last executing test programs:

2.573185896s ago: executing program 1 (id=261):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000003680)='sched_switch\x00'}, 0x18)
close(r0)

2.547543217s ago: executing program 1 (id=263):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18010000001400010000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000076000018110000", @ANYRES8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
pipe2$9p(&(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0)=<r6=>0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYRESDEC=r5], &(0x7f0000000700)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='kmem_cache_free\x00', r8}, 0x10)
statx(0xffffffffffffffff, 0x0, 0x800, 0x800, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010023010000050000000200000008000100", @ANYRES32=r6, @ANYRES64], 0x1c}}, 0x0)

2.517647067s ago: executing program 3 (id=266):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379753200000000140000001100010a05eca6bcbf96465c07eeca74ec5e5a73ba6dbcc51820b51d949f2d4fd6d85f83b3c51de53bada36b530d5b8233014566defd8849219d58ae0cbb60418cf228dfa725f93cfed04bda0525cd2ae6fe33b114f8a58160bd4a7050a7e4d61aefec411dbd063a2db47c61efd23b37d842b9ff6b8ef5b0017c740a1cc3c0175364d8bf6e08874151065ce16d79198ac775a5"], 0x7c}, 0x1, 0x0, 0x0, 0x480d5}, 0x48000)

2.456558587s ago: executing program 3 (id=268):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00'})
syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x103280)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket(0x200000000000011, 0x2, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet(0x2, 0x801, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
sendto$inet(r2, &(0x7f0000000480)="ccd089f9ff", 0x5, 0x4004, 0x0, 0x0)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
splice(r2, 0x0, r3, 0x0, 0x7ffff000, 0x0)

2.382409918s ago: executing program 3 (id=271):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)={0x44, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x14, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x4}]}]}]}, 0x44}}, 0x0)

2.230379779s ago: executing program 4 (id=277):
socket$packet(0x11, 0x2, 0x300)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f00000002c0)=""/59, 0x3b}], 0x1}}], 0x1, 0x2, 0x0)
sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000800)={0x1, 0x58, &(0x7f0000000780)={0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x24d8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0xb4}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r7, 0x0, 0x9135}, 0x18)
unshare(0x62040200)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSETS(r8, 0x40045431, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0xc, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r9}, 0x10)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r11 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r11, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r10, &(0x7f0000000680)={@val={0x8, 0x800}, @val={0x0, 0x3, 0x0, 0x31}, @ipv4=@udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x80, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x4e21, 0x8}}}, 0x2a)
syz_open_pts(r8, 0x0)

1.636572732s ago: executing program 1 (id=282):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, 0x0, &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYRES32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfffffffffffffe92)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000002c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x1, 0x7ffc1ffb}]})
sysinfo(&(0x7f00000001c0)=""/10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483e0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@map=0x1, 0x11, 0x1, 0x3ff, &(0x7f0000000040)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0]}, 0x40)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000300)={&(0x7f00000005c0)=""/194, 0x200000, 0x0, 0xb8, 0x4}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={0x1}, 0x4)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000008000000080000000800000005"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
socketpair(0x1, 0x1, 0x2, &(0x7f0000001140))
r7 = accept4$unix(0xffffffffffffffff, &(0x7f0000000780), &(0x7f0000000800)=0x6e, 0x800)
recvmsg$unix(r7, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000b00)=""/155, 0x9b}, {&(0x7f0000000940)=""/38, 0x26}, {&(0x7f0000000c00)=""/199, 0xc7}, {&(0x7f0000000d00)=""/238, 0xee}, {&(0x7f0000000e00)=""/172, 0xac}, {&(0x7f0000000ec0)=""/150, 0x96}, {&(0x7f0000000f80)=""/242, 0xf2}, {&(0x7f0000000980)=""/52, 0x34}], 0x8, &(0x7f0000000a00)=[@cred={{0x1c}}], 0x20}, 0x40010001)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r5}, &(0x7f0000000680)=0x2, &(0x7f00000006c0)}, 0x20)
clock_gettime(0x0, &(0x7f0000000500)={<r8=>0x0, <r9=>0x0})
clock_nanosleep(0x4, 0x1, &(0x7f0000000740)={r8, r9+60000000}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @last={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0)
close(r10)

1.635480082s ago: executing program 3 (id=284):
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f88)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={0x0, &(0x7f0000000400)=""/2, 0x0, 0x2, 0x0, 0x7, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x1, 0x51eb, 0xffff, 0x3000, r0, 0x5, '\x00', 0x0, r2, 0x0, 0x4, 0x3, 0xb, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0x0, 0xf00)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
fcntl$lock(r4, 0x7, &(0x7f0000000580)={0x0, 0x2, 0x7fffffff, 0x5, r6})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r7=>0x0})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000001b00)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r8}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000001c0)='flush_foreign\x00', 0xffffffffffffffff, 0x0, 0x8000000000000000}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
utimes(&(0x7f00000009c0)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', r7, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2686dd4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000280), 0x1, 0x76a, &(0x7f0000001b00)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=")
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00')
sysfs$1(0x1, 0x0)
r11 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r11, r10, 0x0, 0x80000004)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a6243c, &(0x7f0000003080)=ANY=[], 0x1, 0x0, &(0x7f0000000000))

1.429854813s ago: executing program 1 (id=291):
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee3, 0x8031, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f00000002c0)='sched_switch\x00', r1}, 0x18)
ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB])
pwrite64(r0, &(0x7f0000000000)='a', 0x1, 0x1000)

1.402623883s ago: executing program 3 (id=293):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x18)
r1 = socket(0x2, 0x5, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x880)
sendmmsg$inet_sctp(r1, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000001c0)=[{0x0}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000002002b0388edb6556900"/48, @ANYRES32=0x0], 0x30}], 0x1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r0, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000000c0)=[0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x5, 0x7, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xa9, &(0x7f00000001c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000200), &(0x7f0000000580), 0x8, 0x89, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10)
setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000640)={@private=0xa010101, @local, r2}, 0xc)
syz_clone(0x7005400, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
ioperm(0x0, 0x12e, 0x8000000000008)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000280)=[{0x200000000006, 0x0, 0xfd, 0x7ffc0002}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
execveat$binfmt(0xffffffffffffff9c, 0x0, &(0x7f0000000400)={[], 0x23}, 0x0, 0x0) (fail_nth: 9)

1.288124934s ago: executing program 4 (id=295):
r0 = socket$packet(0x11, 0x2, 0x300)
recvfrom$packet(r0, &(0x7f0000000900)=""/212, 0xd4, 0x40000000, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x1, 0x6, @random="faa9237687d9"}, 0x14)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x6)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, &(0x7f0000000040)={0x23, 0x0, 0x8, 0x2}, 0x10)
ioctl$SIOCPNENABLEPIPE(r2, 0x89ed, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e00000009000000bf0000e204000000190402005791b084636ff0e0a13d36512a277e8e9ffc4245002587de940d17c70a554e18b732dd037debc5b574c38fc2c7421145d58763331030a633f812eb1eb1a6c84eeb33d1db3fee784c98ba9f369b2dc3831beb0266b89918", @ANYRES32, @ANYBLOB="d6ffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000000000000400"/28], 0x50)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000007c0)=ANY=[@ANYRESOCT=r1, @ANYRES32=0x1, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="c7e67cd6e2c4424528fca15ada1d0000002a86821524a4152606eaf78df10000000100"], 0x50)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000680)={'team_slave_0\x00'})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="595300000000000000086b000000080003", @ANYRES32=0x0, @ANYBLOB="0c0099006851701fa9ef125690001d800c0000800500070000000000"], 0x38}}, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280), &(0x7f0000000400)=0xc)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="5e509739e423d518985cb294b7f1c41afe168694406529bddba0e5f90e30789825f19ff18d6e4b86eb3d52467bd380265d02e6806782dec22c78b5f27269cfc53166f6f8bf7a94fe29badbafd39e5c0a0a2f5f8aacc1171414b548989b1dc7c50b4dbcb53718c7d281ab842a908c8af2efc79f3ecc0b0fef7d69f17e93a061e62d882102e1dca48f046e2ec2045733ee010d392aeabbee6006814710bf049a6a85a2ad7c5a0fd8e6add7a06629bf39d643aab03ddd3185c95979ee5779864f7cb12be0f963edb3f985e709639d9276"], 0x0, 0x26, 0x0, 0x0, 0x1, 0x0, @void, @value}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r5, 0x20, &(0x7f0000000100)={0x0, 0x0, <r6=>0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r6, 0x4)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus/file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x100)
mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0)
mount(&(0x7f0000000040)=@md0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2000, 0x0)

976.176965ms ago: executing program 4 (id=296):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)={0x44, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x14, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x4}]}]}]}, 0x44}}, 0x0)

934.959906ms ago: executing program 3 (id=297):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0xff, 0x7ffc0001}]})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000200)={0x2c, &(0x7f0000000040)={0x20, 0x8, 0x4, {0x4, 0x2, "34fe"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_128={{0xd733043595a52279}, "a8e0930a1a884884", "74743275e5fc20c3ab14916504a8ca92", '\x00', "3e6a808941a488cc"}, 0x28)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="18050000000000000000000000000000b708000000005aab7b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa480000000000007040000f0ffffffb70200000800000018230000", @ANYRESOCT=r1, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x13, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x2, 0x0, 0x0, 0x7ffc0002}]})
rt_sigsuspend(&(0x7f0000000000)={[0x7]}, 0x8)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
r7 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r7, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
setsockopt$sock_linger(r7, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="000000000087fb00b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)

934.384666ms ago: executing program 0 (id=298):
shmget$private(0x0, 0x1000, 0x800, &(0x7f0000ffc000/0x1000)=nil)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(0xffffffffffffffff, 0x0, 0x8000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x8, &(0x7f0000000440)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1f, 0x1}}, 0x3c)
lsm_get_self_attr(0x69, 0x0, &(0x7f0000000000), 0x0)

931.440525ms ago: executing program 4 (id=299):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280), 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000003680)='sched_switch\x00'}, 0x18)
close(r0)

901.061136ms ago: executing program 2 (id=300):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee6c1a00000000000017bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b512b63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002cc0)=@newsa={0x138, 0x10, 0x633, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@dev={0xfe, 0x80, '\x00', 0xfd}}, {@in6=@loopback, 0xfffffffd, 0x32}, @in6=@local, {}, {0x0, 0x0, 0x0, 0x5}, {}, 0x70bd2a, 0x0, 0xa, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0)

900.273066ms ago: executing program 4 (id=301):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

852.220926ms ago: executing program 1 (id=302):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000710025000000000095000300"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r0}, 0x10)
epoll_create(0x81)
socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@id={0x1e, 0x3, 0x2, {0x4e23, 0x3}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, 0x0, &(0x7f00000001c0))
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))

844.333246ms ago: executing program 0 (id=303):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0xff, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b708000000005aab7b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8080c61) (fail_nth: 4)

583.629088ms ago: executing program 4 (id=304):
unshare(0x2c020400)
r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x6, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, [@exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0xfffffffc}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
unlinkat(r3, &(0x7f0000000280)='./file0\x00', 0x200)
getcwd(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_open_pts(0xffffffffffffffff, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x161200, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x3)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'ecryptfs', 0x20, 'trusted:', 'syz', 0x20, 0x96c}, 0x2e, 0xfffffffffffffff8)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000080)=0x13)
r7 = fsmount(r0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r7, 0x84, 0x77, 0x0, 0x0)

480.620428ms ago: executing program 0 (id=305):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000440)='rpcgss_seqno\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
unshare(0x60400)
fsopen(&(0x7f0000000400)='gfs2\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="4f6346f80d0a20000000000040000000000000004fc9bc7d0c42978899db632db0cb3f1a310b2ed066ccff4cabbae9838ed14862f91462335368b0", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002004007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x8, 0xc, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r2, @ANYRES64=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r6}, 0x10)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r7, 0x400, 0x0)
fsetxattr$trusted_overlay_redirect(r7, &(0x7f0000000040), 0x0, 0x0, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x4)
r9 = socket$packet(0x11, 0x4000000000002, 0x300)
setsockopt$packet_int(r9, 0x107, 0x9, 0x0, 0x0)
write(r8, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)

480.099988ms ago: executing program 2 (id=306):
r0 = socket$packet(0x11, 0x2, 0x300)
recvfrom$packet(r0, &(0x7f0000000900)=""/212, 0xd4, 0x40000000, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x1, 0x6, @random="faa9237687d9"}, 0x14)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x6)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, &(0x7f0000000040)={0x23, 0x0, 0x8, 0x2}, 0x10)
ioctl$SIOCPNENABLEPIPE(r2, 0x89ed, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e00000009000000bf0000e204000000190402005791b084636ff0e0a13d36512a277e8e9ffc4245002587de940d17c70a554e18b732dd037debc5b574c38fc2c7421145d58763331030a633f812eb1eb1a6c84eeb33d1db3fee784c98ba9f369b2dc3831beb0266b89918", @ANYRES32, @ANYBLOB="d6ffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000000000000400"/28], 0x50)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000007c0)=ANY=[@ANYRESOCT=r1, @ANYRES32=0x1, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="c7e67cd6e2c4424528fca15ada1d0000002a86821524a4152606eaf78df10000000100"], 0x50)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000680)={'team_slave_0\x00'})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="595300000000000000086b000000080003", @ANYRES32=0x0, @ANYBLOB="0c0099006851701fa9ef125690001d800c0000800500070000000000"], 0x38}}, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280), &(0x7f0000000400)=0xc)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="5e509739e423d518985cb294b7f1c41afe168694406529bddba0e5f90e30789825f19ff18d6e4b86eb3d52467bd380265d02e6806782dec22c78b5f27269cfc53166f6f8bf7a94fe29badbafd39e5c0a0a2f5f8aacc1171414b548989b1dc7c50b4dbcb53718c7d281ab842a908c8af2efc79f3ecc0b0fef7d69f17e93a061e62d882102e1dca48f046e2ec2045733ee010d392aeabbee6006814710bf049a6a85a2ad7c5a0fd8e6add7a06629bf39d643aab03ddd3185c95979ee5779864f7cb12be0f963edb3f985e709639d9276"], 0x0, 0x26, 0x0, 0x0, 0x1, 0x0, @void, @value}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r5, 0x20, &(0x7f0000000100)={0x0, 0x0, <r6=>0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r6, 0x4)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus/file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x100)
mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0)
mount(&(0x7f0000000040)=@md0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2000, 0x0)

447.061508ms ago: executing program 1 (id=307):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8)={[0x2]}, 0x8)
read$msr(r1, &(0x7f0000000680)=""/141, 0x8d)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r1}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xfb, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
pipe(&(0x7f0000000100))
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x44}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000, 0x4, 0x1, 0x0, '\x00', 0x0, r1, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r8}, 0x10)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
writev(r9, &(0x7f0000000000)=[{&(0x7f00000002c0)='\n', 0x1}, {&(0x7f0000000140)="9f", 0x1}], 0x2)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'lo\x00', <r11=>0x0})
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x7af000, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
r13 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xa, 0x8, 0xf, 0xdb, 0x1, r12, 0xca, '\x00', r11, r13, 0x5, 0x4, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@gettfilter={0x24, 0x2e, 0x301, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0x1}, {}, {0xb, 0xf}}}, 0x24}}, 0x0)

375.612858ms ago: executing program 2 (id=308):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x100, 0x400c0)
ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @ib={0x1b, 0x8, 0x4, {"6b0cc5d15c917c3ef824221568451223"}, 0x5, 0xf, 0x408}, @ib={0x1b, 0x0, 0xf, {"3fa73a0cc86d0ce7378f6a1cbb14698c"}, 0x2, 0x5, 0x5}}}, 0x118) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b0000000700000006000000feffffff05000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="6fb53000bd0d000000000000e0ffffffffff3f000000000000000000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000006000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

320.271359ms ago: executing program 0 (id=309):
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x60004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x1016c5, 0x10000, 0x0, 0x6, 0x10001, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000240)=@newtaction={0x5c, 0x30, 0x9, 0x0, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x6}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0)

304.674009ms ago: executing program 0 (id=310):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYRES32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfffffffffffffe92)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000002c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x1, 0x7ffc1ffb}]})
sysinfo(&(0x7f00000001c0)=""/10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483e0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@map=0x1, 0x11, 0x1, 0x3ff, &(0x7f0000000040)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0]}, 0x40)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000300)={&(0x7f00000005c0)=""/194, 0x200000, 0x0, 0xb8, 0x4}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={0x1}, 0x4)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000008000000080000000800000005"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
socketpair(0x1, 0x1, 0x2, &(0x7f0000001140))
r7 = accept4$unix(0xffffffffffffffff, &(0x7f0000000780), &(0x7f0000000800)=0x6e, 0x800)
recvmsg$unix(r7, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000b00)=""/155, 0x9b}, {&(0x7f0000000940)=""/38, 0x26}, {&(0x7f0000000c00)=""/199, 0xc7}, {&(0x7f0000000d00)=""/238, 0xee}, {&(0x7f0000000e00)=""/172, 0xac}, {&(0x7f0000000ec0)=""/150, 0x96}, {&(0x7f0000000f80)=""/242, 0xf2}, {&(0x7f0000000980)=""/52, 0x34}], 0x8, &(0x7f0000000a00)=[@cred={{0x1c}}], 0x20}, 0x40010001)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r5}, &(0x7f0000000680)=0x2, &(0x7f00000006c0)}, 0x20)
clock_gettime(0x0, &(0x7f0000000500)={<r8=>0x0, <r9=>0x0})
clock_nanosleep(0x4, 0x1, &(0x7f0000000740)={r8, r9+60000000}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @last={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0)
close(r10)

261.242179ms ago: executing program 2 (id=311):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYRES32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xfffffffffffffe92)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000002c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x1, 0x7ffc1ffb}]})
sysinfo(&(0x7f00000001c0)=""/10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483e0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@map=0x1, 0x11, 0x1, 0x3ff, &(0x7f0000000040)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0]}, 0x40)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000300)={&(0x7f00000005c0)=""/194, 0x200000, 0x0, 0xb8, 0x4}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={0x1}, 0x4)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000008000000080000000800000005"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
socketpair(0x1, 0x1, 0x2, &(0x7f0000001140))
r7 = accept4$unix(0xffffffffffffffff, &(0x7f0000000780), &(0x7f0000000800)=0x6e, 0x800)
recvmsg$unix(r7, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000b00)=""/155, 0x9b}, {&(0x7f0000000940)=""/38, 0x26}, {&(0x7f0000000c00)=""/199, 0xc7}, {&(0x7f0000000d00)=""/238, 0xee}, {&(0x7f0000000e00)=""/172, 0xac}, {&(0x7f0000000ec0)=""/150, 0x96}, {&(0x7f0000000f80)=""/242, 0xf2}, {&(0x7f0000000980)=""/52, 0x34}], 0x8, &(0x7f0000000a00)=[@cred={{0x1c}}], 0x20}, 0x40010001)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r5}, &(0x7f0000000680)=0x2, &(0x7f00000006c0)}, 0x20)
clock_gettime(0x0, &(0x7f0000000500)={<r8=>0x0, <r9=>0x0})
clock_nanosleep(0x4, 0x1, &(0x7f0000000740)={r8, r9+60000000}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @last={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0)
close(r10)

184.657509ms ago: executing program 0 (id=312):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000008b80)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
recvfrom(r0, 0x0, 0x0, 0x10160, 0x0, 0x0)

79.64445ms ago: executing program 2 (id=313):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
close(r5)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
capget(&(0x7f0000000280)={0x19980330}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)

0s ago: executing program 2 (id=314):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="190000000400000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/sctp\x00')
r3 = open_tree(r2, &(0x7f0000000300)='./file0\x00', 0x0)
move_mount(r3, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001500)={0xffffffffffffffff, 0x20, &(0x7f00000014c0)={&(0x7f0000001340)=""/249, 0xf9, <r4=>0x0, &(0x7f0000001440)=""/98, 0x62}}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000015c0)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f0000001540), &(0x7f0000001580)=r1}, 0x20)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001600)={r0, <r7=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000001700)={0x12, 0x13, &(0x7f00000017c0)=ANY=[@ANYBLOB="180c000000bde6c2701cead54905fb5f57a48b9fd10000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085000000860000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000cc0e000085000000060000004d313000ffffffff1864000003000000000000000000000025290600080000009500000000000000"], &(0x7f00000010c0)='syzkaller\x00', 0x5, 0x71, &(0x7f0000001240)=""/113, 0x41100, 0xc, '\x00', 0x0, @fallback=0x2b, r3, 0x8, &(0x7f00000012c0)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000001300)={0x3, 0xa, 0xbbe3, 0x5}, 0x10, r4, 0xffffffffffffffff, 0x5, &(0x7f0000001640)=[r5, 0xffffffffffffffff, r6, 0xffffffffffffffff, 0x1, r1, r0, r7, r0], &(0x7f0000001680)=[{0x5, 0x4, 0x7, 0xf}, {0x3, 0x4, 0x6, 0x5}, {0x2, 0x5, 0x2, 0x4}, {0x2, 0x102, 0xa, 0xb}, {0x4, 0x3, 0x8, 0x7}], 0x10, 0xa, @void, @value}, 0x94)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
mq_unlink(0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}}, 0x80)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r10, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c)
setsockopt$MRT_ADD_MFC(r10, 0x0, 0xcc, 0x0, 0x0)
setsockopt$MRT_FLUSH(r10, 0x0, 0xd4, &(0x7f0000000140)=0x7, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000001080)='tick_stop\x00', r9, 0x0, 0xe}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0)
r11 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.94' (ED25519) to the list of known hosts.
[   26.959201][   T29] audit: type=1400 audit(1732643012.116:82): avc:  denied  { mounton } for  pid=3311 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   26.960259][ T3311] cgroup: Unknown subsys name 'net'
[   26.981912][   T29] audit: type=1400 audit(1732643012.116:83): avc:  denied  { mount } for  pid=3311 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   27.009265][   T29] audit: type=1400 audit(1732643012.136:84): avc:  denied  { unmount } for  pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   27.208323][ T3311] cgroup: Unknown subsys name 'cpuset'
[   27.214391][ T3311] cgroup: Unknown subsys name 'rlimit'
[   27.382975][   T29] audit: type=1400 audit(1732643012.536:85): avc:  denied  { setattr } for  pid=3311 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   27.406283][   T29] audit: type=1400 audit(1732643012.536:86): avc:  denied  { create } for  pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.426726][   T29] audit: type=1400 audit(1732643012.536:87): avc:  denied  { write } for  pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.441742][ T3314] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   27.447111][   T29] audit: type=1400 audit(1732643012.536:88): avc:  denied  { read } for  pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   27.476063][   T29] audit: type=1400 audit(1732643012.546:89): avc:  denied  { mounton } for  pid=3311 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   27.489023][ T3311] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   27.500818][   T29] audit: type=1400 audit(1732643012.546:90): avc:  denied  { mount } for  pid=3311 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   27.532781][   T29] audit: type=1400 audit(1732643012.606:91): avc:  denied  { relabelto } for  pid=3314 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   28.584741][ T3321] chnl_net:caif_netlink_parms(): no params data found
[   28.637211][ T3322] chnl_net:caif_netlink_parms(): no params data found
[   28.696933][ T3321] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.704219][ T3321] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.711379][ T3321] bridge_slave_0: entered allmulticast mode
[   28.718076][ T3321] bridge_slave_0: entered promiscuous mode
[   28.724737][ T3321] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.731811][ T3321] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.738998][ T3321] bridge_slave_1: entered allmulticast mode
[   28.745174][ T3321] bridge_slave_1: entered promiscuous mode
[   28.757026][ T3323] chnl_net:caif_netlink_parms(): no params data found
[   28.792965][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   28.808406][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.815544][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.822741][ T3322] bridge_slave_0: entered allmulticast mode
[   28.829005][ T3322] bridge_slave_0: entered promiscuous mode
[   28.835538][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.842645][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.849952][ T3322] bridge_slave_1: entered allmulticast mode
[   28.856394][ T3322] bridge_slave_1: entered promiscuous mode
[   28.871255][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   28.906241][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   28.923106][ T3326] chnl_net:caif_netlink_parms(): no params data found
[   28.932668][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   28.946676][ T3321] team0: Port device team_slave_0 added
[   28.955062][ T3321] team0: Port device team_slave_1 added
[   28.972471][ T3323] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.979632][ T3323] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.986741][ T3323] bridge_slave_0: entered allmulticast mode
[   28.993051][ T3323] bridge_slave_0: entered promiscuous mode
[   29.007605][ T3322] team0: Port device team_slave_0 added
[   29.014092][ T3322] team0: Port device team_slave_1 added
[   29.020000][ T3323] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.027068][ T3323] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.034439][ T3323] bridge_slave_1: entered allmulticast mode
[   29.040631][ T3323] bridge_slave_1: entered promiscuous mode
[   29.080003][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_0
[   29.086960][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.113064][ T3321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.136522][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0
[   29.143539][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.169450][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.181614][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   29.193463][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   29.202839][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.209804][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.235731][ T3321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.248464][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.255421][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.281399][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.305033][ T3323] team0: Port device team_slave_0 added
[   29.321649][ T3323] team0: Port device team_slave_1 added
[   29.331137][ T3332] chnl_net:caif_netlink_parms(): no params data found
[   29.346208][ T3322] hsr_slave_0: entered promiscuous mode
[   29.352374][ T3322] hsr_slave_1: entered promiscuous mode
[   29.377379][ T3326] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.384558][ T3326] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.391743][ T3326] bridge_slave_0: entered allmulticast mode
[   29.398100][ T3326] bridge_slave_0: entered promiscuous mode
[   29.406962][ T3326] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.414058][ T3326] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.421189][ T3326] bridge_slave_1: entered allmulticast mode
[   29.427614][ T3326] bridge_slave_1: entered promiscuous mode
[   29.440047][ T3321] hsr_slave_0: entered promiscuous mode
[   29.446066][ T3321] hsr_slave_1: entered promiscuous mode
[   29.451929][ T3321] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   29.459537][ T3321] Cannot create hsr debugfs directory
[   29.465251][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_0
[   29.472285][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.498273][ T3323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.526910][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.533941][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.559988][ T3323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.591998][ T3326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   29.618672][ T3326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   29.662540][ T3332] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.669627][ T3332] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.676759][ T3332] bridge_slave_0: entered allmulticast mode
[   29.683284][ T3332] bridge_slave_0: entered promiscuous mode
[   29.695649][ T3323] hsr_slave_0: entered promiscuous mode
[   29.701772][ T3323] hsr_slave_1: entered promiscuous mode
[   29.707624][ T3323] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   29.715197][ T3323] Cannot create hsr debugfs directory
[   29.730509][ T3332] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.737658][ T3332] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.744765][ T3332] bridge_slave_1: entered allmulticast mode
[   29.751102][ T3332] bridge_slave_1: entered promiscuous mode
[   29.757736][ T3326] team0: Port device team_slave_0 added
[   29.778837][ T3326] team0: Port device team_slave_1 added
[   29.796600][ T3332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   29.806816][ T3332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   29.849519][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_0
[   29.856533][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.882494][ T3326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.895931][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.902911][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.928844][ T3326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.944311][ T3332] team0: Port device team_slave_0 added
[   29.959123][ T3332] team0: Port device team_slave_1 added
[   29.967423][ T3321] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   29.975906][ T3321] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   29.996475][ T3321] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   30.015801][ T3326] hsr_slave_0: entered promiscuous mode
[   30.021847][ T3326] hsr_slave_1: entered promiscuous mode
[   30.027847][ T3326] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   30.035411][ T3326] Cannot create hsr debugfs directory
[   30.050428][ T3321] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   30.059232][ T3332] batman_adv: batadv0: Adding interface: batadv_slave_0
[   30.066300][ T3332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   30.092260][ T3332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   30.112680][ T3332] batman_adv: batadv0: Adding interface: batadv_slave_1
[   30.119688][ T3332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   30.145661][ T3332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   30.174885][ T3322] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   30.183701][ T3322] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   30.201615][ T3332] hsr_slave_0: entered promiscuous mode
[   30.207618][ T3332] hsr_slave_1: entered promiscuous mode
[   30.213715][ T3332] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   30.221402][ T3332] Cannot create hsr debugfs directory
[   30.229783][ T3322] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   30.238432][ T3322] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   30.296211][ T3323] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   30.317122][ T3323] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   30.325548][ T3323] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   30.334531][ T3323] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   30.402080][ T3332] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   30.411654][ T3332] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   30.420448][ T3332] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   30.428872][ T3332] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   30.449632][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.468255][ T3326] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   30.478597][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.487106][ T3332] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.494253][ T3332] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.501536][ T3332] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.508652][ T3332] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.518194][ T3326] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   30.526858][ T3326] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   30.536171][ T3326] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   30.558463][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.566014][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.573828][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.589982][ T3322] 8021q: adding VLAN 0 to HW filter on device team0
[   30.599343][ T3321] 8021q: adding VLAN 0 to HW filter on device team0
[   30.612860][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.619992][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.629089][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.636221][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.651293][  T386] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.658495][  T386] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.680148][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.687286][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.706344][ T3323] 8021q: adding VLAN 0 to HW filter on device team0
[   30.725922][  T386] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.733160][  T386] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.747555][  T380] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.754724][  T380] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.775471][ T3332] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.815076][ T3332] 8021q: adding VLAN 0 to HW filter on device team0
[   30.829493][ T3326] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.839961][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.847064][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.864612][ T3326] 8021q: adding VLAN 0 to HW filter on device team0
[   30.880714][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.887810][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.900854][ T3321] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.916255][ T3332] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   30.926746][ T3332] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   30.947634][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.971183][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.978320][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.987204][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.994380][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.013873][ T3326] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   31.051412][ T3323] 8021q: adding VLAN 0 to HW filter on device batadv0
[   31.076563][ T3332] 8021q: adding VLAN 0 to HW filter on device batadv0
[   31.114902][ T3322] veth0_vlan: entered promiscuous mode
[   31.138756][ T3326] 8021q: adding VLAN 0 to HW filter on device batadv0
[   31.151420][ T3321] veth0_vlan: entered promiscuous mode
[   31.158477][ T3322] veth1_vlan: entered promiscuous mode
[   31.170005][ T3321] veth1_vlan: entered promiscuous mode
[   31.201547][ T3322] veth0_macvtap: entered promiscuous mode
[   31.233773][ T3332] veth0_vlan: entered promiscuous mode
[   31.250234][ T3321] veth0_macvtap: entered promiscuous mode
[   31.259096][ T3322] veth1_macvtap: entered promiscuous mode
[   31.266375][ T3332] veth1_vlan: entered promiscuous mode
[   31.276259][ T3321] veth1_macvtap: entered promiscuous mode
[   31.290410][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.299891][ T3322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.310413][ T3322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.322004][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.331118][ T3323] veth0_vlan: entered promiscuous mode
[   31.345120][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.352883][ T3321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.363487][ T3321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.374233][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.388211][ T3322] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.396954][ T3322] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.405833][ T3322] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.414605][ T3322] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.426492][ T3321] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.435280][ T3321] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.444062][ T3321] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.452782][ T3321] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.466360][ T3323] veth1_vlan: entered promiscuous mode
[   31.483031][ T3332] veth0_macvtap: entered promiscuous mode
[   31.494605][ T3332] veth1_macvtap: entered promiscuous mode
[   31.529582][ T3326] veth0_vlan: entered promiscuous mode
[   31.537069][ T3321] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   31.542604][ T3332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.562165][ T3332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.572134][ T3332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.582942][ T3332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.593329][ T3332] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.604719][ T3326] veth1_vlan: entered promiscuous mode
[   31.620327][ T3323] veth0_macvtap: entered promiscuous mode
[   31.639742][ T3332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.639778][ T3465] syz.1.2[3465] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   31.639821][ T3465] syz.1.2[3465] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   31.639914][ T3465] syz.1.2[3465] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   31.650361][ T3332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.650375][ T3332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.704247][ T3332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.715040][ T3332] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.724531][ T3332] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.733367][ T3332] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.742498][ T3332] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.751238][ T3332] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.764614][ T3468] FAULT_INJECTION: forcing a failure.
[   31.764614][ T3468] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   31.766023][ T3323] veth1_macvtap: entered promiscuous mode
[   31.777711][ T3468] CPU: 0 UID: 0 PID: 3468 Comm: syz.3.6 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   31.787070][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.793399][ T3468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   31.803832][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.813851][ T3468] Call Trace:
[   31.813870][ T3468]  <TASK>
[   31.823646][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.826896][ T3468]  dump_stack_lvl+0xf2/0x150
[   31.829869][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.840234][ T3468]  dump_stack+0x15/0x20
[   31.840262][ T3468]  should_fail_ex+0x223/0x230
[   31.844890][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.844903][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.847483][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.854730][ T3468]  should_fail+0xb/0x10
[   31.859746][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.863601][ T3468]  should_fail_usercopy+0x1a/0x20
[   31.874039][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.883785][ T3468]  _copy_to_user+0x20/0xa0
[   31.891095][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.895087][ T3468]  simple_read_from_buffer+0xa0/0x110
[   31.905477][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.910487][ T3468]  proc_fail_nth_read+0xf9/0x140
[   31.920287][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.924654][ T3468]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   31.935171][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.940462][ T3468]  vfs_read+0x1a2/0x700
[   31.940497][ T3468]  ? __rcu_read_unlock+0x4e/0x70
[   31.940515][ T3468]  ? __fget_files+0x17c/0x1c0
[   31.953077][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.955196][ T3468]  ksys_read+0xe8/0x1b0
[   31.966551][ T3323] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.971109][ T3468]  __x64_sys_read+0x42/0x50
[   31.971143][ T3468]  x64_sys_call+0x2874/0x2dc0
[   31.980941][ T3323] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.985045][ T3468]  do_syscall_64+0xc9/0x1c0
[   31.990087][ T3323] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.994679][ T3468]  ? clear_bhb_loop+0x55/0xb0
[   31.994708][ T3468]  ? clear_bhb_loop+0x55/0xb0
[   31.994733][ T3468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   31.994770][ T3468] RIP: 0033:0x7f36d275d35c
[   32.001935][ T3323] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.006046][ T3468] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   32.028094][   T29] kauditd_printk_skb: 41 callbacks suppressed
[   32.028107][   T29] audit: type=1400 audit(1732643017.146:133): avc:  denied  { unmount } for  pid=3322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   32.032665][ T3468] RSP: 002b:00007f36d0dd1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   32.128241][ T3468] RAX: ffffffffffffffda RBX: 00007f36d2915fa0 RCX: 00007f36d275d35c
[   32.136244][ T3468] RDX: 000000000000000f RSI: 00007f36d0dd10a0 RDI: 0000000000000005
[   32.144255][ T3468] RBP: 00007f36d0dd1090 R08: 0000000000000000 R09: 0000000000000000
[   32.152229][ T3468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   32.160183][ T3468] R13: 0000000000000000 R14: 00007f36d2915fa0 R15: 00007ffdbd9edb68
[   32.168138][ T3468]  </TASK>
[   32.201477][   T29] audit: type=1400 audit(1732643017.346:134): avc:  denied  { create } for  pid=3470 comm="syz.1.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   32.207410][ T3471] loop1: detected capacity change from 0 to 512
[   32.220963][   T29] audit: type=1400 audit(1732643017.356:135): avc:  denied  { write } for  pid=3470 comm="syz.1.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   32.229588][ T3326] veth0_macvtap: entered promiscuous mode
[   32.249164][   T29] audit: type=1400 audit(1732643017.406:136): avc:  denied  { map_read map_write } for  pid=3472 comm="syz.3.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   32.254062][ T3471] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   32.284489][ T3471] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   32.285220][ T3473] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[   32.302235][ T3473] audit: out of memory in audit_log_start
[   32.310464][ T3471] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2863: Unable to expand inode 11. Delete some EAs or run e2fsck.
[   32.319673][ T3326] veth1_macvtap: entered promiscuous mode
[   32.330685][ T3471] EXT4-fs (loop1): 1 truncate cleaned up
[   32.336681][ T3471] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.360128][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.370606][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.380563][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.390994][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.400900][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.411344][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.421329][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.431827][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.447044][ T3471] audit: audit_backlog=65 > audit_backlog_limit=64
[   32.453700][ T3471] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[   32.455603][   T29] audit: type=1400 audit(1732643017.506:137): avc:  denied  { mount } for  pid=3470 comm="syz.1.7" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   32.461373][ T3471] audit: backlog limit exceeded
[   32.463661][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.496319][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.506786][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.516731][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.527316][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.537253][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.547685][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.557578][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.568032][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.578563][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.596582][ T3326] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.605498][ T3326] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.614357][ T3326] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.623149][ T3326] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.633373][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.648391][ T3483] loop3: detected capacity change from 0 to 512
[   32.654819][ T3483] =======================================================
[   32.654819][ T3483] WARNING: The mand mount option has been deprecated and
[   32.654819][ T3483]          and is ignored by this kernel. Remove the mand
[   32.654819][ T3483]          option from the mount to silence this warning.
[   32.654819][ T3483] =======================================================
[   32.689887][    C0] hrtimer: interrupt took 41407 ns
[   32.703023][ T3483] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2813: inode #11: comm syz.3.9: corrupted xattr block 95: invalid header
[   32.718096][ T3483] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.9: bg 0: block 7: invalid block bitmap
[   32.764564][ T3483] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   32.792255][ T3483] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2977: inode #11: comm syz.3.9: corrupted xattr block 95: invalid header
[   32.810777][ T3483] EXT4-fs warning (device loop3): ext4_evict_inode:276: xattr delete (err -117)
[   32.849080][ T3483] EXT4-fs (loop3): 1 orphan inode deleted
[   32.864450][ T3483] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.871535][ T3503] netlink: 16 bytes leftover after parsing attributes in process `syz.0.14'.
[   32.893772][ T3505] loop4: detected capacity change from 0 to 512
[   32.912208][ T3495] hub 9-0:1.0: USB hub found
[   32.912289][ T3507] loop2: detected capacity change from 0 to 512
[   32.925123][ T3495] hub 9-0:1.0: 8 ports detected
[   32.958550][ T3505] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   32.981407][ T3507] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[   32.990453][ T3505] EXT4-fs (loop4): 1 truncate cleaned up
[   33.000943][ T3507] EXT4-fs (loop2): corrupt root inode, run e2fsck
[   33.007391][ T3507] EXT4-fs (loop2): mount failed
[   33.017656][ T3505] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.091891][ T3505] FAULT_INJECTION: forcing a failure.
[   33.091891][ T3505] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   33.104991][ T3505] CPU: 1 UID: 0 PID: 3505 Comm: syz.4.5 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   33.115188][ T3505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   33.125513][ T3505] Call Trace:
[   33.128798][ T3505]  <TASK>
[   33.131827][ T3505]  dump_stack_lvl+0xf2/0x150
[   33.136468][ T3505]  dump_stack+0x15/0x20
[   33.140698][ T3505]  should_fail_ex+0x223/0x230
[   33.145389][ T3505]  should_fail+0xb/0x10
[   33.149621][ T3505]  should_fail_usercopy+0x1a/0x20
[   33.154686][ T3505]  strncpy_from_user+0x25/0x210
[   33.159540][ T3505]  strncpy_from_bpfptr+0x38/0x60
[   33.164822][ T3505]  bpf_prog_load+0x868/0x1070
[   33.169539][ T3505]  ? __rcu_read_unlock+0x4e/0x70
[   33.174553][ T3505]  __sys_bpf+0x463/0x7a0
[   33.178859][ T3505]  __x64_sys_bpf+0x43/0x50
[   33.183295][ T3505]  x64_sys_call+0x2914/0x2dc0
[   33.188027][ T3505]  do_syscall_64+0xc9/0x1c0
[   33.192603][ T3505]  ? clear_bhb_loop+0x55/0xb0
[   33.197285][ T3505]  ? clear_bhb_loop+0x55/0xb0
[   33.202015][ T3505]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   33.207918][ T3505] RIP: 0033:0x7f796bd6e919
[   33.212326][ T3505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   33.231935][ T3505] RSP: 002b:00007f796a3e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   33.240342][ T3505] RAX: ffffffffffffffda RBX: 00007f796bf25fa0 RCX: 00007f796bd6e919
[   33.248392][ T3505] RDX: 0000000000000094 RSI: 00000000200002c0 RDI: 0000000000000005
[   33.256360][ T3505] RBP: 00007f796a3e7090 R08: 0000000000000000 R09: 0000000000000000
[   33.264332][ T3505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   33.272301][ T3505] R13: 0000000000000000 R14: 00007f796bf25fa0 R15: 00007ffcaea67618
[   33.280359][ T3505]  </TASK>
[   33.290476][ T3519] loop1: detected capacity change from 0 to 1024
[   33.314002][ T3519] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.19: Failed to acquire dquot type 0
[   33.326406][ T3519] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   33.345278][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.345599][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.365479][ T3519] EXT4-fs error (device loop1): ext4_do_update_inode:5153: inode #13: comm syz.1.19: corrupted inode contents
[   33.401590][ T3519] EXT4-fs error (device loop1): ext4_dirty_inode:6041: inode #13: comm syz.1.19: mark_inode_dirty error
[   33.420087][ T3519] EXT4-fs error (device loop1): ext4_do_update_inode:5153: inode #13: comm syz.1.19: corrupted inode contents
[   33.430216][ T3524] syzkaller0: tun_chr_ioctl cmd 1074025677
[   33.433502][ T3529] loop4: detected capacity change from 0 to 256
[   33.437753][ T3524] syzkaller0: Linktype set failed because interface is up
[   33.442884][ T3525] loop0: detected capacity change from 0 to 2048
[   33.460081][ T3519] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #13: comm syz.1.19: mark_inode_dirty error
[   33.478899][ T3519] EXT4-fs error (device loop1): ext4_do_update_inode:5153: inode #13: comm syz.1.19: corrupted inode contents
[   33.498482][ T3524] hub 9-0:1.0: USB hub found
[   33.503351][ T3524] hub 9-0:1.0: 8 ports detected
[   33.511234][ T3527] syzkaller0: tun_chr_ioctl cmd 1074025677
[   33.517150][ T3527] syzkaller0: Linktype set failed because interface is up
[   33.523930][ T3519] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem
[   33.538989][ T3519] EXT4-fs error (device loop1): ext4_do_update_inode:5153: inode #13: comm syz.1.19: corrupted inode contents
[   33.545092][ T3527] hub 9-0:1.0: USB hub found
[   33.555487][ T3527] hub 9-0:1.0: 8 ports detected
[   33.561729][ T3525] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.575995][ T3525] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.585442][ T3519] EXT4-fs error (device loop1): ext4_truncate:4240: inode #13: comm syz.1.19: mark_inode_dirty error
[   33.599760][ T3519] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem
[   33.609331][ T3519] EXT4-fs (loop1): 1 truncate cleaned up
[   33.615520][ T3519] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.687888][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.783117][ T3543] loop3: detected capacity change from 0 to 256
[   33.788953][ T3535] netlink: 'syz.4.25': attribute type 10 has an invalid length.
[   33.798520][ T3535] veth0_macvtap: left promiscuous mode
[   33.817168][ T3535] veth0_macvtap: entered promiscuous mode
[   33.818764][ T3548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.31'.
[   33.824039][ T3535] team0: Device macvtap0 failed to register rx_handler
[   33.843650][ T3550] loop2: detected capacity change from 0 to 256
[   33.847407][ T3552] loop0: detected capacity change from 0 to 256
[   33.852079][ T3550] FAT-fs (loop2): bogus number of FAT sectors
[   33.862547][ T3550] FAT-fs (loop2): Can't find a valid FAT filesystem
[   33.869452][ T3535] veth0_macvtap: left promiscuous mode
[   33.876872][ T3552] FAT-fs (loop0): bogus number of FAT sectors
[   33.883054][ T3552] FAT-fs (loop0): Can't find a valid FAT filesystem
[   33.899789][ T3548] netlink: 87 bytes leftover after parsing attributes in process `syz.1.31'.
[   34.066246][ T3565] loop4: detected capacity change from 0 to 512
[   34.087434][ T3570] syz.3.40[3570] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   34.089610][ T3565] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   34.089885][ T3570] syz.3.40[3570] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   34.103941][ T3565] EXT4-fs (loop4): orphan cleanup on readonly fs
[   34.129090][ T3570] syz.3.40[3570] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   34.138278][ T3565] EXT4-fs warning (device loop4): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   34.152826][ T3563] syzkaller0: tun_chr_ioctl cmd 1074025677
[   34.170303][ T3563] syzkaller0: Linktype set failed because interface is up
[   34.197046][ T3570] netlink: 8 bytes leftover after parsing attributes in process `syz.3.40'.
[   34.207914][ T3570] loop3: detected capacity change from 0 to 128
[   34.217630][ T3579] loop2: detected capacity change from 0 to 512
[   34.240183][ T3570] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   34.255698][ T3565] EXT4-fs (loop4): Cannot turn on quotas: error -117
[   34.263257][ T3579] EXT4-fs: Ignoring removed mblk_io_submit option
[   34.275820][ T3581] loop1: detected capacity change from 0 to 256
[   34.282582][ T3579] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   34.284967][ T3565] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.37: bg 0: block 40: padding at end of block bitmap is not set
[   34.296788][ T3570] No such timeout policy "syz0"
[   34.306892][ T3565] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   34.310363][ T3581] FAT-fs (loop1): bogus number of FAT sectors
[   34.323245][ T3565] EXT4-fs (loop4): 1 truncate cleaned up
[   34.324646][ T3581] FAT-fs (loop1): Can't find a valid FAT filesystem
[   34.330888][ T3565] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   34.355254][ T3579] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[   34.363324][ T3579] System zones: 1-12
[   34.370218][ T3565] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #16: comm syz.4.37: corrupted xattr block 31: invalid header
[   34.383642][ T3579] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.43: corrupted in-inode xattr: e_value size too large
[   34.397612][ T3565] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[   34.402179][ T3579] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.43: couldn't read orphan inode 15 (err -117)
[   34.415103][ T3565] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #16: comm syz.4.37: corrupted xattr block 31: invalid header
[   34.419773][ T3579] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.439957][ T3565] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[   34.467872][ T3565] EXT4-fs error (device loop4): ext4_get_link:106: inode #16: comm syz.4.37: bad symlink.
[   34.478391][ T3332] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.488120][ T3586] netlink: 'syz.0.46': attribute type 10 has an invalid length.
[   34.489130][ T3587] FAULT_INJECTION: forcing a failure.
[   34.489130][ T3587] name failslab, interval 1, probability 0, space 0, times 0
[   34.508556][ T3587] CPU: 0 UID: 0 PID: 3587 Comm: syz.1.45 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   34.518717][ T3587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   34.528796][ T3587] Call Trace:
[   34.532068][ T3587]  <TASK>
[   34.535023][ T3587]  dump_stack_lvl+0xf2/0x150
[   34.539721][ T3587]  dump_stack+0x15/0x20
[   34.543981][ T3587]  should_fail_ex+0x223/0x230
[   34.548665][ T3587]  should_failslab+0x8f/0xb0
[   34.553253][ T3587]  kmem_cache_alloc_node_noprof+0x59/0x320
[   34.559072][ T3587]  ? __alloc_skb+0x10b/0x310
[   34.563701][ T3587]  __alloc_skb+0x10b/0x310
[   34.568114][ T3587]  ? audit_log_start+0x34c/0x6b0
[   34.573079][ T3587]  audit_log_start+0x368/0x6b0
[   34.577841][ T3587]  audit_seccomp+0x4b/0x130
[   34.582360][ T3587]  __seccomp_filter+0x6fa/0x1180
[   34.587291][ T3587]  __secure_computing+0x9f/0x1c0
[   34.592221][ T3587]  syscall_trace_enter+0xd1/0x1f0
[   34.597245][ T3587]  do_syscall_64+0xaa/0x1c0
[   34.601761][ T3587]  ? clear_bhb_loop+0x55/0xb0
[   34.606482][ T3587]  ? clear_bhb_loop+0x55/0xb0
[   34.611218][ T3587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   34.617116][ T3587] RIP: 0033:0x7f6bcfe7d35c
[   34.621524][ T3587] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   34.641126][ T3587] RSP: 002b:00007f6bce4f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   34.649799][ T3587] RAX: ffffffffffffffda RBX: 00007f6bd0035fa0 RCX: 00007f6bcfe7d35c
[   34.657829][ T3587] RDX: 000000000000000f RSI: 00007f6bce4f70a0 RDI: 0000000000000004
[   34.665804][ T3587] RBP: 00007f6bce4f7090 R08: 0000000000000000 R09: 0000000000000000
[   34.673816][ T3587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   34.681784][ T3587] R13: 0000000000000000 R14: 00007f6bd0035fa0 R15: 00007fff5acb30d8
[   34.689767][ T3587]  </TASK>
[   34.694992][ T3586] veth0_macvtap: left promiscuous mode
[   34.712820][ T3586] veth0_macvtap: entered promiscuous mode
[   34.719136][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.720869][ T3586] team0: Device macvtap0 failed to register rx_handler
[   34.735224][ T3586] veth0_macvtap: left promiscuous mode
[   34.770120][ T3586] syz.0.46 (3586) used greatest stack depth: 10648 bytes left
[   34.814075][ T3590] syzkaller0: tun_chr_ioctl cmd 1074025677
[   34.824238][ T3590] syzkaller0: linktype set to 804
[   34.873437][ T3604] loop3: detected capacity change from 0 to 2048
[   34.885277][ T3605] netlink: 8 bytes leftover after parsing attributes in process `syz.0.52'.
[   34.888782][ T3609] dummy0: entered promiscuous mode
[   34.899693][ T3609] macvtap1: entered promiscuous mode
[   34.907094][ T3609] dummy0: left promiscuous mode
[   34.929819][ T3604] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.954101][ T3604] EXT4-fs error (device loop3): ext4_find_extent:938: inode #2: comm syz.3.53: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   34.993846][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.032986][ T3626] FAULT_INJECTION: forcing a failure.
[   35.032986][ T3626] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   35.046105][ T3626] CPU: 0 UID: 0 PID: 3626 Comm: syz.3.59 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   35.056302][ T3626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   35.066374][ T3626] Call Trace:
[   35.069664][ T3626]  <TASK>
[   35.072601][ T3626]  dump_stack_lvl+0xf2/0x150
[   35.077228][ T3630] netlink: 'syz.1.63': attribute type 10 has an invalid length.
[   35.077256][ T3626]  dump_stack+0x15/0x20
[   35.089093][ T3626]  should_fail_ex+0x223/0x230
[   35.093797][ T3626]  should_fail+0xb/0x10
[   35.098024][ T3626]  should_fail_usercopy+0x1a/0x20
[   35.103109][ T3626]  _copy_from_user+0x1e/0xb0
[   35.107762][ T3626]  copy_msghdr_from_user+0x54/0x2a0
[   35.113006][ T3626]  ? __fget_files+0x17c/0x1c0
[   35.117703][ T3626]  __sys_sendmsg+0x13e/0x230
[   35.122345][ T3626]  __x64_sys_sendmsg+0x46/0x50
[   35.127138][ T3626]  x64_sys_call+0x2734/0x2dc0
[   35.131814][ T3626]  do_syscall_64+0xc9/0x1c0
[   35.136366][ T3626]  ? clear_bhb_loop+0x55/0xb0
[   35.141086][ T3626]  ? clear_bhb_loop+0x55/0xb0
[   35.145798][ T3626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   35.151719][ T3626] RIP: 0033:0x7f36d275e919
[   35.156127][ T3626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   35.175778][ T3626] RSP: 002b:00007f36d0dd1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   35.184255][ T3626] RAX: ffffffffffffffda RBX: 00007f36d2915fa0 RCX: 00007f36d275e919
[   35.192217][ T3626] RDX: 000000002400c080 RSI: 0000000020000280 RDI: 0000000000000003
[   35.200182][ T3626] RBP: 00007f36d0dd1090 R08: 0000000000000000 R09: 0000000000000000
[   35.208269][ T3626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   35.216231][ T3626] R13: 0000000000000000 R14: 00007f36d2915fa0 R15: 00007ffdbd9edb68
[   35.224231][ T3626]  </TASK>
[   35.233407][ T3630] veth0_macvtap: left promiscuous mode
[   35.241292][ T3630] veth0_macvtap: entered promiscuous mode
[   35.250328][ T3630] team0: Device macvtap0 failed to register rx_handler
[   35.251524][ T3641] FAULT_INJECTION: forcing a failure.
[   35.251524][ T3641] name failslab, interval 1, probability 0, space 0, times 0
[   35.269878][ T3641] CPU: 1 UID: 0 PID: 3641 Comm: syz.3.65 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   35.280018][ T3641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   35.290094][ T3641] Call Trace:
[   35.293357][ T3641]  <TASK>
[   35.296269][ T3641]  dump_stack_lvl+0xf2/0x150
[   35.300860][ T3641]  dump_stack+0x15/0x20
[   35.305013][ T3641]  should_fail_ex+0x223/0x230
[   35.309692][ T3641]  should_failslab+0x8f/0xb0
[   35.314355][ T3641]  kmem_cache_alloc_node_noprof+0x59/0x320
[   35.320336][ T3641]  ? __alloc_skb+0x10b/0x310
[   35.324938][ T3641]  __alloc_skb+0x10b/0x310
[   35.329399][ T3641]  ? audit_log_start+0x34c/0x6b0
[   35.334352][ T3641]  audit_log_start+0x368/0x6b0
[   35.339129][ T3641]  audit_seccomp+0x4b/0x130
[   35.343664][ T3641]  __seccomp_filter+0x6fa/0x1180
[   35.348665][ T3641]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   35.354362][ T3641]  ? vfs_write+0x596/0x920
[   35.358771][ T3641]  __secure_computing+0x9f/0x1c0
[   35.363695][ T3641]  syscall_trace_enter+0xd1/0x1f0
[   35.368705][ T3641]  ? fpregs_assert_state_consistent+0x83/0xa0
[   35.374826][ T3641]  do_syscall_64+0xaa/0x1c0
[   35.379339][ T3641]  ? clear_bhb_loop+0x55/0xb0
[   35.384017][ T3641]  ? clear_bhb_loop+0x55/0xb0
[   35.388725][ T3641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   35.394662][ T3641] RIP: 0033:0x7f36d275e919
[   35.399098][ T3641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   35.418809][ T3641] RSP: 002b:00007f36d0dd1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001cb
[   35.427205][ T3641] RAX: ffffffffffffffda RBX: 00007f36d2915fa0 RCX: 00007f36d275e919
[   35.435349][ T3641] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000065
[   35.443305][ T3641] RBP: 00007f36d0dd1090 R08: 0000000000000000 R09: 0000000000000000
[   35.451270][ T3641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   35.459294][ T3641] R13: 0000000000000000 R14: 00007f36d2915fa0 R15: 00007ffdbd9edb68
[   35.467256][ T3641]  </TASK>
[   35.470463][ T3630] veth0_macvtap: left promiscuous mode
[   35.481046][ T3636] syzkaller0: tun_chr_ioctl cmd 1074025677
[   35.486922][ T3636] syzkaller0: Linktype set failed because interface is up
[   35.506592][ T3648] syz.0.67[3648] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.506724][ T3648] syz.0.67[3648] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.510429][ T3634] team0: Device gtp0 is of different type
[   35.518317][ T3648] syz.0.67[3648] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.572798][   T50] syzkaller0: tun_net_xmit 76
[   35.588864][   T50] syzkaller0: tun_net_xmit 48
[   35.603669][ T3654] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[   35.631731][ T3658] loop3: detected capacity change from 0 to 256
[   35.638821][ T3659] loop1: detected capacity change from 0 to 512
[   35.639332][ T3658] FAT-fs (loop3): bogus number of FAT sectors
[   35.651350][ T3658] FAT-fs (loop3): Can't find a valid FAT filesystem
[   35.659688][ T3659] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[   35.678700][ T3659] EXT4-fs (loop1): corrupt root inode, run e2fsck
[   35.699432][ T3659] EXT4-fs (loop1): mount failed
[   35.802299][ T3675] netlink: 16 bytes leftover after parsing attributes in process `syz.1.77'.
[   35.816892][ T3676] loop4: detected capacity change from 0 to 512
[   35.819106][ T3672] syzkaller1: entered promiscuous mode
[   35.828707][ T3672] syzkaller1: entered allmulticast mode
[   35.839371][ T3664] syzkaller0: tun_chr_ioctl cmd 1074025677
[   35.845288][ T3664] syzkaller0: Linktype set failed because interface is up
[   35.854285][ T3676] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[   35.862718][ T3398] syzkaller0: tun_net_xmit 76
[   35.896838][ T3681] x_tables: eb_tables: nflog.0 target: invalid size 80 (kernel) != (user) 0
[   35.910287][ T3676] EXT4-fs (loop4): corrupt root inode, run e2fsck
[   35.920877][ T3676] EXT4-fs (loop4): mount failed
[   35.938776][ T3687] netlink: 4 bytes leftover after parsing attributes in process `syz.1.81'.
[   35.955474][ T3691] netlink: 5 bytes leftover after parsing attributes in process `syz.4.82'.
[   35.959912][ T3687] netlink: 8 bytes leftover after parsing attributes in process `syz.1.81'.
[   35.970009][ T3691] 0ªX¹¦D: renamed from gretap0 (while UP)
[   35.981677][ T3691] 0ªX¹¦D: entered allmulticast mode
[   35.987502][ T3691] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[   36.008868][ T3691] loop4: detected capacity change from 0 to 512
[   36.037193][ T3691] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   36.059570][ T3691] EXT4-fs (loop4): orphan cleanup on readonly fs
[   36.073050][ T3691] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.82: Failed to acquire dquot type 1
[   36.085216][ T3691] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.82: bg 0: block 40: padding at end of block bitmap is not set
[   36.101593][ T3691] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   36.110871][ T3691] EXT4-fs (loop4): 1 truncate cleaned up
[   36.117401][ T3691] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   36.117740][ T3709] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.149755][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.174653][ T3713] loop1: detected capacity change from 0 to 256
[   36.176109][ T3715] loop4: detected capacity change from 0 to 256
[   36.198513][ T3709] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.239465][ T3717] loop4: detected capacity change from 0 to 512
[   36.248773][ T3717] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   36.274374][ T3717] EXT4-fs (loop4): 1 truncate cleaned up
[   36.280682][ T3717] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.309003][ T3724] syz.2.92 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   36.328319][ T3709] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.340773][ T3719] hub 9-0:1.0: USB hub found
[   36.342693][ T3726] loop2: detected capacity change from 0 to 256
[   36.345532][ T3719] hub 9-0:1.0: 8 ports detected
[   36.352608][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.366134][ T3726] FAT-fs (loop2): bogus number of FAT sectors
[   36.372324][ T3726] FAT-fs (loop2): Can't find a valid FAT filesystem
[   36.414586][ T3709] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.512700][ T3741] loop2: detected capacity change from 0 to 256
[   36.514515][ T3743] netlink: 16 bytes leftover after parsing attributes in process `syz.1.101'.
[   36.551030][ T3709] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   36.574052][ T3748] loop4: detected capacity change from 0 to 256
[   36.590976][ T3748] FAT-fs (loop4): bogus number of FAT sectors
[   36.593307][ T3709] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   36.597072][ T3748] FAT-fs (loop4): Can't find a valid FAT filesystem
[   36.625495][ T3709] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   36.650395][ T3709] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   36.664032][ T3756] syz.1.106[3756] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.664141][ T3756] syz.1.106[3756] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.719352][ T3764] syz.0.108[3764] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.740166][ T3756] syz.1.106[3756] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.745826][ T3767] netlink: 'syz.3.109': attribute type 10 has an invalid length.
[   36.754403][ T3764] syz.0.108[3764] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.776910][ T3769] FAULT_INJECTION: forcing a failure.
[   36.776910][ T3769] name failslab, interval 1, probability 0, space 0, times 0
[   36.779564][ T3764] syz.0.108[3764] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.788347][ T3769] CPU: 0 UID: 0 PID: 3769 Comm: syz.2.110 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   36.822346][ T3769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   36.832415][ T3769] Call Trace:
[   36.835689][ T3769]  <TASK>
[   36.838611][ T3769]  dump_stack_lvl+0xf2/0x150
[   36.843246][ T3769]  dump_stack+0x15/0x20
[   36.847402][ T3769]  should_fail_ex+0x223/0x230
[   36.852096][ T3769]  should_failslab+0x8f/0xb0
[   36.856687][ T3769]  kmem_cache_alloc_noprof+0x52/0x320
[   36.862060][ T3769]  ? security_inode_alloc+0x37/0x100
[   36.867355][ T3769]  security_inode_alloc+0x37/0x100
[   36.872462][ T3769]  inode_init_always_gfp+0x4a2/0x4f0
[   36.877783][ T3769]  ? __pfx_shmem_alloc_inode+0x10/0x10
[   36.883260][ T3769]  alloc_inode+0x82/0x160
[   36.887618][ T3769]  new_inode+0x1e/0x100
[   36.891772][ T3769]  shmem_get_inode+0x24e/0x730
[   36.896535][ T3769]  __shmem_file_setup+0x127/0x1f0
[   36.901636][ T3769]  shmem_file_setup+0x3b/0x50
[   36.906307][ T3769]  __se_sys_memfd_create+0x31d/0x5c0
[   36.911593][ T3769]  __x64_sys_memfd_create+0x31/0x40
[   36.916791][ T3769]  x64_sys_call+0x2d4c/0x2dc0
[   36.921636][ T3769]  do_syscall_64+0xc9/0x1c0
[   36.926187][ T3769]  ? clear_bhb_loop+0x55/0xb0
[   36.930934][ T3769]  ? clear_bhb_loop+0x55/0xb0
[   36.935610][ T3769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   36.941554][ T3769] RIP: 0033:0x7fd53ca0e919
[   36.946062][ T3769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   36.965691][ T3769] RSP: 002b:00007fd53b086d68 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   36.974110][ T3769] RAX: ffffffffffffffda RBX: 00000000000005d2 RCX: 00007fd53ca0e919
[   36.982083][ T3769] RDX: 00007fd53b086dec RSI: 0000000000000000 RDI: 00007fd53ca821ea
[   36.990091][ T3769] RBP: 0000000020000000 R08: 00007fd53b086b07 R09: 0000000000000000
[   36.998055][ T3769] R10: 000000000000000a R11: 0000000000000202 R12: 0000000000000001
[   37.006152][ T3769] R13: 00007fd53b086dec R14: 00007fd53b086df0 R15: 00007ffcdf18a668
[   37.014118][ T3769]  </TASK>
[   37.043135][ T3767] veth0_macvtap: left promiscuous mode
[   37.055805][ T3767] veth0_macvtap: entered promiscuous mode
[   37.062616][ T3767] team0: Device macvtap0 failed to register rx_handler
[   37.072187][ T3767] veth0_macvtap: left promiscuous mode
[   37.072992][ T3775] loop4: detected capacity change from 0 to 1024
[   37.081309][ T3773] loop1: detected capacity change from 0 to 256
[   37.091558][ T3775] EXT4-fs: Ignoring removed mblk_io_submit option
[   37.094317][   T29] kauditd_printk_skb: 597 callbacks suppressed
[   37.094344][   T29] audit: type=1326 audit(1732643022.246:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3766 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   37.127624][   T29] audit: type=1326 audit(1732643022.246:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3766 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   37.151130][ T3773] FAT-fs (loop1): bogus number of FAT sectors
[   37.157211][ T3773] FAT-fs (loop1): Can't find a valid FAT filesystem
[   37.188027][ T3775] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.200130][ T3778] loop2: detected capacity change from 0 to 512
[   37.245450][   T29] audit: type=1400 audit(1732643022.376:725): avc:  denied  { setattr } for  pid=3774 comm="syz.4.113" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   37.267318][   T29] audit: type=1326 audit(1732643022.386:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3788 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bcfe7e919 code=0x7ffc0000
[   37.290641][   T29] audit: type=1326 audit(1732643022.386:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3788 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bcfe7e919 code=0x7ffc0000
[   37.313924][   T29] audit: type=1326 audit(1732643022.386:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3788 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f6bcfe7e919 code=0x7ffc0000
[   37.337130][   T29] audit: type=1326 audit(1732643022.386:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3788 comm="syz.1.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bcfe7e919 code=0x7ffc0000
[   37.363087][ T3790] syzkaller1: entered promiscuous mode
[   37.368776][ T3790] syzkaller1: entered allmulticast mode
[   37.381724][ T3793] hub 9-0:1.0: USB hub found
[   37.385783][ T3775] pim6reg: entered allmulticast mode
[   37.390359][ T3793] hub 9-0:1.0: 8 ports detected
[   37.393519][   T29] audit: type=1400 audit(1732643022.546:730): avc:  denied  { read } for  pid=3774 comm="syz.4.113" dev="sockfs" ino=5645 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   37.410463][ T3778] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   37.421517][   T29] audit: type=1400 audit(1732643022.576:731): avc:  denied  { write } for  pid=3774 comm="syz.4.113" name="file0" dev="tmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   37.425768][ T3778] EXT4-fs (loop2): orphan cleanup on readonly fs
[   37.447774][   T29] audit: type=1400 audit(1732643022.576:732): avc:  denied  { open } for  pid=3774 comm="syz.4.113" path="/21/file0" dev="tmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   37.455359][ T3778] EXT4-fs warning (device loop2): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   37.490132][ T3801] loop1: detected capacity change from 0 to 512
[   37.492981][ T3778] EXT4-fs (loop2): Cannot turn on quotas: error -117
[   37.498643][ T3801] EXT4-fs: Ignoring removed oldalloc option
[   37.504773][ T3778] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.112: bg 0: block 40: padding at end of block bitmap is not set
[   37.517089][ T3801] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   37.524938][ T3778] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   37.544084][ T3778] EXT4-fs (loop2): 1 truncate cleaned up
[   37.547673][ T3774] pim6reg: left allmulticast mode
[   37.555101][ T3778] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   37.556207][ T3801] EXT4-fs (loop1): 1 truncate cleaned up
[   37.580117][ T3801] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.614933][ T3804] loop3: detected capacity change from 0 to 2048
[   37.630120][ T3778] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #16: comm syz.2.112: corrupted xattr block 31: invalid header
[   37.645171][ T3804] ext4: Unknown parameter 'GPL'
[   37.645208][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.662629][ T3778] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=16
[   37.671811][ T3778] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #16: comm syz.2.112: corrupted xattr block 31: invalid header
[   37.749782][ T3778] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=16
[   37.760257][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.774221][ T3778] EXT4-fs error (device loop2): ext4_get_link:106: inode #16: comm syz.2.112: bad symlink.
[   37.781150][ T3817] loop3: detected capacity change from 0 to 128
[   37.818664][ T3817] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   37.851351][ T3332] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.853370][ T3817] ext4 filesystem being mounted at /23/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   37.974924][ T3321] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   38.032117][ T3874] loop1: detected capacity change from 0 to 512
[   38.054762][ T3874] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   38.083850][ T3881] loop4: detected capacity change from 0 to 256
[   38.094074][ T3864] hub 9-0:1.0: USB hub found
[   38.095421][ T3881] FAT-fs (loop4): bogus number of FAT sectors
[   38.104909][ T3881] FAT-fs (loop4): Can't find a valid FAT filesystem
[   38.109587][ T3864] hub 9-0:1.0: 8 ports detected
[   38.117466][ T3884] netlink: 'syz.2.137': attribute type 3 has an invalid length.
[   38.135845][ T3874] EXT4-fs (loop1): 1 truncate cleaned up
[   38.147996][ T3874] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.214953][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.215511][ T3896] __nla_validate_parse: 2 callbacks suppressed
[   38.215524][ T3896] netlink: 16 bytes leftover after parsing attributes in process `syz.2.139'.
[   38.356567][ T3919] loop4: detected capacity change from 0 to 256
[   38.397157][ T3925] SELinux:  Context system_u:object_r:ppp_device_t:s0 is not valid (left unmapped).
[   38.439717][ T3932] loop1: detected capacity change from 0 to 256
[   38.449707][ T3925] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   38.470208][ T3932] FAT-fs (loop1): bogus number of FAT sectors
[   38.476326][ T3932] FAT-fs (loop1): Can't find a valid FAT filesystem
[   38.487053][ T3937] netlink: 16 bytes leftover after parsing attributes in process `syz.0.153'.
[   38.528618][ T3940] hub 9-0:1.0: USB hub found
[   38.559249][ T3940] hub 9-0:1.0: 8 ports detected
[   38.626793][ T3951] FAULT_INJECTION: forcing a failure.
[   38.626793][ T3951] name failslab, interval 1, probability 0, space 0, times 0
[   38.639555][ T3951] CPU: 0 UID: 0 PID: 3951 Comm: syz.0.159 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   38.649805][ T3951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   38.659876][ T3951] Call Trace:
[   38.663172][ T3951]  <TASK>
[   38.666094][ T3951]  dump_stack_lvl+0xf2/0x150
[   38.670691][ T3951]  dump_stack+0x15/0x20
[   38.674902][ T3951]  should_fail_ex+0x223/0x230
[   38.679591][ T3951]  should_failslab+0x8f/0xb0
[   38.684177][ T3951]  __kmalloc_noprof+0xab/0x3f0
[   38.688940][ T3951]  ? alloc_pipe_info+0x1cb/0x360
[   38.693924][ T3951]  alloc_pipe_info+0x1cb/0x360
[   38.698682][ T3951]  splice_direct_to_actor+0x60f/0x670
[   38.704061][ T3951]  ? __pfx_direct_splice_actor+0x10/0x10
[   38.709696][ T3951]  ? 0xffffffff81000000
[   38.713840][ T3951]  ? selinux_file_permission+0x22a/0x360
[   38.719479][ T3951]  ? __rcu_read_unlock+0x4e/0x70
[   38.724427][ T3951]  ? avc_policy_seqno+0x15/0x20
[   38.729283][ T3951]  ? selinux_file_permission+0x22a/0x360
[   38.734916][ T3951]  do_splice_direct+0xd7/0x150
[   38.739682][ T3951]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   38.745573][ T3951]  do_sendfile+0x398/0x660
[   38.749988][ T3951]  __x64_sys_sendfile64+0x110/0x150
[   38.755223][ T3951]  x64_sys_call+0xfbd/0x2dc0
[   38.759831][ T3951]  do_syscall_64+0xc9/0x1c0
[   38.764457][ T3951]  ? clear_bhb_loop+0x55/0xb0
[   38.769208][ T3951]  ? clear_bhb_loop+0x55/0xb0
[   38.773920][ T3951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   38.779840][ T3951] RIP: 0033:0x7f22099be919
[   38.784292][ T3951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   38.803893][ T3951] RSP: 002b:00007f2208031038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   38.812364][ T3951] RAX: ffffffffffffffda RBX: 00007f2209b75fa0 RCX: 00007f22099be919
[   38.820407][ T3951] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006
[   38.828372][ T3951] RBP: 00007f2208031090 R08: 0000000000000000 R09: 0000000000000000
[   38.836342][ T3951] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[   38.844308][ T3951] R13: 0000000000000000 R14: 00007f2209b75fa0 R15: 00007ffc6c32c6b8
[   38.852361][ T3951]  </TASK>
[   38.856066][ T3944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   38.864750][ T3944] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   38.991356][ T3968] netlink: 32 bytes leftover after parsing attributes in process `syz.2.165'.
[   39.034772][ T3968] IPVS: persistence engine module ip_vs_pe_@ not found
[   39.103576][ T3980] netlink: 16 bytes leftover after parsing attributes in process `syz.3.170'.
[   39.129236][ T3984] loop2: detected capacity change from 0 to 256
[   39.137213][ T3984] FAT-fs (loop2): bogus number of FAT sectors
[   39.143381][ T3984] FAT-fs (loop2): Can't find a valid FAT filesystem
[   39.230407][ T3993] netlink: 'syz.3.174': attribute type 10 has an invalid length.
[   39.246611][ T3993] veth0_macvtap: entered promiscuous mode
[   39.256201][ T3993] team0: Device macvtap0 failed to register rx_handler
[   39.274667][ T3993] veth0_macvtap: left promiscuous mode
[   39.333439][ T3993] syz.3.174 (3993) used greatest stack depth: 10448 bytes left
[   39.489635][ T4012] netlink: 'syz.3.183': attribute type 10 has an invalid length.
[   39.515082][ T4012] veth0_macvtap: entered promiscuous mode
[   39.541417][ T4012] team0: Device macvtap0 failed to register rx_handler
[   39.555268][ T4017] loop2: detected capacity change from 0 to 256
[   39.562464][ T4012] veth0_macvtap: left promiscuous mode
[   39.569341][ T4017] FAT-fs (loop2): bogus number of FAT sectors
[   39.575509][ T4017] FAT-fs (loop2): Can't find a valid FAT filesystem
[   39.594820][ T3322] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[   39.605904][ T3322] CPU: 0 UID: 0 PID: 3322 Comm: syz-executor Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   39.616482][ T3322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   39.626591][ T3322] Call Trace:
[   39.629897][ T3322]  <TASK>
[   39.632935][ T3322]  dump_stack_lvl+0xf2/0x150
[   39.637640][ T3322]  dump_stack+0x15/0x20
[   39.641809][ T3322]  dump_header+0x83/0x2d0
[   39.646167][ T3322]  oom_kill_process+0x341/0x4c0
[   39.651024][ T3322]  out_of_memory+0x9af/0xbe0
[   39.655625][ T3322]  ? css_next_descendant_pre+0x11c/0x140
[   39.661364][ T3322]  mem_cgroup_out_of_memory+0x13e/0x190
[   39.666906][ T3322]  try_charge_memcg+0x508/0x7f0
[   39.671840][ T3322]  charge_memcg+0x50/0xc0
[   39.676251][ T3322]  __mem_cgroup_charge+0x29/0xb0
[   39.681186][ T3322]  filemap_add_folio+0x53/0x1b0
[   39.686038][ T3322]  __filemap_get_folio+0x2f1/0x5b0
[   39.691211][ T3322]  filemap_fault+0x46d/0xb30
[   39.695869][ T3322]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[   39.701672][ T3322]  __do_fault+0xb6/0x200
[   39.705990][ T3322]  handle_mm_fault+0xe98/0x2ac0
[   39.710959][ T3322]  exc_page_fault+0x3b9/0x650
[   39.715642][ T3322]  asm_exc_page_fault+0x26/0x30
[   39.720555][ T3322] RIP: 0033:0x7f6bcfd541c4
[   39.725036][ T3322] Code: db 34 b6 d7 82 de 1b 43 48 f7 a4 24 88 00 00 00 48 8b 05 df 15 e1 00 48 69 8c 24 80 00 00 00 e8 03 00 00 48 c1 ea 12 48 01 ca <8b> 48 08 39 4c 24 18 48 89 d0 4c 0f 45 ea 4c 29 f0 48 3b 05 c4 14
[   39.744637][ T3322] RSP: 002b:00007fff5acb3470 EFLAGS: 00010202
[   39.750696][ T3322] RAX: 0000001b33120000 RBX: 0000000000000062 RCX: 0000000000009858
[   39.758656][ T3322] RDX: 0000000000009a3d RSI: 00007fff5acb34f0 RDI: 0000000000000001
[   39.766671][ T3322] RBP: 00007fff5acb349c R08: 000000001cf30c5a R09: 7fffffffffffffff
[   39.774634][ T3322] R10: 00007f6bd0b71038 R11: 0000000000000010 R12: 0000000000000032
[   39.782760][ T3322] R13: 00000000000097e3 R14: 00000000000096d5 R15: 00007fff5acb34f0
[   39.790726][ T3322]  </TASK>
[   39.793841][ T3322] memory: usage 307200kB, limit 307200kB, failcnt 403
[   39.800791][ T3322] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0
[   39.808722][ T3322] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0
[   39.816045][ T3322] Memory cgroup stats for /syz1:
[   39.838433][ T3322] cache 0
[   39.846339][ T3322] rss 0
[   39.849150][ T3322] shmem 0
[   39.852161][ T3322] mapped_file 0
[   39.855615][ T3322] dirty 0
[   39.858647][ T3322] writeback 0
[   39.861945][ T3322] workingset_refault_anon 20
[   39.866518][ T3322] workingset_refault_file 0
[   39.871146][ T3322] swap 184320
[   39.874477][ T3322] swapcached 20480
[   39.878260][ T3322] pgpgin 2706
[   39.881541][ T3322] pgpgout 2701
[   39.884903][ T3322] pgfault 6390
[   39.888318][ T3322] pgmajfault 11
[   39.891765][ T3322] inactive_anon 0
[   39.895416][ T3322] active_anon 20480
[   39.899275][ T3322] inactive_file 0
[   39.903059][ T3322] active_file 0
[   39.906522][ T3322] unevictable 0
[   39.910007][ T3322] hierarchical_memory_limit 314572800
[   39.915376][ T3322] hierarchical_memsw_limit 9223372036854771712
[   39.921604][ T3322] total_cache 0
[   39.925058][ T3322] total_rss 0
[   39.928405][ T3322] total_shmem 0
[   39.931902][ T3322] total_mapped_file 0
[   39.935868][ T3322] total_dirty 0
[   39.939352][ T3322] total_writeback 0
[   39.943155][ T3322] total_workingset_refault_anon 20
[   39.945382][ T4027] loop4: detected capacity change from 0 to 2048
[   39.948287][ T3322] total_workingset_refault_file 0
[   39.948297][ T3322] total_swap 184320
[   39.963454][ T3322] total_swapcached 20480
[   39.967751][ T3322] total_pgpgin 2706
[   39.971551][ T3322] total_pgpgout 2701
[   39.975431][ T3322] total_pgfault 6390
[   39.979368][ T3322] total_pgmajfault 11
[   39.983391][ T3322] total_inactive_anon 0
[   39.987567][ T3322] total_active_anon 20480
[   39.991934][ T3322] total_inactive_file 0
[   39.996097][ T3322] total_active_file 0
[   40.000152][ T3322] total_unevictable 0
[   40.004122][ T3322] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.161,pid=3954,uid=0
[   40.018670][ T3322] Memory cgroup out of memory: Killed process 3954 (syz.1.161) total-vm:95184kB, anon-rss:720kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[   40.067824][ T4027] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.088611][ T3954] syz.1.161 (3954) used greatest stack depth: 9888 bytes left
[   40.098791][ T4027] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.203211][ T4046] tmpfs: Bad value for 'nr_blocks'
[   40.241924][ T4050] netlink: 'syz.4.198': attribute type 10 has an invalid length.
[   40.250945][ T4050] veth0_macvtap: entered promiscuous mode
[   40.259736][ T4050] team0: Device macvtap0 failed to register rx_handler
[   40.270709][ T4050] veth0_macvtap: left promiscuous mode
[   40.281068][ T4053] loop3: detected capacity change from 0 to 512
[   40.287317][ T4060] loop2: detected capacity change from 0 to 512
[   40.288395][ T4060] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   40.303919][ T4053] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   40.307155][ T4060] EXT4-fs (loop2): 1 truncate cleaned up
[   40.320844][ T4060] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.341232][ T4053] EXT4-fs (loop3): 1 truncate cleaned up
[   40.347312][ T4053] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.356583][ T4066] netlink: 16 bytes leftover after parsing attributes in process `syz.4.203'.
[   40.379077][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.389327][ T3332] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.474308][ T4079] loop3: detected capacity change from 0 to 1024
[   40.489421][ T4082] netlink: 20 bytes leftover after parsing attributes in process `syz.1.209'.
[   40.499724][ T4080] netlink: 'syz.2.204': attribute type 10 has an invalid length.
[   40.508161][ T4080] veth0_macvtap: left promiscuous mode
[   40.524971][ T4080] veth0_macvtap: entered promiscuous mode
[   40.532106][ T4079] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.538897][ T4083] loop4: detected capacity change from 0 to 2048
[   40.551702][ T4080] team0: Device macvtap0 failed to register rx_handler
[   40.559149][ T4080] veth0_macvtap: left promiscuous mode
[   40.588978][ T4090] Cannot find del_set index 0 as target
[   40.595505][ T4090] netlink: 12 bytes leftover after parsing attributes in process `syz.1.211'.
[   40.614345][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.625264][ T4083] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.640120][ T4083] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.669520][ T4099] loop3: detected capacity change from 0 to 512
[   40.676887][ T4101] bond1 (unregistering): Released all slaves
[   40.691016][ T4099] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   40.703293][ T4099] EXT4-fs (loop3): 1 truncate cleaned up
[   40.709615][ T4099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.725993][ T4090] loop1: detected capacity change from 0 to 512
[   40.735843][ T4090] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   40.745880][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.762528][ T4090] EXT4-fs error (device loop1): ext4_orphan_get:1389: inode #17: comm syz.1.211: iget: bad i_size value: -6917529027641081756
[   40.776781][ T4108] Illegal XDP return value 4294967274 on prog  (id 136) dev N/A, expect packet loss!
[   40.776853][ T4090] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.211: couldn't read orphan inode 17 (err -117)
[   40.811527][ T4090] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.834762][ T4111] loop4: detected capacity change from 0 to 512
[   40.841733][ T4090] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.211: bg 0: block 65: padding at end of block bitmap is not set
[   40.879140][ T4090] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.211: Failed to acquire dquot type 0
[   40.900841][ T4111] EXT4-fs (loop4): too many log groups per flexible block group
[   40.908756][ T4111] EXT4-fs (loop4): failed to initialize mballoc (-12)
[   40.915603][ T4111] EXT4-fs (loop4): mount failed
[   40.930145][ T4117] syz.0.219[4117] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   40.930229][ T4117] syz.0.219[4117] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   40.932162][ T4090] syz.1.211 (4090) used greatest stack depth: 9416 bytes left
[   40.944765][ T4117] syz.0.219[4117] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   40.998655][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.193408][ T4145] FAULT_INJECTION: forcing a failure.
[   41.193408][ T4145] name failslab, interval 1, probability 0, space 0, times 0
[   41.206103][ T4145] CPU: 1 UID: 0 PID: 4145 Comm: syz.0.227 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   41.216349][ T4145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   41.226443][ T4145] Call Trace:
[   41.229716][ T4145]  <TASK>
[   41.232741][ T4145]  dump_stack_lvl+0xf2/0x150
[   41.237370][ T4145]  dump_stack+0x15/0x20
[   41.241540][ T4145]  should_fail_ex+0x223/0x230
[   41.246266][ T4145]  should_failslab+0x8f/0xb0
[   41.250890][ T4145]  kmem_cache_alloc_noprof+0x52/0x320
[   41.256314][ T4145]  ? audit_log_start+0x34c/0x6b0
[   41.261333][ T4145]  audit_log_start+0x34c/0x6b0
[   41.266172][ T4145]  ? sysvec_reschedule_ipi+0x21/0x110
[   41.271544][ T4145]  audit_seccomp+0x4b/0x130
[   41.276147][ T4145]  __seccomp_filter+0x6fa/0x1180
[   41.281154][ T4145]  ? plist_check_list+0x1f3/0x220
[   41.286230][ T4145]  ? tracing_record_taskinfo_sched_switch+0x6f/0x270
[   41.293065][ T4145]  __secure_computing+0x9f/0x1c0
[   41.298005][ T4145]  syscall_trace_enter+0xd1/0x1f0
[   41.303126][ T4145]  do_syscall_64+0xaa/0x1c0
[   41.307683][ T4145]  ? clear_bhb_loop+0x55/0xb0
[   41.312435][ T4145]  ? clear_bhb_loop+0x55/0xb0
[   41.317122][ T4145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.323120][ T4145] RIP: 0033:0x7f22099be919
[   41.327605][ T4145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.347223][ T4145] RSP: 002b:00007f2208031038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   41.355679][ T4145] RAX: ffffffffffffffda RBX: 00007f2209b75fa0 RCX: 00007f22099be919
[   41.355692][ T4145] RDX: 0000000000000810 RSI: 0000000020000240 RDI: 0000000000000007
[   41.355704][ T4145] RBP: 00007f2208031090 R08: 0000000000000000 R09: 0000000000000000
[   41.355717][ T4145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   41.355730][ T4145] R13: 0000000000000000 R14: 00007f2209b75fa0 R15: 00007ffc6c32c6b8
[   41.355763][ T4145]  </TASK>
[   41.408473][ T4153] loop4: detected capacity change from 0 to 512
[   41.422781][ T4145] lo speed is unknown, defaulting to 1000
[   41.428744][ T4145] lo speed is unknown, defaulting to 1000
[   41.435804][ T4145] lo speed is unknown, defaulting to 1000
[   41.436246][ T4153] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.223: Failed to acquire dquot type 1
[   41.453586][ T4153] EXT4-fs (loop4): 1 truncate cleaned up
[   41.462226][ T4153] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.474837][ T4153] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.475918][ T4145] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   41.520697][ T4145] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   41.545245][ T4145] lo speed is unknown, defaulting to 1000
[   41.558666][ T4145] lo speed is unknown, defaulting to 1000
[   41.575431][ T4145] lo speed is unknown, defaulting to 1000
[   41.581873][ T4145] lo speed is unknown, defaulting to 1000
[   41.587992][ T4145] lo speed is unknown, defaulting to 1000
[   41.693350][ T4178] FAULT_INJECTION: forcing a failure.
[   41.693350][ T4178] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   41.706495][ T4178] CPU: 1 UID: 0 PID: 4178 Comm: syz.0.232 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   41.716819][ T4178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   41.726938][ T4178] Call Trace:
[   41.730402][ T4178]  <TASK>
[   41.733342][ T4178]  dump_stack_lvl+0xf2/0x150
[   41.738068][ T4178]  dump_stack+0x15/0x20
[   41.742299][ T4178]  should_fail_ex+0x223/0x230
[   41.747007][ T4178]  should_fail+0xb/0x10
[   41.751253][ T4178]  should_fail_usercopy+0x1a/0x20
[   41.756342][ T4178]  _copy_to_user+0x20/0xa0
[   41.760771][ T4178]  simple_read_from_buffer+0xa0/0x110
[   41.766153][ T4178]  proc_fail_nth_read+0xf9/0x140
[   41.771241][ T4178]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   41.776803][ T4178]  vfs_read+0x1a2/0x700
[   41.780971][ T4178]  ? do_msgrcv+0x1cf/0x9f0
[   41.785497][ T4178]  ? __rcu_read_unlock+0x4e/0x70
[   41.790448][ T4178]  ? __fget_files+0x17c/0x1c0
[   41.795251][ T4178]  ksys_read+0xe8/0x1b0
[   41.799420][ T4178]  __x64_sys_read+0x42/0x50
[   41.803963][ T4178]  x64_sys_call+0x2874/0x2dc0
[   41.808667][ T4178]  do_syscall_64+0xc9/0x1c0
[   41.813181][ T4178]  ? clear_bhb_loop+0x55/0xb0
[   41.817872][ T4178]  ? clear_bhb_loop+0x55/0xb0
[   41.822611][ T4178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.828566][ T4178] RIP: 0033:0x7f22099bd35c
[   41.832977][ T4178] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   41.852614][ T4178] RSP: 002b:00007f2208031030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   41.852635][ T4178] RAX: ffffffffffffffda RBX: 00007f2209b75fa0 RCX: 00007f22099bd35c
[   41.852647][ T4178] RDX: 000000000000000f RSI: 00007f22080310a0 RDI: 0000000000000003
[   41.852660][ T4178] RBP: 00007f2208031090 R08: 0000000000000000 R09: 0000000000000000
[   41.885038][ T4178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   41.893024][ T4178] R13: 0000000000000000 R14: 00007f2209b75fa0 R15: 00007ffc6c32c6b8
[   41.901047][ T4178]  </TASK>
[   41.955404][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.966465][ T4180] syz.0.233[4180] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   41.966518][ T4180] syz.0.233[4180] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   41.978202][ T4180] syz.0.233[4180] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   42.000648][ T4185] loop4: detected capacity change from 0 to 256
[   42.033850][ T4185] FAT-fs (loop4): bogus number of FAT sectors
[   42.040002][ T4185] FAT-fs (loop4): Can't find a valid FAT filesystem
[   42.061702][ T4190] loop3: detected capacity change from 0 to 256
[   42.125012][   T29] kauditd_printk_skb: 479 callbacks suppressed
[   42.125027][   T29] audit: type=1326 audit(1732643027.268:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4189 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   42.156880][   T29] audit: type=1326 audit(1732643027.268:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4189 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   42.180279][   T29] audit: type=1326 audit(1732643027.278:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4189 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   42.203869][   T29] audit: type=1326 audit(1732643027.278:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4189 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   42.227391][   T29] audit: type=1326 audit(1732643027.278:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4189 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   42.232383][ T4199] netlink: 4 bytes leftover after parsing attributes in process `syz.4.239'.
[   42.250942][   T29] audit: type=1326 audit(1732643027.278:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4189 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   42.283140][   T29] audit: type=1326 audit(1732643027.278:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4189 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   42.306557][   T29] audit: type=1326 audit(1732643027.278:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4189 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   42.329874][   T29] audit: type=1326 audit(1732643027.278:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4189 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   42.353266][   T29] audit: type=1326 audit(1732643027.278:1214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4189 comm="syz.3.236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36d275e919 code=0x7ffc0000
[   42.420990][ T4202] syz.3.240[4202] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   42.421103][ T4202] syz.3.240[4202] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   42.432439][ T4202] syz.3.240[4202] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   42.470563][ T4206] loop1: detected capacity change from 0 to 512
[   42.478681][ T4208] netlink: 'syz.0.243': attribute type 10 has an invalid length.
[   42.499029][ T4208] veth0_macvtap: entered promiscuous mode
[   42.502268][ T4206] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.505820][ T4208] team0: Device macvtap0 failed to register rx_handler
[   42.529296][ T4206] ext4 filesystem being mounted at /52/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   42.543786][ T4208] veth0_macvtap: left promiscuous mode
[   42.591105][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.624121][ T4222] lo speed is unknown, defaulting to 1000
[   42.649760][ T4225] hub 9-0:1.0: USB hub found
[   42.657036][ T4225] hub 9-0:1.0: 8 ports detected
[   42.697246][ T4227] syzkaller1: entered promiscuous mode
[   42.702956][ T4227] syzkaller1: entered allmulticast mode
[   42.725922][ T4234] loop1: detected capacity change from 0 to 256
[   42.766698][ T4239] loop2: detected capacity change from 0 to 512
[   42.790267][ T4239] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.819707][ T4239] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   42.886389][ T4245] loop1: detected capacity change from 0 to 2048
[   42.969707][ T4245] serio: Serial port ptm1
[   43.139064][ T3332] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.163888][ T4255] FAULT_INJECTION: forcing a failure.
[   43.163888][ T4255] name failslab, interval 1, probability 0, space 0, times 0
[   43.176745][ T4255] CPU: 0 UID: 0 PID: 4255 Comm: syz.2.257 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   43.187070][ T4255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   43.197174][ T4255] Call Trace:
[   43.200456][ T4255]  <TASK>
[   43.203385][ T4255]  dump_stack_lvl+0xf2/0x150
[   43.208070][ T4255]  dump_stack+0x15/0x20
[   43.212243][ T4255]  should_fail_ex+0x223/0x230
[   43.216926][ T4255]  should_failslab+0x8f/0xb0
[   43.221519][ T4255]  kmem_cache_alloc_node_noprof+0x59/0x320
[   43.227338][ T4255]  ? __alloc_skb+0x10b/0x310
[   43.232061][ T4255]  __alloc_skb+0x10b/0x310
[   43.236564][ T4255]  netlink_alloc_large_skb+0xad/0xe0
[   43.241960][ T4255]  netlink_sendmsg+0x3b4/0x6e0
[   43.246732][ T4255]  ? __pfx_netlink_sendmsg+0x10/0x10
[   43.252021][ T4255]  __sock_sendmsg+0x140/0x180
[   43.256747][ T4255]  ____sys_sendmsg+0x312/0x410
[   43.261518][ T4255]  __sys_sendmsg+0x19d/0x230
[   43.266200][ T4255]  __x64_sys_sendmsg+0x46/0x50
[   43.270971][ T4255]  x64_sys_call+0x2734/0x2dc0
[   43.275727][ T4255]  do_syscall_64+0xc9/0x1c0
[   43.280273][ T4255]  ? clear_bhb_loop+0x55/0xb0
[   43.284963][ T4255]  ? clear_bhb_loop+0x55/0xb0
[   43.289717][ T4255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.295612][ T4255] RIP: 0033:0x7fd53ca0e919
[   43.300057][ T4255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   43.319697][ T4255] RSP: 002b:00007fd53b087038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   43.328112][ T4255] RAX: ffffffffffffffda RBX: 00007fd53cbc5fa0 RCX: 00007fd53ca0e919
[   43.336157][ T4255] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
[   43.344197][ T4255] RBP: 00007fd53b087090 R08: 0000000000000000 R09: 0000000000000000
[   43.352178][ T4255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   43.360191][ T4255] R13: 0000000000000000 R14: 00007fd53cbc5fa0 R15: 00007ffcdf18a668
[   43.368289][ T4255]  </TASK>
[   43.407230][ T4258] netlink: 'syz.2.258': attribute type 10 has an invalid length.
[   43.415737][ T4258] veth0_macvtap: entered promiscuous mode
[   43.422790][ T4258] team0: Device macvtap0 failed to register rx_handler
[   43.431614][ T4258] veth0_macvtap: left promiscuous mode
[   43.487609][ T4272] netlink: 'syz.2.265': attribute type 1 has an invalid length.
[   43.538623][ T4282] hub 9-0:1.0: USB hub found
[   43.550446][ T4282] hub 9-0:1.0: 8 ports detected
[   43.559859][ T4286] syz.3.268[4286] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.559915][ T4286] syz.3.268[4286] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.572477][ T4286] syz.3.268[4286] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.677399][ T4297] process 'syz.4.272' launched './file1' with NULL argv: empty string added
[   43.734989][ T4304] netlink: 'syz.0.275': attribute type 10 has an invalid length.
[   43.743053][ T4304] veth0_macvtap: entered promiscuous mode
[   43.750037][ T4304] team0: Device macvtap0 failed to register rx_handler
[   43.757094][ T4304] veth0_macvtap: left promiscuous mode
[   43.776774][ T4307] syz.4.277[4307] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.896081][ T4313] capability: warning: `syz.0.278' uses 32-bit capabilities (legacy support in use)
[   43.936715][ T4315] hub 9-0:1.0: USB hub found
[   43.941473][ T4315] hub 9-0:1.0: 8 ports detected
[   43.942801][ T4316] lo speed is unknown, defaulting to 1000
[   43.976326][ T4316] syzkaller1: entered promiscuous mode
[   43.981872][ T4316] syzkaller1: entered allmulticast mode
[   44.420937][ T4336] netlink: 'syz.0.287': attribute type 10 has an invalid length.
[   44.429177][ T4336] veth0_macvtap: entered promiscuous mode
[   44.435910][ T4336] team0: Device macvtap0 failed to register rx_handler
[   44.443302][ T4336] veth0_macvtap: left promiscuous mode
[   44.460467][ T4326] loop3: detected capacity change from 0 to 2048
[   44.479926][ T4326] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.502557][ T4346] netlink: 'syz.1.282': attribute type 10 has an invalid length.
[   44.510624][ T4326] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.519938][ T4346] veth0_macvtap: entered promiscuous mode
[   44.528434][ T4346] team0: Device macvtap0 failed to register rx_handler
[   44.538457][ T4339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.288'.
[   44.547399][ T4346] veth0_macvtap: left promiscuous mode
[   44.581339][ T4348] 9pnet_fd: Insufficient options for proto=fd
[   44.621487][ T4348] loop2: detected capacity change from 0 to 512
[   44.622949][ T4352] loop1: detected capacity change from 0 to 4096
[   44.638799][ T4352] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.674526][ T4348] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.701591][ T4359] hub 5-0:1.0: USB hub found
[   44.727610][ T4365] netlink: 28 bytes leftover after parsing attributes in process `syz.4.295'.
[   44.727990][ T4362] FAULT_INJECTION: forcing a failure.
[   44.727990][ T4362] name failslab, interval 1, probability 0, space 0, times 0
[   44.737591][ T4359] hub 5-0:1.0: 8 ports detected
[   44.749108][ T4362] CPU: 0 UID: 0 PID: 4362 Comm: syz.3.293 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   44.758862][ T4348] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.764162][ T4362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   44.784562][ T4362] Call Trace:
[   44.787847][ T4362]  <TASK>
[   44.790823][ T4362]  dump_stack_lvl+0xf2/0x150
[   44.795431][ T4362]  dump_stack+0x15/0x20
[   44.799609][ T4362]  should_fail_ex+0x223/0x230
[   44.804302][ T4362]  should_failslab+0x8f/0xb0
[   44.808961][ T4362]  kmem_cache_alloc_node_noprof+0x59/0x320
[   44.814797][ T4362]  ? __alloc_skb+0x10b/0x310
[   44.819492][ T4362]  __alloc_skb+0x10b/0x310
[   44.823981][ T4362]  ? audit_log_start+0x34c/0x6b0
[   44.829006][ T4362]  audit_log_start+0x368/0x6b0
[   44.833787][ T4362]  audit_seccomp+0x4b/0x130
[   44.838318][ T4362]  __seccomp_filter+0x6fa/0x1180
[   44.843304][ T4362]  ? strncpy_from_user+0x17d/0x210
[   44.848436][ T4362]  ? strncpy_from_user+0x1ef/0x210
[   44.853592][ T4362]  __secure_computing+0x9f/0x1c0
[   44.858611][ T4362]  syscall_trace_enter+0xd1/0x1f0
[   44.863676][ T4362]  ? fpregs_assert_state_consistent+0x83/0xa0
[   44.869804][ T4362]  do_syscall_64+0xaa/0x1c0
[   44.874338][ T4362]  ? clear_bhb_loop+0x55/0xb0
[   44.879105][ T4362]  ? clear_bhb_loop+0x55/0xb0
[   44.883886][ T4362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.889855][ T4362] RIP: 0033:0x7f36d275d35c
[   44.894386][ T4362] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   44.914011][ T4362] RSP: 002b:00007f36d0db0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   44.922499][ T4362] RAX: ffffffffffffffda RBX: 00007f36d2916080 RCX: 00007f36d275d35c
[   44.930548][ T4362] RDX: 000000000000000f RSI: 00007f36d0db00a0 RDI: 0000000000000008
[   44.938543][ T4362] RBP: 00007f36d0db0090 R08: 0000000000000000 R09: 0000000000000000
[   44.946551][ T4362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.954543][ T4362] R13: 0000000000000000 R14: 00007f36d2916080 R15: 00007ffdbd9edb68
[   44.962601][ T4362]  </TASK>
[   44.982088][ T4366] netlink: 'syz.0.294': attribute type 1 has an invalid length.
[   45.114713][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.136872][ T3332] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.162194][ T4380] hub 9-0:1.0: USB hub found
[   45.167222][ T4384] FAULT_INJECTION: forcing a failure.
[   45.167222][ T4384] name failslab, interval 1, probability 0, space 0, times 0
[   45.174769][ T4380] hub 9-0:1.0: 8 ports detected
[   45.179926][ T4384] CPU: 0 UID: 0 PID: 4384 Comm: syz.0.303 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   45.194966][ T4384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   45.205029][ T4384] Call Trace:
[   45.208317][ T4384]  <TASK>
[   45.211260][ T4384]  dump_stack_lvl+0xf2/0x150
[   45.215877][ T4384]  dump_stack+0x15/0x20
[   45.220074][ T4384]  should_fail_ex+0x223/0x230
[   45.224761][ T4384]  should_failslab+0x8f/0xb0
[   45.229358][ T4384]  __kmalloc_node_track_caller_noprof+0xa8/0x410
[   45.235748][ T4384]  ? sidtab_sid2str_get+0xb8/0x140
[   45.240915][ T4384]  kmemdup_noprof+0x2a/0x60
[   45.245411][ T4384]  sidtab_sid2str_get+0xb8/0x140
[   45.250433][ T4384]  security_sid_to_context_core+0x1eb/0x2f0
[   45.256395][ T4384]  security_sid_to_context+0x27/0x30
[   45.261726][ T4384]  selinux_lsmprop_to_secctx+0x2c/0x40
[   45.267188][ T4384]  security_lsmprop_to_secctx+0x4a/0x90
[   45.272732][ T4384]  audit_log_task_context+0x93/0x1c0
[   45.278054][ T4384]  audit_log_task+0xf9/0x1c0
[   45.282645][ T4384]  audit_seccomp+0x68/0x130
[   45.287181][ T4384]  __seccomp_filter+0x6fa/0x1180
[   45.292112][ T4384]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   45.297764][ T4384]  ? vfs_write+0x596/0x920
[   45.302184][ T4384]  __secure_computing+0x9f/0x1c0
[   45.307153][ T4384]  syscall_trace_enter+0xd1/0x1f0
[   45.312381][ T4384]  ? fpregs_assert_state_consistent+0x83/0xa0
[   45.318592][ T4384]  do_syscall_64+0xaa/0x1c0
[   45.323139][ T4384]  ? clear_bhb_loop+0x55/0xb0
[   45.327918][ T4384]  ? clear_bhb_loop+0x55/0xb0
[   45.332596][ T4384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.338740][ T4384] RIP: 0033:0x7f22099be919
[   45.343147][ T4384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.362744][ T4384] RSP: 002b:00007f2208031038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[   45.371203][ T4384] RAX: ffffffffffffffda RBX: 00007f2209b75fa0 RCX: 00007f22099be919
[   45.379166][ T4384] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
[   45.387129][ T4384] RBP: 00007f2208031090 R08: 0000000000000000 R09: 0000000000000000
[   45.395090][ T4384] R10: 0000000008080c61 R11: 0000000000000246 R12: 0000000000000001
[   45.403049][ T4384] R13: 0000000000000000 R14: 00007f2209b75fa0 R15: 00007ffc6c32c6b8
[   45.411017][ T4384]  </TASK>
[   45.432114][ T4387] netlink: 'syz.4.304': attribute type 10 has an invalid length.
[   45.455408][ T4387] team0: Device hsr_slave_0 failed to register rx_handler
[   45.578454][ T4395] netlink: 28 bytes leftover after parsing attributes in process `syz.2.306'.
[   45.610476][ T4391] Zero length message leads to an empty skb
[   45.714732][ T4406] vlan2: entered promiscuous mode
[   45.720009][ T4406] syz_tun: entered promiscuous mode
[   45.743251][ T4408] netlink: 'syz.0.310': attribute type 10 has an invalid length.
[   45.765589][ T4408] veth0_macvtap: entered promiscuous mode
[   45.776744][ T4408] team0: Device macvtap0 failed to register rx_handler
[   45.790521][ T4408] veth0_macvtap: left promiscuous mode
[   45.833904][ T4410] netlink: 'syz.2.311': attribute type 10 has an invalid length.
[   45.843659][ T4410] veth0_macvtap: entered promiscuous mode
[   45.852042][ T4410] team0: Device macvtap0 failed to register rx_handler
[   45.860889][ T4410] veth0_macvtap: left promiscuous mode
[   46.176001][ T4417] ==================================================================
[   46.184087][ T4417] BUG: KCSAN: data-race in __filemap_remove_folio / folio_mapping
[   46.191887][ T4417] 
[   46.194190][ T4417] write to 0xffffea0004d3ce18 of 8 bytes by task 4350 on cpu 0:
[   46.201794][ T4417]  __filemap_remove_folio+0x1ac/0x2c0
[   46.207164][ T4417]  filemap_remove_folio+0x6b/0x1f0
[   46.212255][ T4417]  truncate_inode_folio+0x42/0x50
[   46.217263][ T4417]  shmem_undo_range+0x25b/0xa70
[   46.222094][ T4417]  shmem_evict_inode+0x14d/0x530
[   46.227015][ T4417]  evict+0x2f0/0x570
[   46.230889][ T4417]  iput+0x42a/0x5b0
[   46.234671][ T4417]  dentry_unlink_inode+0x24f/0x260
[   46.239764][ T4417]  __dentry_kill+0x18b/0x4c0
[   46.244330][ T4417]  dput+0x5c/0xd0
[   46.247942][ T4417]  __fput+0x3fb/0x6d0
[   46.251903][ T4417]  ____fput+0x1c/0x30
[   46.255864][ T4417]  task_work_run+0x13a/0x1a0
[   46.260433][ T4417]  do_exit+0x5dd/0x17f0
[   46.264589][ T4417]  do_group_exit+0x102/0x150
[   46.269167][ T4417]  get_signal+0xeb9/0x1000
[   46.273559][ T4417]  arch_do_signal_or_restart+0x95/0x4b0
[   46.279081][ T4417]  irqentry_exit_to_user_mode+0xa7/0x120
[   46.284694][ T4417]  irqentry_exit+0x12/0x50
[   46.289091][ T4417]  asm_exc_page_fault+0x26/0x30
[   46.293924][ T4417] 
[   46.296230][ T4417] read to 0xffffea0004d3ce18 of 8 bytes by task 4417 on cpu 1:
[   46.303750][ T4417]  folio_mapping+0xa0/0x120
[   46.308233][ T4417]  move_folios_to_lru+0x12a/0x680
[   46.313246][ T4417]  evict_folios+0x2a21/0x3240
[   46.317904][ T4417]  try_to_shrink_lruvec+0x5d2/0x750
[   46.323078][ T4417]  shrink_lruvec+0x22d/0x1840
[   46.327736][ T4417]  shrink_node+0x603/0x1d80
[   46.332216][ T4417]  do_try_to_free_pages+0x3c6/0xc50
[   46.337392][ T4417]  try_to_free_mem_cgroup_pages+0x1e3/0x490
[   46.343268][ T4417]  try_charge_memcg+0x2bc/0x7f0
[   46.348100][ T4417]  obj_cgroup_charge_pages+0xbd/0x1a0
[   46.353456][ T4417]  __memcg_kmem_charge_page+0x9d/0x170
[   46.358902][ T4417]  __alloc_pages_noprof+0x1bc/0x340
[   46.364080][ T4417]  alloc_pages_mpol_noprof+0xb1/0x1e0
[   46.369443][ T4417]  alloc_pages_noprof+0xe1/0x100
[   46.374361][ T4417]  __vmalloc_node_range_noprof+0x6eb/0xe80
[   46.380150][ T4417]  __kvmalloc_node_noprof+0x121/0x170
[   46.385500][ T4417]  ip_set_alloc+0x1f/0x30
[   46.389811][ T4417]  hash_netiface_create+0x273/0x730
[   46.394988][ T4417]  ip_set_create+0x359/0x8a0
[   46.399597][ T4417]  nfnetlink_rcv_msg+0x4a9/0x570
[   46.404521][ T4417]  netlink_rcv_skb+0x12c/0x230
[   46.409261][ T4417]  nfnetlink_rcv+0x16c/0x15d0
[   46.413916][ T4417]  netlink_unicast+0x599/0x670
[   46.418660][ T4417]  netlink_sendmsg+0x5cc/0x6e0
[   46.423414][ T4417]  __sock_sendmsg+0x140/0x180
[   46.428069][ T4417]  ____sys_sendmsg+0x312/0x410
[   46.432807][ T4417]  __sys_sendmsg+0x19d/0x230
[   46.437376][ T4417]  __x64_sys_sendmsg+0x46/0x50
[   46.442144][ T4417]  x64_sys_call+0x2734/0x2dc0
[   46.446801][ T4417]  do_syscall_64+0xc9/0x1c0
[   46.451289][ T4417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.457165][ T4417] 
[   46.459468][ T4417] value changed: 0xffff888118388aa8 -> 0x0000000000000000
[   46.466549][ T4417] 
[   46.468848][ T4417] Reported by Kernel Concurrency Sanitizer on:
[   46.474973][ T4417] CPU: 1 UID: 0 PID: 4417 Comm: syz.2.314 Not tainted 6.12.0-syzkaller-09435-g2c22dc1ee3a1 #0
[   46.485192][ T4417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   46.495399][ T4417] ==================================================================
[   46.883367][ T4417] syz.2.314 (4417) used greatest stack depth: 6184 bytes left