last executing test programs:

59.444271178s ago: executing program 0 (id=515):
prctl$PR_SET_NAME(0xf, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r1}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0))
r2 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000d00)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
open_tree(r4, &(0x7f0000000300)='./file0\x00', 0x8001)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25GCALLUSERDATA(r6, 0x8918, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r7, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r10], 0x20}}, 0x0)
write$binfmt_misc(r4, &(0x7f0000000240), 0xfffffecc)
splice(r3, 0x0, r5, 0x0, 0x714f, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="21000000000000002c00128009000100626f6e64000000001c00028005002100010400080500010004"], 0x4c}}, 0x40)

58.633917044s ago: executing program 0 (id=533):
sched_setaffinity(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='io_uring_register\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='io_uring_register\x00', r2}, 0x10)
r3 = syz_io_uring_setup(0x373d, &(0x7f0000000500)={0x0, 0x4, 0x1, 0xa, 0xffffff}, &(0x7f0000000380), &(0x7f0000000400))
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)

58.552449467s ago: executing program 0 (id=534):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400004005000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000c5e444a1"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/12, @ANYRES32, @ANYBLOB="0d00ff0000000000830000000000000045"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe99}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080))
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
sendmsg$sock(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000280)="f112648551", 0x5}], 0x1, &(0x7f0000000700)=[@txtime={{0x18}}], 0x18}, 0x4004014)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0xa2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, &(0x7f0000000080)='GPL\x00'}, 0x90)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f4, &(0x7f0000000080))

58.469821841s ago: executing program 0 (id=538):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000df"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x8, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020692500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000650000000600000085100000010000009500000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x9}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000005000000080000000e"], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff058500000004000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002c0400ee000000002000b9bdc92f6dff3c70952bf91b0000"], 0x14}}, 0x800)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0, 0x4}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4, 0x0, 0x3}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000022020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r5}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x4)
syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000080)='./file2\x00', 0x1808004, &(0x7f0000000000)=ANY=[@ANYRES16=0x0, @ANYRES64], 0x4, 0x7cc, &(0x7f0000002200)="$eJzs3U1sHOUZAOB3HJsEI6WIVimKQpgEKgUJzHoNpi4HWNZje2C9a+2uq0RVRSNwkBUHKBS15AJRJWirVlVPPVKu3HqjqtRKPbQ9VSqHXnpD4lRRqX+iqpBczew6/v9JcEIgz2PF3+zsO9/3zmY978za+20AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJHUJyuV0SQa+bfnT6fbq0+2W7M73L/S32/XNes8vm7ciKT4F4cOxUf/6q370urdR4pvJ+NY79axOFQ0h+LibUduf/SLgwMr2++Q0NU6sce4JOL1IqnzZ5eWFl66BolcRz/69RVv8t/l4vt01sw7rXy2Np2leaeVToyPVx6cmeqkU3kj65zpdLPZtN7Oat1WOz1Vvy8dnZgYS7ORM6355vRkrZGtrHzkgWqlMp4+OTKX1dqdVvPBJ6NTn8kbjbw5XcZUK9+NIuaR4on4VN5Nu1ltNk3PLS4tjK3JKtkq1SJodKs7DvSeP8fuvf2DV97/5+JC8YTcbn+T/hOzOjparY6OPzzx8COVymC1Ul2/orJBXI6IgYgi4po8afkM2d8DOHwCA/36H43IoxnzcTrSDV9DETEU9ZiMdrRitlj3l6FNUX0r9f8rD/79TzuNu7b+r1T5O1fvPhpl/T/eu3V8u/q/KYsdv4auKHpPXy/Hq3ExzsfZWIqlWIiX9rf/g/ue8cAn7SFZd2s6smhGHp1oRR6zUSvXpP01aUzEeIxHJZ6OmZiKTqQxFXk0IotOnIlOdCMrn1H1aEcWtehGK9qRxqmox32RxmhMxESMRRpZjMSZaMV8NGM6Hoha2cu5WCwf97ENWR65NX713J8/eKtYvhw0utNuFSdzRdA/dgjaVO53rP/Ly8X5wsYI9f9mdw2O4nB1llfqPwAAAPC5lZSvviflS/x3lUtTeSP7xh627A5eh/QAAACAfVD+5v9Y0QwVS3dFUlz/V7aIfO+65wYAAADsj6R8j10SEcNxd2/pXCzG67EQW70IAAAAAHwGlb//P140wxGvlStWpktx/Q8AAACfEz/Ybo7991fm2O3MHUx+U84BnFyaO31vcqFWxNUuHOht12++frnH7tTR5HC/k7IZH7x4WxIRg/XsWLIy++XHB3vth+X3o6tzCWw313/Sbu+YQOycQHkrfhwnejEnnu21z/bvSXqjDE/ljWyk3mo8Wk6JWPzrvvL84vciitF/2Jw9nMS5xaWFkWdeWHq2zOVS0culC/0JFNfNo7j8hR1zWe4/AnHX1ns8VL4Roz/ucG/cytr9Hyi3/t9yOc/stvufrB3zjTjZizk53GuHV+7pjXmoGHN05NHRqNUOD3Sz091XltfsfT+L0d32fJf/hTfinl7MPafu6TVbZFFdl8Xzm7Oors2i91jEwD5l8daJ107/5/etJBvbLYuxK8hi+UDExiwAPi3nyll/VqvQrWUVKopKoaj/G+rurStb7uFY++/VUXpnGR/3u42INbVuMDZW99W+91bdl6N3RD/ViznVO58YPLpFXalscUR/cfHFP/SP6A+98/NffPP4H39ZjntV1e2duK8X02/ijt9tU2OLff7Jhqr6drHF21uOW5yDdRrVJC5FHPjOhRfjyMuvXnxg8cLZ5xaeW3i+Wh0brzxUqTxcjaHyVKHf7JApADev3T9jZ9uIW/pdJA9td1Xdr3h3XP6TgpF4Jl6IpSjOAO7uxd69edx3iyvxNX+GcP8uV63Daz7h5f5dri1XY6ubY5PYJnZszSP25Z+VzUfX5L8DAK6LkzvU4V3q/+VX5u/f5bp7fS3fcHUc29fyrXz1mj4aAHBzyNofJsPdN5N2O597enRiYrTWncnSdqv+VNrOJ6ezNG92s3Z9ptacztK5dqvbqq+8cDyZddLO/Nxcq91Np1rtNAY6+enyk9/T/ke/d7LZWrOb1ztzjazWydJ6q9mt1bvpZN6pp3PzTzTyzkzWLjfuzGX1fCqv17p5q5l2WvPtejaSpp0sWxOYT2bNbj6VF4vNdK6dz9balyKiMT+bpZNZp97O57qtXocrY+XNqVZ7tux2ZPPu/+16P94AcCN4+dWL588uLS28dHULf91L8Ke9jwDAeqo0AAAAAAAAAAAAAADc+Da/Xa9Y+wneEXhlCwfjmg9xEy18rT8lY29NsXSDJPbpLXzrscfObxfzxGt3zuytn61/UrZ6q+ubhyNuefenvTWPbx/8/f7P3/7s6XsRcRWbLyc7xKw7TNxynQ9LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCl/wcAAP//ez9qPw==")
r7 = getpgid(0x0)
r8 = syz_pidfd_open(r7, 0x0)
r9 = pidfd_getfd(r8, r8, 0x0)
setns(r9, 0x66020000)
mount$9p_fd(0x0, 0x0, 0x0, 0x104000, 0x0)
syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

57.443521467s ago: executing program 0 (id=549):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xc, [@func={0xb, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x30, 0x61, 0x5f, 0x30, 0x0, 0x5f, 0x5f, 0x2e, 0x2e, 0x2e]}}, &(0x7f0000000180)=""/230, 0x30, 0xe6, 0x0, 0x6c5}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x0, 0x85, 0x1, 0x8804, 0xffffffffffffffff, 0x3, '\x00', 0x0, r2, 0x0, 0x1, 0x3, 0xe}, 0x50)

56.939623499s ago: executing program 0 (id=566):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_create(0x0, 0x0, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000740)=ANY=[], 0x0)
close_range(r1, 0xffffffffffffffff, 0x2000000ffff0000)

56.844088173s ago: executing program 32 (id=566):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_create(0x0, 0x0, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000740)=ANY=[], 0x0)
close_range(r1, 0xffffffffffffffff, 0x2000000ffff0000)

2.166728435s ago: executing program 4 (id=1577):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a9a4850000000400000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2)
sendmsg$NLBL_MGMT_C_ADD(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x28, r4, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_DOMAIN={0xa, 0x1, ':[*-}\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000300)={0x14, 0x0, 0xe2f, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4080)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020d0000100000002f3144e8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c5402070000000000000000adb20200000000f52c000000cdff00000001020014bb000001000000002300001300030005000020000002"], 0x80}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
socket$inet(0x2, 0x4000000000000001, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x4048800}, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r6 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x10, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffd80, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pwritev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)='0', 0x1}], 0x1, 0x0, 0x3)
io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r7}, 0x10)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
sendmmsg(r5, &(0x7f00000000c0), 0x2c8, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040889}, 0x40)

2.000259113s ago: executing program 4 (id=1578):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES16=r0, @ANYRES8=r0, @ANYRESHEX=r0, @ANYRES32=r0, @ANYRESHEX=r0], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="0b000000050000000400000032a9000009"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000900000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000f9ffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x10)
request_key(0x0, 0x0, 0x0, 0xffffffffffffffff)
socket(0x29, 0x800, 0x400)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0))
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e3000000000000000000000000800030000000000140006"], 0x58}}, 0x20008000)
sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000980)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c8da39ede4aa7851e3233b179f6bc0d4ba19b5a9a8b2cadb832f4e9e74fa37195fc9e", @ANYRES16=0x0, @ANYBLOB="100025bd7000fcdbdf2511000000"], 0x14}}, 0x20044050)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff)
r7 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000540), 0x1, 0x0)
unshare(0x22020400)
writev(r7, 0x0, 0x0)
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='h\x00\x00@', @ANYRES16=r6, @ANYBLOB="a18300000000000000000500000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990000000000ffffffff3d007f008325400f06080211000001ff7f00000802110000000000000005000000ffffffffffff010000008c101b0f7cb5537a4d5d7a90c907ae37ec84000000"], 0x68}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f0000000800)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB='`\x00 \x00', @ANYRES16=r6, @ANYBLOB="000329bd7000fbdbdf250f00000008000300", @ANYRES32=0x0, @ANYBLOB="0400a6802800a6800a00060008021100000100000a00060008021100000000000a00060008021100000100000800a5000100000008003500070000000400e20004001601"], 0x60}, 0x1, 0x0, 0x0, 0xc5}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000008c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x2400}, 0xc, &(0x7f0000000900)={&(0x7f0000000a80)=ANY=[@ANYBLOB="4023c30456a7137a08976a559b167cabc51716ed8cfc8281a1b7e5fae0de960611c0e2e97a17a9536a65d4a0", @ANYRES16=r6, @ANYBLOB="02002dbd7000ffdbdf25690000000500d300040000000a00060008021100000000000500d300050000000500d200080000000500d30003000000"], 0x40}, 0x1, 0x0, 0x0, 0x14048000}, 0x20000000)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c000000100003040000004dd15b7902bf874400", @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350064756d6d79300000000000000000000008000a00", @ANYRES32=r8, @ANYBLOB], 0x3c}}, 0x8000)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000500)={r5, 0x20, &(0x7f00000001c0)={&(0x7f0000000c40)=""/208, 0xd0, <r10=>0x0, &(0x7f0000000480)=""/87, 0x57}}, 0x10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000816b290caf0000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000008900000012eb31f682b9152300850000001b0022a6b80000000000fed5499b9c627a430f00"], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', r8, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe6c, r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r11}, 0x18)
fcntl$setlease(r0, 0x400, 0x0)
utime(&(0x7f0000000300)='./file0\x00', 0x0)

1.953722495s ago: executing program 4 (id=1583):
prctl$PR_SET_NAME(0xf, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000002c0)='kmem_cache_free\x00', r1}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0))
r2 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000d00)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
open_tree(r4, &(0x7f0000000300)='./file0\x00', 0x8001)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100", @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25GCALLUSERDATA(r6, 0x8918, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r7, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
sendmsg$nl_route(r8, 0x0, 0x0)
write$binfmt_misc(r4, &(0x7f0000000240), 0xfffffecc)
splice(r3, 0x0, r5, 0x0, 0x714f, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="21000000000000002c00128009000100626f6e64000000001c00028005002100010400080500010004"], 0x4c}}, 0x40)

1.683669966s ago: executing program 5 (id=1587):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x5c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0x0, 0x4, 0x6}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x0, 0x2}, {0x4, 0x9, 0x1}}}]}}]}]}]}}]}, 0x5c}}, 0x0)

1.670811477s ago: executing program 5 (id=1588):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

1.649382727s ago: executing program 5 (id=1589):
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
write$sndseq(r0, &(0x7f0000001a80)=[{0x9, 0xc8, 0xd, 0xd2, @time={0x7, 0x1}, {0x9, 0xe}, {0x10, 0x8}, @note={0x7f, 0x2, 0x1, 0x6, 0x335cdaf3}}], 0x1c)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000cfa844c7630072dee827851d6d7c00"/42], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xf, 0x5}, 0x100e64, 0xc78}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="b400000000000000dd0a0000000000007301490000000037a234dfca693e0a6f3be3db15ce803a009500000000000020"], &(0x7f0000000200)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000)={0x1}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x5}, 0x10}, 0x94)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r1, 0x4b41, 0x0)
ioctl$KDSETKEYCODE(r1, 0x4b4d, &(0x7f0000000180)={0x4, 0x7})
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
msync(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x5)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x5452, &(0x7f0000000b80)='lo\x00)o\xd6Q\xb4Y\xa9\xc87,\x00\xd2\xd1|C\b\x00\x00\x00\x00\x00\x00\x00\xe3\xd8Yk\xdd\x85\xaac{\x8c\x8ffp`-\xcd\xf6jh\xbf\x9c\xd9\xd5\xf4\xe68\xe6O\xc2\xf1V0\x8b\xdd\xcc\xeeR\xf2/\xba\fE>k\a\xe7>t7\x8e(\xf0\x87d\xaf\x93\xfa`\xa6,o\x81.\x1cR\xa5\t\xdc\x00\x00\x00\x00\x00\x00|pT\x15\xbc\f*d\x8b\xc2\xcd\x8f\x98\xdf\x00\x00\x1cM\x9c\xa5\xe0\xa8\x00\x00\x00\x80V\xf6\x80\x86\x1b\x05\xe6\"\x1d\xff\x0fy\x06\xd9$H!w\xa6m\xd8\x7f\xc6\x837\x83/\x9a\xdf\x01\xf2\x9e\xbb\xca^\xf9\x05\xeb\xb8{7[\xf9\xe9\x15\xdc0]\x89\x9b~\x04\xb4\xa5\xad\v.\xd0*%`\xb0\x96\x86\xdb\xa9\xd3\x01\xb2\xc7\xf8G\x069\x90,\xda\xf6\xc5\xcd\xec\xa3B\xc3\"4\xab\xf4\xa7\x83r\xa4\x80|\x03C\x9c\x00\xac\xba\xcb\xa4h\x86w_Eu\xbfy%,\xe5\n\xc1\xb3\xa4g\xa3P\x0f\x11\x93\xc7\x7f\xec\xb2\xc5E\x00\xdd\xf2e\xa8\xf1<\xb2\xc82\xbf=o\x00`\xc1A\'\xc6X\x92\x0e[\x19\xaa?\x06\xe5\x9d\xd1\x87\x92\xbb\xe3Y\x97\xc2')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8b20, &(0x7f0000000040)={'wlan1\x00', @random="000010000b00"})

1.58849353s ago: executing program 5 (id=1590):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
fchmodat(0xffffffffffffffff, 0x0, 0x120)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f000001fb80)})
close_range(r4, 0xffffffffffffffff, 0x0)

1.524972503s ago: executing program 5 (id=1591):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48)
close(0x3)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000440)='cpu.stat\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x25, &(0x7f00000000c0))
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000000)={0x1})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x26, &(0x7f0000000000)={0x1})
fcntl$lock(r3, 0x26, &(0x7f0000000300)={0x1, 0x0, 0x1, 0xffffffffffffffff})
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r8, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000100)={0x2, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x7fff}, &(0x7f0000000340)={0x1f, 0x0, 0x0, 0x0, 0x10001, 0x1}, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f00000006c0)={0x0, 0x8, 0x20}, 0xc)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf25250000000e0001000d9fa8f80e0000196d0000000f0002006e657464657673696d300000"], 0x34}}, 0x6048800)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="f199328e96f276e712574d58ea1900200004000000080000009b7206"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x3, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f02, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r9, 0x0, 0x1075}, 0x18)

1.480953465s ago: executing program 1 (id=1592):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r0 = shmget$private(0x0, 0x2000, 0x54003f00, &(0x7f0000ffc000/0x2000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0x6000)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0xa0800, 0x0)
close(r3)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x4, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x5}, 0x110, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x1294, 0x2, 0x5})
mq_getsetattr(r4, &(0x7f0000000000)={0x800, 0x4, 0x9, 0x9a}, 0x0)
mq_timedreceive(r4, &(0x7f0000000340)=""/195, 0xc3, 0x0, 0x0)
mq_timedreceive(r4, &(0x7f0000000080)=""/87, 0x57, 0x1000002, 0x0)

1.421335618s ago: executing program 1 (id=1593):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xc, [@func={0xb, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x30, 0x61, 0x5f, 0x30, 0x0, 0x5f, 0x5f, 0x2e, 0x2e, 0x2e]}}, &(0x7f0000000180)=""/230, 0x30, 0xe6, 0x0, 0x6c5}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x0, 0x85, 0x1, 0x8804, 0xffffffffffffffff, 0x3, '\x00', 0x0, r2, 0x0, 0x1, 0x3, 0xe}, 0x50)

1.420803928s ago: executing program 1 (id=1594):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES16=r0, @ANYRES8=r0, @ANYRESHEX=r0, @ANYRES32=r0, @ANYRESHEX=r0], 0x48)
sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000980)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c8da39ede4aa7851e3233b179f6bc0d4ba19b5a9a8b2cadb832f4e9e74fa37195fc9e", @ANYRES16=0x0, @ANYBLOB="100025bd7000fcdbdf2511000000"], 0x14}}, 0x20044050)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='h\x00\x00@', @ANYRES16=r3, @ANYBLOB="a18300000000000000000500000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990000000000ffffffff3d007f008325400f06080211000001ff7f00000802110000000000000005000000ffffffffffff010000008c101b0f7cb5537a4d5d7a90c907ae37ec84000000"], 0x68}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000800)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB='`\x00 \x00', @ANYRES16=r3, @ANYBLOB="000329bd7000fbdbdf250f00000008000300", @ANYRES32=0x0, @ANYBLOB="0400a6802800a6800a00060008021100000100000a00060008021100000000000a00060008021100000100000800a5000100000008003500070000000400e20004001601"], 0x60}, 0x1, 0x0, 0x0, 0xc5}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000008c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x2400}, 0xc, &(0x7f0000000900)={&(0x7f0000000a80)=ANY=[@ANYBLOB="4023c30456a7137a08976a559b167cabc51716ed8cfc8281a1b7e5fae0de960611c0e2e97a17a9536a65d4a0", @ANYRES16=r3, @ANYBLOB="02002dbd7000ffdbdf25690000000500d300040000000a00060008021100000000000500d300050000000500d200080000000500d30003000000"], 0x40}, 0x1, 0x0, 0x0, 0x14048000}, 0x20000000)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c000000100003040000004dd15b7902bf874400", @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350064756d6d79300000000000000000000008000a00", @ANYRES32=r4, @ANYBLOB], 0x3c}}, 0x8000)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000500)={r2, 0x20, &(0x7f00000001c0)={&(0x7f0000000c40)=""/208, 0xd0, <r6=>0x0, &(0x7f0000000480)=""/87, 0x57}}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000816b290caf0000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000008900000012eb31f682b9152300850000001b0022a6b80000000000fed5499b9c627a430f00"], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', r4, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe6c, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x18)
fcntl$setlease(r0, 0x400, 0x0)
utime(&(0x7f0000000300)='./file0\x00', 0x0)

1.420128238s ago: executing program 1 (id=1595):
r0 = socket$inet(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0xfffffff7}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80d1}, 0x34008098)
r4 = signalfd(0xffffffffffffffff, &(0x7f0000000500)={[0x5]}, 0x8)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b00)={r4, &(0x7f0000000980)="37a3d7ee1ff54e3a54f653acf54cb71fbea17894cbe95ed79cd2fb5c47ab8aeb10ca3ce7a748b110f1924db720ad6f7631d3f85afd70234aefbb0558903445026f347ea1a2e42077717c19d0acb5784ef76c524b21de0d069cf1faec9123791691898a46aaf32a19aeb3106f71aef26f3b4d185971cfce09a4665c9eb9f0791c8343085d04c521c2cc893d15f250e44a32d0213df71192cfae9133", &(0x7f0000000a40)=""/139}, 0x20)
name_to_handle_at(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)={0x1b, 0x0, 0x0, 0xa, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0xf, 0x1, &(0x7f0000000000)=@raw=[@exit], &(0x7f0000000080)='GPL\x00', 0x2, 0x69, &(0x7f00000001c0)=""/105, 0x41100, 0x42, '\x00', r3, @cgroup_device=0x6, r4, 0x8, &(0x7f0000000280)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000740)={0x1, 0x5, 0xf}, 0x10, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000000800)=[r5], &(0x7f0000000840)=[{0x4, 0x4, 0xf, 0x7}, {0x3, 0x5, 0xf, 0x1}, {0x3, 0x2, 0x7, 0xb}, {0x3, 0x1, 0x4}, {0x3, 0x5, 0x5, 0x7}, {0x2, 0x5, 0x4, 0x7}], 0x10, 0xb}, 0x94)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r6, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x0, 0x100804, 0x0, 0xa, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x4})
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r6, 0x40a85321, &(0x7f00000004c0)={{0x80}, 'port0\x00', 0x0, 0x121428, 0x7fff, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0xe})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r7}, 0x10)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000ff41fd01020400000a00120002002800000019002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x238, 0x238, 0x238, 0x98, 0x98, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x18}, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x4, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)

1.352394231s ago: executing program 1 (id=1596):
r0 = socket$kcm(0x11, 0x3, 0x300)
setsockopt$sock_attach_bpf(r0, 0x1, 0x28, &(0x7f0000000040), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20004000}, 0x4)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000100)={0xcf50, 0x2924, 0xffff, 0x9dfe, 0x11})
write$binfmt_aout(r4, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062007d82000000000000002240f7ffffff00"})
r5 = syz_open_pts(r4, 0x0)
r6 = dup3(r5, r4, 0x0)
getsockopt$inet6_tcp_buf(r6, 0x6, 0xb, &(0x7f00000000c0)=""/24, &(0x7f0000000180)=0x18)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0x17)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10)

1.104184622s ago: executing program 4 (id=1598):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$tipc(r1, &(0x7f0000000e40)={0x0, 0x0, 0x0}, 0x0)
sendmsg$tipc(r1, &(0x7f0000002700)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x21, &(0x7f00000001c0), 0x4)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x10)
recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)

1.057121234s ago: executing program 3 (id=1600):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r0}, 0x18)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0xc}, 0x4352, 0x0, 0xfffffffc, 0xb95b5ec032cc8e84, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
modify_ldt$write2(0x11, &(0x7f0000000400)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xc, [@func={0xb, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x30, 0x61, 0x5f, 0x30, 0x0, 0x5f, 0x5f, 0x2e, 0x2e, 0x2e]}}, &(0x7f0000000180)=""/230, 0x30, 0xe6, 0x0, 0x6c5}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x0, 0x85, 0x1, 0x8804, 0xffffffffffffffff, 0x3, '\x00', 0x0, r3, 0x0, 0x1, 0x3, 0xe}, 0x50)

995.900256ms ago: executing program 3 (id=1602):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_ID={0x8}, @NFTA_CHAIN_HOOK={0x4}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0x4396090e4aac216a}]}], {0x14, 0x10}}, 0x7c}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0b000000050000000009000000010000000fbc4daee95873d7810b84e195ff263dba2e429245cf6f2db29ab61a9d233e9e046687eb80b445b4e100bbf8c2c3b03c34d96137a3f88403fed20fb1954e55ddda21a10053bc109762104a7c26296e9e74f47b70f50646d206102de741c350ca202dccf90529606af43d5818b2f91e0bca756d4edc2ed7ab50c5924e34bdc0c7ec06bd1143790027cdaf1bcb8f08fa184485105e7655817771d1c9083e9f140a335774d55d4cfe0c442d522ba964112af8e99734e01ab333c586e3fd3c228f733420d3d8c1ee7c7c26da04c453f177983d809ac3e0889795d24586603afe028f", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
sched_setaffinity(0x0, 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg(r5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x7, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x18)
recvmmsg(r6, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000bc0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r9}, 0x10)
r10 = syz_open_dev$usbfs(&(0x7f0000000040), 0xf, 0xc340)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x2000c12, &(0x7f0000000480)={[{@nocompress}, {@map_off}, {@unhide}, {@sbsector={'sbsector', 0x3d, 0x43921b65}}, {@map_off}, {@nocompress}, {@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@check_strict}, {@mode={'mode', 0x3d, 0x921}}, {@unhide}, {@showassoc}, {@session={'session', 0x3d, 0x44}}]}, 0x3, 0xa1a, &(0x7f0000001780)="$eJzs3c1vHOd9B/Dv8EWiaFeSbdV1BdtayZBM2yxFUrVUwQdXIlcSXb4UJAVY6MFyLaoQxNat1QKyUcAyUPRUowUa5JDcjJySiwFf4kvgW3JLTjkECPwvGDkpJwazu6SW5C6XpClSsj8fYXfn5TfP85uXnUe7nJ0nPF6WDq0aW1qqPbY5fvWnu5Axj7CL419/9vmn5eOTe9mX7rxe/DzpS1JJepI8l/SOjc/OTHUo6HZyPclXSZFkf+qvm3I9xf/myQfjX6X4cVlvW/s2WzKdLPG9ttfHHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPIqKsfHh4ZFiXyamr75dqUsq64yNz84UWVpaP2d5mbova71+F192rDcpykf6+pa7+n7uyIPZzyapnMjz9bHnax2Spy8fPfHs4Tee6elaXr5dNt/K/s0Xe+fDj26/u7i48EH7kKWP6+uwM7k9Yi5XpyfmZiamLlyuVibmZirnz54dPn3l0lzl0sRkde7a3Hx1qjI2W70wPzNbGRh7pTJy/vyZSnXo2szV6cvjQ5PV5Ynn/mp0ePhs5a2hv69emJ2bmT791tDc2JWJycmJ6cu1mHJ2GXOuPBD/bmK+Ml+9MFWp3Ly1uHBmTU7dazd2GTTSaU3KoNFOQaPDo6MjI6OjI580es9emXD29fOvnxse7hleI+siHtJBy6PlQPvdvMNncNi+rnr7n0xmItO5mrdTaflvLOOZzUym2sxvWG7/T56ublhvc/vfaOV7mmYfLZ9O5MXGaF+b9r9NLrv3704+zEe5nXezmMUs5IM9z2h3/11ONdOZyFxmMpGpXKhNqTSmVHI+Z3M2w3knV3Isc6nkUiYymWrmci1zmU+1dkSNZTbVXMh8ZjKbSgYylldSyUjO53zOpJJqhnItM7ma6VzOeC7USrmZW7XtfmaDHFeCRjYTNLpB0NrGvDzWt9b+V7+r/xNk03b+JA7btNRo//d1Dh0Y242EAAAAgB33l7/KwSNP//L3SZEXat/LX5qYrL6512kBAAAAO6h2ud7z5UtvOfRCivLz//BepwUAAADsoKL2G7siSX+O1YeWfwnlSwAAAAD4jqj9/f/FFMceTPD5HwAAAL5jOt9jv2NEMbh8+9/KjfrrjUZEfazovzQxWR0am5l8YySnancZqP3SYF1p3UnRW/v5was5Xo863l9/7X9QYllnXxk1MvTGSF7NicaKDLxUvrw00CJytB75cj3y5ebI7qyKPFNGtrCJ2yMCwOPjxAbt8Wbb/1czWI8YPFpr8nuOtmiDh9u0rADArlvpY+ePjS7NWrT/jYgX27X/f73B5/8y4uncPFa/pGAo7+X9LOZGBtO44uDYqlKL5F5TdvXLEAY7fBvQ37hk4TfnujK47vuAvpXSmmMXMprBlt8INJVbLOdwph7XvfPbHwD2wonW7fCW2v/BDp//+11SCACPlJUe7Lcw8PFWghc+uLPX6wgArKaVBgAAAAAAAAAAAAAAAAAAAAAAAAAAgJ23qRv4//pUsri4kGyjs4BtD/RtJcONB7rysHM+sGubZeOB7iR7Vfub2fJS5T7+FpX+7MC3WtzARgN7fGICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgVxRJd6vpXcn+JMNJTu9+Vg/Pvb1OYKdUtrdYcT/3czcHdzodAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDvu8b9/7tSf32iPik9XcnJJNeT/MNe57iT7u91Anvmn2vPTff/70p6s1Skp77bU/SOjc/OTJW7v9hfzv/6s88/LR+dy17fq0JZQFnDqs4lGjU0TeldvdRTtaX6xxfu3P739/+1Mn6xdmBenL80OT51efZvHwQ+W3xR7wKhuRuE5Xz/8+Qv/q9p8r5G5V+Ua9ra2nov1eodX1/vX7Rauk29m3BrcWG0rGm++vb8f/zLrbtNW+vpHE9eGkgGVtf0T+WjTU3H127P1Ypviv8uDuaHuV7b/+XWKJaKchcdqq3/gZu3FheG3nt/8cZKTh/futtUwOEcS3Ij6dt8Tsdq55OWakddV29Z63AZdLB8OtKhvA01lTjSvF2bQp6qHTL9W1qHSvt1qOmw3RsZnWmZ0f//2zM5teU9fapDjS0V3xS/K67kt/mvpv4/usr9fzIt350tiqhFNh0pzfNWvb266pG1NR9tnvHO2jLbvivZUbVTcv4n/5i/Wdn/XU3n/8a+avO+2eHzUVONrd8XydbfFz85tK5FWbP6R9a0SI2zT7tlGnkeqUe1yfPP81rSc3RLZ5TXOpxRHtb7/0fFQP6Qe/r/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHn1F0t0Y/LPm6V3JySSHkxwqxyvJ0tpl722jvq7+Yrup7ojt5Pz4KdquaHE/93M3B3c7IwAAAAAAAAAejovjX3/2+aflo/b3+O6s/Fm+kvQkOVz8oHdsfHZmqkNBvcn15WX7tpbD9fLpyQfjX5Vjz3VYaG8vHwCAx9qfAgAA//8t+W3C")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000002780)=""/4096, 0x1000}], 0x1, 0x5b3d2934, 0xb)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r12=>0x0)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r11, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r12], 0x1c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0xc618, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000280))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x11, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000090000000000000005000000185a00000400000000c01db70000000000000018120000", @ANYRESHEX=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000003e839000f0ffffff185000000000000000000000000000a94ba17f197a32a49300186500000d0000000000000000e126b2b32000000200000085100000fcffffff9500000000000000"], &(0x7f0000000240)='syzkaller\x00', 0xfffffffa, 0x7f, &(0x7f0000000300)=""/127, 0x41000, 0x49, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000003c0)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x3, 0xd, 0x9, 0x9}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000600)=[r4, r1], &(0x7f0000000640)=[{0x2, 0x1, 0x0, 0xc}, {0x5, 0x3, 0xf, 0x3}, {0x5, 0x1, 0xa}, {0x1, 0x4, 0x5, 0x6}, {0x1, 0x3, 0x3, 0x1}, {0x3, 0x5, 0x6}, {0x0, 0x4, 0x2, 0xc}], 0x10, 0xb}, 0x94)

943.872369ms ago: executing program 2 (id=1603):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
r0 = shmget$private(0x0, 0x2000, 0x54003f00, &(0x7f0000ffc000/0x2000)=nil)
shmat(r0, &(0x7f0000000000/0x4000)=nil, 0x6000)
shmat(r0, &(0x7f0000ffe000/0x2000)=nil, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0xa0800, 0x0)
close(r3)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x4, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x5}, 0x110, 0x10000, 0x8, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x1294, 0x2, 0x5})
mq_getsetattr(r4, &(0x7f0000000000)={0x800, 0x4, 0x9, 0x9a}, 0x0)
mq_timedreceive(r4, &(0x7f0000000340)=""/195, 0xc3, 0x0, 0x0)
mq_timedreceive(r4, &(0x7f0000000080)=""/87, 0x57, 0x1000002, 0x0)

920.20731ms ago: executing program 2 (id=1604):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0xc04, &(0x7f0000000100)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@nogrpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nombcache}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r0 = socket$netlink(0x10, 0x3, 0x9)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
utimes(0x0, 0x0)
bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfb, 0x20}, 0xc)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x61980, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='kfree\x00', r3, 0x0, 0x80}, 0x18)
r4 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f0000000880)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000300)='5', 0x1}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c"], 0x30}], 0x1, 0x0)
r5 = accept4$x25(0xffffffffffffffff, &(0x7f00000003c0), &(0x7f0000000640)=0x12, 0x800)
ioctl$SIOCX25GFACILITIES(r5, 0x89e2, &(0x7f0000000680))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x18, 0x7ffc1fff}]})
rt_tgsigqueueinfo(0x0, 0x0, 0x7, 0x0)

846.134503ms ago: executing program 2 (id=1605):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x44, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x528, 0x0, @perf_bp={0x0, 0x1}, 0x419, 0x40000000, 0x0, 0x8, 0x103fb, 0x1ff, 0x1ff, 0x0, 0x0, 0x0, 0x400000000000007}, 0x0, 0x1, 0xffffffffffffffff, 0xb)
r1 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

764.115117ms ago: executing program 2 (id=1606):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x200000a, 0x13, r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x62040200)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='io_uring_register\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_io_uring_setup(0x373d, &(0x7f0000000500)={0x0, 0x4, 0x1, 0xa, 0xffffff}, &(0x7f0000000380), &(0x7f0000000400))
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)

668.479471ms ago: executing program 2 (id=1607):
r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000f5a000/0x2000)=nil, 0x1, 0x0, 0x0, 0xdff, 0x38, 0x0, 0x8, 0x4})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x1002002, 0x0)
r4 = syz_open_dev$rtc(&(0x7f0000000380), 0x0, 0x189040)
ioctl$RTC_RD_TIME(r4, 0x4008700e, 0x0)
r5 = dup(r3)
clock_adjtime(0x0, &(0x7f0000000340)={0x37db, 0x80000000002f423f, 0xfffffffffffffffc, 0x6, 0x0, 0x5, 0x0, 0x4, 0x80000000, 0x80000, 0x2, 0x1, 0x100, 0x0, 0x0, 0x2000000000000, 0x3, 0x3, 0x1, 0x4000000000200, 0x0, 0x3, 0x816, 0x401, 0x37, 0x6})
r6 = open(&(0x7f0000000000)='./bus\x00', 0x40542, 0x0)
ftruncate(r6, 0xee72)
sendfile(r5, r6, 0x0, 0x8000fffffffe)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000001c0)=0x19)

667.864831ms ago: executing program 5 (id=1608):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002500)=ANY=[@ANYBLOB="02000000040000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c45, 0x1)
flock(r2, 0x5)
r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x80)
flock(r3, 0x1)
flock(r3, 0x2)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="ef", 0x1}], 0x1, 0x0, 0x18, 0x4060019}, 0x20000841)
bind$qrtr(0xffffffffffffffff, &(0x7f00000000c0)={0x2a, 0x1, 0x7fff}, 0xc)
unshare(0x20060400)

645.257572ms ago: executing program 2 (id=1609):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r3 = inotify_init()
inotify_add_watch(r3, &(0x7f00000002c0)='./file0\x00', 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000006c0)={'sit0\x00', &(0x7f0000001840)={'gre0\x00', <r4=>0x0, 0x7, 0x700, 0x91, 0x10001, {{0x48, 0x4, 0x1, 0x6, 0x120, 0x67, 0x0, 0x2a, 0x6, 0x0, @remote, @multicast1, {[@cipso={0x86, 0x5a, 0x3, [{0x7, 0x12, "501774602df71df21b9cb5967573e1c5"}, {0x7, 0xd, "831c129ea29532b941fc2b"}, {0x0, 0x8, "23c66a780906"}, {0x1, 0x10, "577cb940fa5d1849192dbc9c8f30"}, {0x0, 0x6, "27d59330"}, {0x0, 0x5, "48e7d5"}, {0x6, 0xf, "df8134e86f441fbe7d87b50b9a"}, {0x0, 0x3, '>'}]}, @cipso={0x86, 0xd, 0x1, [{0x5, 0x7, "778df3afb9"}]}, @noop, @timestamp={0x44, 0xc, 0x6d, 0x0, 0x6, [0xe, 0x40]}, @cipso={0x86, 0x15, 0x2, [{0x7, 0xf, "00220f2c7f9a08513204ab5c3f"}]}, @rr={0x7, 0xf, 0x47, [@remote, @private=0xa010101, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp={0x44, 0xc, 0x1f, 0x0, 0x7, [0x4, 0x2]}, @generic={0x86, 0x7, "95333d5f8f"}, @cipso={0x86, 0x5f, 0xffffffffffffffff, [{0x2, 0xf, "a9f657515007782c2d31721bc1"}, {0x2, 0x5, "58a170"}, {0x2, 0x3, "b5"}, {0x7, 0x9, "ec8b552015dedc"}, {0x7, 0x11, "5dd6728d11c920a5a921bf2ff146f8"}, {0x1, 0x6, "a689d855"}, {0x6, 0xe, "1125e30d48e7beb2835393d9"}, {0x5, 0x3, "93"}, {0x7, 0x11, "93782fcf1821526d52deb139bdaa30"}]}]}}}}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', r4, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8e}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f00000003c0), &(0x7f00000001c0)=r1}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000068000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c0011800a0001006c696d69740000001c0002800c00024000000000000000030c0001400000000200000101480000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000001c0003800c00008008000340000000020c0000800800034000000002"], 0xf8}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2400000039000900f036d6760000000004000000040000000c000180060006008035"], 0x24}}, 0x10)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r8}, 0x10)
ioctl$VFAT_IOCTL_READDIR_BOTH(r9, 0x82307201, &(0x7f0000000400)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="38000000010905000000100000000000030f000a240002"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x20008850)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x44, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x528, 0x0, @perf_bp={0x0, 0x1}, 0x419, 0x40000000, 0x0, 0x8, 0x103fb, 0x1ff, 0x1ff, 0x0, 0x0, 0x0, 0x400000000000007}, 0x0, 0x1, 0xffffffffffffffff, 0xb)
r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000340), r0)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000680)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000640)={&(0x7f0000000380)={0x30, r11, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@pci={{0x8}, {0x11}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x24000001)
r12 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
execveat(r12, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

547.806786ms ago: executing program 1 (id=1610):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000007000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000b5000000620a00ff000000007100082400000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r1, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r5, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x1a)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r6}, 0x10)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r7, &(0x7f0000000540), 0xfffffdd8)

258.034079ms ago: executing program 4 (id=1611):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0) (fail_nth: 11)

141.719234ms ago: executing program 3 (id=1612):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xc, [@func={0xb, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x30, 0x61, 0x5f, 0x30, 0x0, 0x5f, 0x5f, 0x2e, 0x2e, 0x2e]}}, &(0x7f0000000180)=""/230, 0x30, 0xe6, 0x0, 0x6c5}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x0, 0x85, 0x1, 0x8804, 0xffffffffffffffff, 0x3, '\x00', 0x0, r2, 0x0, 0x1, 0x3, 0xe}, 0x50)

76.481837ms ago: executing program 3 (id=1613):
sched_setaffinity(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='io_uring_register\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0x373d, &(0x7f0000000500)={0x0, 0x4, 0x1, 0xa, 0xffffff}, &(0x7f0000000380), 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)

17.4974ms ago: executing program 4 (id=1614):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400004005000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/12, @ANYRES32, @ANYBLOB="0d00ff0000000000830000000000000045"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffe99}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x2, 0x12)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', <r1=>0x0})
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000880)=ANY=[@ANYBLOB="1300001200000427bd7008680f00001100e7054e214e200900000008000000380000357844b9fcb7bf32b169dc1f754d0e6b000600000000", @ANYRES32=r1, @ANYBLOB="02000000f4060000693f00000200000004100100ddaec0cfc231a99d93ea8f12936572db44cd10fe57b9bd404949ca141c0d4fb5113679b98cacb61c556675a253cdb9ec80b57abd833f34a8248645068158211d211696b3a7e3e9e1dd05b3ddca7005e1bb13436bf3f49e84fa3d9021fd22bb35664f2c7b0a3d49d7744f484447c23e68766a190bed9583fc10998ba33ea77506655ce433e8d813adf0f3e880d823f82ce3e1a976d670e39dc283538b78892e13e2a16c20f95e44340bc409689b96bd7ae063cfdc951ee535dff5870685c0a272e0094e9883c729684d1a5e3bf4321d3f12c9665e9e8c235420c5f60cc4089fe46679fd6325411ce63e76e3767545c633a7febf053cca9d60c7f642f66dbc1f8bd72d4023021454d5c24aa89a668cfe23639c4d09834020eb94ffb09d7f4a2fcb264de3734d2f3dff86889358ccb620f9795930e52d4ea2152dd5d4e1934a139882fbdb78c9d607284a7955bc2b252fa771e4f1dd1b14db54dd8b4a1adfff2ade9d395855764ff59401cc34ecdba26ea132c8218330b2abef9d9f69427d21b9d51fb530f9d08f1dbb116708a14d3f4f1cc0820700a44debae9f4cddb7d030008c43fa863700127b30ad47bf29a21a80c6370fb13eb235b98249941710ae282f7e6f9541c8b41a202fbfc9b110401101dd59f43e4b413795283e192c31ec99709e806e2020a25ebc49686795ed0c0b8e64acc014827f7aad26c45f32d9ef967b75bc709ee52ac5ccff13e54a866b84c5ee6a4246a1bf76b362acb54dc077ccdb0a0cf9d1ca976d56681a625b6d2197841a2d3c9c61028c1ab9f985c8e82b871e4e112536344ce4cddbd4d4833e4c6c14536e0d699c3d782bbceeef18efce9e300d5631b3b40fc4b26f3f6c9dde8051da6fabae37b00f338f3edecbe051f92a5880d8ac81ad30e7cf01561241bd10360e3a8a9a72b33805374241576d89fa6e5c70335636afe48e2ec9b4532aa827d511bca08665792b9f97766d3e69bd4b5e50e616638bbb7bfc0c2ed191d95fd2ec90a5e888a12f5d381730c84a6df0b7b517673a3d28262355e4861c279a0454e5c6537f29e5f79086fb7fccbbf30e773a1e710618e10ee1c3aeb8eacdc8cd6fac115cd88b4d330410fbacf59aecd0470df7a5f8b9dbca69e8de017c0bf041f3950ceed473576f57bbc1762d106f2076c07bea942ba0c1a21e72592fdcfc3e2ef2bac64cd12a73fee94594d116caf0fb6bf7eb80af306bb0914eee07968a7f7ccdc193a9a43b37f42faf466fef0a1d28af1c00bd8f2285df4d3316c77223ad071a24d2d90891affbd3fcfdd72af4d40723cf913566133b8a402e82bb971398ae2a16ce55243451c4bfe20c54ff6e0aa752b4aff6f8dcdcc820339842a22a4460b9ff83ae37e7bc6e27eca9cd3bd456818cc2b05a198172be7bf32997d0ecbb2f06d2d7e9423ecc740f0484d3fade6a345572094d0560e6090cb6a9c68ce59528f7005680b85693439b45f74d02de76f59f2b80f21a54024e243fba75a7ab2ce148eb509a36041d01fe111d1ba83ddddb64338c5df493face14042adec2fe7b2b042427aba8ad1f3c504437b861b5ebd4aa677736ebb75538cbe8597a1c9d3574c05a622ec750efe164f4fba45457024b58d8cd8c7b6ed3a54b97caa9ca5d2bb4adc94a3d59f02411fa062c9c8f5a4f35266836f80f3ddd94c9afd0d15a6940411c773e9e9e0351b4b5fc1d71d487e236de376d0009d84416772e2279f1ddee5c81c15f5d2da9eb0f585f116423f3246fb839d82f30e418a33d2942bc0ff8e48d90c64d4bcdcdba78f6be3580055ae6298b77052e20f1225ba2d8b8d7fda2064045121290b37e8c85a08224e7304a30f479de17b90c73d2904fc917892662b163864413099349b23a65550805e39762e1f8af258ec25d2773e5842d44b6ac92c2a1b7b2b643ec2480ca93d1e6d1d075b54a752b3f8cb68fe2ea082f05802f2598e6064002841ebb653377ddf467ece4426b66521b0a92bad8c066700795964b975846ac41e4ebc68f67c2c5db18ebd3eb30975e75dd1a93428453350898ce8942efecb50823823cc7d95e81e79c4b64ac3907f8edcf09b4e302a404b3fc5303b0f872e1113b40cd74c6bd9d11830f059e79827eef7fb28939436f278488d0fb3f948b13e1c1e0e0eba03b016db1e4ff085c21fcb35f0957faa67879cd949d09114059cc296372b6e23eaf2db745084a58f4f4080b6d8f47adb839c4c61275aaeaf4fd8d4ea1c9e2fa7cf996535d7de33d25369f2d8b05082e2e8fedd8f19ec668b4cf9967cd8fd137776a58272320e1e835ab05b81629f53037735a5ecb67f96db6a0f6e39620f92a28e25532e4f725c4c366f85a57866ce0a4eeed849f94cd2d2dbc01891f2793b8eadd8219447271afcbe4a4a1d4deb9da9491a088d99417d81057430623fd56e387bc0c97bd84a233a96723a0bf78bb07b032d99d85d1bf25069b36c03ebfeb18d7fe48580bfe9f5c88c6ff5c800fe5190c9067686faec3b268c3bfd7dfa3c4833f6f0bb7ded80521a8cb83231e9f74aa9b710c5cd6f1251c809abf9ab7b0bd0df7c3ea4e5477d4e848ad59d502a7882d1160281f943464cb19545236b4599e9f0dca9de7ba37e46323cc2dbd32b96c2024bfb6a64b420a740473826dfa467dffec630ff333d8c852e0b9feba59f0ea7410304155ca296127fa473bb836a2ae96b25c5b8aa8fb5b734bcd5a035769b149f3406c7c95955bab08d7708ba409c0d236acf3d01c0176c5dd534bc3e6479a783d172138c5d73512677e9ae78df85f846d667871594f4a614e3b97d0bdb2e041ecb7c18dc6e31c893aea69a7bf7bdeef7e8e26408969142b8b58b64052f897ab7f4805ddee5795f7a23407e348469e4cdbd16b80544399f44ac6399df273e648d77577a485681af50e5dd3a6a65a664e081c59a8a73b9d5e2378878ea46b94c0b1fb77e6a15827cd5a2abf9515d01c4eeaaf71ab2e9ad2dd4e9744d2e93d92e20f344e26b8b57679ee37aeee9e13a50d5b252d678a4b4b67950026e176514124776530a4913ce908abade3612c0fd228233de8875e1482561c0352a9477e5067cf77236eff53e65070d91cfbcc39632d438a93caf978d381e2a804fb91ad37ef622485e56fe26a2a9576bb1853b87e12e3953f4559a7bf6abd6d36b110832996f7c7c443d853bd0102451e2ef0b6dc082442e9a585eba7e0f03244c12d2c5c83dd6b13c5d5569642e88ce1d668e5b0818801614a50600761dc46d6dbc1022032dd7c5a45146b1baa4b8ecd5c9a48566d04e40d3529289bc35c31fe931f62621780e2b9de7a6760a3f95a38c54d90846cbefa5483e541b4af93598740a4fbea28de5217e159f24d3aa10d6f2376adc1d2511bec2dfebdd71e44725acc8e12bd417f68810358af67cb02559bde92345e38e862b4851b652432b60582e609b43ce3884b5c7cbbc2e09cab6e3a0702e61e5d316c5fdda5e4b60a1c9e974fb5395a87edf930df0c04edd7f46416fe420fac23527117b9be37354ae3933114083e2d8e4224eb096fbbcebab1f9266d54be19dcf353516d3f34c609cf5c487697a200d04990be7e3be097b0b760bee9caeeff9230d13c2fc74b1c73953350c81d025eee99aa3a262185736fdf772e64d420868e9855eeb4945fcd6ae5e35e8a0f7a8a4324c671d41846b1d5adc6d8bd0efd51e1a5a72342478f92ebfcb09b8bbee53b03b4c4d742da7b3857e49a3ccf874247c5fa4ad26c24f3e69801dbaa61975cf69847c9c0719618b2e57c17180127f560c65dd811283ff60e8b448ae3404927f51033604955dd43337f5c759a98b625032792faf78b178ea02e34ef41234594c82d91809317921c5da441cb8d35625b46b5ad1a61bb2a586b82d81b468c50833424898316a8f5a740e0f7c6f45d23db6750cc2aac491df111eabe04a26deba425e85316c151c1258437e2eb5715affbcf435adc5bb8f70f617a59bc5c509602dd61b6b5b7ab123175b1ea504ca4809b144183d8f093cee1ef31dc15283ee7fdb77e555d99c6075260cfaf04124f41eb83ae850e6bf7bfbf26a108f28706e96b802f4db86df899ded17b78dd8603706e67c405150e27a3e2dc159eba76fed1a8742542548fe6d7409d3227ce3745a9edc9fa7d54fee99a32dc0e177baa38638a0ce1a816b68b8f9f9a07e67c5031d0cd93b40a87e32e9792f2c6d8e4b63f94a04de179aadc507e65c8423ba313b7d106661a487eae91d56a3ba1169c971b47209cc51e2e1eba6b92236ed773f9d9c1afbb1c863d08320d1adaf6e67aacfd1160bef09c28a7680cfd8ebd59f80ca55409015755b3f36735772fa1d6793a0d4e0983bd3d8bbc67bce4e655de6fba9e5f422630d3ce6e75e3477c59451b6555e2ae2a57666fe25f4e9c9ca12a02827dfc00d9aad1a7cad9fbce5b2f2bf77aa9f141bccc3f448da7d75770de02c6dc52f5e9fdb00189e73543b55267afc9a6a305cf5c006f3f3c30ad1651bb8ccc1e4b1e58360c7b30082446a5aa8216865847bf3430eec0ee28172f4b078ad5f038b936b46bb189cb58fe1a228b96b881080e160bd04778e1cabea9d0ead76115b33d81db66472c4b16004365feca1de604aa13c79faee308ef44a98850b8b82f9dbf10a8e6f99e2f575db0791e67f8bbb34200b6bfef7dcf93e6754099376c81136323148751eb93b4bff6ad2cc2ac9a1c52391d3693d8e8cb8683921c716c63af9d6895bf30d79e46e6c02767bf7125fc0b219366b0b3e976641d2328731f3a7888304afff68112b9ff5160865aa6cd706e2122e82dc093f98bfe80063e1a830c2aa4c18516a99afc85b639d1c99a5e167254d24ab466b835f966b9673cb8fb6d263f1a11e0d95fd20a129c472dd1b50a0548d5d68c6914f71077a6745a8628d5993343e3b6fc2ce5e8d755ed107d5cf72224b6e4b869f6c3f2ddec9d03743e84797d7dd0d65c86096ea185e58891d71385e5f600a89cbc32ee41e0982598552bae98ddc21c03e1f2897685976733636801491d898e0f55bbe7fc4b8104e448ec840f936ac97760fe2a796807711b23c0a70470f600fcc7e43324bfef6865c051ee58a0377f118679a0f0be33330d047ef6bd045bdd5ff559b279e3953f336afebdbaddb0edeebc1b847ef71a0eeecc388ae9ef3a9b1f297bc6fddf1ddf53b372c47722793de1b3fa2e032e21dcb755905b33277ec2a26502b8699d8fb03855fc76b57b031d83d52d1841e212ad581d5150d46a717750bbbf21a6ae3e7230543207062280a83334edf2ded2d5a05201d2c7dbef0f22fa89d4bd404733efd759afec0b2267e541512c07a72f534dcc1ae18948da7e401598b7b684f2417255b02332de1b037cd9a5e17893ec63aeabf19cebe2c9cc830b2cf921d57e0f6c576b1c9eb6b4ce135a6854d60987e13985ec570390e0dbe3ab421fa7fa633f6887ce6042826bb8234c12c8279823890d4e696b65b6f84f1a8801cb22284076ec63abc38f9fa3fdf90db6520a2b974b8efae6acff7479cd2dbd81a291c5172f879001305b9f7040262fd4e8717329a2ca7a7005ace1aeb65226ac3a7dc01f9f8e3f66f2f8f0f3585661e94cc2e0d15c00d534601e0a1c2bb606f9394b3c695632e7d1a6819ad360f38a09bb10812d09e440a0c2532aee50403b2cc0ec73e511f0235f2b77896006b9bdf60e8af61110ce4dedcb04bf55d7ce9e774b92c00f6c0c483a4121a459bb57a0e8a2c953cb20122760b66c08b5a76d91d0b5581f0846ead7818bcf2ec57fc9aff115d077c38e8cc94e8e0e0001001d5a31c2a78b5577096600006d000100b4b0c12de0ecd1409a544538831454df7e010908304822627a180343781552fc7a8b42a8bfa8a94fcbac0dac28320d4ec89e4f55ad9c2fd6e66abc92df42448ebbac1bf9cc894aaa51a935cb96713ced14070d316391078acb5f5e4d182ec7d99f4d2a3cf453ad92be000000bb0001004bba9bc5a675108f6ad4f21bfcba091972227db843577845ff1f5b8f70d56f801c05cfb8f09e0c5d97b3653a76a42c31f4365bc41b94c1c946b3ba5f9e0823a91ec0ae782786c249234a64817fc2725aa3cb908c75d2bcc4299a8a168b15d10b125f094978913e51675a67bc8e885ddba17fc3942bf4a898ebaa4966bf3ee87a5283af5517abb266e6783b9a63bc80af893625026016f457705993afaefea0ccd0216b34b36e52418263cd32613c00edfac1f795f56bdf00d10001000ffc217ff59c60c1b82c00156c6963c27b3b8c76a29fa8d636e6211c2ee9fb9d6dc2ee86ae63a77f393511190a932ca083babd4fb53c9f30ba70e071f53115569c33b6c8a5c2766bb3e0b658564efc53fa44de6e9ec4c75df1040a7617d36694c9e8c69b15b342d072de08462f7afb00b1fb9f55057643e2926887ce9d5f47e82cf653dd2eb41ce4ba23013038acaa52f65e84926a828f4a8486987d83696e9dab787953dd17ccf5cc05a395d01b24eaec085b15cd708a7681767ef129ae92abdec89908626b36793ce5ccf716000000a900010071610ea56728790054b17cfaef3b8a1e26d5c8e512cc223d92b17a3708695641b473eabe00d4817aa138d0d5e709a991bdaf19169d3b56b7759ecf94c04dd8ac1394c513235045f54ea4adbefd2fb446aad1d4624f618c5e2b83026a5b53a52ca2376f90876b0b76ab6d50ccafb4d8993c50be44d079dcd25a89f9758e6cef2f3153e76b36135d30810564fa25850793a70ced1974f921dbf1e1d46646d70d76814731ad0f00000068000100469271ede8b35c12a7a6749af2532dfbad6017f4cff22b58f0103767b6bf8de8a9f624aeaa3f2e3029055a14f16c6f9e6529a6c5eb9bd1965a236e1104c3f15f8cfa5a6c2560e586602883df0e3157632436d710bccf642686cb3b052c80b276bfdaea6e"], 0x1374}, 0x1, 0x0, 0x0, 0x8083}, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3, 0x0, 0x8000000000}, 0x18)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300))
pipe(&(0x7f00000001c0))
pipe(&(0x7f0000000140))
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f4, &(0x7f0000000080))

15.80483ms ago: executing program 3 (id=1615):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0xf5ff, &(0x7f0000000040)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x4984f78, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

0s ago: executing program 3 (id=1616):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0x60, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r3 = perf_event_open(&(0x7f0000000500)={0x1, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x4}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2007}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x71, 0x5, 0xc, 0x8, 0x0, 0x1f, 0x4204, 0x8, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_bp={0x0, 0x1}, 0xb06, 0x2, 0x8, 0x1, 0x7f, 0x8800, 0x5, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_clone(0xae12e400, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = gettid()
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
read(r6, &(0x7f0000000200)=""/202, 0xca)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x18)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001240)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d19f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d6356e4450d043ed20d313cd56a56d2e4cdf26f19af9a41695a58a9b6b45af1ca939b18d7b57791b99cfc6ec2a0848c29fea4eb8b82395a38e8aca5ab4bfc2ad8acf2e51b766f8ecd16194ad41ec097082f7fa32179ef99dafa6c2aa206a25ddc33e6f0a09169eeff428c71f54e1dfcfcd7cfc8f6e169f11c47d504"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r10, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000140)="b9ff03076804268cb89e14f088a847e0ffff2000000000000000ac141416e0885a049a179424", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3, 0x3, 0x0, 0x0, 0x8001}})
tkill(r5, 0x7)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r6, 0x80045301, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000008c0)='kfree\x00', r11}, 0x18)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r12, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000900)=ANY=[@ANYBLOB="14000000", @ANYRES16=r13, @ANYBLOB="010025bd7000fadbdf250100000097061507ad335458f8401c1273143a8dd7d19067317232c109fe6c0d48d5b8e5a587d90a4681b6f63651d1caebb4ac3092d816f51f0066aec238bd9e600d6d9a1d2fa51f412021eb24c5015bc84194e0d58c9ed4ee2fa5d8a9c39959d3c27940d7cef42a9c9f8c3a707ca6b30b8612613f4edef302d61b95df7a2efc8593f51912fae1c59f1bd35510b0aac2a6c481231cb441a13d3fc0feeccfa65dffc793c15051651bb521ce6702b4beda48"], 0x14}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000000)
r14 = syz_open_dev$vcsa(&(0x7f0000000140), 0xfffffffffffff4f5, 0x80002)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x8, 0x0, r12, 0x0, &(0x7f0000000380)="9d902c0dc0fbaa2527501a66b7645f361cec9dc5c7d731f6a35fd02a52c17a0bde125489f4538f265342edb47f6e56872920586ecf439abbacd6d743eccaf28a26d01214a6476e1a6f82bf61d4e9acb9c252da0f42fde251916af6a92dfc85634c42066fddda1f27", 0x68, 0x62, 0x1})
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x18, &(0x7f0000000a40)=ANY=[@ANYRES8=r3, @ANYRESHEX=r10, @ANYRESOCT=r9, @ANYRES16=r1, @ANYBLOB="cc8b8e612ef4ce4ab74b006985f241e4e4aa69ae048e3777d5e5d33158c1ee75d5122f90401621a50ec7fb4dc8dfa6145da4ecbdcceb094a67c726324279", @ANYRESDEC=r7, @ANYBLOB="3c049d97478ec1e356bb6968a1b65f7879d33087ba4bd9282240a3440880740489d6ac41a75bce441392ca2f142cf14aefda5deebc45a71c902a7e795f5cc77d81cfe19eb46ba5e7a14943485a7295579887a51c18f2004f162a643369028f6a886e46026a12cfe4ce3a3a8209645d1ce34aad7459282c14fb3a180c553470f9d40b32cf8df155cb02240b4ac735e2", @ANYRES8=r2, @ANYRESHEX=r3, @ANYRESDEC=r5], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @xdp, r14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
socket$pppl2tp(0x18, 0x1, 0x1)

kernel console output (not intermixed with test programs):

t: type=1326 audit(1765052705.078:2543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.3.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[   75.991885][   T29] audit: type=1326 audit(1765052705.078:2544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.3.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[   76.015180][   T29] audit: type=1326 audit(1765052705.078:2545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.3.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[   76.038488][   T29] audit: type=1326 audit(1765052705.078:2546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.3.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[   76.061676][   T29] audit: type=1326 audit(1765052705.078:2547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.3.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[   76.084975][   T29] audit: type=1326 audit(1765052705.078:2548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.3.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[   76.108286][   T29] audit: type=1326 audit(1765052705.078:2549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.3.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[   76.131582][   T29] audit: type=1326 audit(1765052705.078:2550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5557 comm="syz.3.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[   76.420066][ T5567] FAULT_INJECTION: forcing a failure.
[   76.420066][ T5567] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   76.433248][ T5567] CPU: 0 UID: 0 PID: 5567 Comm: syz.2.668 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   76.433342][ T5567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   76.433356][ T5567] Call Trace:
[   76.433363][ T5567]  <TASK>
[   76.433372][ T5567]  __dump_stack+0x1d/0x30
[   76.433395][ T5567]  dump_stack_lvl+0xe8/0x140
[   76.433471][ T5567]  dump_stack+0x15/0x1b
[   76.433502][ T5567]  should_fail_ex+0x265/0x280
[   76.433523][ T5567]  should_fail+0xb/0x20
[   76.433606][ T5567]  should_fail_usercopy+0x1a/0x20
[   76.433699][ T5567]  _copy_from_user+0x1c/0xb0
[   76.433757][ T5567]  __sys_bpf+0x183/0x7c0
[   76.433783][ T5567]  __x64_sys_bpf+0x41/0x50
[   76.433813][ T5567]  x64_sys_call+0x28e1/0x3000
[   76.433835][ T5567]  do_syscall_64+0xd8/0x2a0
[   76.433935][ T5567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.433985][ T5567] RIP: 0033:0x7fb31640f749
[   76.434002][ T5567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.434020][ T5567] RSP: 002b:00007fb314e77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   76.434039][ T5567] RAX: ffffffffffffffda RBX: 00007fb316665fa0 RCX: 00007fb31640f749
[   76.434066][ T5567] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[   76.434080][ T5567] RBP: 00007fb314e77090 R08: 0000000000000000 R09: 0000000000000000
[   76.434146][ T5567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.434159][ T5567] R13: 00007fb316666038 R14: 00007fb316665fa0 R15: 00007ffdb59c9a58
[   76.434179][ T5567]  </TASK>
[   76.621907][ T5569] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 2621
[   76.654118][ T5570] loop1: detected capacity change from 0 to 512
[   76.665200][ T5570] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.669: bg 0: block 16: invalid block bitmap
[   76.683285][ T5570] EXT4-fs (loop1): Remounting filesystem read-only
[   76.689947][ T5570] EXT4-fs (loop1): 1 truncate cleaned up
[   76.696178][ T5570] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.931698][ T5600] netlink: 8 bytes leftover after parsing attributes in process `syz.5.676'.
[   76.953695][ T5600] 8021q: adding VLAN 0 to HW filter on device bond1
[   76.960521][ T5603] loop2: detected capacity change from 0 to 1024
[   76.983148][ T5603] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.006703][ T5603] netlink: 4 bytes leftover after parsing attributes in process `syz.2.680'.
[   77.469983][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.505020][ T5613] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   77.534698][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.573049][ T5615] 9pnet_fd: Insufficient options for proto=fd
[   77.652803][ T5623] loop1: detected capacity change from 0 to 512
[   77.687892][ T5623] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.705016][ T5628] netlink: 'syz.5.689': attribute type 2 has an invalid length.
[   77.708815][ T5623] ext4 filesystem being mounted at /156/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   77.727320][ T5623] FAULT_INJECTION: forcing a failure.
[   77.727320][ T5623] name failslab, interval 1, probability 0, space 0, times 0
[   77.740037][ T5623] CPU: 1 UID: 0 PID: 5623 Comm: syz.1.688 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   77.740075][ T5623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   77.740159][ T5623] Call Trace:
[   77.740164][ T5623]  <TASK>
[   77.740172][ T5623]  __dump_stack+0x1d/0x30
[   77.740203][ T5623]  dump_stack_lvl+0xe8/0x140
[   77.740247][ T5623]  dump_stack+0x15/0x1b
[   77.740269][ T5623]  should_fail_ex+0x265/0x280
[   77.740294][ T5623]  should_failslab+0x8c/0xb0
[   77.740379][ T5623]  __kvmalloc_node_noprof+0x149/0x6b0
[   77.740417][ T5623]  ? vmemdup_user+0x2b/0xd0
[   77.740433][ T5623]  ? should_fail_usercopy+0x1a/0x20
[   77.740459][ T5623]  vmemdup_user+0x2b/0xd0
[   77.740477][ T5623]  path_setxattrat+0x1b6/0x310
[   77.740531][ T5623]  __x64_sys_fsetxattr+0x6b/0x80
[   77.740553][ T5623]  x64_sys_call+0x23c4/0x3000
[   77.740574][ T5623]  do_syscall_64+0xd8/0x2a0
[   77.740618][ T5623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.740667][ T5623] RIP: 0033:0x7fb0b3a9f749
[   77.740684][ T5623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.740704][ T5623] RSP: 002b:00007fb0b24ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[   77.740724][ T5623] RAX: ffffffffffffffda RBX: 00007fb0b3cf5fa0 RCX: 00007fb0b3a9f749
[   77.740735][ T5623] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000006
[   77.740747][ T5623] RBP: 00007fb0b24ff090 R08: 0000000000000000 R09: 0000000000000000
[   77.740758][ T5623] R10: 00000000000003c8 R11: 0000000000000246 R12: 0000000000000001
[   77.740810][ T5623] R13: 00007fb0b3cf6038 R14: 00007fb0b3cf5fa0 R15: 00007ffd0cae5188
[   77.740830][ T5623]  </TASK>
[   78.009825][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.023818][ T3830] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.036689][ T5633] pim6reg: entered allmulticast mode
[   78.049034][ T5635] netlink: 4 bytes leftover after parsing attributes in process `syz.2.693'.
[   78.063617][ T5633] pim6reg: left allmulticast mode
[   78.100744][ T3830] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.118827][ T3830] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.163837][ T5645] 9pnet_fd: Insufficient options for proto=fd
[   78.165509][ T3830] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.179148][ T5644] netlink: 8 bytes leftover after parsing attributes in process `syz.3.695'.
[   78.193341][ T5644] netlink: 12 bytes leftover after parsing attributes in process `syz.3.695'.
[   78.202450][ T5644] netlink: 16 bytes leftover after parsing attributes in process `syz.3.695'.
[   78.219840][ T5643] netlink: 19 bytes leftover after parsing attributes in process `syz.2.694'.
[   78.294310][ T5658] loop4: detected capacity change from 0 to 128
[   78.303438][ T5659] loop1: detected capacity change from 0 to 512
[   78.309351][ T5658] EXT4-fs: Ignoring removed nobh option
[   78.318817][ T5660] loop2: detected capacity change from 0 to 512
[   78.327964][ T5658] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   78.344601][ T5659] FAT-fs (loop1): Directory bread(block 199916) failed
[   78.364482][ T5660] EXT4-fs (loop2): orphan cleanup on readonly fs
[   78.371166][ T5658] ext4 filesystem being mounted at /140/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   78.371295][ T5659] FAT-fs (loop1): Directory bread(block 199917) failed
[   78.389020][ T5660] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.694: bad orphan inode 13
[   78.409949][ T5660] ext4_test_bit(bit=12, block=18) = 1
[   78.415414][ T5660] is_bad_inode(inode)=0
[   78.419591][ T5660] NEXT_ORPHAN(inode)=2130706432
[   78.424437][ T5660] max_ino=32
[   78.427661][ T5660] i_nlink=1
[   78.432419][ T5660] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   78.440512][ T5659] FAT-fs (loop1): Directory bread(block 199918) failed
[   78.464298][ T3326] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   78.479888][ T5659] FAT-fs (loop1): Directory bread(block 199919) failed
[   78.516177][ T5659] FAT-fs (loop1): Directory bread(block 199920) failed
[   78.560626][ T5659] FAT-fs (loop1): Directory bread(block 199921) failed
[   78.567571][ T5659] FAT-fs (loop1): Directory bread(block 199922) failed
[   78.574712][ T5659] FAT-fs (loop1): Directory bread(block 199923) failed
[   78.601093][ T5671] loop5: detected capacity change from 0 to 512
[   78.622212][ T5671] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   78.641193][ T5671] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.654047][ T5671] ext4 filesystem being mounted at /17/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   78.668473][ T5671] netlink: 256 bytes leftover after parsing attributes in process `syz.5.707'.
[   79.010404][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.234952][ T5686] SELinux:  policydb magic number 0x280 does not match expected magic number 0xf97cff8c
[   79.263647][ T5686] SELinux: failed to load policy
[   79.431866][ T5705] __nla_validate_parse: 1 callbacks suppressed
[   79.431880][ T5705] netlink: 16 bytes leftover after parsing attributes in process `syz.4.719'.
[   79.447081][ T5705] netlink: 16 bytes leftover after parsing attributes in process `syz.4.719'.
[   79.504981][ T5269] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.132165][ T5737] netlink: 4 bytes leftover after parsing attributes in process `syz.3.732'.
[   80.218451][ T5741] netlink: 'syz.3.732': attribute type 7 has an invalid length.
[   80.269791][ T5747] loop4: detected capacity change from 0 to 2048
[   80.283559][ T5748] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.298314][ T5747] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   80.353038][ T5748] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.420732][ T5748] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.497873][ T5763] pim6reg1: entered promiscuous mode
[   80.503220][ T5763] pim6reg1: entered allmulticast mode
[   80.510653][ T5748] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.576658][  T415] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.591434][ T3834] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.606453][ T3834] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.624371][ T3834] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.816042][ T5776] loop2: detected capacity change from 0 to 1024
[   80.829501][ T5776] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   80.839646][ T5776] EXT4-fs (loop2): required journal recovery suppressed and not mounted read-only
[   81.002737][ T5782] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   81.184547][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[   81.191178][ T5787] SELinux:  Context system_u:object_r:getty_etc_t:s0 is not valid (left unmapped).
[   81.191360][   T29] kauditd_printk_skb: 267 callbacks suppressed
[   81.191398][   T29] audit: type=1400 audit(1765052710.358:2816): avc:  denied  { relabelto } for  pid=5785 comm="syz.5.749" name="cgroup.procs" dev="cgroup" ino=298 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:getty_etc_t:s0"
[   81.191446][   T29] audit: type=1400 audit(1765052710.358:2817): avc:  denied  { associate } for  pid=5785 comm="syz.5.749" name="cgroup.procs" dev="cgroup" ino=298 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 srawcon="system_u:object_r:getty_etc_t:s0"
[   81.368354][ T5792] loop4: detected capacity change from 0 to 512
[   81.452158][ T5792] FAT-fs (loop4): Directory bread(block 199916) failed
[   81.452183][ T5792] FAT-fs (loop4): Directory bread(block 199917) failed
[   81.452272][ T5792] FAT-fs (loop4): Directory bread(block 199918) failed
[   81.452291][ T5792] FAT-fs (loop4): Directory bread(block 199919) failed
[   81.452343][ T5792] FAT-fs (loop4): Directory bread(block 199920) failed
[   81.452444][ T5792] FAT-fs (loop4): Directory bread(block 199921) failed
[   81.452465][ T5792] FAT-fs (loop4): Directory bread(block 199922) failed
[   81.452552][ T5792] FAT-fs (loop4): Directory bread(block 199923) failed
[   81.468735][   T29] audit: type=1326 audit(1765052710.628:2818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   81.468897][   T29] audit: type=1326 audit(1765052710.628:2819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   81.469058][   T29] audit: type=1326 audit(1765052710.628:2820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   81.469493][   T29] audit: type=1326 audit(1765052710.638:2821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   81.469644][   T29] audit: type=1326 audit(1765052710.638:2822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   81.470887][   T29] audit: type=1326 audit(1765052710.638:2823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   81.470914][   T29] audit: type=1326 audit(1765052710.638:2824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   81.471012][   T29] audit: type=1326 audit(1765052710.638:2825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.4.750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94bced1667 code=0x7ffc0000
[   81.476287][ T5797] pim6reg1: entered promiscuous mode
[   81.476306][ T5797] pim6reg1: entered allmulticast mode
[   81.857226][ T5811] loop2: detected capacity change from 0 to 164
[   81.872811][ T5811] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   81.885302][ T5811] ipvlan2: entered promiscuous mode
[   81.893665][ T5811] netlink: 4 bytes leftover after parsing attributes in process `syz.2.758'.
[   81.908868][ T5811] bridge_slave_1: left allmulticast mode
[   81.914629][ T5811] bridge_slave_1: left promiscuous mode
[   81.920403][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.949431][ T5812] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   81.964122][ T5812] Symlink component flag not implemented
[   81.969896][ T5812] Symlink component flag not implemented
[   81.989348][ T5812] Symlink component flag not implemented (7)
[   81.995364][ T5812] Symlink component flag not implemented (116)
[   81.995674][ T5816] loop3: detected capacity change from 0 to 2048
[   82.062249][ T5816] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   82.089571][ T5811] bridge_slave_0: left allmulticast mode
[   82.095334][ T5811] bridge_slave_0: left promiscuous mode
[   82.101103][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.133221][ T5821] netlink: 'syz.4.761': attribute type 7 has an invalid length.
[   82.270910][ T5834] netlink: 8 bytes leftover after parsing attributes in process `syz.1.762'.
[   82.271463][ T5835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.764'.
[   82.294202][ T5834] 8021q: adding VLAN 0 to HW filter on device bond1
[   82.307974][ T5835] 8021q: adding VLAN 0 to HW filter on device bond3
[   82.347246][ T5841] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   82.456769][ T5848] netlink: 19 bytes leftover after parsing attributes in process `syz.5.770'.
[   82.501225][ T5849] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.522197][ T5850] loop5: detected capacity change from 0 to 512
[   82.530431][ T5850] EXT4-fs (loop5): orphan cleanup on readonly fs
[   82.537159][ T5850] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.770: bad orphan inode 13
[   82.548210][ T5850] ext4_test_bit(bit=12, block=18) = 1
[   82.553707][ T5850] is_bad_inode(inode)=0
[   82.557881][ T5850] NEXT_ORPHAN(inode)=2130706432
[   82.562794][ T5850] max_ino=32
[   82.565976][ T5850] i_nlink=1
[   82.569759][ T5850] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   82.583816][ T5849] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.631141][ T5849] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.690826][ T5849] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.736276][  T415] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.747581][ T3834] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.758786][ T3834] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.769226][ T3834] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.865099][ T3330] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[   82.874352][ T5857] loop2: detected capacity change from 0 to 512
[   82.885706][ T5857] FAT-fs (loop2): Directory bread(block 199916) failed
[   82.900302][ T5857] FAT-fs (loop2): Directory bread(block 199917) failed
[   82.960177][ T5857] FAT-fs (loop2): Directory bread(block 199918) failed
[   82.974742][ T5857] FAT-fs (loop2): Directory bread(block 199919) failed
[   82.988431][ T5857] FAT-fs (loop2): Directory bread(block 199920) failed
[   83.012186][ T5857] FAT-fs (loop2): Directory bread(block 199921) failed
[   83.019816][ T5857] FAT-fs (loop2): Directory bread(block 199922) failed
[   83.027012][ T5857] FAT-fs (loop2): Directory bread(block 199923) failed
[   83.113101][ T5864] netlink: 12 bytes leftover after parsing attributes in process `syz.4.775'.
[   83.126299][ T5864] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[   83.300479][ T5269] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.769997][ T5886] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.825246][ T5886] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.874800][ T5893] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   83.885781][ T5886] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.943922][ T5886] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.107002][ T5913] loop3: detected capacity change from 0 to 512
[   84.135398][ T5913] FAT-fs (loop3): Directory bread(block 199916) failed
[   84.143842][ T5913] FAT-fs (loop3): Directory bread(block 199917) failed
[   84.161442][ T5913] FAT-fs (loop3): Directory bread(block 199918) failed
[   84.168436][ T5913] FAT-fs (loop3): Directory bread(block 199919) failed
[   84.175630][ T5913] FAT-fs (loop3): Directory bread(block 199920) failed
[   84.182604][ T5913] FAT-fs (loop3): Directory bread(block 199921) failed
[   84.190871][ T5913] FAT-fs (loop3): Directory bread(block 199922) failed
[   84.197950][ T5913] FAT-fs (loop3): Directory bread(block 199923) failed
[   84.373559][ T5920] loop4: detected capacity change from 0 to 512
[   84.392745][ T5920] EXT4-fs (loop4): 1 orphan inode deleted
[   84.399066][ T5920] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.411645][ T5920] ext4 filesystem being mounted at /160/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.490643][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.515950][ T5927] FAULT_INJECTION: forcing a failure.
[   84.515950][ T5927] name failslab, interval 1, probability 0, space 0, times 0
[   84.528706][ T5927] CPU: 0 UID: 0 PID: 5927 Comm: syz.4.795 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   84.528798][ T5927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   84.528810][ T5927] Call Trace:
[   84.528816][ T5927]  <TASK>
[   84.528825][ T5927]  __dump_stack+0x1d/0x30
[   84.528849][ T5927]  dump_stack_lvl+0xe8/0x140
[   84.528874][ T5927]  dump_stack+0x15/0x1b
[   84.528895][ T5927]  should_fail_ex+0x265/0x280
[   84.528916][ T5927]  should_failslab+0x8c/0xb0
[   84.528938][ T5927]  kmem_cache_alloc_noprof+0x69/0x4b0
[   84.529021][ T5927]  ? radix_tree_node_alloc+0x8a/0x1f0
[   84.529055][ T5927]  radix_tree_node_alloc+0x8a/0x1f0
[   84.529091][ T5927]  ? __rcu_read_unlock+0x4f/0x70
[   84.529113][ T5927]  radix_tree_extend+0xcf/0x370
[   84.529209][ T5927]  idr_get_free+0x12d/0x550
[   84.529307][ T5927]  idr_alloc_u32+0xca/0x180
[   84.529337][ T5927]  ? __pfx_loop_control_ioctl+0x10/0x10
[   84.529362][ T5927]  idr_alloc+0x6e/0xd0
[   84.529437][ T5927]  loop_add+0x145/0x580
[   84.529465][ T5927]  ? __pfx_loop_control_ioctl+0x10/0x10
[   84.529494][ T5927]  loop_control_ioctl+0xd0/0x3f0
[   84.529567][ T5927]  ? __pfx_loop_control_ioctl+0x10/0x10
[   84.529597][ T5927]  __se_sys_ioctl+0xce/0x140
[   84.529628][ T5927]  __x64_sys_ioctl+0x43/0x50
[   84.529697][ T5927]  x64_sys_call+0x14b0/0x3000
[   84.529719][ T5927]  do_syscall_64+0xd8/0x2a0
[   84.529750][ T5927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.529814][ T5927] RIP: 0033:0x7f94bcecf749
[   84.529829][ T5927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.529849][ T5927] RSP: 002b:00007f94bb92f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.529871][ T5927] RAX: ffffffffffffffda RBX: 00007f94bd125fa0 RCX: 00007f94bcecf749
[   84.529886][ T5927] RDX: 0000000007000000 RSI: 0000000000004c80 RDI: 0000000000000003
[   84.529967][ T5927] RBP: 00007f94bb92f090 R08: 0000000000000000 R09: 0000000000000000
[   84.529982][ T5927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   84.530017][ T5927] R13: 00007f94bd126038 R14: 00007f94bd125fa0 R15: 00007fff3dd8be38
[   84.530034][ T5927]  </TASK>
[   84.801776][ T5931] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   85.122270][ T5952] pim6reg1: entered promiscuous mode
[   85.127584][ T5952] pim6reg1: entered allmulticast mode
[   85.317423][ T5958] netlink: 12 bytes leftover after parsing attributes in process `syz.1.807'.
[   85.326382][ T5958] netlink: 12 bytes leftover after parsing attributes in process `syz.1.807'.
[   85.985164][ T5971] loop4: detected capacity change from 0 to 512
[   86.073057][ T5971] FAT-fs (loop4): Directory bread(block 199916) failed
[   86.112122][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   86.133875][ T5971] FAT-fs (loop4): Directory bread(block 199917) failed
[   86.150266][ T5971] FAT-fs (loop4): Directory bread(block 199918) failed
[   86.157853][ T5977] loop3: detected capacity change from 0 to 2048
[   86.164523][ T5971] FAT-fs (loop4): Directory bread(block 199919) failed
[   86.184659][ T5977] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   86.202034][ T5971] FAT-fs (loop4): Directory bread(block 199920) failed
[   86.209443][ T5971] FAT-fs (loop4): Directory bread(block 199921) failed
[   86.216439][ T5971] FAT-fs (loop4): Directory bread(block 199922) failed
[   86.223664][ T5971] FAT-fs (loop4): Directory bread(block 199923) failed
[   86.256141][   T29] kauditd_printk_skb: 134 callbacks suppressed
[   86.256156][   T29] audit: type=1326 audit(1765052715.418:2960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5967 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   86.285790][   T29] audit: type=1326 audit(1765052715.418:2961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5967 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   86.309115][   T29] audit: type=1326 audit(1765052715.418:2962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5967 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   86.332340][   T29] audit: type=1326 audit(1765052715.418:2963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5967 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   86.355663][   T29] audit: type=1326 audit(1765052715.418:2964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5967 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   86.378975][   T29] audit: type=1326 audit(1765052715.418:2965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5967 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   86.402242][   T29] audit: type=1326 audit(1765052715.418:2966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5967 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   86.425625][   T29] audit: type=1326 audit(1765052715.418:2967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5967 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   86.448877][   T29] audit: type=1326 audit(1765052715.418:2968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5967 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[   86.472224][   T29] audit: type=1326 audit(1765052715.418:2969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5967 comm="syz.4.811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94bced1667 code=0x7ffc0000
[   86.520848][ T5981] devtmpfs: Too few inodes for current use
[   86.528713][ T5981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.816'.
[   86.537632][ T5981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.816'.
[   86.828807][ T6000] netlink: 19 bytes leftover after parsing attributes in process `syz.5.823'.
[   86.898340][ T6002] loop5: detected capacity change from 0 to 512
[   86.906174][ T6002] EXT4-fs (loop5): orphan cleanup on readonly fs
[   86.912775][ T6002] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.823: bad orphan inode 13
[   86.922936][ T6002] ext4_test_bit(bit=12, block=18) = 1
[   86.928306][ T6002] is_bad_inode(inode)=0
[   86.932517][ T6002] NEXT_ORPHAN(inode)=2130706432
[   86.937369][ T6002] max_ino=32
[   86.940654][ T6002] i_nlink=1
[   86.944300][ T6002] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   87.030427][ T3817] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.061701][ T3810] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.061762][ T3330] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[   87.076739][ T3810] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.109136][ T3810] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.183950][ T6014] netlink: 24 bytes leftover after parsing attributes in process `syz.3.828'.
[   87.461536][ T6019] pim6reg1: entered promiscuous mode
[   87.466860][ T6019] pim6reg1: entered allmulticast mode
[   87.625870][ T6025] netlink: 32 bytes leftover after parsing attributes in process `syz.1.833'.
[   87.638819][ T6025] netlink: 32 bytes leftover after parsing attributes in process `syz.1.833'.
[   87.677082][ T5269] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.780737][ T6039] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.834731][ T6039] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.876949][ T6048] pim6reg1: entered promiscuous mode
[   87.882298][ T6048] pim6reg1: entered allmulticast mode
[   87.900955][ T6039] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   87.980611][ T6039] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.057436][ T3850] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.075233][ T3850] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.093443][ T3850] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.106812][ T3806] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.158425][ T6061] netlink: 19 bytes leftover after parsing attributes in process `syz.4.847'.
[   88.171201][ T6063] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   88.264920][ T6067] loop4: detected capacity change from 0 to 512
[   88.309876][ T6067] EXT4-fs (loop4): orphan cleanup on readonly fs
[   88.317737][ T6067] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.847: bad orphan inode 13
[   88.328708][ T6067] ext4_test_bit(bit=12, block=18) = 1
[   88.334181][ T6067] is_bad_inode(inode)=0
[   88.338328][ T6067] NEXT_ORPHAN(inode)=2130706432
[   88.343196][ T6067] max_ino=32
[   88.346382][ T6067] i_nlink=1
[   88.350541][ T6067] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   88.682383][ T6080] netlink: 40 bytes leftover after parsing attributes in process `syz.3.853'.
[   88.706649][ T6082] pim6reg1: entered promiscuous mode
[   88.712370][ T6082] pim6reg1: entered allmulticast mode
[   88.890315][ T6102] FAULT_INJECTION: forcing a failure.
[   88.890315][ T6102] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   88.903398][ T6102] CPU: 1 UID: 0 PID: 6102 Comm: syz.1.864 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   88.903493][ T6102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   88.903507][ T6102] Call Trace:
[   88.903514][ T6102]  <TASK>
[   88.903522][ T6102]  __dump_stack+0x1d/0x30
[   88.903545][ T6102]  dump_stack_lvl+0xe8/0x140
[   88.903565][ T6102]  dump_stack+0x15/0x1b
[   88.903583][ T6102]  should_fail_ex+0x265/0x280
[   88.903679][ T6102]  should_fail+0xb/0x20
[   88.903764][ T6102]  should_fail_usercopy+0x1a/0x20
[   88.903792][ T6102]  _copy_to_user+0x20/0xa0
[   88.903841][ T6102]  finalize_log+0xa1/0x100
[   88.903874][ T6102]  btf_new_fd+0x50a/0x790
[   88.903900][ T6102]  bpf_btf_load+0x112/0x130
[   88.903925][ T6102]  __sys_bpf+0x357/0x7c0
[   88.903953][ T6102]  __x64_sys_bpf+0x41/0x50
[   88.904032][ T6102]  x64_sys_call+0x28e1/0x3000
[   88.904174][ T6102]  do_syscall_64+0xd8/0x2a0
[   88.904208][ T6102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.904231][ T6102] RIP: 0033:0x7fb0b3a9f749
[   88.904247][ T6102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.904266][ T6102] RSP: 002b:00007fb0b24ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   88.904297][ T6102] RAX: ffffffffffffffda RBX: 00007fb0b3cf5fa0 RCX: 00007fb0b3a9f749
[   88.904311][ T6102] RDX: 0000000000000028 RSI: 0000200000000100 RDI: 0000000000000012
[   88.904325][ T6102] RBP: 00007fb0b24ff090 R08: 0000000000000000 R09: 0000000000000000
[   88.904339][ T6102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   88.904352][ T6102] R13: 00007fb0b3cf6038 R14: 00007fb0b3cf5fa0 R15: 00007ffd0cae5188
[   88.904371][ T6102]  </TASK>
[   89.095057][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.204057][ T6119] 8021q: adding VLAN 0 to HW filter on device bond4
[   89.221230][ T6122] netlink: zone id is out of range
[   89.226460][ T6122] netlink: zone id is out of range
[   89.232271][ T6122] netlink: zone id is out of range
[   89.237653][ T6122] netlink: zone id is out of range
[   89.240931][ T6126] pim6reg1: entered promiscuous mode
[   89.242896][ T6122] netlink: zone id is out of range
[   89.248239][ T6126] pim6reg1: entered allmulticast mode
[   89.254827][ T6122] netlink: zone id is out of range
[   89.264425][ T6122] netlink: zone id is out of range
[   89.269767][ T6122] netlink: zone id is out of range
[   89.275364][ T6122] netlink: zone id is out of range
[   89.280675][ T6122] netlink: zone id is out of range
[   89.341428][ T6131] pim6reg1: entered promiscuous mode
[   89.346741][ T6131] pim6reg1: entered allmulticast mode
[   89.486425][ T6134] loop1: detected capacity change from 0 to 512
[   89.496551][ T6134] FAT-fs (loop1): Directory bread(block 199916) failed
[   89.508088][ T6134] FAT-fs (loop1): Directory bread(block 199917) failed
[   89.515059][ T6134] FAT-fs (loop1): Directory bread(block 199918) failed
[   89.522176][ T6134] FAT-fs (loop1): Directory bread(block 199919) failed
[   89.529212][ T6134] FAT-fs (loop1): Directory bread(block 199920) failed
[   89.536168][ T6134] FAT-fs (loop1): Directory bread(block 199921) failed
[   89.543295][ T6134] FAT-fs (loop1): Directory bread(block 199922) failed
[   89.550701][ T6134] FAT-fs (loop1): Directory bread(block 199923) failed
[   89.810754][ T6140] loop5: detected capacity change from 0 to 512
[   89.827727][ T6140] EXT4-fs (loop5): orphan cleanup on readonly fs
[   89.834482][ T6140] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.878: bad orphan inode 13
[   89.844971][ T6140] ext4_test_bit(bit=12, block=18) = 1
[   89.850473][ T6140] is_bad_inode(inode)=0
[   89.854627][ T6140] NEXT_ORPHAN(inode)=2130706432
[   89.859502][ T6140] max_ino=32
[   89.862689][ T6140] i_nlink=1
[   89.866644][ T6140] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   90.209568][ T6152] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.281038][ T6152] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.351241][ T6152] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.450988][ T6152] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.581446][ T6170] __nla_validate_parse: 5 callbacks suppressed
[   90.581463][ T6170] netlink: 8 bytes leftover after parsing attributes in process `syz.2.889'.
[   90.602919][ T6170] 8021q: adding VLAN 0 to HW filter on device bond3
[   90.610171][ T5269] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.659522][ T6175] loop5: detected capacity change from 0 to 2048
[   90.683135][ T6175] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   90.900067][ T6197] netlink: 19 bytes leftover after parsing attributes in process `syz.3.900'.
[   90.964532][ T6199] loop3: detected capacity change from 0 to 512
[   90.976012][ T6199] EXT4-fs (loop3): orphan cleanup on readonly fs
[   90.986237][ T6199] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.900: bad orphan inode 13
[   90.996599][ T6199] ext4_test_bit(bit=12, block=18) = 1
[   91.002211][ T6199] is_bad_inode(inode)=0
[   91.006348][ T6199] NEXT_ORPHAN(inode)=2130706432
[   91.011225][ T6199] max_ino=32
[   91.014404][ T6199] i_nlink=1
[   91.017914][ T6199] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   91.294792][ T6202] pim6reg1: entered promiscuous mode
[   91.300189][ T6202] pim6reg1: entered allmulticast mode
[   91.363422][ T6204] 9pnet_fd: Insufficient options for proto=fd
[   91.430109][ T6210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.905'.
[   91.525248][ T5269] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[   91.561044][   T29] kauditd_printk_skb: 226 callbacks suppressed
[   91.561057][   T29] audit: type=1326 audit(1765052720.728:3196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce3d9f749 code=0x7ffc0000
[   91.603059][   T29] audit: type=1326 audit(1765052720.728:3197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ce3d9f749 code=0x7ffc0000
[   91.626492][   T29] audit: type=1326 audit(1765052720.728:3198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce3d9f749 code=0x7ffc0000
[   91.649848][   T29] audit: type=1326 audit(1765052720.728:3199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7f6ce3d9f749 code=0x7ffc0000
[   91.673193][   T29] audit: type=1326 audit(1765052720.728:3200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6217 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce3d9f749 code=0x7ffc0000
[   91.736235][ T3330] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   91.781370][ T6235] netlink: 8 bytes leftover after parsing attributes in process `syz.2.912'.
[   91.793667][ T6238] 9pnet_fd: Insufficient options for proto=fd
[   91.796985][ T6235] 8021q: adding VLAN 0 to HW filter on device bond4
[   91.974732][ T3801] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.985878][ T3801] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.996922][ T3801] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.007824][ T3801] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.262825][ T6265] netlink: 32 bytes leftover after parsing attributes in process `syz.4.928'.
[   92.354575][ T6265] FAULT_INJECTION: forcing a failure.
[   92.354575][ T6265] name failslab, interval 1, probability 0, space 0, times 0
[   92.367373][ T6265] CPU: 1 UID: 0 PID: 6265 Comm: syz.4.928 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   92.367474][ T6265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   92.367482][ T6265] Call Trace:
[   92.367528][ T6265]  <TASK>
[   92.367534][ T6265]  __dump_stack+0x1d/0x30
[   92.367549][ T6265]  dump_stack_lvl+0xe8/0x140
[   92.367562][ T6265]  dump_stack+0x15/0x1b
[   92.367573][ T6265]  should_fail_ex+0x265/0x280
[   92.367652][ T6265]  should_failslab+0x8c/0xb0
[   92.367664][ T6265]  kmem_cache_alloc_noprof+0x69/0x4b0
[   92.367677][ T6265]  ? skb_clone+0x151/0x1f0
[   92.367693][ T6265]  skb_clone+0x151/0x1f0
[   92.367778][ T6265]  __netlink_deliver_tap+0x2c9/0x500
[   92.367796][ T6265]  ? netlink_attachskb+0x2cc/0x650
[   92.367811][ T6265]  netlink_sendskb+0x126/0x150
[   92.367853][ T6265]  netlink_unicast+0x2a2/0x690
[   92.367870][ T6265]  netlink_ack+0x4c8/0x500
[   92.367888][ T6265]  netlink_rcv_skb+0x192/0x220
[   92.367909][ T6265]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   92.367939][ T6265]  rtnetlink_rcv+0x1c/0x30
[   92.367956][ T6265]  netlink_unicast+0x5c0/0x690
[   92.367972][ T6265]  netlink_sendmsg+0x58b/0x6b0
[   92.368040][ T6265]  ? __pfx_netlink_sendmsg+0x10/0x10
[   92.368077][ T6265]  __sock_sendmsg+0x145/0x180
[   92.368096][ T6265]  ____sys_sendmsg+0x345/0x4a0
[   92.368186][ T6265]  ___sys_sendmsg+0x17b/0x1d0
[   92.368207][ T6265]  __sys_sendmmsg+0x178/0x300
[   92.368307][ T6265]  __x64_sys_sendmmsg+0x57/0x70
[   92.368323][ T6265]  x64_sys_call+0x1e28/0x3000
[   92.368337][ T6265]  do_syscall_64+0xd8/0x2a0
[   92.368407][ T6265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.368431][ T6265] RIP: 0033:0x7f94bcecf749
[   92.368445][ T6265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.368463][ T6265] RSP: 002b:00007f94bb92f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   92.368536][ T6265] RAX: ffffffffffffffda RBX: 00007f94bd125fa0 RCX: 00007f94bcecf749
[   92.368550][ T6265] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[   92.368560][ T6265] RBP: 00007f94bb92f090 R08: 0000000000000000 R09: 0000000000000000
[   92.368568][ T6265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.368575][ T6265] R13: 00007f94bd126038 R14: 00007f94bd125fa0 R15: 00007fff3dd8be38
[   92.368587][ T6265]  </TASK>
[   92.368732][ T6265] netlink: 'syz.4.928': attribute type 14 has an invalid length.
[   92.607434][ T6265] netlink: 4 bytes leftover after parsing attributes in process `syz.4.928'.
[   92.617811][ T6265] netlink: 'syz.4.928': attribute type 14 has an invalid length.
[   92.625560][ T6265] netlink: 4 bytes leftover after parsing attributes in process `syz.4.928'.
[   92.710375][ T6288] loop2: detected capacity change from 0 to 128
[   92.718756][ T6288] EXT4-fs: Ignoring removed nobh option
[   92.727452][ T6287] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.749858][ T6288] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   92.791644][ T6287] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.830362][ T6297] loop1: detected capacity change from 0 to 512
[   92.834358][ T6288] ext4 filesystem being mounted at /173/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   92.847945][ T6297] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   92.865160][ T6287] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.878502][ T3318] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   92.892489][ T6297] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   92.909581][ T6297] ext4 filesystem being mounted at /207/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   92.931038][ T6287] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.942527][ T6306] pim6reg1: entered promiscuous mode
[   92.947815][ T6306] pim6reg1: entered allmulticast mode
[   92.955761][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.981534][ T6308] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6308 comm=syz.1.944
[   93.000209][ T6308] loop1: detected capacity change from 0 to 164
[   93.006581][ T3796] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.017865][ T3796] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.036317][ T3796] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.045100][ T3796] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.123740][ T6318] FAULT_INJECTION: forcing a failure.
[   93.123740][ T6318] name failslab, interval 1, probability 0, space 0, times 0
[   93.136385][ T6318] CPU: 1 UID: 0 PID: 6318 Comm: syz.1.949 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   93.136412][ T6318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   93.136424][ T6318] Call Trace:
[   93.136432][ T6318]  <TASK>
[   93.136439][ T6318]  __dump_stack+0x1d/0x30
[   93.136533][ T6318]  dump_stack_lvl+0xe8/0x140
[   93.136557][ T6318]  dump_stack+0x15/0x1b
[   93.136582][ T6318]  should_fail_ex+0x265/0x280
[   93.136604][ T6318]  should_failslab+0x8c/0xb0
[   93.136658][ T6318]  __kmalloc_node_noprof+0xbe/0x5c0
[   93.136681][ T6318]  ? qdisc_alloc+0x65/0x410
[   93.136709][ T6318]  ? strlen+0x19/0x40
[   93.136774][ T6318]  qdisc_alloc+0x65/0x410
[   93.136802][ T6318]  ? nla_strcmp+0xc3/0xe0
[   93.136828][ T6318]  qdisc_create+0xf5/0x9e0
[   93.136881][ T6318]  tc_modify_qdisc+0xf9c/0x1480
[   93.136937][ T6318]  ? __mutex_lock_slowpath+0xa/0x10
[   93.136964][ T6318]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   93.136985][ T6318]  rtnetlink_rcv_msg+0x65a/0x6d0
[   93.137018][ T6318]  netlink_rcv_skb+0x123/0x220
[   93.137104][ T6318]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   93.137139][ T6318]  rtnetlink_rcv+0x1c/0x30
[   93.137187][ T6318]  netlink_unicast+0x5c0/0x690
[   93.137283][ T6318]  netlink_sendmsg+0x58b/0x6b0
[   93.137306][ T6318]  ? __pfx_netlink_sendmsg+0x10/0x10
[   93.137358][ T6318]  __sock_sendmsg+0x145/0x180
[   93.137376][ T6318]  ____sys_sendmsg+0x31e/0x4a0
[   93.137393][ T6318]  ___sys_sendmsg+0x17b/0x1d0
[   93.137453][ T6318]  __x64_sys_sendmsg+0xd4/0x160
[   93.137502][ T6318]  x64_sys_call+0x17ba/0x3000
[   93.137518][ T6318]  do_syscall_64+0xd8/0x2a0
[   93.137614][ T6318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.137627][ T6318] RIP: 0033:0x7fb0b3a9f749
[   93.137638][ T6318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.137723][ T6318] RSP: 002b:00007fb0b24ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   93.137735][ T6318] RAX: ffffffffffffffda RBX: 00007fb0b3cf5fa0 RCX: 00007fb0b3a9f749
[   93.137817][ T6318] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000003
[   93.137824][ T6318] RBP: 00007fb0b24ff090 R08: 0000000000000000 R09: 0000000000000000
[   93.137831][ T6318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.137839][ T6318] R13: 00007fb0b3cf6038 R14: 00007fb0b3cf5fa0 R15: 00007ffd0cae5188
[   93.137850][ T6318]  </TASK>
[   93.398841][ T6322] 9pnet_fd: Insufficient options for proto=fd
[   93.411185][   T29] audit: type=1326 audit(1765052722.578:3201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6323 comm="syz.2.952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb31640f749 code=0x7ffc0000
[   93.434567][   T29] audit: type=1326 audit(1765052722.578:3202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6323 comm="syz.2.952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb31640f749 code=0x7ffc0000
[   93.465235][   T29] audit: type=1326 audit(1765052722.578:3203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6323 comm="syz.2.952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb31640f749 code=0x7ffc0000
[   93.488702][   T29] audit: type=1326 audit(1765052722.578:3204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6323 comm="syz.2.952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb31640f749 code=0x7ffc0000
[   93.512080][   T29] audit: type=1326 audit(1765052722.578:3205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6323 comm="syz.2.952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7fb31640f749 code=0x7ffc0000
[   93.692972][ T6335] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6335 comm=syz.1.956
[   93.714236][ T6335] loop1: detected capacity change from 0 to 164
[   93.748364][ T6338] pim6reg1: entered promiscuous mode
[   93.753747][ T6338] pim6reg1: entered allmulticast mode
[   94.277505][ T6373] netlink: 8 bytes leftover after parsing attributes in process `syz.4.968'.
[   94.346012][ T6373] 8021q: adding VLAN 0 to HW filter on device bond5
[   94.687561][ T6386] loop1: detected capacity change from 0 to 128
[   94.703885][ T6386] EXT4-fs: Ignoring removed nobh option
[   94.716194][ T6386] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   94.736574][ T6386] ext4 filesystem being mounted at /216/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   94.765088][ T6394] loop3: detected capacity change from 0 to 512
[   94.774048][ T6394] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   94.784080][ T3317] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   94.799594][ T6394] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.815019][ T6394] ext4 filesystem being mounted at /215/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   94.854562][ T6403] loop1: detected capacity change from 0 to 164
[   94.881600][ T3330] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.939021][ T6412] netlink: 19 bytes leftover after parsing attributes in process `syz.1.984'.
[   94.953390][ T6413] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.990738][ T6418] capability: warning: `syz.5.986' uses deprecated v2 capabilities in a way that may be insecure
[   95.001746][ T6418] Falling back ldisc for ttyS3.
[   95.011344][ T6418] loop5: detected capacity change from 0 to 512
[   95.023872][ T6413] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.034052][ T6419] loop1: detected capacity change from 0 to 512
[   95.068429][ T6419] EXT4-fs (loop1): orphan cleanup on readonly fs
[   95.079661][ T6419] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.984: bad orphan inode 13
[   95.092763][ T6419] ext4_test_bit(bit=12, block=18) = 1
[   95.098161][ T6419] is_bad_inode(inode)=0
[   95.102558][ T6419] NEXT_ORPHAN(inode)=2130706432
[   95.107430][ T6419] max_ino=32
[   95.110687][ T6419] i_nlink=1
[   95.115659][ T6419] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   95.175207][ T6413] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.203064][ T6436] loop3: detected capacity change from 0 to 164
[   95.222208][ T6437] loop4: detected capacity change from 0 to 512
[   95.273034][ T6437] FAT-fs (loop4): Directory bread(block 199916) failed
[   95.291418][ T6413] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.308347][ T6437] FAT-fs (loop4): Directory bread(block 199917) failed
[   95.315411][ T6437] FAT-fs (loop4): Directory bread(block 199918) failed
[   95.322668][ T6437] FAT-fs (loop4): Directory bread(block 199919) failed
[   95.327378][ T6439] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=6439 comm=syz.3.995
[   95.329621][ T6437] FAT-fs (loop4): Directory bread(block 199920) failed
[   95.349058][ T6437] FAT-fs (loop4): Directory bread(block 199921) failed
[   95.356328][ T6437] FAT-fs (loop4): Directory bread(block 199922) failed
[   95.371706][ T6437] FAT-fs (loop4): Directory bread(block 199923) failed
[   95.388473][ T3798] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.389332][ T6439] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=36 sclass=netlink_audit_socket pid=6439 comm=syz.3.995
[   95.397434][ T3798] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.468366][ T3798] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.513368][ T3798] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.582529][ T6455] netlink: 8 bytes leftover after parsing attributes in process `syz.2.999'.
[   95.600334][ T6455] 8021q: adding VLAN 0 to HW filter on device bond5
[   95.828982][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.922794][ T6470] pim6reg1: entered promiscuous mode
[   95.928131][ T6470] pim6reg1: entered allmulticast mode
[   95.982110][ T6472] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6472 comm=syz.1.1007
[   96.028396][ T6472] loop1: detected capacity change from 0 to 164
[   96.089281][ T6476] netlink: '+}[@': attribute type 4 has an invalid length.
[   96.111824][ T6477] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.171581][ T6477] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.212034][ T6485] loop1: detected capacity change from 0 to 128
[   96.230921][ T6485] EXT4-fs: Ignoring removed nobh option
[   96.239616][ T6485] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   96.252370][ T6485] ext4 filesystem being mounted at /228/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   96.252670][ T6477] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.299374][ T3317] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   96.320884][ T6477] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   96.393605][ T3824] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.422936][ T3824] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.443235][ T3824] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.479731][ T3824] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.573832][ T6505] pim6reg1: entered promiscuous mode
[   96.579168][ T6505] pim6reg1: entered allmulticast mode
[   96.626282][ T6507] netlink: '+}[@': attribute type 4 has an invalid length.
[   96.702024][ T6519] EXT4-fs: Ignoring removed nobh option
[   96.731354][ T6519] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   96.744594][ T6519] ext4 filesystem being mounted at /226/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   96.786693][ T3330] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   96.807944][ T6522] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6522 comm=syz.3.1027
[   97.361299][ T6539] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1033: bg 0: block 248: padding at end of block bitmap is not set
[   97.376116][ T6539] __quota_error: 103 callbacks suppressed
[   97.376176][ T6539] Quota error (device loop3): write_blk: dquota write failed
[   97.389375][ T6539] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[   97.400170][ T6539] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.1033: Failed to acquire dquot type 1
[   97.412318][ T6539] EXT4-fs (loop3): 1 truncate cleaned up
[   97.418502][ T6548] EXT4-fs: Ignoring removed nobh option
[   97.424590][ T6539] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   97.437622][ T6539] ext4 filesystem being mounted at /232/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   97.442957][ T6548] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   97.461193][ T6548] ext4 filesystem being mounted at /236/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   97.472371][ T6539] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   97.496588][ T3330] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.554679][ T6558] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6558 comm=syz.3.1039
[   97.572986][ T3317] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   97.658846][ T6571] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.713334][ T6571] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.733754][ T6573] netlink: '+}[@': attribute type 4 has an invalid length.
[   97.768000][   T29] audit: type=1400 audit(1765052726.928:3309): avc:  denied  { execute } for  pid=6584 comm="syz.3.1051" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=20561 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[   97.816991][ T6571] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.844024][ T6586] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1051'.
[   97.882575][ T6598] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6598 comm=syz.2.1056
[   97.905806][ T6571] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.916859][ T6595] bridge_slave_0: left allmulticast mode
[   97.922587][ T6595] bridge_slave_0: left promiscuous mode
[   97.928225][ T6595] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.936725][ T6595] bridge_slave_1: left allmulticast mode
[   97.942480][ T6595] bridge_slave_1: left promiscuous mode
[   97.948160][ T6595] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.966731][ T6595] bond0: (slave bond_slave_0): Releasing backup interface
[   97.974929][ T6595] bond0: (slave bond_slave_1): Releasing backup interface
[   97.983346][ T6595] team0: Port device team_slave_0 removed
[   97.989796][ T6595] team0: Port device team_slave_1 removed
[   97.995859][ T6595] batman_adv: batadv0: Removing interface: batadv_slave_0
[   98.006222][ T6595] batman_adv: batadv0: Removing interface: batadv_slave_1
[   98.019890][ T6595] net_ratelimit: 117 callbacks suppressed
[   98.019954][ T6595] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   98.084431][ T3801] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.093027][ T3801] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.117753][ T3801] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.219824][ T3817] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.330484][ T6618] netlink: 'syz.2.1064': attribute type 4 has an invalid length.
[   98.519513][   T29] audit: type=1326 audit(1765052727.688:3310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6626 comm="syz.1.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[   98.543794][   T29] audit: type=1326 audit(1765052727.688:3311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6626 comm="syz.1.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[   98.567238][   T29] audit: type=1326 audit(1765052727.688:3312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6626 comm="syz.1.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[   98.590948][   T29] audit: type=1326 audit(1765052727.688:3313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6626 comm="syz.1.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[   98.614630][   T29] audit: type=1326 audit(1765052727.688:3314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6626 comm="syz.1.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[   98.701359][ T6632] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6632 comm=syz.3.1070
[   98.761818][   T29] audit: type=1400 audit(1765052727.918:3315): avc:  denied  { setopt } for  pid=6637 comm="syz.3.1073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   98.873597][   T29] audit: type=1326 audit(1765052728.038:3316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6651 comm="syz.3.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[   98.931402][ T6659] netlink: 'syz.2.1084': attribute type 4 has an invalid length.
[   98.980398][ T6665] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6665 comm=syz.5.1086
[   98.996679][ T6665] set_capacity_and_notify: 7 callbacks suppressed
[   98.996689][ T6665] loop5: detected capacity change from 0 to 164
[   99.205750][ T6684] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1087'.
[   99.220011][ T6684] team0 (unregistering): Port device team_slave_0 removed
[   99.246447][ T6684] team0 (unregistering): Port device team_slave_1 removed
[   99.351396][ T6690] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1094'.
[   99.369511][ T6690] 8021q: adding VLAN 0 to HW filter on device bond2
[   99.471745][ T6698] netlink: 'syz.2.1096': attribute type 4 has an invalid length.
[   99.680785][ T6706] pim6reg1: entered promiscuous mode
[   99.686099][ T6706] pim6reg1: entered allmulticast mode
[   99.853019][ T6718] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6718 comm=syz.2.1104
[   99.870510][ T6718] loop2: detected capacity change from 0 to 164
[  100.247838][ T6753] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.290625][ T6753] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.340882][ T6753] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.400825][ T6753] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.432515][ T6757] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6757 comm=syz.4.1119
[  100.448502][ T6757] loop4: detected capacity change from 0 to 164
[  100.464662][ T3801] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.488015][ T3801] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.496495][ T3801] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.510010][ T3801] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.529428][ T6761] loop4: detected capacity change from 0 to 128
[  100.537280][ T6761] EXT4-fs: Ignoring removed nobh option
[  100.545929][ T6761] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  100.558544][ T6761] ext4 filesystem being mounted at /202/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  100.582387][ T3326] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  100.608964][ T6769] netlink: '+}[@': attribute type 4 has an invalid length.
[  100.642772][ T6772] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1122'.
[  100.653057][ T6774] FAULT_INJECTION: forcing a failure.
[  100.653057][ T6774] name failslab, interval 1, probability 0, space 0, times 0
[  100.657620][ T6772] 8021q: adding VLAN 0 to HW filter on device bond6
[  100.665692][ T6774] CPU: 1 UID: 0 PID: 6774 Comm: syz.4.1125 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  100.665719][ T6774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  100.665804][ T6774] Call Trace:
[  100.665810][ T6774]  <TASK>
[  100.665818][ T6774]  __dump_stack+0x1d/0x30
[  100.665843][ T6774]  dump_stack_lvl+0xe8/0x140
[  100.665872][ T6774]  dump_stack+0x15/0x1b
[  100.665893][ T6774]  should_fail_ex+0x265/0x280
[  100.665917][ T6774]  should_failslab+0x8c/0xb0
[  100.666020][ T6774]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[  100.666045][ T6774]  ? preload_this_cpu_lock+0x5b/0xd0
[  100.666086][ T6774]  preload_this_cpu_lock+0x5b/0xd0
[  100.666115][ T6774]  alloc_vmap_area+0x333/0xea0
[  100.666138][ T6774]  ? should_fail_ex+0xdb/0x280
[  100.666208][ T6774]  ? __kmalloc_cache_node_noprof+0x2b3/0x4d0
[  100.666236][ T6774]  __get_vm_area_node+0x173/0x1d0
[  100.666261][ T6774]  __vmalloc_node_range_noprof+0x28e/0x1310
[  100.666310][ T6774]  ? copy_process+0x37d/0x1ef0
[  100.666407][ T6774]  ? refill_obj_stock+0x254/0x2e0
[  100.666502][ T6774]  ? obj_cgroup_charge_account+0xba/0x1a0
[  100.666532][ T6774]  ? __rcu_read_unlock+0x4f/0x70
[  100.666578][ T6774]  ? __memcg_slab_post_alloc_hook+0x44b/0x530
[  100.666641][ T6774]  __vmalloc_node_noprof+0x89/0xc0
[  100.666702][ T6774]  ? copy_process+0x37d/0x1ef0
[  100.666721][ T6774]  ? copy_process+0x37d/0x1ef0
[  100.666742][ T6774]  dup_task_struct+0x405/0x8e0
[  100.666771][ T6774]  ? copy_process+0x36c/0x1ef0
[  100.666790][ T6774]  copy_process+0x37d/0x1ef0
[  100.666809][ T6774]  ? kstrtouint+0x76/0xc0
[  100.666828][ T6774]  ? kstrtouint_from_user+0x9f/0xf0
[  100.666921][ T6774]  ? 0xffffffff81000000
[  100.666939][ T6774]  kernel_clone+0x16c/0x5c0
[  100.666961][ T6774]  ? vfs_write+0x7e8/0x960
[  100.666980][ T6774]  ? 0xffffffffff600000
[  100.667062][ T6774]  __x64_sys_clone+0xe6/0x120
[  100.667088][ T6774]  ? 0xffffffffff600000
[  100.667105][ T6774]  x64_sys_call+0x12d0/0x3000
[  100.667130][ T6774]  do_syscall_64+0xd8/0x2a0
[  100.667192][ T6774]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.667265][ T6774] RIP: 0033:0x7f94bcecf749
[  100.667281][ T6774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.667301][ T6774] RSP: 002b:00007f94bb92efe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  100.667321][ T6774] RAX: ffffffffffffffda RBX: 00007f94bd125fa0 RCX: 00007f94bcecf749
[  100.667334][ T6774] RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000021000
[  100.667419][ T6774] RBP: 00007f94bb92f090 R08: ffffffffff600000 R09: ffffffffff600000
[  100.667433][ T6774] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  100.667475][ T6774] R13: 00007f94bd126038 R14: 00007f94bd125fa0 R15: 00007fff3dd8be38
[  100.667491][ T6774]  ? 0xffffffffff600000
[  100.667504][ T6774]  ? 0xffffffffff600000
[  100.667520][ T6774]  </TASK>
[  101.004853][ T6784] loop5: detected capacity change from 0 to 1024
[  101.021233][ T6784] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.048701][ T6784] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1128'.
[  101.486462][ T6797] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.542840][ T6797] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.577224][ T5269] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.603329][ T6799] loop5: detected capacity change from 0 to 128
[  101.610346][ T6799] EXT4-fs: Ignoring removed nobh option
[  101.621337][ T6799] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  101.621452][ T6797] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.643672][ T6799] ext4 filesystem being mounted at /91/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  101.677146][ T5269] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  101.688250][ T6797] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  101.995509][ T6825] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1142'.
[  102.009566][ T6825] 8021q: adding VLAN 0 to HW filter on device bond2
[  102.406559][ T6830] loop1: detected capacity change from 0 to 1024
[  102.430476][ T6830] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  102.444521][   T29] kauditd_printk_skb: 98 callbacks suppressed
[  102.444534][   T29] audit: type=1326 audit(1765052731.608:3415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6829 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  102.474110][   T29] audit: type=1326 audit(1765052731.608:3416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6829 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  102.476593][ T6830] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1144'.
[  102.497562][   T29] audit: type=1326 audit(1765052731.608:3417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6829 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  102.529890][   T29] audit: type=1326 audit(1765052731.608:3418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6829 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  102.553343][   T29] audit: type=1326 audit(1765052731.608:3419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6829 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  102.576821][   T29] audit: type=1326 audit(1765052731.608:3420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6829 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  102.600263][   T29] audit: type=1326 audit(1765052731.608:3421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6829 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  102.623566][   T29] audit: type=1326 audit(1765052731.608:3422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6829 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  102.646994][   T29] audit: type=1326 audit(1765052731.608:3423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6829 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  102.670420][   T29] audit: type=1326 audit(1765052731.608:3424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6829 comm="syz.1.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  102.820387][ T6842] loop4: detected capacity change from 0 to 128
[  102.828043][ T6842] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  102.841648][ T6842] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  102.872130][ T3802] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  102.892323][ T6849] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6849 comm=syz.4.1151
[  102.908976][ T6849] loop4: detected capacity change from 0 to 164
[  103.025923][ T6862] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1155'.
[  103.043302][ T6862] 8021q: adding VLAN 0 to HW filter on device bond6
[  103.060573][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.093205][ T6865] loop1: detected capacity change from 0 to 512
[  103.101562][ T6865] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  103.122437][ T6865] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.135256][ T6865] ext4 filesystem being mounted at /249/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  103.149072][ T6865] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1157'.
[  103.158217][ T6865] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1157'.
[  103.765076][   T42] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.783019][   T42] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.801408][   T42] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.821526][   T42] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.886382][ T6878] pim6reg1: entered promiscuous mode
[  103.892077][ T6878] pim6reg1: entered allmulticast mode
[  104.021750][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.034402][ T6897] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1171'.
[  104.043368][ T6897] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1171'.
[  104.052260][ T6897] netlink: 'syz.2.1171': attribute type 6 has an invalid length.
[  104.082691][ T6902] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1169'.
[  104.095239][ T6905] loop2: detected capacity change from 0 to 512
[  104.096757][ T6897] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1171'.
[  104.102272][ T3818] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  104.110721][ T6897] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1171'.
[  104.110750][ T6897] netlink: 'syz.2.1171': attribute type 6 has an invalid length.
[  104.122285][ T3818] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  104.139018][ T6905] EXT4-fs: Ignoring removed nomblk_io_submit option
[  104.163525][ T6906] loop1: detected capacity change from 0 to 2048
[  104.170366][ T6902] 8021q: adding VLAN 0 to HW filter on device bond7
[  104.178629][ T3818] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  104.195076][ T6905] EXT4-fs error (device loop2): __ext4_iget:5426: inode #11: block 1: comm syz.2.1171: invalid block
[  104.206763][ T6905] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.1171: couldn't read orphan inode 11 (err -117)
[  104.220653][ T6905] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.241492][ T6906] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  104.250624][ T3818] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  104.259502][ T6897] EXT4-fs error (device loop2): ext4_add_entry:2415: inode #2: comm syz.2.1171: Directory hole found for htree leaf block 0
[  104.310035][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.345735][ T6923] pim6reg1: entered promiscuous mode
[  104.351136][ T6923] pim6reg1: entered allmulticast mode
[  104.373092][ T6906] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  104.388138][ T6906] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 926 with error 28
[  104.400554][ T6906] EXT4-fs (loop1): This should not happen!! Data will be lost
[  104.400554][ T6906] 
[  104.410218][ T6906] EXT4-fs (loop1): Total free blocks count 0
[  104.416232][ T6906] EXT4-fs (loop1): Free/Dirty block details
[  104.422157][ T6906] EXT4-fs (loop1): free_blocks=2415919104
[  104.427867][ T6906] EXT4-fs (loop1): dirty_blocks=928
[  104.433190][ T6906] EXT4-fs (loop1): Block reservation details
[  104.439185][ T6906] EXT4-fs (loop1): i_reserved_data_blocks=58
[  104.611432][ T6937] loop3: detected capacity change from 0 to 128
[  104.619581][   T42] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 926 with error 28
[  104.622407][ T6937] EXT4-fs: Ignoring removed nobh option
[  104.640596][ T6937] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  104.652948][ T6937] ext4 filesystem being mounted at /278/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  104.702259][ T3330] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  104.824714][ T6956] pim6reg1: entered promiscuous mode
[  104.830135][ T6956] pim6reg1: entered allmulticast mode
[  104.965786][ T6971] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.024007][ T6971] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.066298][ T6977] netlink: '+}[@': attribute type 4 has an invalid length.
[  105.121469][ T6971] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.187566][ T6971] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.284476][ T6999] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1205'.
[  105.300997][ T3818] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.331677][ T6999] 8021q: adding VLAN 0 to HW filter on device bond3
[  105.358795][ T3818] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.396132][ T3818] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.404428][ T3818] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.814538][ T7009] pim6reg1: entered promiscuous mode
[  105.819995][ T7009] pim6reg1: entered allmulticast mode
[  105.939471][ T7015] netlink: '+}[@': attribute type 4 has an invalid length.
[  106.104495][ T7031] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1220'.
[  106.117848][ T7031] 8021q: adding VLAN 0 to HW filter on device bond4
[  106.936891][ T7049] netlink: '+}[@': attribute type 4 has an invalid length.
[  107.082235][ T7062] 8021q: adding VLAN 0 to HW filter on device bond3
[  107.449744][ T7072] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  107.490618][   T29] kauditd_printk_skb: 100 callbacks suppressed
[  107.490678][   T29] audit: type=1326 audit(1765052736.658:3525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7075 comm="syz.5.1236" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6ce3d9f749 code=0x0
[  107.656718][ T7081] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.710698][ T7081] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.761303][ T7081] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.811478][ T7081] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.842828][   T29] audit: type=1326 audit(1765052737.008:3526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7087 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  107.866484][   T29] audit: type=1326 audit(1765052737.008:3527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7087 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  107.890140][   T29] audit: type=1326 audit(1765052737.008:3528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7087 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  107.913674][   T29] audit: type=1326 audit(1765052737.008:3529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7087 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  107.937216][   T29] audit: type=1326 audit(1765052737.008:3530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7087 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  107.960879][   T29] audit: type=1326 audit(1765052737.008:3531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7087 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  107.984294][   T29] audit: type=1326 audit(1765052737.008:3532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7087 comm="syz.3.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  108.016636][ T3850] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.034461][   T58] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.046684][   T58] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.059569][   T58] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.069027][ T7094] netlink: '+}[@': attribute type 4 has an invalid length.
[  108.140392][ T7105] loop1: detected capacity change from 0 to 128
[  108.146864][ T7105] EXT4-fs: Ignoring removed nobh option
[  108.154891][ T7105] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  108.156363][ T7105] ext4 filesystem being mounted at /264/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  108.222766][ T3317] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  108.406133][ T7124] __nla_validate_parse: 2 callbacks suppressed
[  108.406154][ T7124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1253'.
[  108.437760][ T7125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1249'.
[  108.462796][ T7125] 8021q: adding VLAN 0 to HW filter on device bond2
[  108.523896][ T7128] netlink: '+}[@': attribute type 4 has an invalid length.
[  109.157808][   T29] audit: type=1326 audit(1765052738.318:3533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7144 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[  109.212422][ T7146] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.246062][   T29] audit: type=1326 audit(1765052738.348:3534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7144 comm="syz.4.1261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94bcecf749 code=0x7ffc0000
[  109.346035][ T7146] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.362166][ T7157] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=7157 comm=syz.5.1266
[  109.387300][ T7157] loop5: detected capacity change from 0 to 164
[  109.434323][ T7146] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.477142][ T7153] loop4: detected capacity change from 0 to 8192
[  109.511797][ T7146] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.529562][ T3311]  loop4: p2 p3 p4
[  109.533947][ T3311] loop4: p2 start 164919041 is beyond EOD, truncated
[  109.540666][ T3311] loop4: p3 size 66846464 extends beyond EOD, truncated
[  109.554050][ T3311] loop4: p4 size 37048832 extends beyond EOD, truncated
[  109.579262][ T7153]  loop4: p2 p3 p4
[  109.586416][ T7153] loop4: p2 start 164919041 is beyond EOD, truncated
[  109.593152][ T7153] loop4: p3 size 66846464 extends beyond EOD, truncated
[  109.605817][ T7153] loop4: p4 size 37048832 extends beyond EOD, truncated
[  109.667453][ T7173] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1272'.
[  109.680535][ T7173] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1272'.
[  109.691394][ T7174] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1270'.
[  109.716438][ T7174] 8021q: adding VLAN 0 to HW filter on device bond4
[  109.861965][ T7187] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=7187 comm=syz.2.1277
[  109.878231][ T7187] loop2: detected capacity change from 0 to 164
[  109.910334][ T7189] netlink: '+}[@': attribute type 4 has an invalid length.
[  109.928061][ T4076] udevd[4076]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  109.938880][ T3311] udevd[3311]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  109.958177][ T7194] loop4: detected capacity change from 0 to 512
[  109.965103][ T7194] journal_path: Non-blockdev passed as './bus'
[  109.971310][ T7194] EXT4-fs: error: could not find journal device path
[  109.982916][ T7194] SELinux:  policydb magic number 0x1 does not match expected magic number 0xf97cff8c
[  109.992576][ T7194] SELinux: failed to load policy
[  110.033965][ T7199] pim6reg1: entered promiscuous mode
[  110.039591][ T7199] pim6reg1: entered allmulticast mode
[  110.075097][ T7203] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1284'.
[  110.084466][ T7203] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1284'.
[  110.315927][ T7213] FAULT_INJECTION: forcing a failure.
[  110.315927][ T7213] name failslab, interval 1, probability 0, space 0, times 0
[  110.328622][ T7213] CPU: 1 UID: 0 PID: 7213 Comm: syz.4.1288 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  110.328650][ T7213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  110.328664][ T7213] Call Trace:
[  110.328764][ T7213]  <TASK>
[  110.328771][ T7213]  __dump_stack+0x1d/0x30
[  110.328798][ T7213]  dump_stack_lvl+0xe8/0x140
[  110.328892][ T7213]  dump_stack+0x15/0x1b
[  110.328920][ T7213]  should_fail_ex+0x265/0x280
[  110.328945][ T7213]  should_failslab+0x8c/0xb0
[  110.328968][ T7213]  __kmalloc_cache_noprof+0x65/0x4c0
[  110.329058][ T7213]  ? tcf_action_init_1+0x11e/0x4a0
[  110.329086][ T7213]  tcf_action_init_1+0x11e/0x4a0
[  110.329174][ T7213]  tcf_action_init+0x267/0x6d0
[  110.329198][ T7213]  ? rep_movs_alternative+0xf/0x90
[  110.329245][ T7213]  tc_ctl_action+0x291/0x830
[  110.329283][ T7213]  ? __pfx_tc_ctl_action+0x10/0x10
[  110.329386][ T7213]  rtnetlink_rcv_msg+0x65a/0x6d0
[  110.329424][ T7213]  netlink_rcv_skb+0x123/0x220
[  110.329450][ T7213]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  110.329508][ T7213]  rtnetlink_rcv+0x1c/0x30
[  110.329540][ T7213]  netlink_unicast+0x5c0/0x690
[  110.329627][ T7213]  netlink_sendmsg+0x58b/0x6b0
[  110.329657][ T7213]  ? __pfx_netlink_sendmsg+0x10/0x10
[  110.329687][ T7213]  __sock_sendmsg+0x145/0x180
[  110.329841][ T7213]  ____sys_sendmsg+0x31e/0x4a0
[  110.329937][ T7213]  ___sys_sendmsg+0x17b/0x1d0
[  110.330049][ T7213]  __x64_sys_sendmsg+0xd4/0x160
[  110.330077][ T7213]  x64_sys_call+0x17ba/0x3000
[  110.330099][ T7213]  do_syscall_64+0xd8/0x2a0
[  110.330134][ T7213]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.330218][ T7213] RIP: 0033:0x7f94bcecf749
[  110.330233][ T7213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.330250][ T7213] RSP: 002b:00007f94bb92f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  110.330339][ T7213] RAX: ffffffffffffffda RBX: 00007f94bd125fa0 RCX: 00007f94bcecf749
[  110.330352][ T7213] RDX: 00000000040040c0 RSI: 0000200000000100 RDI: 0000000000000005
[  110.330365][ T7213] RBP: 00007f94bb92f090 R08: 0000000000000000 R09: 0000000000000000
[  110.330378][ T7213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  110.330434][ T7213] R13: 00007f94bd126038 R14: 00007f94bd125fa0 R15: 00007fff3dd8be38
[  110.330453][ T7213]  </TASK>
[  110.605288][ T7217] netlink: 'syz.3.1289': attribute type 1 has an invalid length.
[  110.713324][ T7222] netlink: '+}[@': attribute type 4 has an invalid length.
[  110.725241][ T7223] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=7223 comm=syz.4.1290
[  110.781507][ T7223] loop4: detected capacity change from 0 to 164
[  110.822081][ T7226] loop3: detected capacity change from 0 to 512
[  110.828817][ T7226] journal_path: Non-blockdev passed as './bus'
[  110.835117][ T7226] EXT4-fs: error: could not find journal device path
[  110.866649][ T7228] pim6reg1: entered promiscuous mode
[  110.872072][ T7228] pim6reg1: entered allmulticast mode
[  110.912613][ T7230] pim6reg: entered allmulticast mode
[  110.920398][ T7230] pim6reg: left allmulticast mode
[  111.151405][ T7248] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1299'.
[  111.174566][ T7248] 8021q: adding VLAN 0 to HW filter on device bond8
[  111.243216][ T7255] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=7255 comm=syz.2.1305
[  111.259000][ T7255] loop2: detected capacity change from 0 to 164
[  111.300417][ T7259] pim6reg1: entered promiscuous mode
[  111.305761][ T7259] pim6reg1: entered allmulticast mode
[  111.409904][ T7263] pim6reg: entered allmulticast mode
[  111.425174][ T7263] pim6reg: left allmulticast mode
[  111.598329][ T7283] pim6reg1: entered promiscuous mode
[  111.603766][ T7283] pim6reg1: entered allmulticast mode
[  111.734378][ T7286] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=7286 comm=syz.2.1320
[  111.753823][ T7286] loop2: detected capacity change from 0 to 164
[  111.794164][ T3829] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.824557][ T3829] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.838455][ T3829] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.855452][ T3829] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.941881][ T7301] netlink: '+}[@': attribute type 4 has an invalid length.
[  111.979168][ T7306] pim6reg1: entered promiscuous mode
[  111.984520][ T7306] pim6reg1: entered allmulticast mode
[  112.020690][ T7310] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1332'.
[  112.221269][ T7326] netlink: 19 bytes leftover after parsing attributes in process `syz.4.1338'.
[  112.320178][ T7332] loop4: detected capacity change from 0 to 512
[  112.354018][ T7332] EXT4-fs (loop4): orphan cleanup on readonly fs
[  112.372357][ T7332] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.1338: bad orphan inode 13
[  112.383164][ T7332] ext4_test_bit(bit=12, block=18) = 1
[  112.388553][ T7332] is_bad_inode(inode)=0
[  112.392710][ T7332] NEXT_ORPHAN(inode)=2130706432
[  112.397570][ T7332] max_ino=32
[  112.400829][ T7332] i_nlink=1
[  112.405175][ T7332] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  112.513818][ T7346] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=7346 comm=syz.1.1346
[  112.592955][ T7346] loop1: detected capacity change from 0 to 164
[  112.684789][ T7359] pim6reg1: entered promiscuous mode
[  112.690218][ T7359] pim6reg1: entered allmulticast mode
[  112.767829][   T29] kauditd_printk_skb: 208 callbacks suppressed
[  112.767845][   T29] audit: type=1326 audit(1765052741.928:3741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  112.798091][   T29] audit: type=1326 audit(1765052741.928:3742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  112.821635][   T29] audit: type=1326 audit(1765052741.928:3743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  112.845090][   T29] audit: type=1326 audit(1765052741.928:3744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f4bb7e515dc code=0x7ffc0000
[  112.868648][   T29] audit: type=1326 audit(1765052741.928:3745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f4bb7e51514 code=0x7ffc0000
[  112.892011][   T29] audit: type=1326 audit(1765052741.928:3746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f4bb7e51514 code=0x7ffc0000
[  112.915412][   T29] audit: type=1326 audit(1765052741.928:3747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  112.938839][   T29] audit: type=1326 audit(1765052741.928:3748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  112.963083][   T29] audit: type=1326 audit(1765052741.988:3749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  112.986498][   T29] audit: type=1326 audit(1765052741.988:3750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  113.010621][ T7386] netlink: 'syz.3.1358': attribute type 1 has an invalid length.
[  113.018390][ T7386] netlink: 'syz.3.1358': attribute type 2 has an invalid length.
[  113.028899][ T7377] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  113.103516][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.123044][ T7391] pim6reg1: entered promiscuous mode
[  113.128351][ T7391] pim6reg1: entered allmulticast mode
[  113.140205][ T7394] journal_path: Non-blockdev passed as './bus'
[  113.146377][ T7394] EXT4-fs: error: could not find journal device path
[  113.349790][ T7415] netlink: '+}[@': attribute type 4 has an invalid length.
[  113.421969][ T7430] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.487890][ T7431] grow_buffers: requested out-of-range block 18446744071681881834 for device loop2
[  113.497293][ T7431] isofs_fill_super: bread failed, dev=loop2, iso_blknum=1133648757, block=-2027669782
[  113.511527][ T7430] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.558374][ T7438] __nla_validate_parse: 2 callbacks suppressed
[  113.558390][ T7438] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1379'.
[  113.577771][ T7430] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.627436][ T7430] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.697303][ T3820] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.713804][ T3850] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.722177][ T7447] pim6reg1: entered promiscuous mode
[  113.727476][ T7447] pim6reg1: entered allmulticast mode
[  113.746364][ T3818] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.757940][ T3818] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.792508][ T7453] netlink: '+}[@': attribute type 4 has an invalid length.
[  113.803981][ T7455] FAULT_INJECTION: forcing a failure.
[  113.803981][ T7455] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  113.817117][ T7455] CPU: 0 UID: 0 PID: 7455 Comm: syz.5.1387 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  113.817144][ T7455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  113.817155][ T7455] Call Trace:
[  113.817161][ T7455]  <TASK>
[  113.817167][ T7455]  __dump_stack+0x1d/0x30
[  113.817192][ T7455]  dump_stack_lvl+0xe8/0x140
[  113.817217][ T7455]  dump_stack+0x15/0x1b
[  113.817239][ T7455]  should_fail_ex+0x265/0x280
[  113.817264][ T7455]  should_fail+0xb/0x20
[  113.817374][ T7455]  should_fail_usercopy+0x1a/0x20
[  113.817396][ T7455]  _copy_from_user+0x1c/0xb0
[  113.817421][ T7455]  sock_do_ioctl+0xe6/0x220
[  113.817538][ T7455]  sock_ioctl+0x41b/0x610
[  113.817589][ T7455]  ? __pfx_sock_ioctl+0x10/0x10
[  113.817720][ T7455]  __se_sys_ioctl+0xce/0x140
[  113.817748][ T7455]  __x64_sys_ioctl+0x43/0x50
[  113.817775][ T7455]  x64_sys_call+0x14b0/0x3000
[  113.817893][ T7455]  do_syscall_64+0xd8/0x2a0
[  113.818002][ T7455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.818026][ T7455] RIP: 0033:0x7f6ce3d9f749
[  113.818042][ T7455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.818134][ T7455] RSP: 002b:00007f6ce27ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  113.818152][ T7455] RAX: ffffffffffffffda RBX: 00007f6ce3ff5fa0 RCX: 00007f6ce3d9f749
[  113.818215][ T7455] RDX: 00002000000004c0 RSI: 0000000000008914 RDI: 0000000000000004
[  113.818227][ T7455] RBP: 00007f6ce27ff090 R08: 0000000000000000 R09: 0000000000000000
[  113.818239][ T7455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.818252][ T7455] R13: 00007f6ce3ff6038 R14: 00007f6ce3ff5fa0 R15: 00007fff23d03138
[  113.818271][ T7455]  </TASK>
[  114.082502][ T7461] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  114.095252][ T7461] ext4 filesystem being mounted at /150/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  114.108106][ T7461] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1390: bg 0: block 360: padding at end of block bitmap is not set
[  114.132812][ T5269] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  114.261051][ T7475] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=7475 comm=syz.2.1393
[  114.430979][ T7489] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.463637][ T7491] 9pnet_fd: Insufficient options for proto=fd
[  114.516110][ T7489] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.597639][ T7489] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.660779][ T7489] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.702361][ T7499] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1401'.
[  114.728507][ T7499] 8021q: adding VLAN 0 to HW filter on device bond7
[  114.931473][ T7502] netlink: 19 bytes leftover after parsing attributes in process `syz.3.1402'.
[  114.998052][ T7503] set_capacity_and_notify: 4 callbacks suppressed
[  114.998065][ T7503] loop3: detected capacity change from 0 to 512
[  115.014758][ T7503] EXT4-fs (loop3): orphan cleanup on readonly fs
[  115.022089][ T7503] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.1402: bad orphan inode 13
[  115.032678][ T7503] ext4_test_bit(bit=12, block=18) = 1
[  115.038059][ T7503] is_bad_inode(inode)=0
[  115.042263][ T7503] NEXT_ORPHAN(inode)=2130706432
[  115.047206][ T7503] max_ino=32
[  115.050437][ T7503] i_nlink=1
[  115.054383][ T7503] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  115.080867][ T7506] netlink: '+}[@': attribute type 4 has an invalid length.
[  115.164350][ T7516] loop5: detected capacity change from 0 to 164
[  115.212374][ T7520] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1409'.
[  115.221556][ T7520] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1409'.
[  115.322265][ T7528] 9pnet_fd: Insufficient options for proto=fd
[  115.427112][ T7533] loop5: detected capacity change from 0 to 512
[  115.436800][ T7533] FAT-fs (loop5): Directory bread(block 199916) failed
[  115.463036][ T7533] FAT-fs (loop5): Directory bread(block 199917) failed
[  115.473437][ T7533] FAT-fs (loop5): Directory bread(block 199918) failed
[  115.480518][ T7533] FAT-fs (loop5): Directory bread(block 199919) failed
[  115.487648][ T7533] FAT-fs (loop5): Directory bread(block 199920) failed
[  115.495182][ T7533] FAT-fs (loop5): Directory bread(block 199921) failed
[  115.502260][ T7533] FAT-fs (loop5): Directory bread(block 199922) failed
[  115.516143][ T7533] FAT-fs (loop5): Directory bread(block 199923) failed
[  115.671705][ T7549] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1421'.
[  115.680948][ T7549] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1421'.
[  115.780042][ T3330] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.812746][ T7557] 9pnet_fd: Insufficient options for proto=fd
[  115.975451][ T7570] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1427'.
[  115.991090][ T7570] 8021q: adding VLAN 0 to HW filter on device bond3
[  116.123001][ T7581] netlink: '+}[@': attribute type 4 has an invalid length.
[  116.278933][ T7591] loop3: detected capacity change from 0 to 164
[  116.476043][ T7604] netlink: '': attribute type 7 has an invalid length.
[  116.617268][ T7611] loop2: detected capacity change from 0 to 164
[  116.624326][ T7610] 9pnet_fd: Insufficient options for proto=fd
[  116.689019][ T7617] pim6reg1: entered promiscuous mode
[  116.694383][ T7617] pim6reg1: entered allmulticast mode
[  116.884933][ T7637] loop3: detected capacity change from 0 to 164
[  117.028547][ T7651] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1465'.
[  117.043235][ T7651] 8021q: adding VLAN 0 to HW filter on device bond8
[  117.462486][   T58] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.482465][   T58] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.500836][   T58] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.517901][   T58] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.544293][ T7660] loop4: detected capacity change from 0 to 256
[  117.837547][   T29] kauditd_printk_skb: 120 callbacks suppressed
[  117.837561][   T29] audit: type=1326 audit(1765052746.998:3871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  117.866437][   T29] audit: type=1326 audit(1765052746.998:3872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  117.889074][   T29] audit: type=1326 audit(1765052746.998:3873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  117.911697][   T29] audit: type=1326 audit(1765052747.008:3874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  117.934286][   T29] audit: type=1326 audit(1765052747.008:3875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  117.959870][   T29] audit: type=1326 audit(1765052747.048:3876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  117.982360][   T29] audit: type=1326 audit(1765052747.048:3877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  118.004965][   T29] audit: type=1326 audit(1765052747.048:3878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  118.027405][   T29] audit: type=1326 audit(1765052747.048:3879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  118.049986][   T29] audit: type=1326 audit(1765052747.048:3880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7690 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4bb7e4f749 code=0x7ffc0000
[  118.185378][ T7701] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1484'.
[  118.367087][ T7722] loop5: detected capacity change from 0 to 164
[  118.437257][ T7728] lo speed is unknown, defaulting to 1000
[  118.446788][ T7728] lo speed is unknown, defaulting to 1000
[  118.453012][ T7728] lo speed is unknown, defaulting to 1000
[  118.459308][ T7728] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  118.467010][ T7728] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  118.502795][ T7728] lo speed is unknown, defaulting to 1000
[  118.515141][ T7728] lo speed is unknown, defaulting to 1000
[  118.521563][ T7728] lo speed is unknown, defaulting to 1000
[  118.527654][ T7728] lo speed is unknown, defaulting to 1000
[  118.534046][ T7728] lo speed is unknown, defaulting to 1000
[  118.786231][ T7748] loop3: detected capacity change from 0 to 1024
[  118.798651][ T7751] loop4: detected capacity change from 0 to 2048
[  118.806143][ T7748] ext4: Unknown parameter 'fsuuid'
[  118.820474][ T7751] EXT4-fs (loop4): invalid inodes per group: 134217760
[  118.820474][ T7751] 
[  118.946585][ T7758] 9pnet_fd: Insufficient options for proto=fd
[  119.178026][ T7766] pim6reg1: entered promiscuous mode
[  119.183403][ T7766] pim6reg1: entered allmulticast mode
[  119.217825][ T7768] __nla_validate_parse: 5 callbacks suppressed
[  119.217838][ T7768] netlink: 19 bytes leftover after parsing attributes in process `syz.4.1511'.
[  119.293697][ T7769] EXT4-fs (loop4): orphan cleanup on readonly fs
[  119.308328][ T7769] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.1511: bad orphan inode 13
[  119.319014][ T7769] ext4_test_bit(bit=12, block=18) = 1
[  119.324469][ T7769] is_bad_inode(inode)=0
[  119.328617][ T7769] NEXT_ORPHAN(inode)=2130706432
[  119.333503][ T7769] max_ino=32
[  119.336691][ T7769] i_nlink=1
[  119.343217][ T7769] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  119.408446][ T7776] netlink: '+}[@': attribute type 4 has an invalid length.
[  119.449275][ T7780] FAULT_INJECTION: forcing a failure.
[  119.449275][ T7780] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  119.462384][ T7780] CPU: 0 UID: 0 PID: 7780 Comm: syz.5.1516 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  119.462408][ T7780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  119.462483][ T7780] Call Trace:
[  119.462489][ T7780]  <TASK>
[  119.462497][ T7780]  __dump_stack+0x1d/0x30
[  119.462519][ T7780]  dump_stack_lvl+0xe8/0x140
[  119.462538][ T7780]  dump_stack+0x15/0x1b
[  119.462556][ T7780]  should_fail_ex+0x265/0x280
[  119.462604][ T7780]  should_fail+0xb/0x20
[  119.462621][ T7780]  should_fail_usercopy+0x1a/0x20
[  119.462642][ T7780]  _copy_from_user+0x1c/0xb0
[  119.462740][ T7780]  restore_altstack+0x4b/0x2d0
[  119.462758][ T7780]  ? __set_task_blocked+0x23a/0x2a0
[  119.462787][ T7780]  __ia32_sys_rt_sigreturn+0xdc/0x350
[  119.462885][ T7780]  ? __schedule+0x85f/0xcd0
[  119.462906][ T7780]  ? xfd_validate_state+0x45/0xf0
[  119.462929][ T7780]  ? restore_fpregs_from_fpstate+0x61/0x120
[  119.462948][ T7780]  ? __rcu_read_unlock+0x4f/0x70
[  119.462967][ T7780]  x64_sys_call+0x274a/0x3000
[  119.463028][ T7780]  do_syscall_64+0xd8/0x2a0
[  119.463058][ T7780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.463078][ T7780] RIP: 0033:0x7f6ce3d3b829
[  119.463104][ T7780] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  119.463123][ T7780] RSP: 002b:00007f6ce27fea80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  119.463140][ T7780] RAX: ffffffffffffffda RBX: 00007f6ce3ff5fa0 RCX: 00007f6ce3d3b829
[  119.463152][ T7780] RDX: 00007f6ce27fea80 RSI: 00007f6ce27febb0 RDI: 0000000000000021
[  119.463164][ T7780] RBP: 00007f6ce27ff090 R08: 0000000000000000 R09: 0000000000000000
[  119.463175][ T7780] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[  119.463186][ T7780] R13: 00007f6ce3ff6038 R14: 00007f6ce3ff5fa0 R15: 00007fff23d03138
[  119.463218][ T7780]  </TASK>
[  119.744709][ T7799] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1519'.
[  119.749610][ T7798] pim6reg1: entered promiscuous mode
[  119.758966][ T7798] pim6reg1: entered allmulticast mode
[  119.770965][ T7799] 8021q: adding VLAN 0 to HW filter on device bond5
[  120.056365][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.083461][ T7812] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1527'.
[  120.096944][ T7812] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1527'.
[  120.176180][ T7817] netlink: 'syz.4.1529': attribute type 3 has an invalid length.
[  120.191477][ T7817] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1529'.
[  120.200720][ T7817] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  120.208084][ T7817] batman_adv: batadv0: Removing interface: batadv_slave_0
[  120.215940][ T7817] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  120.223442][ T7817] batman_adv: batadv0: Removing interface: batadv_slave_1
[  120.625131][ T7821] set_capacity_and_notify: 2 callbacks suppressed
[  120.625148][ T7821] loop5: detected capacity change from 0 to 164
[  120.707472][ T7825] pim6reg1: entered promiscuous mode
[  120.712889][ T7825] pim6reg1: entered allmulticast mode
[  120.739709][ T7827] lo speed is unknown, defaulting to 1000
[  120.870789][ T7833] netlink: 88 bytes leftover after parsing attributes in process `syz.5.1537'.
[  120.921635][ T7838] netlink: '+}[@': attribute type 4 has an invalid length.
[  120.974501][ T7843] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1540'.
[  120.988648][ T7843] 8021q: adding VLAN 0 to HW filter on device bond5
[  121.642468][ T7849] netlink: 332 bytes leftover after parsing attributes in process `syz.2.1543'.
[  121.675793][ T7851] netlink: 32 bytes leftover after parsing attributes in process `+}[@'.
[  121.736645][ T7855] netlink: 'syz.1.1544': attribute type 13 has an invalid length.
[  121.780059][ T7860] lo speed is unknown, defaulting to 1000
[  121.902891][ T7864] lo speed is unknown, defaulting to 1000
[  121.911621][ T7869] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1552'.
[  121.942969][ T7871] loop5: detected capacity change from 0 to 164
[  122.050529][ T7879] team0: Port device team_slave_1 removed
[  122.183487][ T7892] pim6reg1: entered promiscuous mode
[  122.188819][ T7892] pim6reg1: entered allmulticast mode
[  122.214294][ T7891] lo speed is unknown, defaulting to 1000
[  122.293300][ T7895] loop5: detected capacity change from 0 to 512
[  122.302657][ T7895] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  122.321275][ T7895] EXT4-fs (loop5): 1 truncate cleaned up
[  122.342767][ T7895] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.432498][ T7903] netlink: '+}[@': attribute type 4 has an invalid length.
[  122.447508][ T5269] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.489443][ T7907] FAULT_INJECTION: forcing a failure.
[  122.489443][ T7907] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  122.502629][ T7907] CPU: 0 UID: 0 PID: 7907 Comm: syz.5.1566 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  122.502655][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  122.502670][ T7907] Call Trace:
[  122.502677][ T7907]  <TASK>
[  122.502695][ T7907]  __dump_stack+0x1d/0x30
[  122.502723][ T7907]  dump_stack_lvl+0xe8/0x140
[  122.502820][ T7907]  dump_stack+0x15/0x1b
[  122.502895][ T7907]  should_fail_ex+0x265/0x280
[  122.502971][ T7907]  should_fail+0xb/0x20
[  122.502992][ T7907]  should_fail_usercopy+0x1a/0x20
[  122.503063][ T7907]  _copy_to_user+0x20/0xa0
[  122.503093][ T7907]  simple_read_from_buffer+0xb5/0x130
[  122.503133][ T7907]  proc_fail_nth_read+0x10e/0x150
[  122.503192][ T7907]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  122.503220][ T7907]  vfs_read+0x1a8/0x770
[  122.503255][ T7907]  ? __rcu_read_unlock+0x4f/0x70
[  122.503279][ T7907]  ? __fget_files+0x184/0x1c0
[  122.503378][ T7907]  ? mutex_lock+0x58/0x90
[  122.503405][ T7907]  ksys_read+0xda/0x1a0
[  122.503448][ T7907]  __x64_sys_read+0x40/0x50
[  122.503467][ T7907]  x64_sys_call+0x2889/0x3000
[  122.503494][ T7907]  do_syscall_64+0xd8/0x2a0
[  122.503572][ T7907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.503603][ T7907] RIP: 0033:0x7f6ce3d9e15c
[  122.503619][ T7907] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  122.503691][ T7907] RSP: 002b:00007f6ce27ff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  122.503710][ T7907] RAX: ffffffffffffffda RBX: 00007f6ce3ff5fa0 RCX: 00007f6ce3d9e15c
[  122.503722][ T7907] RDX: 000000000000000f RSI: 00007f6ce27ff0a0 RDI: 0000000000000004
[  122.503734][ T7907] RBP: 00007f6ce27ff090 R08: 0000000000000000 R09: 0000000000000000
[  122.503763][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  122.503776][ T7907] R13: 00007f6ce3ff6038 R14: 00007f6ce3ff5fa0 R15: 00007fff23d03138
[  122.503797][ T7907]  </TASK>
[  122.900855][ T7916] loop1: detected capacity change from 0 to 8192
[  122.913993][ T7920] loop3: detected capacity change from 0 to 512
[  122.930750][ T7916] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  122.956474][ T7920] FAT-fs (loop3): Directory bread(block 199916) failed
[  122.972298][   T29] kauditd_printk_skb: 309 callbacks suppressed
[  122.972321][   T29] audit: type=1326 audit(1765052752.138:4190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7915 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  122.980449][ T7922] pim6reg1: entered promiscuous mode
[  123.007427][ T7922] pim6reg1: entered allmulticast mode
[  123.015077][ T7920] FAT-fs (loop3): Directory bread(block 199917) failed
[  123.054596][ T7920] FAT-fs (loop3): Directory bread(block 199918) failed
[  123.069360][   T29] audit: type=1326 audit(1765052752.138:4191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7915 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  123.089174][ T7920] FAT-fs (loop3): Directory bread(block 199919) failed
[  123.092860][   T29] audit: type=1326 audit(1765052752.188:4192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7915 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  123.119110][ T7920] FAT-fs (loop3): Directory bread(block 199920) failed
[  123.122989][   T29] audit: type=1326 audit(1765052752.188:4193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7915 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  123.148838][ T7920] FAT-fs (loop3): Directory bread(block 199921) failed
[  123.153267][   T29] audit: type=1326 audit(1765052752.188:4194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7915 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  123.183016][ T7927] FAULT_INJECTION: forcing a failure.
[  123.183016][ T7927] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  123.183545][   T29] audit: type=1326 audit(1765052752.188:4195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7915 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  123.196593][ T7927] CPU: 0 UID: 0 PID: 7927 Comm: syz.1.1575 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  123.196618][ T7927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  123.196683][ T7927] Call Trace:
[  123.196690][ T7927]  <TASK>
[  123.196699][ T7927]  __dump_stack+0x1d/0x30
[  123.196759][ T7927]  dump_stack_lvl+0xe8/0x140
[  123.196814][ T7927]  dump_stack+0x15/0x1b
[  123.196840][ T7927]  should_fail_ex+0x265/0x280
[  123.196864][ T7927]  should_fail+0xb/0x20
[  123.196883][ T7927]  should_fail_usercopy+0x1a/0x20
[  123.196988][ T7927]  _copy_from_user+0x1c/0xb0
[  123.197076][ T7927]  ___sys_sendmsg+0xc1/0x1d0
[  123.197116][ T7927]  __x64_sys_sendmsg+0xd4/0x160
[  123.197190][ T7927]  x64_sys_call+0x17ba/0x3000
[  123.197215][ T7927]  do_syscall_64+0xd8/0x2a0
[  123.197321][ T7927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.197345][ T7927] RIP: 0033:0x7fb0b3a9f749
[  123.197361][ T7927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.197380][ T7927] RSP: 002b:00007fb0b24de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  123.197400][ T7927] RAX: ffffffffffffffda RBX: 00007fb0b3cf6090 RCX: 00007fb0b3a9f749
[  123.197414][ T7927] RDX: 0000000000000040 RSI: 0000200000000940 RDI: 0000000000000004
[  123.197427][ T7927] RBP: 00007fb0b24de090 R08: 0000000000000000 R09: 0000000000000000
[  123.197447][ T7927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.197461][ T7927] R13: 00007fb0b3cf6128 R14: 00007fb0b3cf6090 R15: 00007ffd0cae5188
[  123.197551][ T7927]  </TASK>
[  123.219111][ T7920] FAT-fs (loop3): Directory bread(block 199922) failed
[  123.220057][   T29] audit: type=1400 audit(1765052752.188:4196): avc:  denied  { mounton } for  pid=7915 comm="syz.1.1571" path="/304/file0/file0" dev="loop1" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[  123.248604][ T7920] FAT-fs (loop3): Directory bread(block 199923) failed
[  123.250384][   T29] audit: type=1400 audit(1765052752.188:4197): avc:  denied  { mount } for  pid=7915 comm="syz.1.1571" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  123.437616][   T29] audit: type=1326 audit(1765052752.188:4198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7915 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  123.461079][   T29] audit: type=1326 audit(1765052752.188:4199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7915 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0b3a9f749 code=0x7ffc0000
[  123.489329][ T7928] loop5: detected capacity change from 0 to 128
[  123.496970][ T7928] EXT4-fs: Ignoring removed bh option
[  123.505301][ T7928] journal_path: Lookup failure for './file1'
[  123.511386][ T7928] EXT4-fs: error: could not find journal device path
[  123.597150][ T7935] bond0: (slave dummy0): Releasing backup interface
[  123.738460][ T7955] 8021q: adding VLAN 0 to HW filter on device bond9
[  123.917651][ T7964] netlink: 'syz.5.1588': attribute type 4 has an invalid length.
[  123.958393][ T7968] pim6reg1: entered promiscuous mode
[  123.963912][ T7968] pim6reg1: entered allmulticast mode
[  124.167815][ T7983] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  124.497471][ T7993] __nla_validate_parse: 6 callbacks suppressed
[  124.497541][ T7993] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1599'.
[  124.536542][ T7996] pim6reg1: entered promiscuous mode
[  124.541938][ T7996] pim6reg1: entered allmulticast mode
[  124.621495][ T8003] loop3: detected capacity change from 0 to 1764
[  124.639394][ T8003] grow_buffers: requested out-of-range block 18446744071681881834 for device loop3
[  124.648697][ T8003] isofs_fill_super: bread failed, dev=loop3, iso_blknum=1133648757, block=-2027669782
[  124.674104][ T8007] loop2: detected capacity change from 0 to 512
[  124.681187][ T8007] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  124.697964][ T8007] EXT4-fs (loop2): 1 truncate cleaned up
[  124.704060][ T8007] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.736256][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.830952][ T8012] lo speed is unknown, defaulting to 1000
[  124.961102][ T8019] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  124.980325][ T8019] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1609'.
[  125.044582][ T3796] Bluetooth: hci0: Frame reassembly failed (-84)
[  125.108998][ T8024] loop1: detected capacity change from 0 to 1024
[  125.115885][ T8024] EXT4-fs: Ignoring removed orlov option
[  125.124247][ T8024] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  125.329743][ T8028] FAULT_INJECTION: forcing a failure.
[  125.329743][ T8028] name failslab, interval 1, probability 0, space 0, times 0
[  125.342436][ T8028] CPU: 1 UID: 0 PID: 8028 Comm: syz.4.1611 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  125.342453][ T8028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  125.342535][ T8028] Call Trace:
[  125.342539][ T8028]  <TASK>
[  125.342544][ T8028]  __dump_stack+0x1d/0x30
[  125.342560][ T8028]  dump_stack_lvl+0xe8/0x140
[  125.342652][ T8028]  dump_stack+0x15/0x1b
[  125.342663][ T8028]  should_fail_ex+0x265/0x280
[  125.342676][ T8028]  should_failslab+0x8c/0xb0
[  125.342711][ T8028]  __kmalloc_noprof+0xb9/0x5a0
[  125.342723][ T8028]  ? apply_wqattrs_prepare+0x6e/0x670
[  125.342737][ T8028]  ? pcpu_memcg_post_alloc_hook+0xf3/0x170
[  125.342754][ T8028]  apply_wqattrs_prepare+0x6e/0x670
[  125.342846][ T8028]  alloc_workqueue_noprof+0xd60/0x1320
[  125.342859][ T8028]  ? dev_set_name+0x83/0xb0
[  125.342875][ T8028]  hci_register_dev+0x167/0x570
[  125.342890][ T8028]  hci_uart_tty_ioctl+0x520/0x5c0
[  125.342911][ T8028]  ? __pfx_hci_uart_tty_ioctl+0x10/0x10
[  125.342988][ T8028]  tty_ioctl+0x83f/0xb80
[  125.343003][ T8028]  ? __pfx_tty_ioctl+0x10/0x10
[  125.343018][ T8028]  __se_sys_ioctl+0xce/0x140
[  125.343036][ T8028]  __x64_sys_ioctl+0x43/0x50
[  125.343153][ T8028]  x64_sys_call+0x14b0/0x3000
[  125.343173][ T8028]  do_syscall_64+0xd8/0x2a0
[  125.343192][ T8028]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.343205][ T8028] RIP: 0033:0x7f94bcecf749
[  125.343214][ T8028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.343225][ T8028] RSP: 002b:00007f94bb92f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  125.343250][ T8028] RAX: ffffffffffffffda RBX: 00007f94bd125fa0 RCX: 00007f94bcecf749
[  125.343336][ T8028] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003
[  125.343344][ T8028] RBP: 00007f94bb92f090 R08: 0000000000000000 R09: 0000000000000000
[  125.343356][ T8028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  125.343390][ T8028] R13: 00007f94bd126038 R14: 00007f94bd125fa0 R15: 00007fff3dd8be38
[  125.343402][ T8028]  </TASK>
[  125.343542][ T8028] Bluetooth: Can't register HCI device
[  125.593751][ T3008] ==================================================================
[  125.601845][ T3008] BUG: KCSAN: data-race in drop_nlink / generic_fillattr
[  125.608872][ T3008] 
[  125.611186][ T3008] write to 0xffff88811f075af0 of 4 bytes by task 3311 on cpu 0:
[  125.618805][ T3008]  drop_nlink+0x3d/0xa0
[  125.622945][ T3008]  simple_unlink+0x60/0x80
[  125.627353][ T3008]  shmem_unlink+0x12d/0x140
[  125.631852][ T3008]  shmem_rename2+0x1a1/0x290
[  125.636438][ T3008]  vfs_rename+0x97f/0xad0
[  125.640754][ T3008]  do_renameat2+0x383/0x810
[  125.645252][ T3008]  __x64_sys_rename+0x58/0x70
[  125.649915][ T3008]  x64_sys_call+0x24e/0x3000
[  125.654493][ T3008]  do_syscall_64+0xd8/0x2a0
[  125.658988][ T3008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.664867][ T3008] 
[  125.667173][ T3008] read to 0xffff88811f075af0 of 4 bytes by task 3008 on cpu 1:
[  125.674695][ T3008]  generic_fillattr+0xfb/0x340
[  125.679448][ T3008]  shmem_getattr+0x181/0x200
[  125.684030][ T3008]  vfs_getattr_nosec+0x146/0x1e0
[  125.688953][ T3008]  __se_sys_newfstat+0x96/0x2e0
[  125.693792][ T3008]  __x64_sys_newfstat+0x31/0x40
[  125.698636][ T3008]  x64_sys_call+0x2c51/0x3000
[  125.703304][ T3008]  do_syscall_64+0xd8/0x2a0
[  125.707799][ T3008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.713675][ T3008] 
[  125.715977][ T3008] value changed: 0x00000001 -> 0x00000000
[  125.721671][ T3008] 
[  125.723971][ T3008] Reported by Kernel Concurrency Sanitizer on:
[  125.730188][ T3008] CPU: 1 UID: 0 PID: 3008 Comm: udevd Not tainted syzkaller #0 PREEMPT(voluntary) 
[  125.739461][ T3008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  125.749498][ T3008] ==================================================================
[  127.108339][ T5910] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  127.108348][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  127.648475][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.