? __pfx_netlink_sendmsg+0x10/0x10
[   76.405746][ T5942]  __sock_sendmsg+0x142/0x180
[   76.405829][ T5942]  ____sys_sendmsg+0x31e/0x4e0
[   76.405922][ T5942]  ___sys_sendmsg+0x17b/0x1d0
[   76.405974][ T5942]  __x64_sys_sendmsg+0xd4/0x160
[   76.406008][ T5942]  x64_sys_call+0x191e/0x2ff0
[   76.406033][ T5942]  do_syscall_64+0xd2/0x200
[   76.406181][ T5942]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   76.406209][ T5942]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   76.406295][ T5942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.406319][ T5942] RIP: 0033:0x7f54808eeba9
[   76.406337][ T5942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.406408][ T5942] RSP: 002b:00007f547f357038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.406431][ T5942] RAX: ffffffffffffffda RBX: 00007f5480b35fa0 RCX: 00007f54808eeba9
[   76.406445][ T5942] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[   76.406459][ T5942] RBP: 00007f5480971e19 R08: 0000000000000000 R09: 0000000000000000
[   76.406473][ T5942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.406486][ T5942] R13: 00007f5480b36038 R14: 00007f5480b35fa0 R15: 00007ffefcb64e98
[   76.406506][ T5942]  </TASK>
[   76.406595][ T5942] memory: usage 307200kB, limit 307200kB, failcnt 1253
[   76.436785][   T29] audit: type=1400 audit(1757658217.765:3627): avc:  denied  { mount } for  pid=5970 comm="syz.2.784" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[   76.437435][ T5942] memory+swap: usage 377016kB, limit 9007199254740988kB, failcnt 0
[   76.442191][   T29] audit: type=1400 audit(1757658217.765:3628): avc:  denied  { mounton } for  pid=5970 comm="syz.2.784" path="/157/file0/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[   76.446408][ T5942] kmem: usage 302828kB, limit 9007199254740988kB, failcnt 0
[   76.446425][ T5942] Memory cgroup stats for /syz4
[   76.471442][   T29] audit: type=1400 audit(1757658217.825:3629): avc:  denied  { unmount } for  pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[   76.476630][ T5942] :
[   76.485924][ T5977] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.491007][ T5942] cache 0
[   76.860229][ T5942] rss 4427776
[   76.863570][ T5942] shmem 0
[   76.866526][ T5942] mapped_file 0
[   76.870112][ T5942] dirty 0
[   76.873076][ T5942] writeback 0
[   76.876357][ T5942] workingset_refault_anon 31
[   76.881266][ T5942] workingset_refault_file 422
[   76.886017][ T5942] swap 71491584
[   76.889623][ T5942] swapcached 49152
[   76.893446][ T5942] pgpgin 64246
[   76.896886][ T5942] pgpgout 63153
[   76.900357][ T5942] pgfault 45561
[   76.903839][ T5942] pgmajfault 24
[   76.907312][ T5942] inactive_anon 634880
[   76.911579][ T5942] active_anon 3842048
[   76.915698][ T5942] inactive_file 0
[   76.919395][ T5942] active_file 0
[   76.922938][ T5942] unevictable 0
[   76.926546][ T5942] hierarchical_memory_limit 314572800
[   76.931919][ T5942] hierarchical_memsw_limit 9223372036854771712
[   76.938315][ T5942] total_cache 0
[   76.941878][ T5942] total_rss 4427776
[   76.945912][ T5942] total_shmem 0
[   76.949481][ T5942] total_mapped_file 0
[   76.953745][ T5942] total_dirty 0
[   76.957372][ T5942] total_writeback 0
[   76.961375][ T5942] total_workingset_refault_anon 31
[   76.967125][ T5942] total_workingset_refault_file 422
[   76.972312][ T5942] total_swap 71491584
[   76.976285][ T5942] total_swapcached 49152
[   76.980508][ T5942] total_pgpgin 64246
[   76.984467][ T5942] total_pgpgout 63153
[   76.988442][ T5942] total_pgfault 45561
[   76.992510][ T5942] total_pgmajfault 24
[   76.996629][ T5942] total_inactive_anon 634880
[   77.001255][ T5942] total_active_anon 3842048
[   77.005734][ T5942] total_inactive_file 0
[   77.009878][ T5942] total_active_file 0
[   77.013868][ T5942] total_unevictable 0
[   77.017852][ T5942] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.778,pid=5941,uid=0
[   77.032645][ T5942] Memory cgroup out of memory: Killed process 5941 (syz.4.778) total-vm:93892kB, anon-rss:5424kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000
[   77.050588][ T3304] FAT-fs (loop2): error, corrupted directory (invalid entries)
[   77.058592][ T3304] FAT-fs (loop2): Filesystem has been set read-only
[   77.065886][ T3304] FAT-fs (loop2): error, corrupted directory (invalid entries)
[   77.114400][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.125367][ T5511] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   77.168474][ T5981] loop0: detected capacity change from 0 to 512
[   77.175730][ T5981] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   77.207521][ T5981] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.789: invalid indirect mapped block 4294967295 (level 0)
[   77.229192][ T5942] syz.4.778 (5942) used greatest stack depth: 6136 bytes left
[   77.242760][ T5981] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.789: invalid indirect mapped block 4294967295 (level 1)
[   77.266860][ T5981] EXT4-fs (loop0): 1 orphan inode deleted
[   77.272780][ T5981] EXT4-fs (loop0): 1 truncate cleaned up
[   77.278921][ T5981] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.289983][   T29] audit: type=1326 audit(1757658218.645:3630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5982 comm="syz.1.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   77.314480][   T29] audit: type=1326 audit(1757658218.645:3631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5982 comm="syz.1.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   77.338087][   T29] audit: type=1326 audit(1757658218.645:3632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5982 comm="syz.1.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   77.361576][   T29] audit: type=1326 audit(1757658218.645:3633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5982 comm="syz.1.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   77.385386][   T29] audit: type=1326 audit(1757658218.645:3634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5982 comm="syz.1.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   77.391775][ T5995] loop4: detected capacity change from 0 to 1024
[   77.409657][   T29] audit: type=1326 audit(1757658218.645:3635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5982 comm="syz.1.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effd149eba9 code=0x7ffc0000
[   77.429221][ T5995] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.442013][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.468485][ T5995] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   77.499360][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.533989][ T6009] loop4: detected capacity change from 0 to 1764
[   77.554035][ T3453] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.614986][ T3453] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.637352][ T6012] loop0: detected capacity change from 0 to 4096
[   77.654320][ T6012] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   77.674332][ T3453] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.674409][ T6012] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.698085][ T6012] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.745882][ T3453] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.785906][ T6015] lo speed is unknown, defaulting to 1000
[   77.856648][ T6033] __nla_validate_parse: 2 callbacks suppressed
[   77.856664][ T6033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.803'.
[   77.888879][ T6033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.803'.
[   77.972911][ T3453] bond0 (unregistering): Released all slaves
[   77.999899][ T6045] loop4: detected capacity change from 0 to 1024
[   78.014012][ T6015] chnl_net:caif_netlink_parms(): no params data found
[   78.016315][ T6045] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.046693][ T3453] hsr_slave_0: left promiscuous mode
[   78.053110][ T3453] hsr_slave_1: left promiscuous mode
[   78.062331][ T3453] veth1_macvtap: left promiscuous mode
[   78.067949][ T3453] veth0_macvtap: left promiscuous mode
[   78.075910][ T3453] veth1_vlan: left promiscuous mode
[   78.081787][ T3453] veth0_vlan: left promiscuous mode
[   78.259922][ T6068] loop3: detected capacity change from 0 to 1764
[   78.287530][ T6070] netlink: 16 bytes leftover after parsing attributes in process `syz.0.808'.
[   78.382664][ T6081] loop1: detected capacity change from 0 to 1024
[   78.398158][ T6015] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.405587][ T6015] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.412263][ T6081] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.472286][ T6015] bridge_slave_0: entered allmulticast mode
[   78.476935][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.478899][ T6015] bridge_slave_0: entered promiscuous mode
[   78.495048][ T6015] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.502741][ T6015] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.510388][ T6015] bridge_slave_1: entered allmulticast mode
[   78.517389][ T6015] bridge_slave_1: entered promiscuous mode
[   78.517512][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.544386][ T6090] netlink: 4 bytes leftover after parsing attributes in process `syz.4.818'.
[   78.544911][ T6015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.590580][ T6090] netlink: 4 bytes leftover after parsing attributes in process `syz.4.818'.
[   78.716835][ T6015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.766330][ T6015] team0: Port device team_slave_0 added
[   78.778055][ T6015] team0: Port device team_slave_1 added
[   78.855442][ T6015] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.862613][ T6015] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.888940][ T6015] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.902063][ T6015] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.909092][ T6015] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.935575][ T6015] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.999282][ T6015] hsr_slave_0: entered promiscuous mode
[   79.005852][ T6015] hsr_slave_1: entered promiscuous mode
[   79.027640][ T6061] syz.0.808 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[   79.041985][ T6061] CPU: 0 UID: 0 PID: 6061 Comm: syz.0.808 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   79.042015][ T6061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   79.042027][ T6061] Call Trace:
[   79.042033][ T6061]  <TASK>
[   79.042172][ T6061]  __dump_stack+0x1d/0x30
[   79.042197][ T6061]  dump_stack_lvl+0xe8/0x140
[   79.042220][ T6061]  dump_stack+0x15/0x1b
[   79.042240][ T6061]  dump_header+0x81/0x220
[   79.042269][ T6061]  oom_kill_process+0x342/0x400
[   79.042367][ T6061]  out_of_memory+0x979/0xb80
[   79.042401][ T6061]  try_charge_memcg+0x5e6/0x9e0
[   79.042435][ T6061]  obj_cgroup_charge_pages+0xa6/0x150
[   79.042466][ T6061]  __memcg_kmem_charge_page+0x9f/0x170
[   79.042569][ T6061]  __alloc_frozen_pages_noprof+0x188/0x360
[   79.042607][ T6061]  alloc_pages_mpol+0xb3/0x250
[   79.042700][ T6061]  alloc_pages_noprof+0x90/0x130
[   79.042734][ T6061]  __vmalloc_node_range_noprof+0x6f2/0xe00
[   79.042773][ T6061]  __kvmalloc_node_noprof+0x30f/0x4e0
[   79.042814][ T6061]  ? ip_set_alloc+0x1f/0x30
[   79.042837][ T6061]  ? ip_set_alloc+0x1f/0x30
[   79.042961][ T6061]  ? __kmalloc_cache_noprof+0x189/0x320
[   79.042997][ T6061]  ip_set_alloc+0x1f/0x30
[   79.043020][ T6061]  hash_netiface_create+0x282/0x740
[   79.043046][ T6061]  ? __pfx_hash_netiface_create+0x10/0x10
[   79.043148][ T6061]  ip_set_create+0x3c9/0x960
[   79.043186][ T6061]  ? __nla_parse+0x40/0x60
[   79.043267][ T6061]  nfnetlink_rcv_msg+0x4c3/0x590
[   79.043365][ T6061]  netlink_rcv_skb+0x123/0x220
[   79.043393][ T6061]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   79.043422][ T6061]  nfnetlink_rcv+0x16b/0x1690
[   79.043445][ T6061]  ? nlmon_xmit+0x4f/0x60
[   79.043473][ T6061]  ? consume_skb+0x49/0x150
[   79.043574][ T6061]  ? nlmon_xmit+0x4f/0x60
[   79.043613][ T6061]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   79.043643][ T6061]  ? __dev_queue_xmit+0x1200/0x2000
[   79.043667][ T6061]  ? __dev_queue_xmit+0x182/0x2000
[   79.043697][ T6061]  ? __alloc_frozen_pages_noprof+0x188/0x360
[   79.043800][ T6061]  ? ref_tracker_free+0x37d/0x3e0
[   79.043833][ T6061]  ? __netlink_deliver_tap+0x4dc/0x500
[   79.043925][ T6061]  netlink_unicast+0x5bd/0x690
[   79.043950][ T6061]  netlink_sendmsg+0x58b/0x6b0
[   79.043978][ T6061]  ? __pfx_netlink_sendmsg+0x10/0x10
[   79.044010][ T6061]  __sock_sendmsg+0x142/0x180
[   79.044098][ T6061]  ____sys_sendmsg+0x31e/0x4e0
[   79.044205][ T6061]  ___sys_sendmsg+0x17b/0x1d0
[   79.044249][ T6061]  __x64_sys_sendmsg+0xd4/0x160
[   79.044292][ T6061]  x64_sys_call+0x191e/0x2ff0
[   79.044316][ T6061]  do_syscall_64+0xd2/0x200
[   79.044359][ T6061]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   79.044382][ T6061]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   79.044482][ T6061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.044506][ T6061] RIP: 0033:0x7fa2050feba9
[   79.044527][ T6061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   79.044550][ T6061] RSP: 002b:00007fa203b67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   79.044577][ T6061] RAX: ffffffffffffffda RBX: 00007fa205345fa0 RCX: 00007fa2050feba9
[   79.044667][ T6061] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[   79.044682][ T6061] RBP: 00007fa205181e19 R08: 0000000000000000 R09: 0000000000000000
[   79.044694][ T6061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   79.044706][ T6061] R13: 00007fa205346038 R14: 00007fa205345fa0 R15: 00007ffcd08c4208
[   79.044789][ T6061]  </TASK>
[   79.044796][ T6061] memory: usage 307200kB, limit 307200kB, failcnt 1609
[   79.083747][ T6111] loop4: detected capacity change from 0 to 1764
[   79.085683][ T6061] memory+swap: usage 335796kB, limit 9007199254740988kB, failcnt 0
[   79.095000][ T6061] kmem: usage 261444kB, limit 9007199254740988kB, failcnt 0
[   79.104573][ T6061] Memory cgroup stats for /syz0:
[   79.420244][ T6061] cache 37781504
[   79.428953][ T6061] rss 9056256
[   79.432474][ T6061] shmem 37781504
[   79.436181][ T6061] mapped_file 0
[   79.439644][ T6061] dirty 0
[   79.442628][ T6061] writeback 0
[   79.445989][ T6061] workingset_refault_anon 8
[   79.450694][ T6061] workingset_refault_file 9950
[   79.455660][ T6061] swap 29282304
[   79.459212][ T6061] swapcached 24576
[   79.463088][ T6061] pgpgin 109037
[   79.466543][ T6061] pgpgout 97598
[   79.470152][ T6061] pgfault 48768
[   79.473611][ T6061] pgmajfault 17
[   79.477518][ T6061] inactive_anon 5537792
[   79.481727][ T6061] active_anon 41304064
[   79.485955][ T6061] inactive_file 0
[   79.489593][ T6061] active_file 12288
[   79.493498][ T6061] unevictable 0
[   79.496955][ T6061] hierarchical_memory_limit 314572800
[   79.502602][ T6061] hierarchical_memsw_limit 9223372036854771712
[   79.508770][ T6061] total_cache 37781504
[   79.512835][ T6061] total_rss 9056256
[   79.516707][ T6061] total_shmem 37781504
[   79.520754][ T6061] total_mapped_file 0
[   79.524771][ T6061] total_dirty 0
[   79.528204][ T6061] total_writeback 0
[   79.532030][ T6061] total_workingset_refault_anon 8
[   79.537051][ T6061] total_workingset_refault_file 9950
[   79.542370][ T6061] total_swap 29282304
[   79.546326][ T6061] total_swapcached 24576
[   79.550577][ T6061] total_pgpgin 109037
[   79.554564][ T6061] total_pgpgout 97598
[   79.558848][ T6061] total_pgfault 48768
[   79.562909][ T6061] total_pgmajfault 17
[   79.566902][ T6061] total_inactive_anon 5537792
[   79.571669][ T6061] total_active_anon 41304064
[   79.576232][ T6061] total_inactive_file 0
[   79.580444][ T6061] total_active_file 12288
[   79.584780][ T6061] total_unevictable 0
[   79.588821][ T6061] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.808,pid=6058,uid=0
[   79.603664][ T6061] Memory cgroup out of memory: Killed process 6058 (syz.0.808) total-vm:93892kB, anon-rss:9392kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000
[   79.758854][ T6126] loop1: detected capacity change from 0 to 1024
[   79.765102][ T6015] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   79.787033][ T6130] loop3: detected capacity change from 0 to 1024
[   79.795614][ T6132] netlink: 4 bytes leftover after parsing attributes in process `syz.4.830'.
[   79.805343][ T6015] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   79.816927][ T6015] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   79.825344][ T6126] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.847760][ T6015] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   79.854912][ T6132] netlink: 4 bytes leftover after parsing attributes in process `syz.4.830'.
[   79.862928][ T6130] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.906602][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.961803][ T6015] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.976299][ T6015] 8021q: adding VLAN 0 to HW filter on device team0
[   79.992373][  T778] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.999910][  T778] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.037422][  T778] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.044574][  T778] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.056853][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.169435][ T6015] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.359147][ T6015] veth0_vlan: entered promiscuous mode
[   80.365008][ T6199] loop3: detected capacity change from 0 to 1024
[   80.368008][ T6015] veth1_vlan: entered promiscuous mode
[   80.385522][ T6199] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   80.415840][ T6202] netlink: 16 bytes leftover after parsing attributes in process `syz.0.841'.
[   80.433775][ T6015] veth0_macvtap: entered promiscuous mode
[   80.448655][ T6015] veth1_macvtap: entered promiscuous mode
[   80.462571][ T6015] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.493099][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.512317][ T6015] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.524842][ T3453] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.536356][ T6205] loop3: detected capacity change from 0 to 1764
[   80.536408][ T3453] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.568798][ T3453] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.595772][ T3453] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.627370][ T6208] netlink: 8 bytes leftover after parsing attributes in process `syz.5.797'.
[   80.639221][ T6208] netlink: 4 bytes leftover after parsing attributes in process `syz.5.797'.
[   80.788955][ T6220] loop5: detected capacity change from 0 to 1024
[   80.850927][ T3307] ==================================================================
[   80.859236][ T3307] BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
[   80.869177][ T3307] 
[   80.871517][ T3307] read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 0:
[   80.879688][ T3307]  tick_do_update_jiffies64+0x113/0x1c0
[   80.885255][ T3307]  tick_nohz_handler+0x7f/0x2d0
[   80.890303][ T3307]  __hrtimer_run_queues+0x20f/0x5a0
[   80.895530][ T3307]  hrtimer_interrupt+0x21a/0x460
[   80.900485][ T3307]  __sysvec_apic_timer_interrupt+0x5c/0x1d0
[   80.906416][ T3307]  sysvec_apic_timer_interrupt+0x6f/0x80
[   80.912154][ T3307]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   80.918577][ T3307]  kcsan_setup_watchpoint+0x415/0x430
[   80.923959][ T3307]  format_decode+0x2fd/0x580
[   80.928552][ T3307]  vsnprintf+0xcb/0x890
[   80.932797][ T3307]  sprintf+0x88/0xb0
[   80.936787][ T3307]  __sprint_symbol+0x105/0x1b0
[   80.941736][ T3307]  sprint_symbol+0x24/0x30
[   80.946642][ T3307]  symbol_string+0x15f/0x250
[   80.951343][ T3307]  pointer+0x60c/0xcf0
[   80.955431][ T3307]  vsnprintf+0x491/0x890
[   80.959955][ T3307]  seq_printf+0xd3/0x140
[   80.964259][ T3307]  vmalloc_info_show+0x15d/0x850
[   80.969377][ T3307]  seq_read_iter+0x319/0x940
[   80.974079][ T3307]  proc_reg_read_iter+0x110/0x180
[   80.979116][ T3307]  vfs_read+0x649/0x770
[   80.983275][ T3307]  __x64_sys_pread64+0xfd/0x150
[   80.988290][ T3307]  x64_sys_call+0x29e2/0x2ff0
[   80.993064][ T3307]  do_syscall_64+0xd2/0x200
[   80.997584][ T3307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.003643][ T3307] 
[   81.006052][ T3307] read to 0xffffffff868099c0 of 8 bytes by task 3307 on cpu 1:
[   81.013596][ T3307]  mem_cgroup_flush_stats_ratelimited+0x29/0x70
[   81.019953][ T3307]  count_shadow_nodes+0x6a/0x230
[   81.024896][ T3307]  do_shrink_slab+0x63/0x680
[   81.029583][ T3307]  shrink_slab+0x448/0x760
[   81.034098][ T3307]  shrink_node+0x6c3/0x2120
[   81.038614][ T3307]  do_try_to_free_pages+0x3f6/0xcd0
[   81.043823][ T3307]  try_to_free_mem_cgroup_pages+0x1ab/0x410
[   81.049771][ T3307]  try_charge_memcg+0x358/0x9e0
[   81.054642][ T3307]  charge_memcg+0x51/0xc0
[   81.058978][ T3307]  __mem_cgroup_charge+0x28/0xb0
[   81.063919][ T3307]  filemap_add_folio+0x4e/0x1b0
[   81.068869][ T3307]  __filemap_get_folio+0x31e/0x6b0
[   81.073989][ T3307]  filemap_fault+0x41f/0xb40
[   81.078582][ T3307]  __do_fault+0xb9/0x200
[   81.082938][ T3307]  handle_mm_fault+0xf78/0x2c20
[   81.087908][ T3307]  do_user_addr_fault+0x636/0x1090
[   81.093129][ T3307]  exc_page_fault+0x62/0xa0
[   81.097832][ T3307]  asm_exc_page_fault+0x26/0x30
[   81.102792][ T3307] 
[   81.105377][ T3307] value changed: 0x00000000ffffaa2b -> 0x00000000ffffaa2c
[   81.112852][ T3307] 
[   81.115235][ T3307] Reported by Kernel Concurrency Sanitizer on:
[   81.121385][ T3307] CPU: 1 UID: 0 PID: 3307 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[   81.131456][ T3307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   81.142035][ T3307] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   81.165785][ T6220] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.790647][ T4499] bond0: (slave syz_tun): Releasing backup interface
[   81.800689][ T4499] syz_tun (unregistering): left allmulticast mode
[   81.814653][   T41] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.880396][   T41] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.933527][   T41] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.984855][   T41] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.084847][   T41] dummy0: left allmulticast mode
[   82.089918][   T41] bridge0: port 3(dummy0) entered disabled state
[   82.098371][   T41] bridge_slave_1: left allmulticast mode
[   82.104355][   T41] bridge_slave_1: left promiscuous mode
[   82.110172][   T41] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.119842][   T41] bridge_slave_0: left allmulticast mode
[   82.125648][   T41] bridge_slave_0: left promiscuous mode
[   82.131731][   T41] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.202856][   T41] 
 (unregistering): (slave bond_slave_0): Releasing backup interface
[   82.217926][   T41] 
 (unregistering): (slave bond_slave_1): Releasing backup interface
[   82.227176][   T41] 
 (unregistering): Released all slaves
[   82.293910][   T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.302051][   T41] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.309740][   T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.317173][   T41] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.326547][   T41] veth1_macvtap: left promiscuous mode
[   82.332173][   T41] veth0_macvtap: left promiscuous mode
[   82.337674][   T41] veth1_vlan: left promiscuous mode
[   82.342953][   T41] veth0_vlan: left promiscuous mode
[   82.392037][   T41] team0 (unregistering): Port device team_slave_1 removed
[   82.403108][   T41] team0 (unregistering): Port device team_slave_0 removed
[   82.974844][   T41] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.023725][   T41] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.072895][   T41] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.173315][   T41] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.233817][   T41] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.293421][   T41] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.335495][ T6219] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.348041][   T41] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.393241][   T41] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.472655][   T41] bridge_slave_1: left allmulticast mode
[   83.478473][   T41] bridge_slave_1: left promiscuous mode
[   83.484326][   T41] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.492447][   T41] bridge_slave_0: left allmulticast mode
[   83.498227][   T41] bridge_slave_0: left promiscuous mode
[   83.504300][   T41] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.515309][   T41] bridge_slave_1: left allmulticast mode
[   83.521155][   T41] bridge_slave_1: left promiscuous mode
[   83.527046][   T41] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.535136][   T41] bridge_slave_0: left promiscuous mode
[   83.541078][   T41] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.601769][   T41] bridge0 (unregistering): left allmulticast mode
[   83.633718][   T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   83.643261][   T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   83.652393][   T41] bond0 (unregistering): Released all slaves
[   83.671380][   T41] dvmrp0 (unregistering): left allmulticast mode
[   83.753995][   T41] bond0 (unregistering): Released all slaves
[   83.852262][   T41] bond0 (unregistering): left allmulticast mode
[   83.858730][   T41] bond_slave_1: left allmulticast mode
[   83.864252][   T41] team0: left allmulticast mode
[   83.869296][   T41] team_slave_0: left allmulticast mode
[   83.875299][   T41] team_slave_1: left allmulticast mode
[   83.882034][   T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   83.892015][   T41] bond0 (unregistering): (slave team0): Releasing backup interface
[   83.901630][   T41] bond0 (unregistering): Released all slaves
[   83.909658][   T41] bond1 (unregistering): Released all slaves
[   83.953903][   T41] tipc: Disabling bearer <udp:s >
[   83.959391][   T41] tipc: Left network mode
[   83.968259][   T41] hsr_slave_0: left promiscuous mode
[   83.973915][   T41] hsr_slave_1: left promiscuous mode
[   83.979486][   T41] batman_adv: batadv0: Removing interface: batadv_slave_0
[   83.986992][   T41] batman_adv: batadv0: Removing interface: batadv_slave_1
[   83.996966][   T41] hsr_slave_0: left promiscuous mode
[   84.002713][   T41] hsr_slave_1: left promiscuous mode
[   84.008185][   T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   84.016074][   T41] batman_adv: batadv0: Removing interface: batadv_slave_0
[   84.023947][   T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   84.031386][   T41] batman_adv: batadv0: Removing interface: batadv_slave_1
[   84.043071][   T41] veth1_macvtap: left promiscuous mode
[   84.048768][   T41] veth0_macvtap: left promiscuous mode
[   84.054422][   T41] veth1_vlan: left promiscuous mode
[   84.059767][   T41] veth0_vlan: left promiscuous mode
[   84.065623][   T41] veth1_macvtap: left promiscuous mode
[   84.071149][   T41] veth0_macvtap: left promiscuous mode
[   84.077023][   T41] veth1_vlan: left promiscuous mode
[   84.082488][   T41] veth0_vlan: left promiscuous mode
[   84.155928][   T41] team0 (unregistering): Port device team_slave_1 removed
[   84.166135][   T41] team0 (unregistering): Port device team_slave_0 removed
[   84.247842][   T41] team0 (unregistering): Port device team_slave_1 removed
[   84.257569][   T41] team0 (unregistering): Port device team_slave_0 removed
[   85.044025][   T41] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.103172][   T41] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.172879][   T41] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.213644][   T41] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.282643][   T41] bridge_slave_1: left allmulticast mode
[   85.288404][   T41] bridge_slave_1: left promiscuous mode
[   85.294541][   T41] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.302230][   T41] bridge_slave_0: left allmulticast mode
[   85.307855][   T41] bridge_slave_0: left promiscuous mode
[   85.313579][   T41] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.402598][   T41] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   85.412787][   T41] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   85.422366][   T41] bond0 (unregistering): Released all slaves
[   85.474061][   T41] hsr_slave_0: left promiscuous mode
[   85.479816][   T41] hsr_slave_1: left promiscuous mode
[   85.485870][   T41] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.493437][   T41] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.501136][   T41] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.508589][   T41] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.517694][   T41] veth1_macvtap: left promiscuous mode
[   85.523267][   T41] veth0_macvtap: left promiscuous mode
[   85.528892][   T41] veth1_vlan: left promiscuous mode
[   85.534352][   T41] veth0_vlan: left promiscuous mode
[   85.583694][   T41] team0 (unregistering): Port device team_slave_1 removed
[   85.593833][   T41] team0 (unregistering): Port device team_slave_0 removed