last executing test programs:

3m56.334147735s ago: executing program 2 (id=1586):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYRES8, @ANYRESHEX, @ANYRES64, @ANYRESHEX, @ANYRESOCT, @ANYRES32, @ANYRESOCT], 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4800)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000100))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0xffffffffffffffff)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)

3m56.297077258s ago: executing program 2 (id=1587):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r3, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000300), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x7, 0x4, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xb3}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000480)='GPL\x00'}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6)
syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/ipc\x00')
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r7}, 0x10)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140))
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r8=>r2, {0x6}}, './file0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x6, &(0x7f0000000280)=@raw=[@btf_id={0x18, 0x0, 0x3, 0x0, 0x2}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x401}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], &(0x7f00000002c0)='GPL\x00', 0xff, 0xa3, &(0x7f0000000380)=""/163, 0x8d0cc69775dfe8f0, 0x20, '\x00', r1, 0x0, r8, 0x8, &(0x7f00000004c0)={0x3, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000500)=[r4, r4, r3], &(0x7f0000000580)=[{0x0, 0x3, 0x5, 0x9}, {0x3, 0x3, 0x9, 0x1}, {0x5, 0x4, 0x6, 0x2}, {0x1, 0x2, 0x4, 0x3}, {0x4, 0x3, 0x1, 0x8}, {0x5, 0x4, 0x0, 0x9}, {0x1, 0x5, 0xf, 0x1}], 0x10, 0x3}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$BLKIOMIN(r8, 0x1278, &(0x7f00000000c0))
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001240)=ANY=[@ANYBLOB="340000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000014001a80100004800c000380"], 0x34}}, 0x0)

3m55.998912572s ago: executing program 2 (id=1592):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYRES32=<r0=>0xffffffffffffffff, @ANYRESDEC, @ANYRES16, @ANYRESDEC, @ANYRES64, @ANYBLOB="960741ed672f58ddba4738aef4b625133c04e9084f33d26e65b4207756db859babeec6ffb21b82f96166de2ab673b83b93d9c2892136797b1ca6c10ecd3fbcc676c6cd7bf3e699b0cf6953c2d1b7455290ac39f3e8537ad4a8e0535eb2cdc78efb03bb4a55d3c92ba5518e9569ae3523f46d2e553c947a28602a49019e4a54de4ff7f8bcbe287c1ae787e5305d48e96c51be88d3580fd4ab6653c985728f4cc02c4d7eec4097bc61331b4ddf138c3ebfa2d48f12cff5ecff7c26bfa38bb9", @ANYRESDEC, @ANYRESHEX, @ANYRES16], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8)
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x1800430, &(0x7f0000001640)=ANY=[@ANYBLOB="b7cea89c556f82632580fdd973f9ec4acdb42c5b17e8756517acb25d102a68275e0728d2c66e420a31f310b00081612db4d3f1c41c332ca54cca88e98766ceaf34d2eceb79c4601a42e813f4f10bd83923370b72f86833a2d338a9715689eba3ba378a5253249da2e5ff8342cf62b9a305dd37e7209558bb4d2639e6b32cdc266aa3950da10b3364a4c1657bf11a4aaef66899ab570cb800de4ad9d63d9678e53012ef43cc182888c46884d5575e4cf893f1c1285cb855f7a029ce218ce7cf60669d001e1e1034fe2a38c17b58388e3d84c08d85d9c6c8a21cdf3059230d09f74e690a6d9c354aaa3f4a9ab249138b61a57afe1dc68c477bd0bd3a627c22316bce1e3f5d44cb682c012ae393d26076a07cd07ca500f29b79e662a51febbd41e0be25e10ec34a77fa3a8e9cc98079bace440153ccfc541f2c3d1441f7d9263c39120910369e3c7854c41bfa9a3292b9bdf3e086351d9df1aa279927dcd0c74a700badb56261a911432c9c989602df3a56638eea1ab4e62bb0dcc9b59e16f2fbdbf061ea18f5536c43b4654ec8585a1cbadcf96d2cbfc9434feecbaef87f0af245dbc70226fd21fc4572ad6c251b31ae4aedc4a909db8e059f13588836976514406d8ac5b992cc7674c062cfebf385f89fb1014dbf958ae913a3d6c1eeb0105254aa3f98b48c520d031166dd7eed6a56fa0950e131c27986be58904ecd1c247c1b6d6c0212ebfd0e32e22d50b3b68fadca51882e2bdbc3b67b354befe2b48966d69c3b2b4ee33f02faf38e9a1f8c4f98a96802bcb6d01f9af2389b9cfe56934edc7c3c19f588718abdf8fa41767a603a15662dba34482bc7594363f512db2109718c9b7ddca4a001172b24739ad5bc1217243708cc4ad60f29f0defaa9c06b07985d8c60b088f7f05ca3ec7ab61f7720afafe125064c21f8b90d3c4fd62f270a518dc9e5e7f020e3853702bfa0045744157de639fa8f30c3d07d1b1fc3ae06d569827816fc2d7931ea9e969b58985008191da572e64feb87c49bf9488317cfac6343470eefcac8ee8dd40852b308fbbf48bc44eaf0c04453ec4deb3c1a15654f860df893ae49ea024b26dc65a52b681c0f0d2f945fcb40f5af5bb04fdc9a85f0146752a74c3c10c1e1b3f7c6481b42c7eb962ac10414abe21eda24e7bd2c9646e613737058ec1bc9d93dd24de511e1f4f3577a59df81cfec5b7b335cbe98abcb0833a58bffffb158c98426f6c77251c1864209417ece4019e87ad1445e58179dd13d0546cb16c2d14ab78da87b227a394b9ab0585d04a8232d70e5e454dd5bb033b8bf18c443c575bcd408d68269e9e5fd3114ff0385e2cb0a1f5fde8f684ec74fc232499aa4a174ef6d16b122a2e85d38f76c92cbe359290db45434b14a932cf97b08bd6839bc2f3b2ae9c2a1dd338a895cb073ceb80d17dd588301d1bdfa419a10be6ae811bc8ac59aba11584cc3b03d4bb6016f3d4f8a16a3af13fd0b40a98a9ad3e9272b42b5b5112b9b42629325a215b5113cd7252364b775e577586d97722b2fde4d5721aff384b8a2d42783904f37f5a532d273d922698ca06a0a8efc625f5a8d45dc8f01ce89cbe7134d45751d9062d066c2b62c8e147409aa51d8275ec16d5724bdd03a0d7714f1d1adf0c106d3f9bc16eab0b409e5548bfe0e7057b588b3a5e0cf8f661c28b25c5eb41770166072f361ef0a1eb820ca1ab1a3725b7199aef0a4a386faf72f92f9b44c7b66eb86caff9471b3ca64ce67c0728daa81bbc4581d1bc2d3b5cdfa2f0a54296a42dbdaa10e0a8932763c7879c0f2c8e8841752429864ef9b934fdf172406290110be8149b9fa19d58c08e0ba7ebf5e222d33b561b32fe86e3a28ad3f07ab4e135ac72f0cb93812b30650af5aaeb3120ef669e924a4dc05c6b2f86d0928ed7217b653b6161f9e92aa0efddfc1d2b73a770a9d48caa3ef1dd5be00fecf32ccd3279d0a91f4b95885d23e5d7fd8a882993e5add6f38af0c778397e085dbbc24ed18c4be8882726bd09fef15315ed11d67f4d7d57a4352a831b48af2dc333a9ddf0264ae30e29227b0bbeae1508470f40a801fa4bbeb71f31248d4a3df16928c0365f89d7ada2dbee4bc6e74c973f152cbe94ca4f0cc96155642fd81f276e2e2ecc6f51c6c1db622c3e60126b3de83e7b0d99efa9bf36552cfffef4b454efb29dcade6b62b51451d47baa6b3aebea78c55f151d2f1cae45d9b8ec4f91f92dc21a8bc5a25a0472d9688127cef7de2f0523f7a0dd5cfed74f3f541ee303a72fb8ce69c9753195df25cea1da40b7c6fdbe6e8b3b1c61221ff315b1c6fa8b7f0191f7bebb45554493ae03ea7ec62af12cc3d0c7cb138dd7a1be49b3b874f881b1b0b15bee06f93817486329be84f556a521591848aefed66d0c98d7f9374cdd433f9a1f8440eca1f76251b0bd6f47e7c9d442bdc65c308be276fb6b18a74ad3798bd3a809db0068c5234a93ed6e817e8c1e3652ac3ba0ad2ffea8f1fc9e589ba459f438cf0209dace381c60b4ce3d57e75f052447c7ecf11fe85b12a0229d80f3d38ff20f0fe6d8e55555deeb80f155f009f9c371e7f651bf5e8a342b2d546a872f308bcdcd79df05e561165f39260df0469cb29771f7dbd62ef6a3ddf761e873719bd8156e776def7fe256b7e66aafa64c3746bb3ea95b2c2e1f87e6c8422a07505e7f8723310cc1b1806e824506236b07841a81e69b70879224f79cf99a1b6bd1b516644e04597b32d98a18b37aa36ce2d190b27ca93375d7a4de49356597e58c52c48d841050d0562749b7c73359f8b6e71ab968cd96d0e93fbd90bd5c3b048716bc9e6f6b7c216ad41f50e0a4c56b931fc945d0de9b599c9b8411e5bc3d30daefb29e94b3d7c3dcf8a7f34fb445ad8ac931a616a64f055153650fd28160f1c55f3b6f2ad606238ae419c0b52ae480347b81fc5aceadf82679d31919725a7ec030495d4995992dadaa511b77b4937fa3edd5460cda43305b4980fe7e50943c1f130c145e33c34df26d56c639355a26fe7f35b7cf2dbdc31c6fd15b6c3b5a52440715a21df3bdacf0a9c9e311b42c92dcbf638cb63fdf42ab7a7cae143e33f5758349ccdbeb1e49f0134cc684d7c9109fc955e3c14ceba8aa86f86d2c6a9a5c3b5c9b15e412886944797f1ef0fc535644179de0eeb62043e617fe34434644fbf07592501ebd6134e4d3ae73cbbe790ee55ee1c01c471d3a7b1e8c94597256861ceefdc04f08f5e3ccb64a09074c516e89e338619d6b20d46ca4e1ef301cf785479a5d7292c8ada1570200d457ba5b4534831587afb6b87d1ef60cc10b88a46063ec756d0cb383d132ba57319a880e78b522ec84fde6b597d6af96ff740358ed73ecbcd74fe7a87b4ccbfe5f2bd637e331435ad3f15f53ab99150d8963ca292da6e07e359ea8130318eb4b624cc23b645c07890da86fb31c2724c4e7477c3b5bd3587d21068535b4a3b1d9a5d4222e7a92282acbb4b7b14d40a3e144387d4b3abc67eec46b3f3c5b8b014eded7cc00e6938207d9bf3f3ea688dc5047512b03b3a4b3aeb111fb77e1d4549a334a76a14c700b0778fb8f34f369ec70a81dd71a5ab3fbc32fd465b24003f537400efcef4957bda17a79828ecd889b0f8f6eaf21edb15e70cc71ee4b870ba65cb9228a15be6c5253b640399996e114a2ce2092cee25bf11184f32bd823413e46fd65d0f447803d22463b981d207cb6dc4cfdd7c8d95877b17148d5ba92808e92d6a3b9b0d3b6a582c38d8eecf9dea1dbc0e09cd7fd326ca285a9f772ee9fb2d5c2a4585a5d9938dcd8f44c90398cebf464e49740fb94a554c293418d60b688403c9bdafbef39a8ae8a0b59c5910e34a047f6686e3d9dae4c890f7805b3aa976a2a7982a449a9e21fade218f248cb6c5cbb1a322e54fda92415cd7cec2f4042bf71fb8dcde063084054e0f13e135c4102ae717e6c16dfc9c7e36409d92506b6a2f57fd6f7aa2419df947cb00e6cd6fc6253aaa9491a95e2d3859cf1ebd34707ba008bb1f565f54f4f5f72a232219f09eaafff678606240eb26263a16e8e6a8f886e7ca991a4413db13dcc00564341cdc2906fcc5701268dfd715f317be9d6b6cfe3894f3642cc90d95eec69ba1737726dd2e39b4ef86e0428259c2b3043fbdf76238b3bd21c7057f4524c527491d49c73d15b58c8be4a1e95d99c881dd2f3e42d9eece30ff61e812a52b958d964104d77b43fe4c86fcbe68fee61a3c5125cfc83dc1e3e5b9f70f8723dd86323aec8a810cde492b05b2a2827be56052c0b2416dea98d45967a5c76a6dc75808913540539f6fe26d9a138d03956ea26a5e1d525f6d6d09ff8fe4efa957cab254719d8f80adb72cb11b41202ee3ac3a90b997e25db3a2fbb9fdc9cadcc82c4db9874afa74f1b2b8f659a2993f0614afa840686293d2516a0b3f6113b77bdf198a4d87adb37a64597045590046d85a38e506a38791dd18d4f15aeced7f876f3edfef474e6462e82bb3cf7a13d6d5b3d27f0b5bd942b806d0959ab5ab1ca785f35b21158aeada6b64a2e3e0d91ecf77e1485b5c02b89e9a24f9048eb6c64d161a9a88a99c0211b76a5cc687dd002632863fb59e2a3242b7df0c88f155eba0d7d5e9da3c428cd6468e63b8e0c237e1c355b41b3519e6ac5163ef0598406f12bfaf63ea8f7287bb330ce413b2fb1394a1e02e14f9b9441c5d1ea160349e76a34a0afb7a426857dfd4f3edd969c8b8394f4a0d8f1b13322746e1704cba621b0d053c5f1c705cae0e57c4e009d85c0b39a0fa10ae8c76f293a98f96fd8a269f8e152891dd05788d7aea372c783cfd92eebc7cacdbb9f2dd0b77d3d41287f7f98ea35b1eb37669adcb88ad669ab91926d9568efb145fc3ee6c1e088112236e09ceffd7f598fbf98342af7e30f8daa1d242e19cdb42ca0e10d1a5057fe6f7bbedfa8f7d467c78382cbe9a5f950c6c6e8ddb402ed838f4159a3ba6abcf89909572efedcd27b22cc408617b6bcf926934d744638ada299833a5c58a03af2bbe60085ba7ea9ed265fd56fb61deefd3a6819e08da418c9228d14b758a640c46fbc4a03e2a2e766f19d035881baaa59d1f9d9d5cbe865b214a0ba519c2b9ade5e8f1ec96bf8284f91a9c20117172e723ef3cdd006d58fc125ddd4746e3b02c85d042cad391a98b45efdf1661761729aa8b8dbb0d317f87af3064e5fb84eac71068e5555ca011ee496a39a0953829ee1533b5dba6c93315b596d31d4fc641ab306595e252261015450fd3b4a025156123ac63751e7da7185efb8fccd5adbabe910b921cb15c6ce963f07e88742a164bd8e63d9347327584ea03091545938bb981f9ecf5fd19201d208659788266597a4a9d666a26c26cd9838c6f7d0e311106843e85db5c37beacefb3820e10292ce68f04dc2f7f3def45fad41d9bf1205be27e8a6cceb52375ca362e2be203e0e62b9424fcebd2c569e4159a4c12ed67273396f30a3d7431a7619763d6e2eba826728ea820d2afeb749dba130149727561777f645e4e9dafd0438c85e5987a53c7c4de80e4d76bb4c0be85ff33fc738017785e49013105182dfaca178743baef72c331d9201ea5a7ada0095d9d60e677a975a9784ec2e1e22850851245e27513a64a838c70ce834d36bea1bc01675e30bc12ec4a4bf28a470f851dd6890ab70cd932fa8f9d80d82e0947a255cd890048ff29d2d0e0cc37a25129fa54b1d49df2fa26739b1fc54c8b15357de374c5978ae86c9db9a63469feb705d57d10b12c8c6209e12610c8bdf9130176fec353b416a913de4bf2d7bffd83", @ANYRES64=0x0, @ANYRES8=r0], 0x2, 0x564, &(0x7f00000010c0)="$eJzs3d9v09wZwPHHpYUum9C0TQhVBQ5lk4pUgpNCUMSV55ykBxI7sh3UXqFqTVFFyibKpLU3gxs2pO2P4Hb3u91/hHa/i+WVf/GmTZqUtjS86PupwKf2k+PnhMgPJ7FjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYrk12y5Z0jReZ10dz60FfmvM9ry/u4cWY/YrYsV/ZH5erqerrv/mx83X4r+WZDH9bVHm48W8HPz82i8f/3p2Jn/8mIQuxN7+wcvNXq/7+oTxs1PP+Hw1tGdC37SchlYm9FW1UrHvr9VDVTdNHW6EkW4pN9BO5Adq2b2rStXqqtLFDb/jNWpOU+crH90r23ZFPSm2tROEvnf/STF010yzabxGEhNvjmMexS/EpyZSkXZaSm3v9Lqrk5KMg0pZ++g/wNvBoPKknsp2uVyaFZHKw+rDR7Y9m6wolculfIV9hAxFTP9Fi+k65yM4cHozWf2XphjxpCProkb+uFKTQHxpHbM9k9f/393XY/c7WP/zKn/d/1m+eUGS+n8z/e3mcfX/mFwu7mdP9uVAXsqm9KQnXXl9tv5m8vFPd1SWyNuTRTZEiydGQvHFSEucZI3K1iipSkUqYstzWZO6hKKkLkaaoiWUDQklEp28olwJRIsjkfgSiJJlceWuKClJVaqyKkq0FGVDfOmIJw2piZP0si07yfO+OibHz0GlkwSVxwQNFXPqP77YOR/BgdPr5/UfAAAAAAB8t6zk3fd4/j8nN5JW3TS1Pe20AAAAAADAOUo++V+MF3Nx64ZYY+f/nCgAAAAAAMBPkJVcYxdP6wtyK23lV0J9fhNgZropAgAAAACAM0o+0L8ZLwpx65ZYw/P/Y8xfSIIAAAAAAODM/j7xO/bD9hXrP/+VIJiz3rXXf2vtOnGcs3spfdyloz1G9QXpX0nbSV+V2axLVy9a2bdffv4SzE/Z8v/9/vg8rC9JwLqaPfpwAvIPuZ3G3N5Kl1v5lnQvhbpp6qLrNx+XxHGuzkR6Pfrzq52/SDL8D14rTnKn1y3+4Y+9rSSXd3Ev73az6yKGLo8Yk8ub/P2TG6NHPJdciJHtt2DJ9k6vaw+OPzstY+jsjDH7fC9LacxSIV0WDo9/Pt5nqXjc6LMsSmcc+Xu5k8bcWb6TLkZkUZ6URXkwi1M9FyfIYnVSFqtnzAIApmU7+dafkVUoP6QfrbunOMptT/pfxrlU9/eynMYsLyQH1tmFEUd0e9IR3W6v55U5rW6Xx1Y3eStyKIt/Dd0D6bgaG+/3n0eq6se/isjHvKoODT9slq34Kbz0ZvdPcm1v/+Dezu7mi+6L7qtyebViP7Dth2WZS4aRLag9AIARJt9jZ2KE9WDCrPpX2SkF+bsCPdmSleRqg+SMg3m5MtxrYeA0hJWjs9ZZGey/nxfL//X7/ZUJs7q039xJYtPbywAA8D1ZGqzDY+t/Fjei/q9MmHcfruXjZ8eFgbu1jfaByxEBADgjHXyyCtHfrCAw7eelarXkRGtaBb77VAWm1tDKeJEO3DXHa2jVDvzId/1m3HhmajpUYafd9oNI1f1Atf3QrCd3flfZrd9D3XK8yLhhu6mdUCvX9yLHjVTNhK5qd37fNOGaDpIHh23tmrpxncj4ngr9TuDqolKh1gOBpqa9yNRN3PRUOzAtJ9hQz/xmp6VVTYduYNqRn3aY78t4dT9oxd1envZzDQDAt2Jv/+DlZq/Xff0VG9MeIwAAOOxLqjRnjAEAAAAAAAAAAAAAAAAAAAAAMB0Xcf3f5Ma/fyHyDaRBgwaNrDHtIxOAr+2HAAAA//82EFYT")
open(&(0x7f00000002c0)='.\x00', 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x800, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000140), 0x5, r4}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r4], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x26)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000002c0)=0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r5, 0xc0105303, &(0x7f0000000440))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_PAN_ID(r6, 0x0, 0x8840)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x18)
socket$igmp6(0xa, 0x3, 0x2)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000240)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x6, {0x60, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_NAT={0x8, 0xb, 0x1}, @TCA_CAKE_SPLIT_GSO={0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40850}, 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r9, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'lo\x00', <r10=>0x0})
sendto$packet(r9, &(0x7f00000006c0)="0b0300000000640002a1006afd13f6a13bb1540000006086dd4803", 0x1b, 0x4000014, &(0x7f0000000140)={0x11, 0x2, r10, 0x1, 0xc0}, 0x3)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)

3m55.830656926s ago: executing program 2 (id=1594):
socket$key(0xf, 0x3, 0x2)
lsetxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x1)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xa, 0x4, 0x8, 0x8}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000240), &(0x7f0000000280)=r2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x40)

3m55.762022491s ago: executing program 2 (id=1596):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000700)=0x20)
fchmodat(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffff11)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r3], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r1, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000080)=[0x0, 0x0], ""/16, <r7=>0x0, 0x0, 0x0, 0x0, 0x1, 0xa, &(0x7f0000000180)=[0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x11, &(0x7f0000000200)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x8d, 0x8, 0x8, &(0x7f0000000300)}}, 0x10)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000500)={0x11, 0x0, <r8=>0x0}, &(0x7f0000000580)=0x14)
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000000), 0xc, &(0x7f0000000680)={&(0x7f00000005c0)=ANY=[@ANYBLOB="a0000002", @ANYRES16=r6, @ANYBLOB="040028bd7000fedbdf25130000008800018014000200697036746e6c30000000000000000000080003000000000008000100", @ANYRES32=r7, @ANYBLOB="1400020076657468315f746f5f68737200000000140002007465616d5f736c6176655f30000000001400020076657468305f746f5f7465616d00000008000100", @ANYRES32=r8, @ANYBLOB="1400020076657468315f746f5f7465616d000000080003000200000004000180"], 0xa0}, 0x1, 0x0, 0x0, 0x200408d0}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r9, 0x0, 0x0}, 0x10)
r10 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f0000000040)={'veth0_to_bond\x00', &(0x7f0000000540)=@ethtool_gstrings={0x1b, 0x9}})
ioctl$BTRFS_IOC_ADD_DEV(r10, 0x5000940a, &(0x7f0000000a00)={{r1}, "c0ebbd968366af6761b10fa57531f7e672539a7a27e0a0b562e6ab583448e19fc280b5e52b6d7c10b2a2cf84e2d2b387fe0c8420abbb45f76c5f957342aff41312b3d43f254ae45561c57071c6ab3ddec3c66fad5e0bb195180fd440a4273efe0a6a0df81d5ecb003e15d2d9a539908ac77d04b232ed24c6d1903f827024f6eea36cb308efcdd0b5e6e34c73710d4a914eca20c9510020b8c270eb1c285c65f2a5f582f58214de4e9dea28cfe7cc660038a1c7626eae8d5b08bf994b45cf06e2118862d01cd03ad5c7e50e2c1ac95418203b3e5b55df7dc96536e9f46656687c213f16b72ec13f2525bb075b90e13cbfa7342a763db4903902f24df2fa5c2afeeffe73baf319d740492cb5511255d3ac9cb2743aae6fe07813d5927f524c62d34d6b888cc0ec089e567fd6dc51c51807a9e2b07d08382c4ef4efb36d1449cbfc5e4cb2bec348e122251103236e6039fbad737d30f0fb992d41c91771320ad082282bc4568e2824758b42681f520331228faee76e55ef143d035c2f468d95a8ac52fdd6ab6538425b21098bd85ee1bf18aacd23afa97be54b5ce1e76bf2207a49860063440d6677d52366bc392edc2cef8612d5c6f07198b4c97cbf867db266c641639e611fa444abb44fc68828ab7f3b11256987981dff9bb52ed03bb1e3597997bb6c58e1977b10cd2761004ba039cf790c0009ce5b8bf866288e55c48c1b591b13f456ab5eff1c7e2bcf1c0dadaec58f7972fc621a40f6d334446f80c0edeb8bc9a0fabf4ee9c62dc691f89322f30552b521bd1e1e08614c297034dca137b224291ff5ef53186702bae1374bb507e22ff03d0332572a7785900adfff391af9e66a0901969f62fbde516f8da329f142d5c2a5eb362fdd875c369b9d6834a3f4a3449313dbd1ffc7e0d2e01219411da6b9d71d8267ab30afbbb77dce8853f4d1cc7f0d49fa8dd14711cc52ad1630fe3d0ff5aec150bffb8fe5f8a760606cdb365a930bf225bc71d7c99b5565c00d3c2d434615d14e436a163bf3d136ad1e9a22a7c42d585569d3e67f01a14249fb75a744b784bd58024f3d81b8448a5cb192dfc4fc02831dada928e38ff775222b8c54fae376620439b908db177614eb148fc04df2498ecd9def07dbe1605e39d4d90e27c924f5da3c174ffc17bbf74efb9f1544686c4f7f5e442e1d538400161861dfe74ea05ca9808d1a5950acdc9475b3f7e0a2aa301c0a9774a43be11c34d3e5b6ac5ba5b770771875d171d1c1d905fd3ead5e4e65d73fcd33063213ec62803b4cd753c29b4b0820f4b69340f55be53d7bf36c95e1ca48cd55c0bedaeb2fc14fa1454aaffd4494bb1310283e84b8e6b22668d44c3cea743587d24d17fa63918f6ae4410160e239f97433f9e2e3fb68ba8f2b1af17b09909f8c20c7cc30186c3744f0ca73d6d43ab42fc7676d9462c345fba8a7fb9223d0d773a43df2726688a019f19ac2f2f4b56173a5a215742788f1ceb79944960749e46e58a1a09ec06a4fa0e5b67ae1accd39a435ab1c1242924e70c99322058d554de4775e17069888cb192145713bab0a56aa56aba9498c32727cf3dba44cbaa99c0b46286cba89423b4370539f0d4b5d006aa9e8aa61dc22bf717f4d5665065a3e453c626964e4cc0b4ff4ce1b6d84e0a1195d7667f08e9a326076f649b2ee647023ae98cb8baa63c76c6c306fc839f5c053e6ca9ed9254abb350c4f4b459ca68f99657fb5e1ada92988e80ebf826cc7fc91bd6deb802e068532af7755dd32e200d947130bfc24180f7467499c58263a405a439d9654830c3e04c3fe136d64a681c6fc191583c4600154f157694c511f5fbc6c4c9d52de41bffaacfd8de7ae658c2a0efa08d58264b63514cd6a92d97160206229d84dbd5a8df764130fcf4b7fb3b9a6d7ed660db73a92274e517b07dc93ce9dbbe974b72b678f1624c98ee95533393a4e20cb7418866d606a3ea98574b17823bd3d58ce19038835bae16dab3b64dc4c0a47e335b531e63aa44330a11daa3a5df75ab85f84e250b7611e9acbc80fbe6de1767d08ef7a1aae1753f3327b7ec9735a745f015e5aa80f17618cd3d06a648ec7e7d2ad0b016791b107bbbdb51b600b36418fe7abe8d6e6377497c239fb02c4d1594e006a535c867113a1e652d6b66d870867e2629402e0fc2a67a1f49001191e89c616d2ae834e72fb57011fb992ee3a9ecd6a778769283d9453c187a6310a834601e46daca33cae5d6f21a8dabf24f1de033e3cf4e14f0649742379fe80e72e59f1b9f59e7ec1d8eae40affaf7b20136b502953b3e33923e0754bdf50370b8f2e4ffd5744592ad817bd444ac8d8dc4fc2485365e63d07a40045f369e3091ac45cfec21ebae83fb09c8e3ae4df9a88681c8a768326fb7a5caad086ef02219974fdf2412a9e0496299dcaa52273656a162a03af7b6c6df653630e9ccf87c5f2e015fda23ca1cbfbaf25ade9d43b134d3829c3f56c7c81b5e7160d15fbfa58c2759a265cf2fadca502a4f878635358792bc1e8e833caca53d02402055675844e3813b3caaace003250c5635c624776ccb7f8ae10d208bbd299b898fe90b91e12a41c4c7693ff7078e8c0001bbd18649ef504740769a05c1b928c8f52218222d32fee021c4db15b2aeb5e6fae64d3421d7e83ddfef8fa627cd5454e8a8cc6ab95369730b12aa7a43aa36f3294aa9cbd84a9e10c91bc52f156b8c0c623d175d7d3e52545ad099afb0b7237dab7538a4533f311195850151efc4e7fe70dee9d867176cf2a41b1164d49cbd8b2ad19bea0dd82e8b41ea8bab4285fb8861fd95cadb48ae29f1c35e9cdd734fce9834e48ab823038e317a5c4d786dd1cd0e84eb0871e941c5f792652b625f817b82bc036574f1d2df9aa3e43b23dc39d6fc18722c13af0a9cad8624d78e1a6c3577e8420e9dfc39714122552de1894dc9834c7c6d63eb38aa5b9113a996dd955764e1af1c555533403f75f69e6a7ec80823a16bfdd36f84404de5bc626ce2f3372e128d8efaadc97d064b04f9158555200643f65ed60a64499afac7b48d4782d476e441fb4e6330301a73894d0e2cff730b93bdca741caaac67a3e608fa0b428e16efd9199c8b2e96482a1ebea0154e65b53b6d371748de4cb0ff7cfd7f6e6328ae7bc69be9addc6f87df59550702a402391fd51c92f0bd2e60c6302e58d3f1cfcd0e8b238fd76d335040373f072d77aef536658626fde2ffb02d18d0387226b56b4c8e839f03a1e93e39f21cc13cfc89da82de1d0cc4c106e244942d9dcda8d439135ed8cd765f3594645d043cc45b56027064912c9f4c03950b3f14e8d3d41c66c70db140f67777f113592ef8084e76b714872b43aef7a91f6f23b0fe94be5f8e68d6f3809f7e02c38a9251af6f23138c857ad2628bd90617a33b182e11eb9af62acb531a45855546bb7674ee28d112bd72862315902807a95a7a80cb9a2cf12eed29f7a9d453fb22f1b9a7b212c437a03f02064c8b6b405b133fd16d560c495bf26f9f1eff76ae2c3095a4cac3c35bd17ad68fef4310e7723259ad0f3e05cd4cd2ebbd573111864a25f55589d4d0540ce46bf861e23bc803f9ffe7f62a9b13242ddab8b5581f8874c17f08a5207097844514e5aafbf656044f9ed6b98eb8275b666cdbe52b5012e17defd6b389461ad1dede2a116ba040f8f2f12a778c82f38ae6fb1cc4302d8d8de158b772baa0d29151df8f9a82bc6f0a664ecb8e7973c122ba8a0c1d167e925d03aa479d287bba680084ea928b2c2b98f852207c0ba49b0bde8408ce9bfd2a287cd12c916beb6ed772982f3e42ffe0e66a651d52737035f45c9eeb8858d0677d9ff8e50f93a250928aeb0d573e1491e0df64268ab559e25a2dbe0ca41608719b501c4556c286029d5241459983391198f3f522fc5d983a40136624e32f833b5b0b7f67c9fea111610aad6fc9f1dd793a202eff50dc52f743e5fdf883807873e222b89ffd4490405e9164f20193a4c077f1ceee6708592f035ae10e83875b8e255d9495d95d80f14730830fdca249b0e9219c38aaa55913195d026e018eaef0813031f847ff3b8829e06d221aa72fddaa96c1913999700c1f2fe56e834c7bea990c7310088af35e53f0d786d0ee1d60e6e1213805360ca4ddb6d94260e1c0c08fe60c9ee4d751a70b606fb0a81aaf92256781b9f065885235e523d915a5caf1044f995d1590ea375a8b77d28a7ff1ffd6a150e779cde320c9797e6b9cd540e81c73310385adc8d667d4f010888d1c1014d6783a67325d8c3d58a56b8b2ed88fdd1f78d34bcd7055bcd6468bb51b272c85d59c4af1f6efcffe9af257341decf07ae3c7e1021503f32655ec3a83fed0c39711f415f6098dec32be2073e17831c1011da689b23a642a99e9dac041a46eddb08f0a93d3ef2addd422edda30fe2893e6ee77260d8af955f7854574404d46a2fa71182812e3126fb604a9228a2a3fa4af299f66b1aa3104513405805a8992803a27d32c9ec0a25ec4b0dcbcb231010edec6b7e4c15b40de83bbe0fabe0122c9b38110841b77dadc9e068d23f0c5982d837e1f0474913829a40564ce6bd214c557430b17d699620ce1e49794f909124ef370f8ee0fe5785b314e6410f6c900d9e07e93bd1f3a48d4b4fbddcebc85a7349ce5f309a642a134fec587e3be8b0fbeea322ccb56cc0364b25bb1ced49582a4cc7eba9bde9447825ad998598548afcddfef0a52965bf76e10d45280508c607c23a3675ad88c0c2b3e83f3c9f72a89dab4f63092e74a74a44e000ecdffc4dfb9d92fe6c48274f08bd87182a7cc1e7752b405ddc7f260724d3be57dd904c8c128d5a311156cb33360f11af6aab62efab7a66e18067f1ad9446f32329907b607c7edcecdbc8a1fb1e98f47b0b95f0be1ea206b0f628a2a6e6a3b8619f2796d01a3f9e579588356fff4ccfb2897db20a342c4550f489de4ad57498973f80ad7bcadd1ca6313a2c9f7b60db96b68731669f93024b90e241c9a46021a90d4f2b78990cfed0d789470d1443514bc75d96c17cc9c2e9ff36f2ea4e71a229ead99797c040e738f425c30f35df02a2e3c4ed68559562d562459c1c5010bd945253ec630cc4110e290006f326f3310f4eb0d6cac75429bddce9d26083973e3ef8ee8cfba56fa2dc97c5057a0217a848bc3e926f1559f657ad8cb7244ff26cac8c6b5b91ee2368be6efdd0653a893282001c7d59c584ac9c9071efa9f762f218ee822e7fffbc54cf7ca30d345732e3a02843d6683b846e86291aba4fd861c7d11f1a7879fc8d897811ced837065ef80fa6a3fc0000c25021d9c4b95b6b609761da2c20ac5426c53bbc0f2def90e9b5f19ce71ad57e6d5b4f6f1d44528bc66ea762da9841538cfe8097a5974fb1df1f3055ee625714d11d06128e06f5d6f4ac248ad3b7199ab4abb231484a75848ec7ee0fa7fae4ec357199b55dbbe4de53297cf2735612588da4f0b6619d21cf65f7fea3bfe3fa0114ad4ce01ca4933e76b10dfb160b4a1396b45a574114e6b070f0bd79e19e88ea48916e9104853cc527d2c5360596bdbcdc44a01597d0304afc8bf244e0f6586eed130ee8d3bd464748ce5b8809e3851bffba22491832b15ddfa22eb8612acc2a4f1f5efdf14a58783733d0802490d206ce82dbcf5169c30c607af14ee001eda53dea65f737d6fc0bc4b6d5a0f22f0f8d5af36277a4f7f06a7c0f010d3c1bcb27ba0846a3aebdc135830dde82184797545b593717111963eb8042793d5298b6e45a3df5a8394c7df26a41be58eb"})

3m55.444022876s ago: executing program 2 (id=1598):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYRES8, @ANYRESHEX, @ANYRES64, @ANYRESHEX, @ANYRESOCT, @ANYRES32, @ANYRESOCT], 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4800)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000100))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0xffffffffffffffff)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)

3m40.394221633s ago: executing program 32 (id=1598):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYRES8, @ANYRESHEX, @ANYRES64, @ANYRESHEX, @ANYRESOCT, @ANYRES32, @ANYRESOCT], 0x50)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4800)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000100))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0xffffffffffffffff)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)

1.182083364s ago: executing program 3 (id=4976):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0xc, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@local, 0x6, 0x4, 0x3, 0x0, 0x1}]}]}, 0xfc}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x1, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)

1.166858436s ago: executing program 5 (id=4977):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
setsockopt$inet_group_source_req(r2, 0x0, 0x2b, &(0x7f0000000280)={0x80000000, {{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e21, @empty}}}, 0x108)
openat(r2, &(0x7f00000000c0)='./file0\x00', 0x6a1c2, 0x50)
faccessat(r2, &(0x7f0000000000)='./file0\x00', 0x5)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r6 = openat$random(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
quotactl_fd$Q_SYNC(r6, 0xffffffff80000102, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x48, r5, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x4}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x4}, @L2TP_ATTR_LNS_MODE={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) (async)
setsockopt$inet_group_source_req(r2, 0x0, 0x2b, &(0x7f0000000280)={0x80000000, {{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e21, @empty}}}, 0x108) (async)
openat(r2, &(0x7f00000000c0)='./file0\x00', 0x6a1c2, 0x50) (async)
faccessat(r2, &(0x7f0000000000)='./file0\x00', 0x5) (async)
socket$pppl2tp(0x18, 0x1, 0x1) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev}, 0x2}}, 0x2e) (async)
syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) (async)
openat$random(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0) (async)
quotactl_fd$Q_SYNC(r6, 0xffffffff80000102, 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x48, r5, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x4}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x4}, @L2TP_ATTR_LNS_MODE={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008000}, 0x30) (async)

1.099390041s ago: executing program 1 (id=4978):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x0, <r0=>0x0}, 0x8)
pipe(&(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, 0x0, 0x0, 0x80, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0xfffffe81, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x18)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x200000000000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000002c0), 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, 0x0, &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
r3 = io_uring_setup(0x5b42, &(0x7f0000000640)={0x0, 0xfffffffe, 0x800, 0x103fc, 0x159})
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b)
sendmsg$rds(r4, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000040)={{0x0, 0x1, 0x0, 0x1, 0x3}})
close(r5)

1.098496801s ago: executing program 3 (id=4979):
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x30000c6, &(0x7f00000000c0), 0x2, 0x572, &(0x7f0000001600)="$eJzs3d9rU+cbAPDnpKm/v99WENnGGAUv5nCmtt0PB7twl2OTCdu9C2ks0tRIk4rthOnFvNnNkMEYE8but3svZf/A/gphCjKkbBe76TjpSW1t0jbamur5fCDyvnlP+p7nvOd5fU9OQgLIrZH0n0LEqxHxXRIxFBFJ1laMrHFkebvFR9cq6SOJpaXP/0pa26X19t9qv+5gVnklIn7/JuJEYX2/jfmF6XKtVp3N6qPNmcujjfmFkxdnylPVqeql8YmJ0+9OjH/w/nvbFutb5/758bO7H5/+9tjiD789OHwriTNxKGtbHcem9nVtub66MhIj2TEZjDNPbDjWy46/AJJ+7wBPZSDL88FI54ChGMiyHnj5fR0RS0BOJfIfcqq9Dmhf2/d0HfwSePjR8gXQ+viLy++NxL7WtdGBxWTNlVF6vTu8Df2nfdy5f/tW+ohe34cAeAbXb0TEqWJx/fyXZPPf0zu1hW2e7MP8B8/P3XT983an9U9hZf0THdY/Bzvk7tPYPP8LD7ahm67S9d+HHde/Kzethgey2v9aa77B5MLFWjWd2/4fEcdjcG9a3+h+zunFe0vd2lav/+6kh/rRtUp7LZjtx4Pi3rWvmSw3y88S82oPb0S81nH9m6yMf9Jh/NPjcW6LfRyt3n6jW9ua+O/fvrW4Lv6dtfRLxJsdx//xHa1k4/uTo63zYbR9Vqz3982jf3Trv9/xp+N/YOP4h5PV92sbvffx875/q93a1sQfneLvfP7vSb5olfdkz10tN5uzYxF7kk/XPz/++LXtenv7NP7jxzae/zqd//sj4sstxn/zyK+vbyn+Po3/ZE/j33vh3idf/dSt/83jT8f/nVbpePZMNv8NbRTXVnfwWY8fAAAAAAAA7CaFiDgUSaG0Ui4USqXlz3cciQOFWr3RPHGhPndpMlrflR2OwUL7TvfQqs9DjGWfh23Xx5+oT0TE4Yj4fmB/q16q1GuT/Q4eAAAAAAAAAAAAAAAAAAAAdomDXb7/n/pzoN97B+w4P/kN+bVp/m/HLz0Bu5L//yG/5D/kl/yH/JL/kF/yH/JL/kN+yX/IL/kPAAAAAAAAAAAAAAAAAAAAAAAAAAAA2+rc2bPpY2nx0bVKWp+8Mj83Xb9ycrLamC7NzFVKlfrs5dJUvT5Vq5Yq9ZnN/l6tXr88Nh5zV0eb1UZztDG/cH6mPnepef7iTHmqer46+FyiAgAAAAAAAAAAAAAAAAAAgBdLY35hulyrVWd3qpDsfBcK/SwUd8du5KdQjOfSV79nJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB47L8AAAD//84fMw8=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000500)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
r3 = dup(r2)
sendmsg$IPSET_CMD_TYPE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x20000001)
connect$unix(r3, &(0x7f0000002200)=@file={0x0, './file0\x00'}, 0x6e)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe880000000000000000000000000101ac1414bb00000000000000000000000000000000000200000000000064000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000fc010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000002000000000000000097000000000008000000000000000000000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000000000000028bd7000000000004c001400"], 0x1a0}}, 0x800)

1.058138735s ago: executing program 5 (id=4981):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = memfd_create(&(0x7f00000001c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xd9\x19\x17\xb0\xed|\xb3\xc2\x017h\xe9kL\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f2\xf7]#\xed,\xc7\x03\x00\x00\x00\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4R$\xaa\x00U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96', 0x5)
fsetxattr$security_selinux(r3, &(0x7f0000000480), &(0x7f00000004c0)='system_u:object_r:hwdata_t:s0\x00', 0x1a, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5, 0x0, 0x400007}, 0x18)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r7, 0x0, 0x20000000000}, 0x18)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r9}, 0x18)
r10 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_access(r10, &(0x7f00000002c0)=ANY=[], 0x46)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYRES8=r2], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='signal_generate\x00', r11}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x11)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', <r12=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00', <r13=>0x0})
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x90, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x44, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r12}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r13}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}]}, 0x90}, 0x1, 0x0, 0x0, 0x82}, 0x4)

1.012734988s ago: executing program 0 (id=4982):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYRES64=<r1=>r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095", @ANYRESDEC=0x0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x66b2c000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYRES8=r1, @ANYRES32=r2, @ANYRES32=r0], 0x0, 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401}, 0x94)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0), 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffed7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r5}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffff0000000000000000850000004100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000004000002850000008600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

986.40542ms ago: executing program 0 (id=4983):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x44, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x15, 0x1, 0x8}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x24044815}, 0x0) (fail_nth: 4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r3}, &(0x7f0000000180), &(0x7f0000000500)='%pi6   \x00'}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0xc4, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0xb0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r6}}]}, {0x4, 0xa}, {0xc}, {0xffac, 0x8, {0x0, 0x2}}}}, @m_mpls={0x5c, 0x2, 0x0, 0x0, {{0x9}, {0x30}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc4}}, 0x0)
ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f00000000c0)=r6)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x4f, 0x20000001)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs2/custom0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000840)={0x1c, 0x0, &(0x7f0000000700)=[@acquire_done={0x40106309, 0x3}, @release={0x40046306, 0x1}], 0xd3, 0x0, &(0x7f0000000740)="70c286dd995942c9f0bfdd021091b8ff62fb7f2874376befa574e1f05b7a561acc7f5e9eb3aa8c0badfdced1843a4cc81464b0fb2cbc5a8842f48deb168679b1be216b6081c283fa8d68f4b8fa0c5d13a617e8dd624a222dcc406797d73c7434c0f33287fb271e8ac2e15c2ca05767f95f85e042b7f3a564c5c473f729a7fc46b8a9409f2e13ea0f595739a8dfcf993035a3f32a9b1b05e37f3f6ea305cd6993da293629e3bae7ec54cb11791404ca5f793249f1a3db80a2509e1dbbfe4980df115612412949e8efcbad6af2e178b3e2022807"})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c000280050001"], 0xa8}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000000a000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r8=>0x0})
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r9, &(0x7f0000000080)={0x1d, r8, 0x0, {0x0, 0x0, 0x4}}, 0x18)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xfffffffffffffffe, 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f0000000280)={'fscrypt:', @desc1}, &(0x7f0000000440)={0x0, "9d3e2abcbe9c8a9f9e80de2555be67be95a4cc4cf842cb10afc85af24f105687b578d3576aaf187bdef9c5d38268c42fbfee6cfa8f0a4ca2664f43892f7a373a", 0x31}, 0x48, 0x0)
close(r9)

953.484073ms ago: executing program 3 (id=4984):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x18)
setuid(0xee01)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000063119b010000000016000000000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f0000000100)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10, 0x0, 0xffffffffffffffff, 0xfcab}, 0x49)

952.112403ms ago: executing program 4 (id=4985):
socket(0x26, 0x800, 0x200)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x4}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xd}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x5c}}, 0x0)

835.908693ms ago: executing program 4 (id=4986):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x200)
writev(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="9b9eba65b4b80391ccf319800eb06e470a169ddb407a53c04c6499580aaad787db1487f02c35629b4f", 0x29}, {&(0x7f0000000280)="44c9eae1a24ed0b1e90d9b4fe9c2268170ceaf070b25b9e2d698de04dbca687efa8e08e88da9cb50a72935c7fbce2e9e4b7dec1703b37bd8b778a8b1f8cb9da2dd02139403f8769b42a541a4f772458015c9e85f32c3e41838967be5d1b61e11d57a8927d1aeaef7331f64f1efd1bfa4cd687611e00b51abc3238542881712d0e2d0cb6ab54ecdc746ede7d41c2e3dd1b312d192cc5678de6030827288bb9afc727c860313e5d54a1c957f5090d73e5e6a7a6a83da70e4e74bcfea42d9ccfad1032415e6151d0123b3aeb91eed39b644b10398e613f68798a1aa826c4b52fd8c8b70c047ddf98220605115", 0xeb}, {&(0x7f0000000380)="ee7e02b448d65ad95adc3c6c81eca5f37f7ad43af3ebba6fe3f4538780391e198b3c3154930ffa80081e784a503db3654eb4dd0565ab39243e4576723db4ddc16afa03f154dfb0461c103363f28f67d3b515887a298e8ff4f1f2f5a684387ca6813afe59d438d98e4c15d2cff94c4edd0fefce186400dc62c4c04b0c56246567074a7921feaad7440f255f7c2a6f8e679ba9df1da3739b230eaad48452af3e3bc743fb525545e9ce046dca76c6812bf062a2b2b64718", 0xb6}, {&(0x7f0000000480)="d5b37e892b4eb8bd528b8a8bf76a99c974b542c5b4ef7e4f70c2be7e0c7774360b5de60369d60268af60beec875674b60a43124b515b835faf0316fc22ca03dd6bd84ad5c50cbc7655a104dd0e73bba7764130d4e2014e1a4876beb6ae76b28059b58fc9299944a3", 0x68}, {&(0x7f0000000500)="a7afc01a155e476a0df947ff9cb30ef7c66e6d415f1693c9cc03e2973db992f22e014af48af2fe790409a8f74278aa72385ff64e215c8a86243ff4012bc0bf5f0104a316e51e285842d454ef91c603e83b7787a94036226d1ee20e745f80bd7d1f6f2695459a59291032eecde502d8810a8c54a295b74e9443263dbc06e727cc35a72617fbc6227c364b7adcdda4460ee7583d606947120c1bbdf47071776c9b", 0xa0}, {&(0x7f00000005c0)="1e97a16b2e645be26dca92cd14b15da51891fd941a33b485af231cd838d05f17c81ff92fe3288c80e9d34a802c29a2d5243cfcf72ae76880995512c2d4a9c97842e13e9b5abc5d80a7b9e9d22807f0f44805c30cc18165ba40ad84c3e142911f5b9acc29a0d1a3f69316a79ce187bdccc23dc90d0089fa32fe434eb6a6ddda64f5d900c015351756e023c82a52390cfbcd14ea44139e4dbf9675442df3499338512b5dc90c73ca32737c00fbb34bbc73860b38a6a89260ede02bc21a96f836f78fc7b88173aad2485d293d852329599464dbbb0d96deeef358c8e8f3", 0xdc}, {0x0}, {&(0x7f0000000780)="0761acc7a244561b18f5a09cd9dfec03e3a2bf46b9abe1ed93350d0ed6ec49a0a2620bd688e552a3b3a1d9608a933ab9e105667857a65b824d778d698617bb2fb325744e1e56da3511a086e536d1725a2c8c5809f4cd3d4f3f8118ad25b491ee6354fddb81363249b07b0aa282c21ac53a92ce6928c097a935ee67defa831dbdb03fc287203b390cbef44197a7eb90c5be59132b376c8d", 0x97}, {0x0}], 0x9)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x103940)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000000180)={0x80, 0xc, 0x2, 0xffffffef, 0x0, 0x200002})
syz_open_procfs$userns(0x0, &(0x7f0000000000))
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000440)=0x800004)

825.504993ms ago: executing program 1 (id=4987):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000010000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={r0, 0x7, 0x104, 0xfffffffe})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

684.284025ms ago: executing program 0 (id=4988):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000300)=r1}, 0x20)
syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x18, 0x0, @wg=@data}}}}}, 0x0)

683.309845ms ago: executing program 1 (id=4989):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000003380)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000006cfa00", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
r2 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000), 0x10)
connect$vsock_stream(r2, &(0x7f0000000400)={0x28, 0x0, 0x2710, @host}, 0x10)

646.179977ms ago: executing program 3 (id=4990):
r0 = syz_io_uring_setup(0x5c2, &(0x7f0000000840)={0x0, 0x0, 0x10, 0x8003}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x38, 0x13, r0, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r0, 0x6e2, 0x600, 0x65, 0x0, 0x0)

645.158758ms ago: executing program 1 (id=4991):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000570000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
get_mempolicy(0x0, 0x0, 0x203, &(0x7f0000394000/0x3000)=nil, 0x3)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x5, 0x6, 0x8, 0xad, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xd, 0x2, 0x4, 0x4002, 0x5, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000}, 0x50)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="08008863040002"], 0xfce)
r6 = socket$kcm(0x11, 0x200000000000002, 0x300)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000080)=r8, 0x4)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000005c0)={<r10=>0xffffffffffffffff}, 0x2, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r9, &(0x7f0000000640)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000580)=0x1, r10, 0x0, 0x1, 0x4}}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000638877fbac141416ac14141644089f034d2f87e5070f0cab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r11}, 0x10)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
write$RDMA_USER_CM_CMD_CONNECT(r9, &(0x7f0000000b00)={0x6, 0x118, 0xfa00, {{0x5, 0x4, "207a63f7d052210f4995d9bd3ceca13b249444d6be6da1076b0f27e9e21c31b94d17f9f88f3dbad96970e646c71ede670e83e028852e70c22e1fc2ac22fb0be33f597132f7c13635aa40fb4aa72832d2a0d3b81670ff077c44cfe6a33824dadda6121f01bc938636736992399563c229c43291cf61c40ec4b756552540c71e0109fa4705b6a26efffb7b5bd4b6d32f6f7303aaf071974418384deae1735d33735de326b59cd8b774c205291c0447a7e3f86d4d2863337d8d882596271b9ef5f6141cb920e4e468a64d7150e5a2ab6c1b9674a82a8460c123359f52b79b774770ae400c40c6bfe227196da57ea5c2b9e7167c63e4288505a4dbbef5ce8c6588af", 0x7, 0x31, 0x5, 0xff, 0x9, 0x7, 0x3, 0x1}, r10}}, 0x120)
sendmsg$TIPC_NL_KEY_SET(r12, &(0x7f0000000100)={0x0, 0x2844, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r13, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000006c0)={0x160, r13, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffffffb}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x18000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}]}, @TIPC_NLA_BEARER={0xf4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xf97}}, {0x14, 0x2, @in={0x2, 0x4e21, @broadcast}}}}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2e416161}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x5, @private0, 0x7}}, {0x14, 0x2, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}}}}]}]}, 0x160}}, 0x4048010)

644.673718ms ago: executing program 0 (id=4992):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x81})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

614.05715ms ago: executing program 3 (id=4993):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0x9, 0x0, 0x0, {}, [{0x54, 0x1, [@m_bpf={0x50, 0x1, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x4}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x3, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000001dc0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc", @ANYRESHEX=r0], &(0x7f0000000100)='GPL\x00'}, 0x94)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r4, &(0x7f0000000780)=[{{&(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c00000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010"], 0x30}}], 0x1, 0x4008804)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
r5 = syz_clone(0x2b00b100, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="020000000400137809f203e6e755de7e00000800", @ANYRES32=0x0, @ANYBLOB="115ea5ae3302ecfb37b8e228af565c8919debc6c1bb86ca3db4f3b602e77530d2092ad3c497066c9f9f72023dd7d4097a6312384056f54c6ce618016b13188ff5de938e741b4ba1738df8428b5f5cae90d3bc012f1ae281f4e8c6dc7dd759a25062bd371c58cf281eecc2107b190ed7fb40239a1356ae33fbd049c972f9a28042f564d61a85ca745078cceeecc575cb6e7", @ANYRESHEX=r2], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000b70400000800000085000000950000e9940000000000000000000000000042bd73ac7bd3cb6f9530e6d678d255b47c7b8a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r7}, 0x18)
ptrace(0x4206, r5)
waitid(0x1, r5, 0x0, 0x40000006, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r8, &(0x7f0000000080)={0xa, 0x0, 0xfffffffe, @local, 0x4}, 0x1c)
writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1)
ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000040)={0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000001cc0)='\x01\xf6\xff\x00\x00|\x94\xc79bk\x93k\x12o\x03\xf1<\xdfWM\xcd\xab\xea\x1a\xf2\x87\xfc\x16\xb6\xbe\x1f\x1f\xed78K\x16J\xe4\xdb\x9f\xf3\x10\x96\xd7)\x87\xdcn\xa9\xa3\xee9\xae`\xf7\xa1Z^\xec\xe8\x95\x83\x06\xde8\x8d\x8b1\'-\xaa\xf6(1\xbc\xdb\x85U)\x92\xff\x03_\xa9JE\xcewm_g\'a\x98\xde\xddf\x9d\xefp\xe3W\xa3\xa5i>u\x13\xf7uk\r5=\x88\x1a\xadN\xeaOn\xad$i\xc52~\xb8\xc8\x1cu\x12\xc77\xcd\xf0\xace\xcayl\xa6\xc6N\xe6\xaf\n\x04\x9c%\x9f\xec\xc8\x1e+aj5l\xe3\xd0\x002R\xec4Zw\xa1\xa5X\x87\x1eG\xf6g\x17\xf9\x9e\xab\x13\xa8\x067\x1c\x81b\x1f\nd+\x8as\xb7\xbe\xeb\xfa\xf7\xd1\xef\bp\x81|\x11\x1c\xbb8z\xb3\x18\xddG0\x18\xcaX\x844\xda\x8a\x99\x03\a{d-\x17\x00\x00')
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r9}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
setrlimit(0x9, &(0x7f0000000000))
io_setup(0x2004, &(0x7f0000001280))

566.506894ms ago: executing program 4 (id=4994):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000340), r0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x1100000000000000, &(0x7f0000000440)=@base={0x18, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0xffffffff}, 0x48)
shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="08010000", @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000080001000000000014000480050003000000000005000300000000000800020001000000d00008800c000780080006000000000024000780080005"], 0x108}}, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'tunl0\x00', &(0x7f0000000280)={'syztnl2\x00', <r7=>0x0, 0x10, 0x700, 0x0, 0x3, {{0x20, 0x4, 0x3, 0x2c, 0x80, 0x65, 0x0, 0x4, 0x4, 0x0, @multicast1, @remote, {[@timestamp_addr={0x44, 0x1c, 0xd9, 0x1, 0x6, [{@dev={0xac, 0x14, 0x14, 0x22}, 0x1}, {@rand_addr=0x64010101, 0x1000}, {@loopback, 0x1}]}, @ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x49, 0xffffffffffffffff, [{0x1, 0x3, "a8"}, {0x6, 0x7, "9c95a66dce"}, {0x2, 0xe, "9b8b68bc113c81ae06f9d92a"}, {0x5, 0x7, "5dfcb0c61d"}, {0x1, 0x5, "6fd57f"}, {0x2, 0x6, "5459fb3c"}, {0x6, 0x2}, {0x5, 0xf, "4245582dffa016a1539ff9d14e"}, {0x1, 0x8, "969235dbfcf6"}]}, @end]}}}}})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYRES32], 0x0, 0x4000000, 0x0, 0x0, 0x41000, 0x4, '\x00', r7}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r8}, 0x10)
r9 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r9, &(0x7f00000000c0)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1, 0x141, 0x0)

564.214394ms ago: executing program 5 (id=4995):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'xfrm0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x20, 0x10, 0x49920d862a92153b, 0x800, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3104, 0x1b400}}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r1, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

458.368513ms ago: executing program 1 (id=4996):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

445.878534ms ago: executing program 5 (id=4997):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = mq_open(&(0x7f0000000600)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdF\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1b\xf4\xce\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|9\x90\x8d\xf4r\xd9*\xd1\x83\n\x1a\xa8fa2\xd4:^\xd7a\x0f\x12}\a\x9d\xc9h\x02\xbe\xeb\x01\xd39LS\xefJ\xcc<\xc4\xc0\xb4A\xab{\x1b\x15<\x95\x02\xae\xfdT\x98\xf4\x85\a\x01@\x12\xe0<3\xb4\x97\xb6W\x84K\xd7\xc5\xf47\xed\xda4\xe2W\xb6r\xca\x1e\x90\xef\x13\xf1&~\x97n\x9f\x8eS\xa8R\xf6\x9d{9\x1bN\x81\x18~\xd7{', 0x42, 0x0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x6, 0x0)
mq_timedreceive(r1, &(0x7f000001a3c0)=""/102381, 0xffffffffffffff32, 0x0, 0x0) (fail_nth: 3)

409.276117ms ago: executing program 4 (id=4998):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x0, <r0=>0x0}, 0x8)
pipe(&(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, 0x0, 0x0, 0x80, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x2, 0xfffffe81, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000400000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x18)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x200000000000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000002c0), 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, 0x0, &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94)
r3 = io_uring_setup(0x5b42, &(0x7f0000000640)={0x0, 0xfffffffe, 0x800, 0x103fc, 0x159})
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x2b)
sendmsg$rds(r4, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000040)={{0x0, 0x1, 0x0, 0x1, 0x3}})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(0xffffffffffffffff, 0x0, 0x20)
symlinkat(&(0x7f0000000000)='.\x00', r6, &(0x7f0000000140)='./file0\x00')

311.468415ms ago: executing program 5 (id=4999):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x200)
writev(r0, &(0x7f00000008c0)=[{&(0x7f0000000200)="9b9eba65b4b80391ccf319800eb06e470a169ddb407a53c04c6499580aaad787db1487f02c35629b4f", 0x29}, {&(0x7f0000000280)="44c9eae1a24ed0b1e90d9b4fe9c2268170ceaf070b25b9e2d698de04dbca687efa8e08e88da9cb50a72935c7fbce2e9e4b7dec1703b37bd8b778a8b1f8cb9da2dd02139403f8769b42a541a4f772458015c9e85f32c3e41838967be5d1b61e11d57a8927d1aeaef7331f64f1efd1bfa4cd687611e00b51abc3238542881712d0e2d0cb6ab54ecdc746ede7d41c2e3dd1b312d192cc5678de6030827288bb9afc727c860313e5d54a1c957f5090d73e5e6a7a6a83da70e4e74bcfea42d9ccfad1032415e6151d0123b3aeb91eed39b644b10398e613f68798a1aa826c4b52fd8c8b70c047ddf98220605115", 0xeb}, {&(0x7f0000000380)="ee7e02b448d65ad95adc3c6c81eca5f37f7ad43af3ebba6fe3f4538780391e198b3c3154930ffa80081e784a503db3654eb4dd0565ab39243e4576723db4ddc16afa03f154dfb0461c103363f28f67d3b515887a298e8ff4f1f2f5a684387ca6813afe59d438d98e4c15d2cff94c4edd0fefce186400dc62c4c04b0c56246567074a7921feaad7440f255f7c2a6f8e679ba9df1da3739b230eaad48452af3e3bc743fb525545e9ce046dca76c6812bf062a2b2b64718", 0xb6}, {&(0x7f0000000480)="d5b37e892b4eb8bd528b8a8bf76a99c974b542c5b4ef7e4f70c2be7e0c7774360b5de60369d60268af60beec875674b60a43124b515b835faf0316fc22ca03dd6bd84ad5c50cbc7655a104dd0e73bba7764130d4e2014e1a4876beb6ae76b28059b58fc9299944a3", 0x68}, {&(0x7f0000000500)="a7afc01a155e476a0df947ff9cb30ef7c66e6d415f1693c9cc03e2973db992f22e014af48af2fe790409a8f74278aa72385ff64e215c8a86243ff4012bc0bf5f0104a316e51e285842d454ef91c603e83b7787a94036226d1ee20e745f80bd7d1f6f2695459a59291032eecde502d8810a8c54a295b74e9443263dbc06e727cc35a72617fbc6227c364b7adcdda4460ee7583d606947120c1bbdf47071776c9b", 0xa0}, {&(0x7f00000005c0)="1e97a16b2e645be26dca92cd14b15da51891fd941a33b485af231cd838d05f17c81ff92fe3288c80e9d34a802c29a2d5243cfcf72ae76880995512c2d4a9c97842e13e9b5abc5d80a7b9e9d22807f0f44805c30cc18165ba40ad84c3e142911f5b9acc29a0d1a3f69316a79ce187bdccc23dc90d0089fa32fe434eb6a6ddda64f5d900c015351756e023c82a52390cfbcd14ea44139e4dbf9675442df3499338512b5dc90c73ca32737c00fbb34bbc73860b38a6a89260ede02bc21a96f836f78fc7b88173aad2485d293d852329599464dbbb0d96deeef358c8e8f3", 0xdc}, {&(0x7f00000006c0)="d370b3c81a4124abf9f3d28e61505ac59c180af06da7b5b2f1fc16dcfe1a47c0e789753b160b58699b035f3f90d09cf1dba0dfe2adc253c9c2e9b743b4ccbf89a1b53ef079bf89c21c2159033a7cab6c822673f37e829266c8472cce9dd5711370da910772bdac1259e23b08c909ede347e11894bc25850b153efa44735d1f718abdbcbb06d17571e309b16f4341edb9055567f8b32d09a7a65e4376668969de3283cc80db5952e47e91ad4765b3c8a8dd4261b14a95db42d4cd", 0xba}, {&(0x7f0000000780)="0761acc7a244561b18f5a09cd9dfec03e3a2bf46b9abe1ed93350d0ed6ec49a0a2620bd688e552a3b3a1d9608a933ab9e105667857a65b824d778d698617bb2fb325744e1e56da3511a086e536d1725a2c8c5809f4cd3d4f3f8118ad25b491ee6354fddb813632", 0x67}, {0x0}], 0x9)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x103940)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000000180)={0x80, 0xc, 0x2, 0xffffffef, 0x0, 0x200002})
syz_open_procfs$userns(0x0, &(0x7f0000000000))
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000440)=0x800004)

310.741415ms ago: executing program 1 (id=5000):
socket(0x10, 0x3, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000100)=0x730)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r5, &(0x7f0000000b00)={0xa, 0xfdfe, 0x100007, @remote, 0xa}, 0x1c)
connect$pppl2tp(r4, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x8, 0x0, 0x5, 0x0, {0xa, 0x0, 0xf9d, @private2}}}, 0x32)
writev(r4, &(0x7f0000000180)=[{&(0x7f0000000080)}], 0x1)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000140)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r8, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x0, 0x10}, 0xc)
r9 = dup(r8)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x40000000004, 0x0, 0x111, 0xa}}, 0xf)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10, 0x0, 0x10000002}, 0x18)
socket$inet6_tcp(0xa, 0x1, 0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r11}, &(0x7f0000000500), &(0x7f0000000540)}, 0x20)

285.419537ms ago: executing program 0 (id=5001):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000003380)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000006cfa00001812", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
r2 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000), 0x10)
connect$vsock_stream(r2, &(0x7f0000000400)={0x28, 0x0, 0x2710, @host}, 0x10)

206.106793ms ago: executing program 0 (id=5002):
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xd3, 0x1, 0x0, 0x0, 0x0, 0xf, 0x9211, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={0x0, 0xc}, 0x14ce3, 0x100004, 0x0, 0x2, 0x6, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x11, r0, 0x0)
r1 = syz_io_uring_setup(0x684e, &(0x7f00000000c0)={0x0, 0x79af, 0x2, 0x8008000, 0x183}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x90102, 0x38)
syz_emit_ethernet(0x7a, &(0x7f0000000380)=ANY=[@ANYBLOB="bbbbbbbbbbbb000000000000884800000000000000000000010000000000000000000000000000000000000f0f0000000f008efc734223eda25898fed623c6f1d1567674fd627f4e82adf14319a527ef4f58d5ec35e0f3e0eb22b3acb5a2a890cc9ca494d620db72418acb83a82df67931b1e7ea0289ccab1b97"], &(0x7f0000000300)={0x1, 0x1, [0x5b1, 0xd33, 0xf7c, 0xb69]})
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_STATX={0x15, 0x15, 0x0, r4, &(0x7f0000000200), &(0x7f0000000180)='./file0\x00', 0x80, 0x400, 0x1})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x1159e4047a6348de, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
r6 = socket(0x1e, 0x4, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r8 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffafff, 0x1000, 0x6, 0xa1})
io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x401, 0xfffffffe, 0x0, 0xffffffff}, 0x10)
close(r6)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x220800, &(0x7f0000000500)={[{@jqfmt_vfsold}]}, 0xfe, 0x4fe, &(0x7f0000001000)="$eJzs3V9rHGsZAPBnJrvnJG2Om6NeHA94WmwlKdpN0tg2eFEriF4V1HpfY7INIZtsSTZtE4qm+AEEERW80StvBD+AIP0IIhT0XlQU0VYvvKiO7O5sTNPd/KHJbk/294M3O+/szD7vk2HenXdm2AlgYJ2PiImIyLIsuxQRpXx+mpfYbpXGcs+fPZpvlCSy7Pbfk0jyee3Pejt/PZuvNhwRX/9KxLeSV+Oub24tz1WrlbW8PllfSV5k2dblpZW5xcpiZXVmZvra7PXZq7NTx5LnWETc+NKff/i9n3/5xq8/++APd/468e1Wgi278zhOrdSLzf9FWyEi1k4iWJ8Umhm2XO1zWwAA2F/jeP+jEfGpiLgUpRhqHs0BAAAAp0n2hdF4kbSu/wEAAACnUxoRo5Gk5fx+39FI03K5dQ/vx+NMWq2t1z+TlXbOF4xFMb27VK1M5fcOjEUxadSn83ts2/Ure+ozEfFuRPygNNKsl+dr1YW+nvkAAACAwXF2z/j/X6XW+B8AAAA4Zcb63QAAAADgxBn/AwAAwOln/A8AAACn2ldv3WqUrP3864X7mxvLtfuXFyrry+WVjfnyfG3tXnmxVlts/mbfykGfV63V7n0uVjceTtYr6/XJ9c2tOyu1jdX6naWXHoENAAAA9NC75578PomI7c+PpBGRJbveK0ZkQ7sXLvS+fcDJSY+y8J9Orh1A7w31uwFA3zikh8FV7HcDgL47qB/oevPOb46/LQAAwMkY/8TO9f9maXgrfy/pa8uAk5Zf/0/s6zB4XP+HweX6Hwyu4n5HAAYFcOqlh9jVX//6f5YdqVEAAMCxG22WJC3n44DRSNNyOeKd5mMBisndpWplKiI+EhG/KxXfbtSnm2smTg8AAAAAAAAAAAAAAAAAAAAAAAAAwCFlWRJZFyM7ywAAAAAfZhHpX5L8+V/jpYuje88PvJX8u9R8jYgHP7n9o4dz9fradGP+P3bm13+cz7/S67MXAAAAQCftcXp7HA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx+n5s0fz7dLLuH/7YkSMdYpfiOHm63AUI+LMP5Mo7FoviYihY4i//Tgi3usUP2k0K8byVuyNn0bESJ/jnz2G+DDInjT6n5ud9r80zjdfO+9/hby8ru79X7rT/w116f/e6fSB6auz3n/6y8mu8R9HvF/o3P+04ydd4l84ZI7f/MbWVrf3sp9FjHf6/im+HGsyKdybXN/cury0MrdYWayszsxMX5u9Pnt1dmry7lK1kv/tGOP7n/zVf/fL/0zH779W/7tf/hcPmf9/nj589rHYm1Ve/2mWTVzovP3f6xK//d336XxzN+rj7ent1vRuH/zitx+c2yf/hS75H7T9Jw6Z/6WvffePh1wUAOiB9c2t5blqtbJ2tIkkYvs1Vu/DxPCb0YzBnBiJHgadi/2WaR/E9qA938lDvRGb4MgT/euTAACAk/H/g/5+twQAAAAAAAAAAAAAAAAAAAAG10E/AxZH/PGwmxGx9629Mbf7kyoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL7+FwAA//+0j8ZZ")
perf_event_open(&(0x7f00000000c0)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8088e3ad132bc192, 0x4002011, r0, 0x0)

156.037317ms ago: executing program 3 (id=5003):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x8000)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)

126.9098ms ago: executing program 4 (id=5004):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

5.60537ms ago: executing program 4 (id=5005):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = memfd_create(&(0x7f00000001c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xd9\x19\x17\xb0\xed|\xb3\xc2\x017h\xe9kL\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f2\xf7]#\xed,\xc7\x03\x00\x00\x00\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4R$\xaa\x00U\x92\xd2\x99\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8\xfb\x16\x8e\x8b-W\xd4\xc9\xbc\x94CR[Du8U^\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xbd+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96', 0x5)
fsetxattr$security_selinux(r3, &(0x7f0000000480), &(0x7f00000004c0)='system_u:object_r:hwdata_t:s0\x00', 0x1a, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5, 0x0, 0x400007}, 0x18)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r7, 0x0, 0x20000000000}, 0x18)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r9}, 0x18)
r10 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_access(r10, &(0x7f00000002c0)=ANY=[], 0x46)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYRES8=r2], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='signal_generate\x00', r11}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x11)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', <r12=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00', <r13=>0x0})
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x90, 0x0, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x44, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r12}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r13}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}]}, 0x90}, 0x1, 0x0, 0x0, 0x82}, 0x4)

0s ago: executing program 5 (id=5006):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kfree\x00', r0}, 0x18)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x81})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

kernel console output (not intermixed with test programs):

tary) 
[  321.585555][T17635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  321.585607][T17635] Call Trace:
[  321.585616][T17635]  <TASK>
[  321.585626][T17635]  __dump_stack+0x1d/0x30
[  321.585656][T17635]  dump_stack_lvl+0xe8/0x140
[  321.585685][T17635]  dump_stack+0x15/0x1b
[  321.585710][T17635]  should_fail_ex+0x265/0x280
[  321.585782][T17635]  should_failslab+0x8c/0xb0
[  321.585818][T17635]  kmem_cache_alloc_noprof+0x50/0x310
[  321.585859][T17635]  ? security_file_alloc+0x32/0x100
[  321.585906][T17635]  security_file_alloc+0x32/0x100
[  321.586038][T17635]  init_file+0x5c/0x1d0
[  321.586122][T17635]  alloc_empty_file+0x8b/0x200
[  321.586165][T17635]  alloc_file_pseudo+0xc6/0x160
[  321.586212][T17635]  __shmem_file_setup+0x1de/0x210
[  321.586332][T17635]  shmem_file_setup+0x3b/0x50
[  321.586379][T17635]  __se_sys_memfd_create+0x2c3/0x590
[  321.586479][T17635]  __x64_sys_memfd_create+0x31/0x40
[  321.586505][T17635]  x64_sys_call+0x2abe/0x2ff0
[  321.586665][T17635]  do_syscall_64+0xd2/0x200
[  321.586753][T17635]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  321.586804][T17635]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  321.586896][T17635]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.586929][T17635] RIP: 0033:0x7f439e25eb69
[  321.586952][T17635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.587005][T17635] RSP: 002b:00007f439c8bee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  321.587028][T17635] RAX: ffffffffffffffda RBX: 0000000000000555 RCX: 00007f439e25eb69
[  321.587044][T17635] RDX: 00007f439c8beef0 RSI: 0000000000000000 RDI: 00007f439e2e2784
[  321.587060][T17635] RBP: 0000200000000640 R08: 00007f439c8bebb7 R09: 00007f439c8bee40
[  321.587153][T17635] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000005c0
[  321.587173][T17635] R13: 00007f439c8beef0 R14: 00007f439c8beeb0 R15: 0000200000000600
[  321.587204][T17635]  </TASK>
[  321.943984][T17643] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17643 comm=syz.0.4199
[  321.957018][T17643] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=17643 comm=syz.0.4199
[  322.130650][T17654] FAULT_INJECTION: forcing a failure.
[  322.130650][T17654] name failslab, interval 1, probability 0, space 0, times 0
[  322.143705][T17654] CPU: 0 UID: 0 PID: 17654 Comm: syz.0.4205 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  322.143744][T17654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  322.143770][T17654] Call Trace:
[  322.143779][T17654]  <TASK>
[  322.143800][T17654]  __dump_stack+0x1d/0x30
[  322.143840][T17654]  dump_stack_lvl+0xe8/0x140
[  322.143870][T17654]  dump_stack+0x15/0x1b
[  322.143905][T17654]  should_fail_ex+0x265/0x280
[  322.143953][T17654]  should_failslab+0x8c/0xb0
[  322.143998][T17654]  kmem_cache_alloc_noprof+0x50/0x310
[  322.144043][T17654]  ? mas_alloc_nodes+0x265/0x520
[  322.144080][T17654]  mas_alloc_nodes+0x265/0x520
[  322.144114][T17654]  mas_preallocate+0x33e/0x520
[  322.144150][T17654]  __split_vma+0x240/0x650
[  322.144189][T17654]  ? __rcu_read_unlock+0x34/0x70
[  322.144216][T17654]  ? bpf_prog_8f4d9728dfbc680e+0x32/0x32
[  322.144238][T17654]  vms_gather_munmap_vmas+0x172/0x7a0
[  322.144266][T17654]  ? mas_find+0x608/0x700
[  322.144295][T17654]  mmap_region+0x53f/0x1630
[  322.144373][T17654]  do_mmap+0x9b3/0xbe0
[  322.144415][T17654]  __se_sys_remap_file_pages+0x55e/0x600
[  322.144458][T17654]  __x64_sys_remap_file_pages+0x67/0x80
[  322.144490][T17654]  x64_sys_call+0x23af/0x2ff0
[  322.144518][T17654]  do_syscall_64+0xd2/0x200
[  322.144549][T17654]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  322.144581][T17654]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.144612][T17654] RIP: 0033:0x7f439e25eb69
[  322.144634][T17654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.144663][T17654] RSP: 002b:00007f439c8bf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8
[  322.144683][T17654] RAX: ffffffffffffffda RBX: 00007f439e485fa0 RCX: 00007f439e25eb69
[  322.144697][T17654] RDX: 0000000000000000 RSI: 0000000000400d00 RDI: 000020000051c000
[  322.144715][T17654] RBP: 00007f439c8bf090 R08: 0000000000000000 R09: 0000000000000000
[  322.144737][T17654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  322.144754][T17654] R13: 0000000000000000 R14: 00007f439e485fa0 R15: 00007ffe7e213c18
[  322.144777][T17654]  </TASK>
[  322.525800][T17673] __nla_validate_parse: 11 callbacks suppressed
[  322.525824][T17673] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4211'.
[  322.549842][T17673] team4: entered promiscuous mode
[  322.555193][T17673] team4: entered allmulticast mode
[  322.583235][T17677] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4213'.
[  322.586702][T17680] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4214'.
[  322.689288][T17685] FAULT_INJECTION: forcing a failure.
[  322.689288][T17685] name failslab, interval 1, probability 0, space 0, times 0
[  322.702197][T17685] CPU: 0 UID: 0 PID: 17685 Comm: syz.4.4216 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  322.702238][T17685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  322.702255][T17685] Call Trace:
[  322.702262][T17685]  <TASK>
[  322.702271][T17685]  __dump_stack+0x1d/0x30
[  322.702298][T17685]  dump_stack_lvl+0xe8/0x140
[  322.702352][T17685]  dump_stack+0x15/0x1b
[  322.702374][T17685]  should_fail_ex+0x265/0x280
[  322.702418][T17685]  should_failslab+0x8c/0xb0
[  322.702443][T17685]  kmem_cache_alloc_noprof+0x50/0x310
[  322.702537][T17685]  ? security_file_alloc+0x32/0x100
[  322.702568][T17685]  security_file_alloc+0x32/0x100
[  322.702658][T17685]  init_file+0x5c/0x1d0
[  322.702691][T17685]  alloc_empty_file+0x8b/0x200
[  322.702764][T17685]  alloc_file_pseudo+0xc6/0x160
[  322.702821][T17685]  __shmem_file_setup+0x1de/0x210
[  322.702857][T17685]  shmem_file_setup+0x3b/0x50
[  322.702931][T17685]  __se_sys_memfd_create+0x2c3/0x590
[  322.703035][T17685]  __x64_sys_memfd_create+0x31/0x40
[  322.703059][T17685]  x64_sys_call+0x2abe/0x2ff0
[  322.703080][T17685]  do_syscall_64+0xd2/0x200
[  322.703104][T17685]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  322.703129][T17685]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  322.703190][T17685]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.703219][T17685] RIP: 0033:0x7fc90b22eb69
[  322.703240][T17685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.703269][T17685] RSP: 002b:00007fc909896d68 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  322.703288][T17685] RAX: ffffffffffffffda RBX: 00000000000005bd RCX: 00007fc90b22eb69
[  322.703301][T17685] RDX: 00007fc909896dec RSI: 0000000000000000 RDI: 00007fc90b2b2784
[  322.703314][T17685] RBP: 00002000000005c0 R08: 00007fc909896b07 R09: 0000000000000000
[  322.703327][T17685] R10: 000000000000000a R11: 0000000000000202 R12: 0000000000000001
[  322.703339][T17685] R13: 00007fc909896dec R14: 00007fc909896df0 R15: 00007fffcb34d978
[  322.703360][T17685]  </TASK>
[  322.929530][T17686] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17686 comm=syz.3.4214
[  322.942485][T17686] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=17686 comm=syz.3.4214
[  323.034468][T17692] block device autoloading is deprecated and will be removed.
[  323.071154][T17698] FAULT_INJECTION: forcing a failure.
[  323.071154][T17698] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  323.084474][T17698] CPU: 0 UID: 0 PID: 17698 Comm: syz.3.4222 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  323.084510][T17698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  323.084526][T17698] Call Trace:
[  323.084579][T17698]  <TASK>
[  323.084599][T17698]  __dump_stack+0x1d/0x30
[  323.084625][T17698]  dump_stack_lvl+0xe8/0x140
[  323.084673][T17698]  dump_stack+0x15/0x1b
[  323.084692][T17698]  should_fail_ex+0x265/0x280
[  323.084731][T17698]  should_fail+0xb/0x20
[  323.084837][T17698]  should_fail_usercopy+0x1a/0x20
[  323.084860][T17698]  _copy_to_user+0x20/0xa0
[  323.084889][T17698]  rng_dev_read+0x3ef/0x740
[  323.085001][T17698]  ? __pfx_rng_dev_read+0x10/0x10
[  323.085036][T17698]  vfs_readv+0x3fb/0x690
[  323.085099][T17698]  __x64_sys_preadv+0xfd/0x1c0
[  323.085134][T17698]  x64_sys_call+0x282a/0x2ff0
[  323.085235][T17698]  do_syscall_64+0xd2/0x200
[  323.085314][T17698]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  323.085404][T17698]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  323.085505][T17698]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.085530][T17698] RIP: 0033:0x7f66d8f2eb69
[  323.085548][T17698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.085597][T17698] RSP: 002b:00007f66d758f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  323.085620][T17698] RAX: ffffffffffffffda RBX: 00007f66d9155fa0 RCX: 00007f66d8f2eb69
[  323.085635][T17698] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000005
[  323.085649][T17698] RBP: 00007f66d758f090 R08: 0000000000000000 R09: 0000000000000000
[  323.085671][T17698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  323.085685][T17698] R13: 0000000000000000 R14: 00007f66d9155fa0 R15: 00007ffe81821958
[  323.085708][T17698]  </TASK>
[  323.291361][T17696] SELinux: failed to load policy
[  323.296680][T17700] netlink: 'syz.1.4223': attribute type 3 has an invalid length.
[  323.333339][T17704] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4225'.
[  323.351369][T17704] team7: entered promiscuous mode
[  323.356774][T17704] team7: entered allmulticast mode
[  323.384686][T17706] can0: slcan on ttyS3.
[  323.474283][T17706] can0 (unregistered): slcan off ttyS3.
[  323.489535][T17720] can0: slcan on ttyS3.
[  323.555775][T17705] can0 (unregistered): slcan off ttyS3.
[  323.629768][T17735] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4235'.
[  323.649768][T17735] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4235'.
[  323.732585][T17739] FAULT_INJECTION: forcing a failure.
[  323.732585][T17739] name failslab, interval 1, probability 0, space 0, times 0
[  323.745394][T17739] CPU: 1 UID: 0 PID: 17739 Comm: syz.4.4233 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  323.745433][T17739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  323.745453][T17739] Call Trace:
[  323.745461][T17739]  <TASK>
[  323.745470][T17739]  __dump_stack+0x1d/0x30
[  323.745495][T17739]  dump_stack_lvl+0xe8/0x140
[  323.745568][T17739]  dump_stack+0x15/0x1b
[  323.745597][T17739]  should_fail_ex+0x265/0x280
[  323.745634][T17739]  ? __pfx_proc_self_get_link+0x10/0x10
[  323.745806][T17739]  ? proc_self_get_link+0x97/0x110
[  323.745838][T17739]  should_failslab+0x8c/0xb0
[  323.745913][T17739]  __kmalloc_cache_noprof+0x4c/0x320
[  323.745945][T17739]  ? __pfx_proc_self_get_link+0x10/0x10
[  323.746033][T17739]  proc_self_get_link+0x97/0x110
[  323.746060][T17739]  pick_link+0x47d/0x830
[  323.746097][T17739]  step_into+0x7b6/0x820
[  323.746151][T17739]  ? inode_permission+0x106/0x310
[  323.746180][T17739]  link_path_walk+0x571/0x900
[  323.746212][T17739]  path_openat+0x1de/0x2170
[  323.746230][T17739]  ? kvm_sched_clock_read+0x11/0x20
[  323.746305][T17739]  ? _parse_integer_limit+0x170/0x190
[  323.746387][T17739]  do_filp_open+0x109/0x230
[  323.746416][T17739]  do_sys_openat2+0xa6/0x110
[  323.746451][T17739]  __x64_sys_openat+0xf2/0x120
[  323.746554][T17739]  x64_sys_call+0x2e9c/0x2ff0
[  323.746612][T17739]  do_syscall_64+0xd2/0x200
[  323.746636][T17739]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  323.746707][T17739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.746755][T17739] RIP: 0033:0x7fc90b22d4d0
[  323.746774][T17739] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  323.746807][T17739] RSP: 002b:00007fc909854f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  323.746828][T17739] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fc90b22d4d0
[  323.746840][T17739] RDX: 0000000000000002 RSI: 00007fc909854fa0 RDI: 00000000ffffff9c
[  323.746853][T17739] RBP: 00007fc909854fa0 R08: 0000000000000000 R09: 0000000000000000
[  323.746866][T17739] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  323.746922][T17739] R13: 0000000000000000 R14: 00007fc90b456160 R15: 00007fffcb34d978
[  323.746943][T17739]  </TASK>
[  324.033956][T17719] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4231'.
[  324.243979][T17750] block device autoloading is deprecated and will be removed.
[  324.282667][T17752] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4242'.
[  324.291925][T17752] netlink: 212 bytes leftover after parsing attributes in process `syz.1.4242'.
[  324.444326][T17755] syzkaller1: entered promiscuous mode
[  324.449992][T17755] syzkaller1: entered allmulticast mode
[  324.459741][T17755] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  324.535221][T17760] can0: slcan on ttyS3.
[  324.555504][T17769] FAULT_INJECTION: forcing a failure.
[  324.555504][T17769] name failslab, interval 1, probability 0, space 0, times 0
[  324.568701][T17769] CPU: 1 UID: 0 PID: 17769 Comm: +}[@ Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  324.568799][T17769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  324.568815][T17769] Call Trace:
[  324.568823][T17769]  <TASK>
[  324.568832][T17769]  __dump_stack+0x1d/0x30
[  324.568908][T17769]  dump_stack_lvl+0xe8/0x140
[  324.568927][T17769]  dump_stack+0x15/0x1b
[  324.568944][T17769]  should_fail_ex+0x265/0x280
[  324.569059][T17769]  should_failslab+0x8c/0xb0
[  324.569084][T17769]  kmem_cache_alloc_node_noprof+0x57/0x320
[  324.569120][T17769]  ? alloc_vmap_area+0x231/0xe50
[  324.569207][T17769]  alloc_vmap_area+0x231/0xe50
[  324.569241][T17769]  ? should_failslab+0x8c/0xb0
[  324.569264][T17769]  ? __kmalloc_cache_node_noprof+0x18a/0x320
[  324.569295][T17769]  __get_vm_area_node+0x173/0x1d0
[  324.569388][T17769]  __vmalloc_node_range_noprof+0x273/0xe00
[  324.569422][T17769]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  324.569461][T17769]  ? avc_has_perm_noaudit+0x1b1/0x200
[  324.569499][T17769]  ? cred_has_capability+0x210/0x280
[  324.569547][T17769]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  324.569581][T17769]  __vmalloc_noprof+0x83/0xc0
[  324.569620][T17769]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  324.569682][T17769]  bpf_prog_alloc_no_stats+0x47/0x3a0
[  324.569706][T17769]  ? bpf_prog_alloc+0x2a/0x150
[  324.569732][T17769]  bpf_prog_alloc+0x3c/0x150
[  324.569836][T17769]  bpf_prog_load+0x514/0x1070
[  324.569882][T17769]  ? security_bpf+0x2b/0x90
[  324.569916][T17769]  __sys_bpf+0x462/0x7b0
[  324.569959][T17769]  __x64_sys_bpf+0x41/0x50
[  324.570049][T17769]  x64_sys_call+0x2aea/0x2ff0
[  324.570070][T17769]  do_syscall_64+0xd2/0x200
[  324.570101][T17769]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  324.570185][T17769]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  324.570208][T17769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.570314][T17769] RIP: 0033:0x7f439e25eb69
[  324.570330][T17769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.570354][T17769] RSP: 002b:00007f439c8bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  324.570378][T17769] RAX: ffffffffffffffda RBX: 00007f439e485fa0 RCX: 00007f439e25eb69
[  324.570395][T17769] RDX: 0000000000000094 RSI: 0000200000000240 RDI: 0000000000000005
[  324.570412][T17769] RBP: 00007f439c8bf090 R08: 0000000000000000 R09: 0000000000000000
[  324.570429][T17769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  324.570498][T17769] R13: 0000000000000000 R14: 00007f439e485fa0 R15: 00007ffe7e213c18
[  324.570539][T17769]  </TASK>
[  324.570548][T17769] +}[@: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null)
[  324.710592][T17777] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4249'.
[  324.712279][T17769] ,cpuset=/,mems_allowed=0
[  324.862974][T17769] CPU: 1 UID: 0 PID: 17769 Comm: +}[@ Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  324.863045][T17769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  324.863059][T17769] Call Trace:
[  324.863066][T17769]  <TASK>
[  324.863074][T17769]  __dump_stack+0x1d/0x30
[  324.863097][T17769]  dump_stack_lvl+0xe8/0x140
[  324.863117][T17769]  dump_stack+0x15/0x1b
[  324.863134][T17769]  warn_alloc+0x12b/0x1a0
[  324.863234][T17769]  __vmalloc_node_range_noprof+0x297/0xe00
[  324.863283][T17769]  ? avc_has_perm_noaudit+0x1b1/0x200
[  324.863310][T17769]  ? cred_has_capability+0x210/0x280
[  324.863347][T17769]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  324.863377][T17769]  __vmalloc_noprof+0x83/0xc0
[  324.863562][T17769]  ? bpf_prog_alloc_no_stats+0x47/0x3a0
[  324.863594][T17769]  bpf_prog_alloc_no_stats+0x47/0x3a0
[  324.863621][T17769]  ? bpf_prog_alloc+0x2a/0x150
[  324.863648][T17769]  bpf_prog_alloc+0x3c/0x150
[  324.863745][T17769]  bpf_prog_load+0x514/0x1070
[  324.863783][T17769]  ? security_bpf+0x2b/0x90
[  324.863815][T17769]  __sys_bpf+0x462/0x7b0
[  324.863925][T17769]  __x64_sys_bpf+0x41/0x50
[  324.863950][T17769]  x64_sys_call+0x2aea/0x2ff0
[  324.864021][T17769]  do_syscall_64+0xd2/0x200
[  324.864046][T17769]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  324.864127][T17769]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  324.864178][T17769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.864201][T17769] RIP: 0033:0x7f439e25eb69
[  324.864217][T17769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.864240][T17769] RSP: 002b:00007f439c8bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  324.864269][T17769] RAX: ffffffffffffffda RBX: 00007f439e485fa0 RCX: 00007f439e25eb69
[  324.864340][T17769] RDX: 0000000000000094 RSI: 0000200000000240 RDI: 0000000000000005
[  324.864353][T17769] RBP: 00007f439c8bf090 R08: 0000000000000000 R09: 0000000000000000
[  324.864366][T17769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  324.864379][T17769] R13: 0000000000000000 R14: 00007f439e485fa0 R15: 00007ffe7e213c18
[  324.864398][T17769]  </TASK>
[  324.864417][T17769] Mem-Info:
[  325.087496][T17769] active_anon:7410 inactive_anon:4376 isolated_anon:0
[  325.087496][T17769]  active_file:8253 inactive_file:2598 isolated_file:0
[  325.087496][T17769]  unevictable:0 dirty:158 writeback:0
[  325.087496][T17769]  slab_reclaimable:3378 slab_unreclaimable:29747
[  325.087496][T17769]  mapped:29667 shmem:4544 pagetables:1265
[  325.087496][T17769]  sec_pagetables:0 bounce:0
[  325.087496][T17769]  kernel_misc_reclaimable:0
[  325.087496][T17769]  free:1865476 free_pcp:13300 free_cma:0
[  325.134659][T17769] Node 0 active_anon:29640kB inactive_anon:17504kB active_file:33012kB inactive_file:10392kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118668kB dirty:632kB writeback:0kB shmem:18176kB kernel_stack:4416kB pagetables:5060kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  325.164350][T17769] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  325.193319][T17769] lowmem_reserve[]: 0 2883 7862 7862
[  325.198732][T17769] Node 0 DMA32 free:2949228kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2952860kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3532kB free_cma:0kB
[  325.229674][T17769] lowmem_reserve[]: 0 0 4978 4978
[  325.234796][T17769] Node 0 Normal free:4497316kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:29640kB inactive_anon:17504kB active_file:33012kB inactive_file:10392kB unevictable:0kB writepending:632kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:49568kB local_pcp:21684kB free_cma:0kB
[  325.268112][T17769] lowmem_reserve[]: 0 0 0 0
[  325.272839][T17769] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  325.286009][T17769] Node 0 DMA32: 3*4kB (M) 2*8kB (M) 3*16kB (M) 3*32kB (M) 3*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 3*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949228kB
[  325.302525][T17769] Node 0 Normal: 3946*4kB (UME) 2323*8kB (UM) 1388*16kB (UME) 1789*32kB (UME) 1015*64kB (UME) 503*128kB (UME) 271*256kB (UME) 194*512kB (UM) 170*1024kB (UM) 76*2048kB (UM) 917*4096kB (UM) = 4497632kB
[  325.322851][T17769] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  325.332224][T17769] 15403 total pagecache pages
[  325.336976][T17769] 48 pages in swap cache
[  325.341248][T17769] Free swap  = 77056kB
[  325.345320][T17769] Total swap = 124996kB
[  325.349518][T17769] 2097051 pages RAM
[  325.353346][T17769] 0 pages HighMem/MovableOnly
[  325.358068][T17769] 80436 pages reserved
[  325.386987][T17781] team5: entered promiscuous mode
[  325.392032][   T29] kauditd_printk_skb: 91 callbacks suppressed
[  325.392053][   T29] audit: type=1326 audit(1755860321.352:5793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17785 comm="syz.0.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  325.398313][T17781] team5: entered allmulticast mode
[  325.422206][T17760] can0 (unregistered): slcan off ttyS3.
[  325.445558][   T29] audit: type=1326 audit(1755860321.392:5794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17785 comm="syz.0.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  325.469345][   T29] audit: type=1326 audit(1755860321.392:5795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17785 comm="syz.0.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  325.492972][   T29] audit: type=1326 audit(1755860321.392:5796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17785 comm="syz.0.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  325.516748][   T29] audit: type=1326 audit(1755860321.392:5797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17785 comm="syz.0.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  325.540984][   T29] audit: type=1326 audit(1755860321.392:5798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17785 comm="syz.0.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  325.565034][   T29] audit: type=1326 audit(1755860321.392:5799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17785 comm="syz.0.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  325.565743][T17794] FAULT_INJECTION: forcing a failure.
[  325.565743][T17794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  325.589171][   T29] audit: type=1326 audit(1755860321.392:5800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17785 comm="syz.0.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  325.602264][T17794] CPU: 1 UID: 0 PID: 17794 Comm: syz.1.4259 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  325.602301][T17794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  325.602317][T17794] Call Trace:
[  325.602327][T17794]  <TASK>
[  325.602336][T17794]  __dump_stack+0x1d/0x30
[  325.602437][T17794]  dump_stack_lvl+0xe8/0x140
[  325.602476][T17794]  dump_stack+0x15/0x1b
[  325.602497][T17794]  should_fail_ex+0x265/0x280
[  325.602547][T17794]  should_fail+0xb/0x20
[  325.602646][T17794]  should_fail_usercopy+0x1a/0x20
[  325.602672][T17794]  _copy_to_user+0x20/0xa0
[  325.602710][T17794]  copy_siginfo_to_user+0x22/0xb0
[  325.602743][T17794]  x64_setup_rt_frame+0x2b5/0x580
[  325.602808][T17794]  arch_do_signal_or_restart+0x27c/0x480
[  325.602842][T17794]  exit_to_user_mode_loop+0x7a/0x100
[  325.602875][T17794]  do_syscall_64+0x1d6/0x200
[  325.602909][T17794]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  325.602997][T17794]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  325.603102][T17794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.603133][T17794] RIP: 0033:0x7f08744ceb67
[  325.603157][T17794] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  325.603217][T17794] RSP: 002b:00007f0872b37038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[  325.603314][T17794] RAX: 00000000000000f0 RBX: 00007f08746f5fa0 RCX: 00007f08744ceb69
[  325.603333][T17794] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000b40
[  325.603351][T17794] RBP: 00007f0872b37090 R08: 0000000000000000 R09: 0000000000000000
[  325.603368][T17794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  325.603461][T17794] R13: 0000000000000000 R14: 00007f08746f5fa0 R15: 00007fffbd7e63a8
[  325.603514][T17794]  </TASK>
[  325.816109][   T29] audit: type=1326 audit(1755860321.392:5801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17785 comm="syz.0.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  325.839711][   T29] audit: type=1326 audit(1755860321.392:5802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17785 comm="syz.0.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  326.118581][T17818] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  326.334834][T17823] netlink: 'syz.5.4269': attribute type 1 has an invalid length.
[  326.374250][T17823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  326.413486][T17823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  327.280713][T17851] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17851 comm=syz.4.4280
[  327.341582][T17851] netlink: 'syz.4.4280': attribute type 1 has an invalid length.
[  327.374186][T17859] block device autoloading is deprecated and will be removed.
[  327.403530][T17861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  327.426610][T17851] bond1: (slave bridge1): making interface the new active one
[  327.444618][T17861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  327.467285][T17851] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  327.626883][T17876] __nla_validate_parse: 6 callbacks suppressed
[  327.626913][T17876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4288'.
[  327.696544][T17876] team8: entered promiscuous mode
[  327.701739][T17876] team8: entered allmulticast mode
[  327.727743][T17867] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4285'.
[  327.781066][T17881] syzkaller1: entered promiscuous mode
[  327.786641][T17881] syzkaller1: entered allmulticast mode
[  327.819702][T17881] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  327.830438][T17892] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4293'.
[  327.839853][T17892] netlink: 212 bytes leftover after parsing attributes in process `syz.3.4293'.
[  327.906658][T17894] syzkaller1: entered promiscuous mode
[  327.912711][T17894] syzkaller1: entered allmulticast mode
[  327.937144][T17901] can0: slcan on ttyS3.
[  327.939652][T17894] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  327.988060][T17901] can0 (unregistered): slcan off ttyS3.
[  327.997256][T17903] can0: slcan on ttyS3.
[  328.052532][T17910] block device autoloading is deprecated and will be removed.
[  328.076977][T17910] syz.4.4303: attempt to access beyond end of device
[  328.076977][T17910] loop9: rw=0, sector=0, nr_sectors = 1 limit=0
[  328.079624][T17914] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4305'.
[  328.090559][T17910] FAT-fs (loop9): unable to read boot sector
[  328.118620][T17912] syzkaller1: entered promiscuous mode
[  328.124313][T17912] syzkaller1: entered allmulticast mode
[  328.134025][T17914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  328.134214][T17912] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  328.153319][T17914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  328.230253][T17922] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4308'.
[  328.239457][T17922] netlink: 212 bytes leftover after parsing attributes in process `syz.4.4308'.
[  328.249431][T17924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4309'.
[  328.262861][T17925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4309'.
[  328.298273][T17902] can0 (unregistered): slcan off ttyS3.
[  328.306317][T17930] FAULT_INJECTION: forcing a failure.
[  328.306317][T17930] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  328.319913][T17930] CPU: 0 UID: 0 PID: 17930 Comm: syz.4.4311 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  328.319957][T17930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  328.319975][T17930] Call Trace:
[  328.319983][T17930]  <TASK>
[  328.320068][T17930]  __dump_stack+0x1d/0x30
[  328.320098][T17930]  dump_stack_lvl+0xe8/0x140
[  328.320126][T17930]  dump_stack+0x15/0x1b
[  328.320228][T17930]  should_fail_ex+0x265/0x280
[  328.320273][T17930]  should_fail+0xb/0x20
[  328.320334][T17930]  should_fail_usercopy+0x1a/0x20
[  328.320361][T17930]  _copy_from_user+0x1c/0xb0
[  328.320395][T17930]  __sys_bpf+0x178/0x7b0
[  328.320453][T17930]  __x64_sys_bpf+0x41/0x50
[  328.320486][T17930]  x64_sys_call+0x2aea/0x2ff0
[  328.320515][T17930]  do_syscall_64+0xd2/0x200
[  328.320546][T17930]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  328.320596][T17930]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  328.320625][T17930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.320726][T17930] RIP: 0033:0x7fc90b22eb69
[  328.320744][T17930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  328.320828][T17930] RSP: 002b:00007fc909897038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  328.320855][T17930] RAX: ffffffffffffffda RBX: 00007fc90b455fa0 RCX: 00007fc90b22eb69
[  328.320871][T17930] RDX: 0000000000000050 RSI: 0000200000000580 RDI: 0300000000000000
[  328.320888][T17930] RBP: 00007fc909897090 R08: 0000000000000000 R09: 0000000000000000
[  328.320906][T17930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.320922][T17930] R13: 0000000000000000 R14: 00007fc90b455fa0 R15: 00007fffcb34d978
[  328.320948][T17930]  </TASK>
[  328.519267][T17936] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4314'.
[  328.577489][T17946] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  328.619944][T17946] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  328.670983][T17946] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  328.732757][T17946] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  328.802591][T11813] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  328.851210][T11813] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  328.865374][T11813] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  328.881786][T11813] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  328.937265][T17978] block device autoloading is deprecated and will be removed.
[  328.946248][T17978] syz.5.4330: attempt to access beyond end of device
[  328.946248][T17978] loop11: rw=0, sector=0, nr_sectors = 1 limit=0
[  328.962528][T17978] FAT-fs (loop11): unable to read boot sector
[  329.097905][T18002] FAULT_INJECTION: forcing a failure.
[  329.097905][T18002] name failslab, interval 1, probability 0, space 0, times 0
[  329.110854][T18002] CPU: 0 UID: 0 PID: 18002 Comm: syz.5.4339 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  329.110894][T18002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  329.110947][T18002] Call Trace:
[  329.110956][T18002]  <TASK>
[  329.110966][T18002]  __dump_stack+0x1d/0x30
[  329.110994][T18002]  dump_stack_lvl+0xe8/0x140
[  329.111019][T18002]  dump_stack+0x15/0x1b
[  329.111091][T18002]  should_fail_ex+0x265/0x280
[  329.111126][T18002]  should_failslab+0x8c/0xb0
[  329.111152][T18002]  __kmalloc_noprof+0xa5/0x3e0
[  329.111235][T18002]  ? genl_family_rcv_msg_attrs_parse+0x75/0x190
[  329.111303][T18002]  genl_family_rcv_msg_attrs_parse+0x75/0x190
[  329.111333][T18002]  genl_start+0xe0/0x390
[  329.111358][T18002]  __netlink_dump_start+0x331/0x520
[  329.111406][T18002]  genl_family_rcv_msg_dumpit+0x115/0x180
[  329.111519][T18002]  ? __pfx_genl_start+0x10/0x10
[  329.111541][T18002]  ? __pfx_genl_dumpit+0x10/0x10
[  329.111643][T18002]  ? __pfx_genl_done+0x10/0x10
[  329.111672][T18002]  genl_rcv_msg+0x3f0/0x460
[  329.111799][T18002]  ? __pfx_ethnl_rss_dump_start+0x10/0x10
[  329.111823][T18002]  ? __pfx_ethnl_rss_dumpit+0x10/0x10
[  329.111866][T18002]  netlink_rcv_skb+0x120/0x220
[  329.111928][T18002]  ? __pfx_genl_rcv_msg+0x10/0x10
[  329.111959][T18002]  genl_rcv+0x28/0x40
[  329.111980][T18002]  netlink_unicast+0x5c0/0x690
[  329.112014][T18002]  netlink_sendmsg+0x58b/0x6b0
[  329.112112][T18002]  ? __pfx_netlink_sendmsg+0x10/0x10
[  329.112166][T18002]  __sock_sendmsg+0x145/0x180
[  329.112192][T18002]  ____sys_sendmsg+0x31e/0x4e0
[  329.112253][T18002]  ___sys_sendmsg+0x17b/0x1d0
[  329.112311][T18002]  __x64_sys_sendmsg+0xd4/0x160
[  329.112352][T18002]  x64_sys_call+0x191e/0x2ff0
[  329.112443][T18002]  do_syscall_64+0xd2/0x200
[  329.112468][T18002]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  329.112494][T18002]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  329.112516][T18002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.112557][T18002] RIP: 0033:0x7fb19b9feb69
[  329.112574][T18002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  329.112594][T18002] RSP: 002b:00007fb19a067038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  329.112615][T18002] RAX: ffffffffffffffda RBX: 00007fb19bc25fa0 RCX: 00007fb19b9feb69
[  329.112628][T18002] RDX: 0000000020040840 RSI: 00002000000002c0 RDI: 0000000000000007
[  329.112642][T18002] RBP: 00007fb19a067090 R08: 0000000000000000 R09: 0000000000000000
[  329.112735][T18002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.112748][T18002] R13: 0000000000000000 R14: 00007fb19bc25fa0 R15: 00007ffd6f4c4048
[  329.112769][T18002]  </TASK>
[  329.171055][T18007] block device autoloading is deprecated and will be removed.
[  329.537211][T18032] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.601566][T18032] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.637899][T18040] vhci_hcd: default hub control req: 0310 v0006 i0003 l0
[  329.663599][T18032] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.705627][T18042] loop1: detected capacity change from 0 to 1024
[  329.725508][T18042] EXT4-fs: Ignoring removed orlov option
[  329.740754][T18032] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.765479][T18042] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  329.817334][T11778] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  329.956803][T18047] syzkaller1: entered promiscuous mode
[  329.962586][T18047] syzkaller1: entered allmulticast mode
[  329.973355][T11778] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  329.981872][T18047] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  330.019949][T11778] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  330.043173][T11778] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  330.430316][T12731] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  330.505055][   T29] kauditd_printk_skb: 141 callbacks suppressed
[  330.505073][   T29] audit: type=1326 audit(1755860326.459:5944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18069 comm="syz.1.4358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  330.566345][   T29] audit: type=1326 audit(1755860326.489:5945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18069 comm="syz.1.4358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  330.590000][   T29] audit: type=1326 audit(1755860326.489:5946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18069 comm="syz.1.4358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  330.613537][   T29] audit: type=1326 audit(1755860326.489:5947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18069 comm="syz.1.4358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  330.645573][T18072] loop1: detected capacity change from 0 to 512
[  330.654801][T18072] EXT4-fs: dax option not supported
[  331.041562][T18089] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=18089 comm=syz.3.4363
[  331.054839][T18089] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=18089 comm=syz.3.4363
[  331.301082][   T29] audit: type=1400 audit(1755860327.259:5948): avc:  denied  { ioctl } for  pid=18098 comm="syz.5.4368" path="/dev/cpu/1/msr" dev="devtmpfs" ino=87 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  331.346343][T18099] 8021q: VLANs not supported on ip_vti0
[  331.378159][   T29] audit: type=1326 audit(1755860327.329:5949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18101 comm="syz.5.4369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19b9feb69 code=0x7ffc0000
[  331.423661][   T29] audit: type=1326 audit(1755860327.359:5950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18101 comm="syz.5.4369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fb19b9feb69 code=0x7ffc0000
[  331.447940][   T29] audit: type=1326 audit(1755860327.359:5951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18101 comm="syz.5.4369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19b9feb69 code=0x7ffc0000
[  331.471594][   T29] audit: type=1326 audit(1755860327.359:5952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18101 comm="syz.5.4369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19b9feb69 code=0x7ffc0000
[  331.519010][T18107] team4: entered promiscuous mode
[  331.524247][T18107] team4: entered allmulticast mode
[  331.668488][T18116] can0: slcan on ttyS3.
[  331.692296][T18117] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=18117 comm=syz.1.4372
[  331.701485][T18116] can0 (unregistered): slcan off ttyS3.
[  331.705423][T18117] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=18117 comm=syz.1.4372
[  331.730629][T18116] can0: slcan on ttyS3.
[  331.789676][T18115] can0 (unregistered): slcan off ttyS3.
[  331.817884][T18119] can0: slcan on ttyS3.
[  331.855599][   T29] audit: type=1326 audit(1755860327.809:5953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18122 comm="syz.5.4377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb19b9feb69 code=0x7ffc0000
[  331.919945][T18119] can0 (unregistered): slcan off ttyS3.
[  331.932920][T18124] can0: slcan on ttyS3.
[  331.990042][T18118] can0 (unregistered): slcan off ttyS3.
[  332.115556][T18131] loop1: detected capacity change from 0 to 2048
[  332.224540][T18131] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  332.264913][T12731] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.303148][T18139] FAULT_INJECTION: forcing a failure.
[  332.303148][T18139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  332.316457][T18139] CPU: 0 UID: 0 PID: 18139 Comm: syz.3.4381 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  332.316492][T18139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  332.316509][T18139] Call Trace:
[  332.316518][T18139]  <TASK>
[  332.316529][T18139]  __dump_stack+0x1d/0x30
[  332.316630][T18139]  dump_stack_lvl+0xe8/0x140
[  332.316650][T18139]  dump_stack+0x15/0x1b
[  332.316670][T18139]  should_fail_ex+0x265/0x280
[  332.316713][T18139]  should_fail+0xb/0x20
[  332.316817][T18139]  should_fail_usercopy+0x1a/0x20
[  332.316837][T18139]  strncpy_from_user+0x25/0x230
[  332.316879][T18139]  ? kmem_cache_alloc_noprof+0x186/0x310
[  332.316911][T18139]  ? getname_flags+0x80/0x3b0
[  332.316998][T18139]  getname_flags+0xae/0x3b0
[  332.317040][T18139]  getname_uflags+0x21/0x30
[  332.317067][T18139]  __x64_sys_execveat+0x5d/0x90
[  332.317115][T18139]  x64_sys_call+0x1fec/0x2ff0
[  332.317144][T18139]  do_syscall_64+0xd2/0x200
[  332.317213][T18139]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  332.317245][T18139]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  332.317270][T18139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.317331][T18139] RIP: 0033:0x7f66d8f2eb69
[  332.317358][T18139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  332.317381][T18139] RSP: 002b:00007f66d756e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  332.317400][T18139] RAX: ffffffffffffffda RBX: 00007f66d9156080 RCX: 00007f66d8f2eb69
[  332.317417][T18139] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  332.317481][T18139] RBP: 00007f66d756e090 R08: 0000000000001000 R09: 0000000000000000
[  332.317493][T18139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  332.317506][T18139] R13: 0000000000000000 R14: 00007f66d9156080 R15: 00007ffe81821958
[  332.317525][T18139]  </TASK>
[  332.522698][T18145] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.533806][T18145] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.748812][T18149] __nla_validate_parse: 26 callbacks suppressed
[  332.748832][T18149] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4385'.
[  332.873527][T18151] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=18151 comm=syz.0.4385
[  332.886410][T18151] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=18151 comm=syz.0.4385
[  332.959275][T18155] netlink: 'syz.0.4387': attribute type 22 has an invalid length.
[  332.967199][T18155] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4387'.
[  333.026879][T18155] bridge_slave_0: left allmulticast mode
[  333.032822][T18155] bridge_slave_0: left promiscuous mode
[  333.038699][T18155] bridge0: port 1(bridge_slave_0) entered disabled state
[  333.051635][T18155] bridge_slave_1: left allmulticast mode
[  333.057375][T18155] bridge_slave_1: left promiscuous mode
[  333.063248][T18155] bridge0: port 2(bridge_slave_1) entered disabled state
[  333.073680][T18162] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4389'.
[  333.082912][T18155] bond0: (slave bond_slave_0): Releasing backup interface
[  333.093314][T18155] bond0: (slave bond_slave_1): Releasing backup interface
[  333.105956][T18155] team0: Port device team_slave_0 removed
[  333.115382][T18155] team0: Port device team_slave_1 removed
[  333.128381][T18164] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4389'.
[  333.130989][T18155] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  333.145129][T18155] batman_adv: batadv0: Removing interface: batadv_slave_0
[  333.155984][T18155] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  333.163441][T18155] batman_adv: batadv0: Removing interface: batadv_slave_1
[  333.230810][T18170] FAULT_INJECTION: forcing a failure.
[  333.230810][T18170] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  333.243980][T18170] CPU: 1 UID: 0 PID: 18170 Comm: syz.3.4391 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  333.244124][T18170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  333.244139][T18170] Call Trace:
[  333.244186][T18170]  <TASK>
[  333.244195][T18170]  __dump_stack+0x1d/0x30
[  333.244257][T18170]  dump_stack_lvl+0xe8/0x140
[  333.244278][T18170]  dump_stack+0x15/0x1b
[  333.244294][T18170]  should_fail_ex+0x265/0x280
[  333.244370][T18170]  should_fail+0xb/0x20
[  333.244398][T18170]  should_fail_usercopy+0x1a/0x20
[  333.244418][T18170]  _copy_from_iter+0xcf/0xe40
[  333.244512][T18170]  ? alloc_pages_mpol+0x201/0x250
[  333.244547][T18170]  copy_page_from_iter+0x178/0x2a0
[  333.244570][T18170]  tun_get_user+0x679/0x2680
[  333.244667][T18170]  ? ref_tracker_alloc+0x1f2/0x2f0
[  333.244794][T18170]  tun_chr_write_iter+0x15e/0x210
[  333.244894][T18170]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  333.244928][T18170]  vfs_write+0x4a0/0x8e0
[  333.245047][T18170]  ksys_write+0xda/0x1a0
[  333.245082][T18170]  __x64_sys_write+0x40/0x50
[  333.245120][T18170]  x64_sys_call+0x27fe/0x2ff0
[  333.245146][T18170]  do_syscall_64+0xd2/0x200
[  333.245191][T18170]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  333.245221][T18170]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  333.245250][T18170]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.245280][T18170] RIP: 0033:0x7f66d8f2d61f
[  333.245336][T18170] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  333.245360][T18170] RSP: 002b:00007f66d758f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  333.245385][T18170] RAX: ffffffffffffffda RBX: 00007f66d9155fa0 RCX: 00007f66d8f2d61f
[  333.245400][T18170] RDX: 000000000000003e RSI: 00002000000000c0 RDI: 00000000000000c8
[  333.245492][T18170] RBP: 00007f66d758f090 R08: 0000000000000000 R09: 0000000000000000
[  333.245508][T18170] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001
[  333.245524][T18170] R13: 0000000000000000 R14: 00007f66d9155fa0 R15: 00007ffe81821958
[  333.245549][T18170]  </TASK>
[  333.477523][T18172] netlink: 'syz.0.4392': attribute type 4 has an invalid length.
[  333.513372][T18165] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  333.592683][T18178] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4395'.
[  333.601870][T18178] netlink: 212 bytes leftover after parsing attributes in process `syz.0.4395'.
[  333.626322][T18182] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4396'.
[  333.654887][  T428] I/O error, dev loop1, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0
[  333.767468][T18193] all: renamed from lo (while UP)
[  333.835132][T18199] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=18199 comm=syz.3.4396
[  333.848026][T18199] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=18199 comm=syz.3.4396
[  333.917007][T18179] chnl_net:caif_netlink_parms(): no params data found
[  333.943008][T18204] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4400'.
[  333.967577][T18204] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  333.982836][T18204] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  334.077775][T18179] bridge0: port 1(bridge_slave_0) entered blocking state
[  334.085176][T18179] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.101153][T18179] bridge_slave_0: entered allmulticast mode
[  334.113335][T18179] bridge_slave_0: entered promiscuous mode
[  334.131921][T11810] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  334.142546][T11810] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.159748][T18216] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4402'.
[  334.178800][T18212] bond_slave_1: entered promiscuous mode
[  334.184971][T18179] bridge0: port 2(bridge_slave_1) entered blocking state
[  334.192233][T18179] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.200061][T18179] bridge_slave_1: entered allmulticast mode
[  334.209587][T18179] bridge_slave_1: entered promiscuous mode
[  334.230483][T18216] bond0: (slave bond_slave_1): Releasing backup interface
[  334.239455][T18216] bond_slave_1 (unregistering): left promiscuous mode
[  334.262423][T11810] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  334.272307][T11810] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.287263][T18179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  334.298489][T18179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  334.321238][T18179] team0: Port device team_slave_0 added
[  334.328298][T18179] team0: Port device team_slave_1 added
[  334.336192][T11810] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  334.346243][T11810] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.376335][T18179] batman_adv: batadv0: Adding interface: batadv_slave_0
[  334.383766][T18179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.410253][T18179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  334.423989][T18179] batman_adv: batadv0: Adding interface: batadv_slave_1
[  334.431331][T18179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.457415][T18179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  334.490931][T11810] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  334.501028][T11810] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  334.526845][T18179] hsr_slave_0: entered promiscuous mode
[  334.533510][T18179] hsr_slave_1: entered promiscuous mode
[  334.539781][T18179] debugfs: 'hsr0' already exists in 'hsr'
[  334.546153][T18179] Cannot create hsr debugfs directory
[  334.590226][T18232] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4410'.
[  334.644626][T18232] team6: entered promiscuous mode
[  334.650249][T18232] team6: entered allmulticast mode
[  334.698621][T18238] can0: slcan on ttyS3.
[  334.729144][T18234] syzkaller1: entered promiscuous mode
[  334.734994][T18234] syzkaller1: entered allmulticast mode
[  334.761379][T18238] can0 (unregistered): slcan off ttyS3.
[  334.869514][T18251] block device autoloading is deprecated and will be removed.
[  334.896940][T18253] syz.0.4418: attempt to access beyond end of device
[  334.896940][T18253] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  334.911282][T18253] FAT-fs (loop1): unable to read boot sector
[  334.973701][T11810] bond0 (unregistering): Released all slaves
[  334.983014][T11810] bond1 (unregistering): Released all slaves
[  334.994261][T18234] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  335.003641][T18243] can0: slcan on ttyS3.
[  335.029557][T11810] tipc: Disabling bearer <udp:syz2>
[  335.035103][T11810] tipc: Left network mode
[  335.042839][T11810] hsr_slave_0: left promiscuous mode
[  335.049023][T11810] hsr_slave_1: left promiscuous mode
[  335.058838][T11810] veth1_macvtap: left promiscuous mode
[  335.064866][T11810] veth0_macvtap: left promiscuous mode
[  335.070495][T11810] veth1_vlan: left promiscuous mode
[  335.087040][T11810] veth0_vlan: left promiscuous mode
[  335.101213][T18266] FAULT_INJECTION: forcing a failure.
[  335.101213][T18266] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  335.114795][T18266] CPU: 1 UID: 0 PID: 18266 Comm: syz.1.4422 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  335.114830][T18266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  335.114850][T18266] Call Trace:
[  335.114856][T18266]  <TASK>
[  335.114864][T18266]  __dump_stack+0x1d/0x30
[  335.114929][T18266]  dump_stack_lvl+0xe8/0x140
[  335.114968][T18266]  dump_stack+0x15/0x1b
[  335.115041][T18266]  should_fail_ex+0x265/0x280
[  335.115080][T18266]  should_fail+0xb/0x20
[  335.115123][T18266]  should_fail_usercopy+0x1a/0x20
[  335.115154][T18266]  _copy_from_user+0x1c/0xb0
[  335.115319][T18266]  ___sys_sendmsg+0xc1/0x1d0
[  335.115375][T18266]  __x64_sys_sendmsg+0xd4/0x160
[  335.115493][T18266]  x64_sys_call+0x191e/0x2ff0
[  335.115515][T18266]  do_syscall_64+0xd2/0x200
[  335.115538][T18266]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  335.115642][T18266]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  335.115677][T18266]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.115705][T18266] RIP: 0033:0x7f08744ceb69
[  335.115721][T18266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.115745][T18266] RSP: 002b:00007f0872b37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  335.115770][T18266] RAX: ffffffffffffffda RBX: 00007f08746f5fa0 RCX: 00007f08744ceb69
[  335.115787][T18266] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  335.115878][T18266] RBP: 00007f0872b37090 R08: 0000000000000000 R09: 0000000000000000
[  335.115895][T18266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  335.115910][T18266] R13: 0000000000000000 R14: 00007f08746f5fa0 R15: 00007fffbd7e63a8
[  335.115928][T18266]  </TASK>
[  335.304941][T18237] can0 (unregistered): slcan off ttyS3.
[  335.322385][T11810] pim6reg (unregistering): left allmulticast mode
[  335.340544][T18271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  335.351795][T18271] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  335.510933][T18285] netlink: 'syz.1.4428': attribute type 22 has an invalid length.
[  335.532054][T18285] loop1: detected capacity change from 0 to 512
[  335.541122][T18285] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  335.554407][   T29] kauditd_printk_skb: 109 callbacks suppressed
[  335.554447][   T29] audit: type=1400 audit(1755860331.507:6063): avc:  denied  { mounton } for  pid=18286 comm="syz.0.4429" path="/235/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[  335.567791][T18285] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  335.596275][T18285] ext4 filesystem being mounted at /332/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  335.618032][   T29] audit: type=1400 audit(1755860331.567:6064): avc:  denied  { read append } for  pid=18284 comm="syz.1.4428" path="/332/file0/memory.numa_stat" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  335.684035][T18285] team0: left allmulticast mode
[  335.689184][T18285] team_slave_0: left allmulticast mode
[  335.694962][T18285] team_slave_1: left allmulticast mode
[  335.700672][T18285] geneve1: left allmulticast mode
[  335.707197][T18285] team0: left promiscuous mode
[  335.712777][T18285] team_slave_0: left promiscuous mode
[  335.718297][T18285] team_slave_1: left promiscuous mode
[  335.723823][T18285] geneve1: left promiscuous mode
[  335.724317][T18294] EXT4-fs (loop1): shut down requested (0)
[  335.729164][T18285] bridge0: port 3(team0) entered disabled state
[  335.734822][   T29] audit: type=1400 audit(1755860331.677:6065): avc:  denied  { ioctl } for  pid=18284 comm="syz.1.4428" path="/332/file0/memory.numa_stat" dev="loop1" ino=18 ioctlcmd=0x587d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  335.775674][T18285] bridge_slave_0: left allmulticast mode
[  335.781843][T18285] bridge_slave_0: left promiscuous mode
[  335.788607][T18285] bridge0: port 1(bridge_slave_0) entered disabled state
[  335.798009][T18285] bridge_slave_1: left allmulticast mode
[  335.803812][T18285] bridge_slave_1: left promiscuous mode
[  335.810009][T18285] bridge0: port 2(bridge_slave_1) entered disabled state
[  335.835212][T18285] bond0: (slave bond_slave_0): Releasing backup interface
[  335.856708][T18285] team0: Port device team_slave_0 removed
[  335.868376][T18285] team0: Port device team_slave_1 removed
[  335.876032][T18285] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  335.883614][T18285] batman_adv: batadv0: Removing interface: batadv_slave_0
[  335.892322][T18285] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  335.899735][T18285] batman_adv: batadv0: Removing interface: batadv_slave_1
[  335.932992][T18285] team0: Port device geneve1 removed
[  335.991457][T18179] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  336.001827][T18179] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  336.011097][T18179] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  336.020733][T18179] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  336.040364][T12731] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.064251][T18306] FAULT_INJECTION: forcing a failure.
[  336.064251][T18306] name failslab, interval 1, probability 0, space 0, times 0
[  336.078735][T18306] CPU: 0 UID: 0 PID: 18306 Comm: syz.4.4433 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  336.078835][T18306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  336.078853][T18306] Call Trace:
[  336.078861][T18306]  <TASK>
[  336.078871][T18306]  __dump_stack+0x1d/0x30
[  336.078907][T18306]  dump_stack_lvl+0xe8/0x140
[  336.078927][T18306]  dump_stack+0x15/0x1b
[  336.079021][T18306]  should_fail_ex+0x265/0x280
[  336.079089][T18306]  should_failslab+0x8c/0xb0
[  336.079217][T18306]  kmem_cache_alloc_node_noprof+0x57/0x320
[  336.079259][T18306]  ? __alloc_skb+0x101/0x320
[  336.079299][T18306]  __alloc_skb+0x101/0x320
[  336.079404][T18306]  netlink_ack+0xfd/0x500
[  336.079446][T18306]  ? __pfx_tipc_nl_media_set+0x10/0x10
[  336.079475][T18306]  netlink_rcv_skb+0x192/0x220
[  336.079516][T18306]  ? __pfx_genl_rcv_msg+0x10/0x10
[  336.079621][T18306]  genl_rcv+0x28/0x40
[  336.079711][T18306]  netlink_unicast+0x5c0/0x690
[  336.079754][T18306]  netlink_sendmsg+0x58b/0x6b0
[  336.079801][T18306]  ? __pfx_netlink_sendmsg+0x10/0x10
[  336.079913][T18306]  __sock_sendmsg+0x145/0x180
[  336.079945][T18306]  ____sys_sendmsg+0x31e/0x4e0
[  336.080049][T18306]  ___sys_sendmsg+0x17b/0x1d0
[  336.080106][T18306]  __x64_sys_sendmsg+0xd4/0x160
[  336.080156][T18306]  x64_sys_call+0x191e/0x2ff0
[  336.080183][T18306]  do_syscall_64+0xd2/0x200
[  336.080248][T18306]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  336.080273][T18306]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  336.080295][T18306]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.080325][T18306] RIP: 0033:0x7fc90b22eb69
[  336.080346][T18306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  336.080371][T18306] RSP: 002b:00007fc909897038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  336.080395][T18306] RAX: ffffffffffffffda RBX: 00007fc90b455fa0 RCX: 00007fc90b22eb69
[  336.080412][T18306] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000005
[  336.080429][T18306] RBP: 00007fc909897090 R08: 0000000000000000 R09: 0000000000000000
[  336.080444][T18306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  336.080511][T18306] R13: 0000000000000000 R14: 00007fc90b455fa0 R15: 00007fffcb34d978
[  336.080533][T18306]  </TASK>
[  336.322560][   T47] I/O error, dev loop1, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0
[  336.327332][T18179] 8021q: adding VLAN 0 to HW filter on device bond0
[  336.359415][T18179] 8021q: adding VLAN 0 to HW filter on device team0
[  336.378147][T11813] bridge0: port 1(bridge_slave_0) entered blocking state
[  336.385457][T11813] bridge0: port 1(bridge_slave_0) entered forwarding state
[  336.408768][T11813] bridge0: port 2(bridge_slave_1) entered blocking state
[  336.416010][T11813] bridge0: port 2(bridge_slave_1) entered forwarding state
[  336.432383][T18312] team9: entered promiscuous mode
[  336.437483][T18312] team9: entered allmulticast mode
[  336.484163][T18321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  336.523020][T18321] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  336.568979][T18179] 8021q: adding VLAN 0 to HW filter on device batadv0
[  336.616622][   T29] audit: type=1326 audit(1755860332.566:6066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18331 comm="syz.1.4442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  336.640250][   T29] audit: type=1326 audit(1755860332.566:6067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18331 comm="syz.1.4442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  336.663829][   T29] audit: type=1326 audit(1755860332.566:6068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18331 comm="syz.1.4442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  336.687341][   T29] audit: type=1326 audit(1755860332.566:6069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18331 comm="syz.1.4442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  336.711015][   T29] audit: type=1326 audit(1755860332.566:6070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18331 comm="syz.1.4442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  336.734563][   T29] audit: type=1326 audit(1755860332.566:6071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18331 comm="syz.1.4442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  336.758146][   T29] audit: type=1326 audit(1755860332.566:6072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18331 comm="syz.1.4442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  336.852084][T18349] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=18349 comm=syz.4.4446
[  337.005323][T18179] veth0_vlan: entered promiscuous mode
[  337.014892][T18179] veth1_vlan: entered promiscuous mode
[  337.028617][T18372] loop1: detected capacity change from 0 to 2048
[  337.038183][T18179] veth0_macvtap: entered promiscuous mode
[  337.050869][T18179] veth1_macvtap: entered promiscuous mode
[  337.052373][T18372] EXT4-fs (loop1): failed to initialize system zone (-117)
[  337.063307][T18179] batman_adv: batadv0: Interface activated: batadv_slave_0
[  337.077754][T18179] batman_adv: batadv0: Interface activated: batadv_slave_1
[  337.084346][T18372] EXT4-fs (loop1): mount failed
[  337.094175][T11778] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  337.104039][T11778] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  337.121909][T11813] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  337.134157][T11813] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  337.180778][T18383] can0: slcan on ttyS3.
[  337.203039][T18383] can0 (unregistered): slcan off ttyS3.
[  337.215685][T18383] can0: slcan on ttyS3.
[  337.244140][T18395] block device autoloading is deprecated and will be removed.
[  337.312564][T18382] can0 (unregistered): slcan off ttyS3.
[  337.363525][T18408] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18408 comm=syz.5.4462
[  337.410917][T18417] vxcan0: tx drop: invalid da for name 0x0000000000000002
[  337.416767][T18419] FAULT_INJECTION: forcing a failure.
[  337.416767][T18419] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  337.433530][T18419] CPU: 0 UID: 0 PID: 18419 Comm: syz.3.4466 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  337.433636][T18419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  337.433651][T18419] Call Trace:
[  337.433661][T18419]  <TASK>
[  337.433726][T18419]  __dump_stack+0x1d/0x30
[  337.433755][T18419]  dump_stack_lvl+0xe8/0x140
[  337.433777][T18419]  dump_stack+0x15/0x1b
[  337.433795][T18419]  should_fail_ex+0x265/0x280
[  337.433870][T18419]  should_fail_alloc_page+0xf2/0x100
[  337.433900][T18419]  __alloc_frozen_pages_noprof+0xff/0x360
[  337.434089][T18419]  alloc_pages_mpol+0xb3/0x250
[  337.434127][T18419]  folio_alloc_mpol_noprof+0x39/0x80
[  337.434227][T18419]  shmem_get_folio_gfp+0x3cf/0xd60
[  337.434264][T18419]  ? simple_xattr_get+0xb9/0x120
[  337.434315][T18419]  shmem_write_begin+0xa8/0x190
[  337.434338][T18419]  generic_perform_write+0x181/0x490
[  337.434370][T18419]  shmem_file_write_iter+0xc5/0xf0
[  337.434472][T18419]  iter_file_splice_write+0x5f2/0x970
[  337.434548][T18419]  ? __pfx_iter_file_splice_write+0x10/0x10
[  337.434570][T18419]  direct_splice_actor+0x153/0x2a0
[  337.434601][T18419]  splice_direct_to_actor+0x30f/0x680
[  337.434623][T18419]  ? __pfx_direct_splice_actor+0x10/0x10
[  337.434673][T18419]  do_splice_direct+0xda/0x150
[  337.434693][T18419]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  337.434775][T18419]  do_sendfile+0x380/0x650
[  337.434812][T18419]  __x64_sys_sendfile64+0x105/0x150
[  337.434926][T18419]  x64_sys_call+0x2bb0/0x2ff0
[  337.434950][T18419]  do_syscall_64+0xd2/0x200
[  337.435007][T18419]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  337.435033][T18419]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  337.435057][T18419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.435109][T18419] RIP: 0033:0x7f66d8f2eb69
[  337.435192][T18419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  337.435213][T18419] RSP: 002b:00007f66d758f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  337.435234][T18419] RAX: ffffffffffffffda RBX: 00007f66d9155fa0 RCX: 00007f66d8f2eb69
[  337.435248][T18419] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[  337.435261][T18419] RBP: 00007f66d758f090 R08: 0000000000000000 R09: 0000000000000000
[  337.435275][T18419] R10: 000000000000d344 R11: 0000000000000246 R12: 0000000000000001
[  337.435289][T18419] R13: 0000000000000000 R14: 00007f66d9155fa0 R15: 00007ffe81821958
[  337.435383][T18419]  </TASK>
[  337.756139][T18426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  337.768221][T18426] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  337.871064][T18439] can0: slcan on ttyS3.
[  337.912985][T18439] can0 (unregistered): slcan off ttyS3.
[  337.926192][T18439] can0: slcan on ttyS3.
[  337.982886][T18453] __nla_validate_parse: 19 callbacks suppressed
[  337.982982][T18453] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4479'.
[  337.999119][T18437] can0 (unregistered): slcan off ttyS3.
[  338.175391][T18466] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18466 comm=syz.4.4485
[  338.204754][T18467] loop9: detected capacity change from 0 to 7
[  338.212100][T18467] Buffer I/O error on dev loop9, logical block 0, async page read
[  339.122776][T18467] Buffer I/O error on dev loop9, logical block 0, async page read
[  339.131000][T18467]  loop9: unable to read partition table
[  339.213896][T18479] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4484'.
[  339.267256][T18467] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  339.267256][T18467] 
) failed (rc=-5)
[  339.312950][T18484] FAULT_INJECTION: forcing a failure.
[  339.312950][T18484] name failslab, interval 1, probability 0, space 0, times 0
[  339.325780][T18484] CPU: 0 UID: 0 PID: 18484 Comm:  Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  339.325817][T18484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  339.325830][T18484] Call Trace:
[  339.325837][T18484]  <TASK>
[  339.325863][T18484]  __dump_stack+0x1d/0x30
[  339.325885][T18484]  dump_stack_lvl+0xe8/0x140
[  339.325910][T18484]  dump_stack+0x15/0x1b
[  339.325932][T18484]  should_fail_ex+0x265/0x280
[  339.325974][T18484]  should_failslab+0x8c/0xb0
[  339.326006][T18484]  kmem_cache_alloc_node_noprof+0x57/0x320
[  339.326109][T18484]  ? perf_event_alloc+0x14c/0x1740
[  339.326172][T18484]  perf_event_alloc+0x14c/0x1740
[  339.326214][T18484]  __se_sys_perf_event_open+0x615/0x11c0
[  339.326246][T18484]  ? __rcu_read_unlock+0x4f/0x70
[  339.326276][T18484]  __x64_sys_perf_event_open+0x67/0x80
[  339.326359][T18484]  x64_sys_call+0x7bd/0x2ff0
[  339.326380][T18484]  do_syscall_64+0xd2/0x200
[  339.326404][T18484]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  339.326436][T18484]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  339.326504][T18484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.326610][T18484] RIP: 0033:0x7fc90b22eb69
[  339.326630][T18484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.326648][T18484] RSP: 002b:00007fc909897038 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[  339.326670][T18484] RAX: ffffffffffffffda RBX: 00007fc90b455fa0 RCX: 00007fc90b22eb69
[  339.326725][T18484] RDX: fffffdffffffffff RSI: 0000000000000000 RDI: 0000200000000500
[  339.326747][T18484] RBP: 00007fc909897090 R08: 0000000000000000 R09: 0000000000000000
[  339.326759][T18484] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001
[  339.326773][T18484] R13: 0000000000000000 R14: 00007fc90b455fa0 R15: 00007fffcb34d978
[  339.326797][T18484]  </TASK>
[  339.517185][T18485] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4489'.
[  339.580954][T18485] netlink: 'syz.1.4489': attribute type 13 has an invalid length.
[  339.589155][T18485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4489'.
[  339.653527][T18490] can0: slcan on ttyS3.
[  339.703050][T18492] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4490'.
[  339.723878][T18490] can0 (unregistered): slcan off ttyS3.
[  339.737064][T18494] can0: slcan on ttyS3.
[  339.802522][T18500] netlink: 14 bytes leftover after parsing attributes in process `syz.4.4496'.
[  339.825417][T18489] can0 (unregistered): slcan off ttyS3.
[  339.880344][T18500] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  339.888581][T18500] batman_adv: batadv0: Removing interface: batadv_slave_0
[  339.911332][T18500] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  339.920407][T18500] batman_adv: batadv0: Removing interface: batadv_slave_1
[  340.146658][T18514] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4501'.
[  340.160699][T18514] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  340.170723][T18514] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  340.221536][T18518] loop1: detected capacity change from 0 to 512
[  340.239332][T18518] EXT4-fs (loop1): external journal device major/minor numbers have changed
[  340.253198][T18521] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4504'.
[  340.253578][T18518] EXT4-fs (loop1): failed to open journal device unknown-block(8,3) -6
[  340.262593][T18521] netlink: 212 bytes leftover after parsing attributes in process `syz.5.4504'.
[  343.454900][T18531] netlink: 'syz.0.4507': attribute type 83 has an invalid length.
[  344.230463][   T29] kauditd_printk_skb: 139 callbacks suppressed
[  344.230495][   T29] audit: type=1326 audit(1755860340.172:6212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18530 comm="syz.0.4507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  344.261140][   T29] audit: type=1326 audit(1755860340.172:6213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18530 comm="syz.0.4507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  344.284935][   T29] audit: type=1326 audit(1755860340.172:6214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18530 comm="syz.0.4507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f439e25eb69 code=0x7ffc0000
[  344.354790][T18541] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.379912][T18542] sctp: [Deprecated]: syz.0.4511 (pid 18542) Use of struct sctp_assoc_value in delayed_ack socket option.
[  344.379912][T18542] Use struct sctp_sack_info instead
[  344.484826][T18541] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.529792][   T29] audit: type=1400 audit(1755860340.482:6215): avc:  denied  { bind } for  pid=18545 comm="syz.5.4514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  344.550743][   T29] audit: type=1400 audit(1755860340.482:6216): avc:  denied  { listen } for  pid=18545 comm="syz.5.4514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  344.570581][   T29] audit: type=1400 audit(1755860340.482:6217): avc:  denied  { create } for  pid=18545 comm="syz.5.4514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  344.629323][T18541] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.650047][T18568] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4521'.
[  344.660477][   T29] audit: type=1326 audit(1755860340.612:6218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18567 comm="syz.4.4521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc90b22eb69 code=0x7ffc0000
[  344.690632][T18568] geneve2: entered promiscuous mode
[  344.726076][   T29] audit: type=1326 audit(1755860340.632:6219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18567 comm="syz.4.4521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc90b22eb69 code=0x7ffc0000
[  344.750850][   T29] audit: type=1326 audit(1755860340.632:6220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18567 comm="syz.4.4521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc90b22eb69 code=0x7ffc0000
[  344.775031][   T29] audit: type=1326 audit(1755860340.632:6221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18567 comm="syz.4.4521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc90b22eb69 code=0x7ffc0000
[  344.813172][T18569] binfmt_misc: register: failed to install interpreter file ./file2
[  344.822857][T18541] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  344.886305][T11810] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  344.901902][T11810] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  344.929366][T11810] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  344.979140][T11810] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  345.064507][T18584] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4527'.
[  345.102627][T18587] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.4528'.
[  345.155625][T18587] loop3: detected capacity change from 0 to 512
[  345.166080][T18594] IPv4: Oversized IP packet from 127.202.26.0
[  345.181794][T18587] EXT4-fs (loop3): 1 orphan inode deleted
[  345.188487][T18587] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  345.215628][T11810] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:46: Failed to release dquot type 1
[  345.227273][T18587] ext4 filesystem being mounted at /265/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  345.359351][T14466] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.393810][T18605] syzkaller1: entered promiscuous mode
[  345.400059][T18605] syzkaller1: entered allmulticast mode
[  345.411663][T18613] hub 6-0:1.0: USB hub found
[  345.416500][T18613] hub 6-0:1.0: 8 ports detected
[  345.430742][T18623] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4541'.
[  345.462179][T18605] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  345.464573][T18627] block device autoloading is deprecated and will be removed.
[  345.480407][T18631] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4543'.
[  345.488615][T18627] syz.0.4542: attempt to access beyond end of device
[  345.488615][T18627] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  345.505135][T18627] FAT-fs (loop1): unable to read boot sector
[  345.535659][T18631] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4543'.
[  345.554011][T18635] futex_wake_op: syz.3.4546 tries to shift op by -1; fix this program
[  345.659021][T18644] block device autoloading is deprecated and will be removed.
[  345.697469][T18650] capability: warning: `syz.0.4552' uses 32-bit capabilities (legacy support in use)
[  345.714783][T18653] FAULT_INJECTION: forcing a failure.
[  345.714783][T18653] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  345.728329][T18653] CPU: 0 UID: 0 PID: 18653 Comm: syz.4.4553 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  345.728363][T18653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  345.728377][T18653] Call Trace:
[  345.728385][T18653]  <TASK>
[  345.728394][T18653]  __dump_stack+0x1d/0x30
[  345.728522][T18653]  dump_stack_lvl+0xe8/0x140
[  345.728549][T18653]  dump_stack+0x15/0x1b
[  345.728574][T18653]  should_fail_ex+0x265/0x280
[  345.728613][T18653]  should_fail+0xb/0x20
[  345.728714][T18653]  should_fail_usercopy+0x1a/0x20
[  345.728746][T18653]  _copy_from_user+0x1c/0xb0
[  345.728782][T18653]  ___sys_sendmsg+0xc1/0x1d0
[  345.728860][T18653]  __x64_sys_sendmsg+0xd4/0x160
[  345.728916][T18653]  x64_sys_call+0x191e/0x2ff0
[  345.728940][T18653]  do_syscall_64+0xd2/0x200
[  345.728990][T18653]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  345.729022][T18653]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  345.729100][T18653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.729126][T18653] RIP: 0033:0x7fc90b22eb69
[  345.729176][T18653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.729205][T18653] RSP: 002b:00007fc909897038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  345.729233][T18653] RAX: ffffffffffffffda RBX: 00007fc90b455fa0 RCX: 00007fc90b22eb69
[  345.729253][T18653] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000006
[  345.729272][T18653] RBP: 00007fc909897090 R08: 0000000000000000 R09: 0000000000000000
[  345.729290][T18653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  345.729304][T18653] R13: 0000000000000000 R14: 00007fc90b455fa0 R15: 00007fffcb34d978
[  345.729326][T18653]  </TASK>
[  345.950623][T18657] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4554'.
[  345.986590][T18662] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4556'.
[  346.109176][T18666] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=18666 comm=syz.4.4556
[  346.122338][T18666] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=18666 comm=syz.4.4556
[  346.323391][T18672] syzkaller1: entered promiscuous mode
[  346.329104][T18672] syzkaller1: entered allmulticast mode
[  346.345099][T18672] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  346.639018][T18681] syz.1.4562: attempt to access beyond end of device
[  346.639018][T18681] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[  346.654285][T18681] FAT-fs (loop3): unable to read boot sector
[  347.042522][T18691] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  347.208274][T18699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4568'.
[  347.233774][T18699] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4568'.
[  347.244111][T18701] can0: slcan on ttyS3.
[  347.317568][T18701] can0 (unregistered): slcan off ttyS3.
[  347.335305][T18703] can0: slcan on ttyS3.
[  347.469520][T18700] can0 (unregistered): slcan off ttyS3.
[  347.847793][T18732] loop3: detected capacity change from 0 to 1024
[  347.855182][T18732] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  347.871529][T18720] loop3: detected capacity change from 0 to 512
[  347.883286][T18720] vfat: Unknown parameter '0x0000000000000007����������&�����.���u��ϥ�
[  347.883286][T18720] ���uM+X;0�Q��������Ԓ���S��)�'�i�4e�Տ	M{�O�`m��G��Mb��b٩���)9T0��q��S.x����QI4Z]��@gf]F����U�!N�D:/�2�#��|ҀҚwڇSEq�m.�eUi0'
[  347.930403][T18720] geneve1 speed is unknown, defaulting to 1000
[  347.937669][T18720] geneve1 speed is unknown, defaulting to 1000
[  347.944769][T18720] geneve1 speed is unknown, defaulting to 1000
[  347.989732][T18720] infiniband syz2: set active
[  347.994684][T18720] infiniband syz2: added geneve1
[  348.001376][ T3414] geneve1 speed is unknown, defaulting to 1000
[  348.023929][T18720] RDS/IB: syz2: added
[  348.028629][T18720] smc: adding ib device syz2 with port count 1
[  348.035730][T18720] smc:    ib device syz2 port 1 has pnetid 
[  348.042927][   T36] geneve1 speed is unknown, defaulting to 1000
[  348.049774][T18720] geneve1 speed is unknown, defaulting to 1000
[  348.079198][T18741] can0: slcan on ttyS3.
[  348.092373][T18737] geneve1 speed is unknown, defaulting to 1000
[  348.117973][T18741] can0 (unregistered): slcan off ttyS3.
[  348.129623][T18720] geneve1 speed is unknown, defaulting to 1000
[  348.129623][T18741] can0: slcan on ttyS3.
[  348.177955][T18740] can0 (unregistered): slcan off ttyS3.
[  348.196417][T18720] geneve1 speed is unknown, defaulting to 1000
[  348.236090][T18746] can0: slcan on ttyS3.
[  348.249734][T18720] geneve1 speed is unknown, defaulting to 1000
[  348.283868][T18720] geneve1 speed is unknown, defaulting to 1000
[  348.290366][T18746] can0 (unregistered): slcan off ttyS3.
[  348.303215][T18746] can0: slcan on ttyS3.
[  348.323094][T18720] geneve1 speed is unknown, defaulting to 1000
[  348.348076][T18745] can0 (unregistered): slcan off ttyS3.
[  348.418312][T18750] syzkaller1: entered promiscuous mode
[  348.424077][T18750] syzkaller1: entered allmulticast mode
[  348.434261][T18750] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  348.586249][T18759] syzkaller0: entered promiscuous mode
[  348.592376][T18759] syzkaller0: entered allmulticast mode
[  348.605885][T18759] netlink: zone id is out of range
[  348.611533][T18759] netlink: zone id is out of range
[  348.616980][T18759] netlink: zone id is out of range
[  348.622395][T18759] netlink: zone id is out of range
[  348.628207][T18759] netlink: zone id is out of range
[  348.633349][T18759] netlink: zone id is out of range
[  348.639011][T18759] netlink: zone id is out of range
[  348.644333][T18759] netlink: zone id is out of range
[  348.976234][T18777] geneve1 speed is unknown, defaulting to 1000
[  349.426518][T18782] random: crng reseeded on system resumption
[  349.432803][   T29] kauditd_printk_skb: 112 callbacks suppressed
[  349.432819][   T29] audit: type=1400 audit(1755860601.372:6333): avc:  denied  { read append } for  pid=18781 comm="syz.5.4597" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  349.463061][   T29] audit: type=1400 audit(1755860601.372:6334): avc:  denied  { ioctl open } for  pid=18781 comm="syz.5.4597" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  349.694962][T18793] __nla_validate_parse: 5 callbacks suppressed
[  349.695015][T18793] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4601'.
[  349.834740][   T29] audit: type=1400 audit(1755860601.602:6335): avc:  denied  { firmware_load } for  pid=11813 comm="kworker/u8:48" path="/lib/firmware/regulatory.db.p7s" dev="sda1" ino=449 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  349.860474][   T29] audit: type=1400 audit(1755860601.722:6336): avc:  denied  { unmount } for  pid=18179 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  349.880757][   T29] audit: type=1326 audit(1755860601.752:6337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18796 comm="syz.5.4603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  349.904445][   T29] audit: type=1326 audit(1755860601.752:6338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18796 comm="syz.5.4603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  349.928493][   T29] audit: type=1326 audit(1755860601.752:6339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18796 comm="syz.5.4603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  349.953328][   T29] audit: type=1326 audit(1755860601.752:6340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18796 comm="syz.5.4603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  350.257013][T18809] loop3: detected capacity change from 0 to 512
[  350.317080][T18809] EXT4-fs: Ignoring removed oldalloc option
[  350.396036][T18809] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  350.459520][T18809] EXT4-fs (loop3): 1 truncate cleaned up
[  350.480995][T18809] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  350.581347][   T29] audit: type=1400 audit(1755860602.082:6341): avc:  denied  { mounton } for  pid=18803 comm="syz.3.4606" path="/proc/750/task" dev="proc" ino=60686 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  350.606207][   T29] audit: type=1400 audit(1755860602.532:6342): avc:  denied  { setattr } for  pid=18808 comm="syz.3.4607" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  350.734286][T14466] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.777990][T18826] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4614'.
[  350.835943][T18828] binfmt_misc: register: failed to install interpreter file ./file2
[  351.212143][T18846] loop3: detected capacity change from 0 to 1024
[  351.262319][T18846] EXT4-fs: Ignoring removed oldalloc option
[  351.268646][T18846] EXT4-fs: Ignoring removed oldalloc option
[  351.275108][T18846] EXT4-fs: Ignoring removed bh option
[  351.342192][T18846] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  351.441918][T18854] block device autoloading is deprecated and will be removed.
[  351.472770][T18846] wg2: entered promiscuous mode
[  351.477805][T18846] wg2: entered allmulticast mode
[  351.596606][T18846] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.4613: Allocating blocks 497-513 which overlap fs metadata
[  351.646743][T14466] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  351.744502][T18870] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  351.800092][T18870] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  351.840481][T18868] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4628'.
[  352.035047][T18881] netlink: 'syz.5.4633': attribute type 153 has an invalid length.
[  352.044206][T18881] SELinux:  Context system_u:object_r:systemd_logger_exec_t:s0 is not valid (left unmapped).
[  352.652865][T18891] usb usb1: check_ctrlrecip: process 18891 (syz.3.4637) requesting ep 01 but needs 81
[  352.662913][T18891] usb usb1: usbfs: process 18891 (syz.3.4637) did not claim interface 0 before use
[  352.992360][T18903] block device autoloading is deprecated and will be removed.
[  353.082661][T18907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4642'.
[  353.092176][T18907] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4642'.
[  353.117340][T18911] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4644'.
[  353.402652][T18921] FAULT_INJECTION: forcing a failure.
[  353.402652][T18921] name failslab, interval 1, probability 0, space 0, times 0
[  353.415404][T18921] CPU: 1 UID: 0 PID: 18921 Comm: syz.4.4648 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  353.415522][T18921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  353.415535][T18921] Call Trace:
[  353.415543][T18921]  <TASK>
[  353.415552][T18921]  __dump_stack+0x1d/0x30
[  353.415609][T18921]  dump_stack_lvl+0xe8/0x140
[  353.415643][T18921]  dump_stack+0x15/0x1b
[  353.415659][T18921]  should_fail_ex+0x265/0x280
[  353.415696][T18921]  should_failslab+0x8c/0xb0
[  353.415727][T18921]  kmem_cache_alloc_node_noprof+0x57/0x320
[  353.415818][T18921]  ? __alloc_skb+0x101/0x320
[  353.415900][T18921]  __alloc_skb+0x101/0x320
[  353.415962][T18921]  __ip6_append_data+0x190f/0x2390
[  353.416027][T18921]  ? __pfx_raw6_getfrag+0x10/0x10
[  353.416075][T18921]  ? dst_cow_metrics_generic+0x39/0x140
[  353.416117][T18921]  ? __kmalloc_cache_noprof+0x189/0x320
[  353.416166][T18921]  ? dst_blackhole_mtu+0x5b/0x70
[  353.416206][T18921]  ip6_append_data+0x13b/0x250
[  353.416251][T18921]  ? __pfx_raw6_getfrag+0x10/0x10
[  353.416377][T18921]  rawv6_sendmsg+0xdce/0xf80
[  353.416430][T18921]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  353.416461][T18921]  inet_sendmsg+0xc5/0xd0
[  353.416556][T18921]  __sock_sendmsg+0x102/0x180
[  353.416586][T18921]  sock_write_iter+0x165/0x1b0
[  353.416622][T18921]  do_iter_readv_writev+0x421/0x4c0
[  353.416706][T18921]  vfs_writev+0x2df/0x8b0
[  353.416760][T18921]  do_writev+0xe7/0x210
[  353.416795][T18921]  __x64_sys_writev+0x45/0x50
[  353.416898][T18921]  x64_sys_call+0x1e9a/0x2ff0
[  353.416927][T18921]  do_syscall_64+0xd2/0x200
[  353.416959][T18921]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  353.416986][T18921]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  353.417080][T18921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.417130][T18921] RIP: 0033:0x7fc90b22eb69
[  353.417151][T18921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.417178][T18921] RSP: 002b:00007fc909897038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  353.417209][T18921] RAX: ffffffffffffffda RBX: 00007fc90b455fa0 RCX: 00007fc90b22eb69
[  353.417226][T18921] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000006
[  353.417241][T18921] RBP: 00007fc909897090 R08: 0000000000000000 R09: 0000000000000000
[  353.417253][T18921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  353.417265][T18921] R13: 0000000000000000 R14: 00007fc90b455fa0 R15: 00007fffcb34d978
[  353.417287][T18921]  </TASK>
[  353.914019][T18937] netem: change failed
[  354.098948][T18941] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4657'.
[  354.108767][T18941] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4657'.
[  354.631283][   T29] kauditd_printk_skb: 37 callbacks suppressed
[  354.631334][   T29] audit: type=1326 audit(1755860606.580:6380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18957 comm="syz.5.4664" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb087eaeb69 code=0x0
[  354.785027][T18963] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4665'.
[  354.870951][T18966] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4666'.
[  354.909788][T18969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4667'.
[  354.991517][T18970] geneve1 speed is unknown, defaulting to 1000
[  355.114822][T18970] geneve1 speed is unknown, defaulting to 1000
[  355.233267][T18971] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4667'.
[  355.555076][   T29] audit: type=1326 audit(1755860607.499:6381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18975 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  355.578827][   T29] audit: type=1326 audit(1755860607.499:6382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18975 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  355.602558][   T29] audit: type=1326 audit(1755860607.499:6383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18975 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  355.626194][   T29] audit: type=1326 audit(1755860607.499:6384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18975 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  355.650096][   T29] audit: type=1326 audit(1755860607.499:6385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18975 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  355.743259][   T29] audit: type=1326 audit(1755860607.669:6386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18979 comm="syz.1.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  355.767085][   T29] audit: type=1326 audit(1755860607.669:6387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18979 comm="syz.1.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  355.790774][   T29] audit: type=1326 audit(1755860607.679:6388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18979 comm="syz.1.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  355.814510][   T29] audit: type=1326 audit(1755860607.679:6389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18979 comm="syz.1.4671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08744ceb69 code=0x7ffc0000
[  355.854094][T18982] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4671'.
[  356.029017][T18987] can0: slcan on ttyS3.
[  356.082407][T18999] can0 (unregistered): slcan off ttyS3.
[  356.096092][T18987] can0: slcan on ttyS3.
[  356.163243][T18986] can0 (unregistered): slcan off ttyS3.
[  356.369748][T19025] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4688'.
[  356.501117][T19041] dvmrp1: entered allmulticast mode
[  356.529383][T19041] dvmrp1: left allmulticast mode
[  356.623914][T19053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  356.632744][T19053] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  356.658641][T19055] block device autoloading is deprecated and will be removed.
[  356.768242][T19050] geneve1 speed is unknown, defaulting to 1000
[  356.780317][T19066] syz.0.4704: attempt to access beyond end of device
[  356.780317][T19066] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[  356.793280][T19066] FAT-fs (loop1): unable to read boot sector
[  356.814989][T19058] geneve1 speed is unknown, defaulting to 1000
[  356.866393][T19070] dvmrp1: entered allmulticast mode
[  356.881766][T19070] dvmrp1: left allmulticast mode
[  357.095758][T19084] dvmrp1: entered allmulticast mode
[  357.135334][T19088] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4712'.
[  357.171719][T19089] dvmrp1: left allmulticast mode
[  357.303881][T19099] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4715'.
[  357.861274][T19115] syzkaller1: entered promiscuous mode
[  357.866940][T19115] syzkaller1: entered allmulticast mode
[  357.882640][T19115] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  357.977167][T19117] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4722'.
[  358.008166][T19103] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4710'.
[  359.296966][T19189] syzkaller0: entered promiscuous mode
[  359.302702][T19189] syzkaller0: entered allmulticast mode
[  359.797964][T19220] block device autoloading is deprecated and will be removed.
[  359.835401][T19223] syzkaller1: entered promiscuous mode
[  359.840917][T19223] syzkaller1: entered allmulticast mode
[  359.851164][T19223] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  360.267027][T19243] can0: slcan on ttyS3.
[  360.324016][T19243] can0 (unregistered): slcan off ttyS3.
[  360.333217][T19244] can0: slcan on ttyS3.
[  360.394982][T19242] can0 (unregistered): slcan off ttyS3.
[  360.426977][T19246] block device autoloading is deprecated and will be removed.
[  360.434640][T19246] syz.1.4767: attempt to access beyond end of device
[  360.434640][T19246] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[  360.447790][T19246] FAT-fs (loop3): unable to read boot sector
[  360.507792][   T29] kauditd_printk_skb: 274 callbacks suppressed
[  360.507809][   T29] audit: type=1400 audit(1755860612.447:6664): avc:  denied  { nlmsg_write } for  pid=19253 comm="syz.1.4770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  360.545863][   T29] audit: type=1326 audit(1755860612.487:6665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19255 comm="syz.5.4772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  360.569753][   T29] audit: type=1326 audit(1755860612.487:6666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19255 comm="syz.5.4772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  360.593747][   T29] audit: type=1326 audit(1755860612.487:6667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19255 comm="syz.5.4772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  360.617380][   T29] audit: type=1326 audit(1755860612.487:6668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19255 comm="syz.5.4772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  360.640984][   T29] audit: type=1326 audit(1755860612.487:6669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19255 comm="syz.5.4772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  360.664706][   T29] audit: type=1326 audit(1755860612.487:6670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19255 comm="syz.5.4772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  360.688308][   T29] audit: type=1326 audit(1755860612.487:6671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19255 comm="syz.5.4772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  360.719854][T19256] __nla_validate_parse: 3 callbacks suppressed
[  360.719870][T19256] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4772'.
[  360.728251][   T29] audit: type=1326 audit(1755860612.537:6672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19255 comm="syz.5.4772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  360.759654][   T29] audit: type=1326 audit(1755860612.537:6673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19255 comm="syz.5.4772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  360.787136][T19256] loop9: detected capacity change from 0 to 7
[  360.793551][T19256] Buffer I/O error on dev loop9, logical block 0, async page read
[  360.822609][T19256] Buffer I/O error on dev loop9, logical block 0, async page read
[  360.831308][T19256]  loop9: unable to read partition table
[  360.837350][T19256] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  360.837350][T19256] 
) failed (rc=-5)
[  360.867015][T19260] team0: Port device dummy0 removed
[  360.881888][T19260] bridge_slave_0: left allmulticast mode
[  360.888120][T19260] bridge_slave_0: left promiscuous mode
[  360.893864][T19260] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.906632][T19260] bridge_slave_1: left allmulticast mode
[  360.912375][T19260] bridge_slave_1: left promiscuous mode
[  360.918230][T19260] bridge0: port 2(bridge_slave_1) entered disabled state
[  360.926731][T19270] IPv6: Can't replace route, no match found
[  360.936645][T19260] bond0: (slave bond_slave_0): Releasing backup interface
[  360.949875][T19260] team0: Port device team_slave_0 removed
[  360.960993][T19260] team0: Port device team_slave_1 removed
[  360.981935][T19260] geneve0: left allmulticast mode
[  360.987096][T19260] geneve0: left promiscuous mode
[  360.992301][T19260] bridge0: port 3(geneve0) entered disabled state
[  361.002948][T19260] bond1: (slave bridge1): Releasing active interface
[  361.299492][T19311] FAULT_INJECTION: forcing a failure.
[  361.299492][T19311] name failslab, interval 1, probability 0, space 0, times 0
[  361.312340][T19311] CPU: 1 UID: 0 PID: 19311 Comm: syz.3.4794 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  361.312390][T19311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  361.312407][T19311] Call Trace:
[  361.312415][T19311]  <TASK>
[  361.312498][T19311]  __dump_stack+0x1d/0x30
[  361.312520][T19311]  dump_stack_lvl+0xe8/0x140
[  361.312543][T19311]  dump_stack+0x15/0x1b
[  361.312565][T19311]  should_fail_ex+0x265/0x280
[  361.312618][T19311]  should_failslab+0x8c/0xb0
[  361.312651][T19311]  kmem_cache_alloc_noprof+0x50/0x310
[  361.312688][T19311]  ? audit_log_start+0x365/0x6c0
[  361.312743][T19311]  audit_log_start+0x365/0x6c0
[  361.312786][T19311]  audit_seccomp+0x48/0x100
[  361.312820][T19311]  ? __seccomp_filter+0x68c/0x10d0
[  361.312853][T19311]  __seccomp_filter+0x69d/0x10d0
[  361.312879][T19311]  ? __se_sys_getcwd+0x253/0x300
[  361.312914][T19311]  ? __se_sys_getcwd+0x253/0x300
[  361.312941][T19311]  ? kmem_cache_free+0xdf/0x300
[  361.313093][T19311]  __secure_computing+0x82/0x150
[  361.313121][T19311]  syscall_trace_enter+0xcf/0x1e0
[  361.313215][T19311]  do_syscall_64+0xac/0x200
[  361.313247][T19311]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  361.313335][T19311]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  361.313356][T19311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.313377][T19311] RIP: 0033:0x7f66d8f2d57c
[  361.313396][T19311] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  361.313421][T19311] RSP: 002b:00007f66d758f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  361.313445][T19311] RAX: ffffffffffffffda RBX: 00007f66d9155fa0 RCX: 00007f66d8f2d57c
[  361.313502][T19311] RDX: 000000000000000f RSI: 00007f66d758f0a0 RDI: 0000000000000003
[  361.313517][T19311] RBP: 00007f66d758f090 R08: 0000000000000000 R09: 0000000000000000
[  361.313533][T19311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  361.313549][T19311] R13: 0000000000000000 R14: 00007f66d9155fa0 R15: 00007ffe81821958
[  361.313574][T19311]  </TASK>
[  361.599270][T19325] block device autoloading is deprecated and will be removed.
[  361.948069][T19351] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64013 sclass=netlink_route_socket pid=19351 comm=syz.0.4809
[  361.984876][T19355] block device autoloading is deprecated and will be removed.
[  362.409168][T19364] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4814'.
[  362.835765][T19382] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4822'.
[  362.949968][T19389] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64013 sclass=netlink_route_socket pid=19389 comm=syz.0.4825
[  362.998375][T19391] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4826'.
[  363.089640][T19395] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4828'.
[  363.098690][T19395] netlink: 212 bytes leftover after parsing attributes in process `syz.4.4828'.
[  363.262169][T19400] syzkaller1: entered promiscuous mode
[  363.267928][T19400] syzkaller1: entered allmulticast mode
[  363.319033][T19400] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  363.429001][T19414] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64013 sclass=netlink_route_socket pid=19414 comm=syz.3.4837
[  363.457484][T19416] 9pnet_fd: Insufficient options for proto=fd
[  363.505013][T19420] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4840'.
[  363.514469][T19420] netlink: 212 bytes leftover after parsing attributes in process `syz.4.4840'.
[  363.534846][T19422] netlink: 'syz.3.4841': attribute type 10 has an invalid length.
[  363.545284][T19422] batman_adv: batadv0: Interface deactivated: dummy0
[  363.563739][T19422] batman_adv: batadv0: Removing interface: dummy0
[  363.595318][T19422] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  363.669645][T19426] can0: slcan on ttyS3.
[  363.725976][T19426] can0 (unregistered): slcan off ttyS3.
[  363.748256][T19426] can0: slcan on ttyS3.
[  363.858659][T19437] block device autoloading is deprecated and will be removed.
[  363.866347][T19425] can0 (unregistered): slcan off ttyS3.
[  363.866628][T19437] syz.1.4847: attempt to access beyond end of device
[  363.866628][T19437] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[  363.885821][T19437] FAT-fs (loop3): unable to read boot sector
[  363.958324][T19445] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4850'.
[  364.026098][T19454] netlink: 'syz.4.4855': attribute type 21 has an invalid length.
[  364.034290][T19454] netlink: 156 bytes leftover after parsing attributes in process `syz.4.4855'.
[  364.364167][T19491] syzkaller1: entered promiscuous mode
[  364.369894][T19491] syzkaller1: entered allmulticast mode
[  364.392387][T19491] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  364.535929][T19517] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=48 sclass=netlink_xfrm_socket pid=19517 comm=syz.4.4879
[  364.777919][T19532] block device autoloading is deprecated and will be removed.
[  364.785913][T19532] syz.4.4885: attempt to access beyond end of device
[  364.785913][T19532] loop9: rw=0, sector=0, nr_sectors = 1 limit=0
[  364.799230][T19532] FAT-fs (loop9): unable to read boot sector
[  365.177990][T19541] syzkaller1: entered promiscuous mode
[  365.183657][T19541] syzkaller1: entered allmulticast mode
[  365.254156][T19544] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  365.612834][   T29] kauditd_printk_skb: 398 callbacks suppressed
[  365.612854][   T29] audit: type=1400 audit(1755860617.544:7070): avc:  denied  { setopt } for  pid=19560 comm="syz.0.4895" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  365.640334][   T29] audit: type=1400 audit(1755860617.544:7071): avc:  denied  { connect } for  pid=19560 comm="syz.0.4895" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  365.803272][   T29] audit: type=1400 audit(1755860617.664:7072): avc:  denied  { write } for  pid=19569 comm="syz.3.4897" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  365.827622][   T29] audit: type=1400 audit(1755860617.664:7073): avc:  denied  { ioctl } for  pid=19569 comm="syz.3.4897" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  365.862751][T19572] can0: slcan on ttyS3.
[  365.878987][T19576] __nla_validate_parse: 8 callbacks suppressed
[  365.879008][T19576] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4900'.
[  365.947936][T19572] can0 (unregistered): slcan off ttyS3.
[  365.957152][T19582] can0: slcan on ttyS3.
[  365.981561][   T29] audit: type=1400 audit(1755860617.874:7074): avc:  denied  { module_request } for  pid=19579 comm="syz.5.4902" kmod="net-pf-16-proto-16-family-" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  366.007718][T19571] can0 (unregistered): slcan off ttyS3.
[  366.025377][T19584] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4903'.
[  366.034456][T19584] netlink: 212 bytes leftover after parsing attributes in process `syz.3.4903'.
[  366.090701][T19589] block device autoloading is deprecated and will be removed.
[  366.101422][   T29] audit: type=1326 audit(1755860618.024:7075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19583 comm="syz.3.4903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d8f2eb69 code=0x7ffc0000
[  366.125198][   T29] audit: type=1326 audit(1755860618.024:7076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19583 comm="syz.3.4903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f66d8f2eb69 code=0x7ffc0000
[  366.149721][   T29] audit: type=1326 audit(1755860618.024:7077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19583 comm="syz.3.4903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d8f2eb69 code=0x7ffc0000
[  366.173891][   T29] audit: type=1326 audit(1755860618.044:7078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19583 comm="syz.3.4903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f66d8f2eb69 code=0x7ffc0000
[  366.198720][   T29] audit: type=1326 audit(1755860618.044:7079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19583 comm="syz.3.4903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66d8f2eb69 code=0x7ffc0000
[  366.252496][T19590] block device autoloading is deprecated and will be removed.
[  366.710433][T19615] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4914'.
[  366.782316][T19619] can0: slcan on ttyS3.
[  366.798940][T19622] block device autoloading is deprecated and will be removed.
[  366.820094][T19625] futex_wake_op: syz.0.4919 tries to shift op by -1; fix this program
[  366.833362][T19625] 9pnet_fd: Insufficient options for proto=fd
[  366.859904][T19619] can0 (unregistered): slcan off ttyS3.
[  366.870848][T19628] can0: slcan on ttyS3.
[  366.921778][T19618] can0 (unregistered): slcan off ttyS3.
[  366.965093][T19642] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4926'.
[  366.974309][T19642] netlink: 212 bytes leftover after parsing attributes in process `syz.5.4926'.
[  367.036289][T19644] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4927'.
[  367.094032][T19648] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4929'.
[  367.106916][T19648] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4929'.
[  367.181733][T19657] futex_wake_op: syz.5.4933 tries to shift op by -1; fix this program
[  367.190712][T19657] netlink: 'syz.5.4933': attribute type 4 has an invalid length.
[  367.198486][T19657] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4933'.
[  367.816225][T19678] netlink: 'syz.3.4935': attribute type 10 has an invalid length.
[  367.935528][T19678] bond0: (slave dummy0): Releasing backup interface
[  367.967027][T19683] netlink: 'syz.3.4935': attribute type 10 has an invalid length.
[  368.034900][T19678] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  368.076545][T19678] team0: Failed to send options change via netlink (err -105)
[  368.084436][T19678] team0: Port device dummy0 added
[  368.150189][T19683] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  368.246211][ T2954] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0
[  368.257305][T19683] team0: Failed to send options change via netlink (err -105)
[  368.299371][T19683] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  368.318527][ T2954] hid-generic 0000:0000:0000.0015: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  368.395252][T19683] team0: Port device dummy0 removed
[  368.435854][T19683] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  368.515287][T19711] tipc: Started in network mode
[  368.520252][T19711] tipc: Node identity ac14140f, cluster identity 4711
[  368.551901][T19711] tipc: New replicast peer: 255.255.255.255
[  368.558173][T19711] tipc: Enabled bearer <udp:syz2>, priority 10
[  368.610716][T19698] syzkaller1: entered promiscuous mode
[  368.616335][T19698] syzkaller1: entered allmulticast mode
[  368.964342][T19739] FAULT_INJECTION: forcing a failure.
[  368.964342][T19739] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  368.977717][T19739] CPU: 1 UID: 0 PID: 19739 Comm: syz.5.4957 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  368.977747][T19739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  368.977759][T19739] Call Trace:
[  368.977769][T19739]  <TASK>
[  368.977779][T19739]  __dump_stack+0x1d/0x30
[  368.977803][T19739]  dump_stack_lvl+0xe8/0x140
[  368.977881][T19739]  dump_stack+0x15/0x1b
[  368.977899][T19739]  should_fail_ex+0x265/0x280
[  368.977982][T19739]  should_fail+0xb/0x20
[  368.978021][T19739]  should_fail_usercopy+0x1a/0x20
[  368.978046][T19739]  _copy_from_user+0x1c/0xb0
[  368.978084][T19739]  __sys_connect+0xd0/0x2b0
[  368.978180][T19739]  __x64_sys_connect+0x3f/0x50
[  368.978216][T19739]  x64_sys_call+0x2c08/0x2ff0
[  368.978245][T19739]  do_syscall_64+0xd2/0x200
[  368.978275][T19739]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  368.978306][T19739]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  368.978335][T19739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.978369][T19739] RIP: 0033:0x7fb087eaeb69
[  368.978434][T19739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.978509][T19739] RSP: 002b:00007fb0864ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  368.978546][T19739] RAX: ffffffffffffffda RBX: 00007fb0880d6080 RCX: 00007fb087eaeb69
[  368.978559][T19739] RDX: 0000000000000010 RSI: 0000200000000180 RDI: 0000000000000008
[  368.978571][T19739] RBP: 00007fb0864ee090 R08: 0000000000000000 R09: 0000000000000000
[  368.978642][T19739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  368.978705][T19739] R13: 0000000000000000 R14: 00007fb0880d6080 R15: 00007ffd31d81df8
[  368.978728][T19739]  </TASK>
[  369.303091][T19747] loop1: detected capacity change from 0 to 512
[  369.338512][T19747] EXT4-fs (loop1): too many log groups per flexible block group
[  369.346508][T19747] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  369.359230][T19747] EXT4-fs (loop1): mount failed
[  369.451735][T19752] geneve1 speed is unknown, defaulting to 1000
[  369.581434][T19752] geneve1 speed is unknown, defaulting to 1000
[  369.713848][ T2954] tipc: Node number set to 2886997007
[  370.044016][T19774] syz.5.4970: attempt to access beyond end of device
[  370.044016][T19774] loop11: rw=0, sector=0, nr_sectors = 1 limit=0
[  370.060770][T19774] FAT-fs (loop11): unable to read boot sector
[  370.141236][T19777] syzkaller1: entered promiscuous mode
[  370.146859][T19777] syzkaller1: entered allmulticast mode
[  370.159287][T19777] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  370.188682][T19791] loop1: detected capacity change from 0 to 512
[  370.208941][T19791] EXT4-fs (loop1): too many log groups per flexible block group
[  370.217011][T19791] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  370.236183][T19791] EXT4-fs (loop1): mount failed
[  370.247269][T19796] loop3: detected capacity change from 0 to 1024
[  370.273725][T19796] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  370.297431][T19803] can0: slcan on ttyS3.
[  370.363081][T19812] FAULT_INJECTION: forcing a failure.
[  370.363081][T19812] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  370.376384][T19812] CPU: 1 UID: 0 PID: 19812 Comm: syz.0.4983 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  370.376487][T19812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  370.376505][T19812] Call Trace:
[  370.376511][T19812]  <TASK>
[  370.376520][T19812]  __dump_stack+0x1d/0x30
[  370.376549][T19812]  dump_stack_lvl+0xe8/0x140
[  370.376575][T19812]  dump_stack+0x15/0x1b
[  370.376592][T19812]  should_fail_ex+0x265/0x280
[  370.376705][T19812]  should_fail+0xb/0x20
[  370.376786][T19812]  should_fail_usercopy+0x1a/0x20
[  370.376805][T19812]  _copy_from_iter+0xcf/0xe40
[  370.376836][T19812]  ? __build_skb_around+0x1a0/0x200
[  370.376926][T19812]  ? __alloc_skb+0x223/0x320
[  370.376964][T19812]  netlink_sendmsg+0x471/0x6b0
[  370.377006][T19812]  ? __pfx_netlink_sendmsg+0x10/0x10
[  370.377121][T19812]  __sock_sendmsg+0x145/0x180
[  370.377206][T19812]  ____sys_sendmsg+0x31e/0x4e0
[  370.377266][T19812]  ___sys_sendmsg+0x17b/0x1d0
[  370.377389][T19812]  __x64_sys_sendmsg+0xd4/0x160
[  370.377438][T19812]  x64_sys_call+0x191e/0x2ff0
[  370.377506][T19812]  do_syscall_64+0xd2/0x200
[  370.377536][T19812]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  370.377568][T19812]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  370.377595][T19812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.377623][T19812] RIP: 0033:0x7f439e25eb69
[  370.377684][T19812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.377702][T19812] RSP: 002b:00007f439c8bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  370.377724][T19812] RAX: ffffffffffffffda RBX: 00007f439e485fa0 RCX: 00007f439e25eb69
[  370.377739][T19812] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  370.377753][T19812] RBP: 00007f439c8bf090 R08: 0000000000000000 R09: 0000000000000000
[  370.377768][T19812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.377889][T19812] R13: 0000000000000000 R14: 00007f439e485fa0 R15: 00007ffe7e213c18
[  370.377909][T19812]  </TASK>
[  370.378269][T19803] can0 (unregistered): slcan off ttyS3.
[  370.405851][T14466] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  370.438602][T19812] netlink: 'syz.0.4983': attribute type 6 has an invalid length.
[  370.614275][T19814] can0: slcan on ttyS3.
[  370.669526][T19802] can0 (unregistered): slcan off ttyS3.
[  370.762355][T19839] syzkaller1: entered promiscuous mode
[  370.768042][T19839] syzkaller1: entered allmulticast mode
[  370.777575][T19839] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  370.822571][   T29] kauditd_printk_skb: 122 callbacks suppressed
[  370.822587][   T29] audit: type=1326 audit(1755860622.762:7202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.5.4995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  370.887125][T19852] FAULT_INJECTION: forcing a failure.
[  370.887125][T19852] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  370.899780][   T29] audit: type=1326 audit(1755860622.802:7203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19845 comm="syz.5.4995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb087eaeb69 code=0x7ffc0000
[  370.901303][T19852] CPU: 0 UID: 0 PID: 19852 Comm: syz.5.4997 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  370.901354][T19852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  370.901373][T19852] Call Trace:
[  370.901383][T19852]  <TASK>
[  370.901395][T19852]  __dump_stack+0x1d/0x30
[  370.901425][T19852]  dump_stack_lvl+0xe8/0x140
[  370.901522][T19852]  dump_stack+0x15/0x1b
[  370.901613][T19852]  should_fail_ex+0x265/0x280
[  370.901661][T19852]  should_fail+0xb/0x20
[  370.901768][T19852]  should_fail_usercopy+0x1a/0x20
[  370.901795][T19852]  _copy_to_user+0x20/0xa0
[  370.901911][T19852]  simple_read_from_buffer+0xb5/0x130
[  370.901943][T19852]  proc_fail_nth_read+0x10e/0x150
[  370.901983][T19852]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  370.902112][T19852]  vfs_read+0x1a0/0x6f0
[  370.902142][T19852]  ? fput+0x8f/0xc0
[  370.902183][T19852]  ? __rcu_read_unlock+0x4f/0x70
[  370.902204][T19852]  ? __fget_files+0x184/0x1c0
[  370.902280][T19852]  ksys_read+0xda/0x1a0
[  370.902314][T19852]  __x64_sys_read+0x40/0x50
[  370.902345][T19852]  x64_sys_call+0x27bc/0x2ff0
[  370.902429][T19852]  do_syscall_64+0xd2/0x200
[  370.902463][T19852]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  370.902498][T19852]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  370.902597][T19852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.902628][T19852] RIP: 0033:0x7fb087ead57c
[  370.902652][T19852] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  370.902679][T19852] RSP: 002b:00007fb08650f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  370.902707][T19852] RAX: ffffffffffffffda RBX: 00007fb0880d5fa0 RCX: 00007fb087ead57c
[  370.902726][T19852] RDX: 000000000000000f RSI: 00007fb08650f0a0 RDI: 0000000000000006
[  370.902745][T19852] RBP: 00007fb08650f090 R08: 0000000000000000 R09: 0000000000000000
[  370.902779][T19852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.902796][T19852] R13: 0000000000000000 R14: 00007fb0880d5fa0 R15: 00007ffd31d81df8
[  370.902824][T19852]  </TASK>
[  371.133246][   T29] audit: type=1400 audit(1755860623.042:7204): avc:  denied  { cpu } for  pid=19865 comm="syz.0.5002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  371.199141][   T29] audit: type=1400 audit(1755860623.131:7205): avc:  denied  { bind } for  pid=19858 comm="syz.1.5000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  371.218895][   T29] audit: type=1400 audit(1755860623.131:7206): avc:  denied  { name_bind } for  pid=19858 comm="syz.1.5000" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  371.241018][   T29] audit: type=1400 audit(1755860623.131:7207): avc:  denied  { node_bind } for  pid=19858 comm="syz.1.5000" saddr=172.20.20.170 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  371.280959][T19870] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.313410][T19876] can0: slcan on ttyS3.
[  371.351516][T19867] ==================================================================
[  371.359658][T19867] BUG: KCSAN: data-race in getrusage / vms_clear_ptes
[  371.366473][T19867] 
[  371.368826][T19867] write to 0xffff888100059e18 of 8 bytes by task 19871 on cpu 0:
[  371.376565][T19867]  vms_clear_ptes+0x18f/0x2d0
[  371.381377][T19867]  mmap_region+0x759/0x1630
[  371.385943][T19867]  do_mmap+0x9b3/0xbe0
[  371.390046][T19867]  vm_mmap_pgoff+0x17a/0x2e0
[  371.394669][T19867]  ksys_mmap_pgoff+0x268/0x310
[  371.399498][T19867]  x64_sys_call+0x14a3/0x2ff0
[  371.404193][T19867]  do_syscall_64+0xd2/0x200
[  371.408768][T19867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.414688][T19867] 
[  371.417023][T19867] read to 0xffff888100059e18 of 8 bytes by task 19867 on cpu 1:
[  371.424674][T19867]  getrusage+0xa52/0xbb0
[  371.428964][T19867]  io_sq_thread+0x5dd/0x1190
[  371.433576][T19867]  ret_from_fork+0xdd/0x150
[  371.438119][T19867]  ret_from_fork_asm+0x1a/0x30
[  371.442908][T19867] 
[  371.445237][T19867] value changed: 0x0000000000001dd7 -> 0x0000000000001e37
[  371.452351][T19867] 
[  371.454695][T19867] Reported by Kernel Concurrency Sanitizer on:
[  371.460859][T19867] CPU: 1 UID: 0 PID: 19867 Comm: iou-sqp-19866 Not tainted 6.16.0-syzkaller-11322-g352af6a011d5 #0 PREEMPT(voluntary) 
[  371.473289][T19867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  371.483362][T19867] ==================================================================
[  371.501246][T19876] can0 (unregistered): slcan off ttyS3.
[  371.509438][T19870] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.544046][T19879] can0: slcan on ttyS3.
[  371.593119][T19870] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.620345][T19875] can0 (unregistered): slcan off ttyS3.
[  371.672186][T19870] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.762083][T11790] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  371.776604][T11790] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  371.794312][T11790] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  371.816784][T11790] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  378.977445][T11779] batadv1: left allmulticast mode
[  378.982763][T11779] batadv1: left promiscuous mode
[  378.987906][T11779] bridge0: port 3(batadv1) entered disabled state
[  378.998235][T11779] bridge_slave_1: left allmulticast mode
[  379.005120][T11779] bridge_slave_1: left promiscuous mode
[  379.011087][T11779] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.020501][T11779] bridge_slave_0: left allmulticast mode
[  379.026370][T11779] bridge_slave_0: left promiscuous mode
[  379.032174][T11779] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.188009][T11779] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  379.199699][T11779] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  379.209461][T11779] bond0 (unregistering): Released all slaves
[  379.268245][T11779] tipc: Disabling bearer <udp:syz2>
[  379.274272][T11779] tipc: Left network mode
[  379.300117][T11779] hsr_slave_0: left promiscuous mode
[  379.305958][T11779] hsr_slave_1: left promiscuous mode
[  379.311661][T11779] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  379.319211][T11779] batman_adv: batadv0: Removing interface: batadv_slave_0
[  379.330738][T11779] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  379.338183][T11779] batman_adv: batadv0: Removing interface: batadv_slave_1
[  379.348616][T11779] veth0_macvtap: left promiscuous mode
[  379.354201][T11779] veth1_vlan: left promiscuous mode
[  379.359512][T11779] veth0_vlan: left promiscuous mode
[  379.433386][T11779] team0 (unregistering): Port device team_slave_1 removed
[  379.444544][T11779] team0 (unregistering): Port device team_slave_0 removed
[  379.474602][T11779] dummy0 (unregistering): left allmulticast mode
[  379.736546][T11779] IPVS: stop unused estimator thread 0...