last executing test programs:

11.549739042s ago: executing program 0 (id=3041):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x49, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x3, 0x7, 0x9}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000004e8100000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
finit_module(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
setpriority(0x0, 0x0, 0x28)

11.549011502s ago: executing program 0 (id=3042):
socket$unix(0x1, 0x1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000010110000", @ANYRES32=r0], 0x0}, 0x90)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r1 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x114, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000300)="10", 0x1}], 0x1, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000004c0)='kmem_cache_free\x00')
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x53d, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82TesEeoAKSIBCQFF2400bVb20uYBQVQlRcUAcUmNvLJNdr/GuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IASxQjATSopkdO1t7TZbsepd6Px9pMvPmzcz3vWxm39u3m3kBTKyrEbEXEbMR8VZELBT7k2KJ1zpLdtzD/d3lg/3d5STa7Tf/muT52b7oOifzdHHN+Yj42pcjvpWcjNvc3rm/VKtVN4t0uVXfKDe3d26s1ZdWq6vV9Url9uLtmy/feqkytLpeqf/8wZfWXv/6r375yfd/u/fF72XFuljkdddjmDpVnzmKk5mOiNfPItgYTBXr2TGXgyeTRsRHIuIz+f2/EFP5v04A4DxrtxeivdCdBgDOuzQfA0vSUkSkadEJKHXG8J6LC2mt0Wxdv9fYWl/pjJVdipn03lqtevPy3O+/kx88k2TpxTwvz8/TlWPpWxFxOSJ+OPdUni4tN2or4+nyAMDEe7q7/Y+If8ylaanU16k9vtUDAD405sddAABg5LT/ADB5tP8AMHn6aP+LL/v3zrwsAMBo+PwPAJNH+w8Ak0f7DwAT5atvvJEt7YPi+dcrb29v3W+8fWOl2rxfqm8tl5Ybmxul1UZjNX9mT/1x16s1GhuLL8bWO+VWtdkqN7d37tYbW+utu/lzve9WZ0ZSKwDgv7l85b3fJRGx98pT+RJdczloq+F8S8ddAGBspgY5WQcBPtTM9gWTq68mPO8k/ObMywKMR8+Hec/33PygH/8PQfzOCP6vXPt4/+P/5niG88X4P0yuJxv/f3Xo5QBGz/g/TK52Ozk+5//sURYAcC4N8BO+9veH1QkBxupxk3kP5ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGcuRsS3I0lL+VzgafZnWipFPBMRl2ImubdWq96MiGfjSkTMzGXpxXEXGgAYUPrnpJj/69rCCxeP584m/5zL1xHx3Z+8+aN3llqtzcVs/9+O9s8dTh9WeXTeAPMKAgBDlrfflWLd9UH+4f7u8uEyyvI8uBP/LqYiXj7Y382XTs50ZDsj5vO+xIW/JzFdnDMfEc9HxNQQ4u+9GxEf61X/JB8buVTMfNodP4rYz4w0fvqB+Gme11lnna+PDqEsMGneuxMRr/W6/9K4mq973//z+TvU4B7c6Vzs8L3voCv+dBFpqkf87J6/2m+MF3/9lRM72wudvHcjnp/uFT85ip+cEv+FPuP/4ROf+sGrp+S1fxpxLXrH745VbtU3ys3tnRtr9aXV6mp1vVK5vXj75su3XqqU8zHq8uFI9Ul/eeX6s6eVLav/hVPiz/es/+zRuZ/rs/4/+9db3/z0o+Tc8fhf+Gzv1/+5nvE7sjbx833GX7rwi1On787ir5xS/8e9/tf7jP/+n3ZW+jwUABiB5vbO/aVarbo50Eb2KXQY1zmxkRWxv4MPu4uDBf1jnEUtnnBj5qz+Vs98Y/qorzjcK38ju+KIq5MOvRYDbTwcVazxvScBo/Hoph93SQAAAAAAAAAAAAAAgNOM4r8ujbuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CQAA//+zi8zo")

11.292489585s ago: executing program 0 (id=3046):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
mmap$IORING_OFF_SQ_RING(&(0x7f0000575000/0x4000)=nil, 0x4000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)

11.273760116s ago: executing program 0 (id=3048):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x1, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r2}, 0x10)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200102f00fe80000000000000875a65059ff57b00000000000000000000000000ac1414aa35f022eb"], 0xcfa4)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0xfdef)

11.235573179s ago: executing program 0 (id=3051):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r1, 0x0, 0x29, 0x0, 0x57)

11.215439932s ago: executing program 0 (id=3053):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x10, 0x6, 0x8, 0x0, 0x3341, r0, 0x0, '\x00', 0x0, r1, 0x4, 0x1, 0x5}, 0x48)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc)=0xfff0, 0x6, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000540)='fib6_table_lookup\x00'}, 0x10)
ptrace(0x10, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
gettid()
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0xde02})
preadv(r3, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/248, 0xf8}], 0x1, 0x0, 0xc)

2.584122015s ago: executing program 4 (id=3267):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
fsopen(&(0x7f0000000040)='hostfs\x00', 0x1)

2.566301386s ago: executing program 4 (id=3268):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
write$sndseq(r1, &(0x7f0000000000)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x95ffffff]}}], 0xffc8)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)="e8e3263d094199fbc47e15f2fe509cee819432319f2982a1b57682e327346f3afe2588e8b7fbc4238558df2f9c2f9edfdfed24a075d8c9aab2f778a5b8be6e50870dfed5baba3a50b5190a617a9ce4673518b5fbb3aed8a4c6fd05d5bc9763ea73939a2bb4020ebdc92773a06c68accc914776d4240e", 0x76}}, 0x0)
r3 = open(&(0x7f0000000100)='./file0\x00', 0x121bff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x1, 0x4, 0x5, 0x0, r3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r5}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
r8 = dup(r7)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r8])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000000000002c00000008005800000000000e0001006ebd5e72b1bf5cd36574"], 0x3c}}, 0x0)
setsockopt$sock_int(r9, 0x1, 0x4, &(0x7f00000002c0)=0x6, 0x4)
socket$netlink(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r11 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
readahead(r11, 0x0, 0x0)
unshare(0x62040200)
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
unshare(0x40000000)

2.448202676s ago: executing program 4 (id=3270):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x1, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r2}, 0x10)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200102f00fe80000000000000875a65059ff57b00000000000000000000000000ac1414aa35f022eb"], 0xcfa4)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0xfdef)

2.447522046s ago: executing program 4 (id=3271):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x9, 0x11, &(0x7f0000000a40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfffff0ee, 0x0, 0x0, 0x0, 0xb37}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_fd={0x18, 0x7, 0x1, 0x0, r0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000300)='syzkaller\x00', 0x80000001, 0x8a, &(0x7f0000000b00)=""/138, 0x41000, 0x11, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x7, 0x4}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x4, &(0x7f0000000640)=[r0], &(0x7f0000000680)=[{0x1, 0x5, 0x8, 0xb}, {0x3, 0x1, 0xd, 0xa}, {0x2, 0x4, 0xd, 0x3}, {0x3, 0x4, 0x3}], 0x10, 0x40}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0)
r5 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="73797a308ca4f6115e2087f2e19e203525", @ANYRESOCT=r4], 0x1e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000980)='./file1\x00', 0x280809a, &(0x7f0000000f40)=ANY=[], 0xd, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg")
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
pipe2$9p(&(0x7f00000000c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000efffffff850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', r10}, 0x10)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r11}, 0x4)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32=r11, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r12, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYRESHEX=r9])
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f00000001c0)=[0x0], &(0x7f0000000cc0)=[0x0, 0x0, 0x0, 0x0], <r13=>0x0, 0x400000b0, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000c80), &(0x7f0000000340), 0x8, 0x74, 0x8, 0x8, &(0x7f0000000380)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYRES16=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r13, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.783087635s ago: executing program 3 (id=3287):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r2 = gettid()
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r6, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc02082c"], 0xfdef)
sendmsg$unix(r3, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc11"], 0xfdef)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
readv(r7, &(0x7f0000000b00)=[{&(0x7f0000000540)=""/198, 0xc6}], 0x1)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r1, &(0x7f0000000100)="4d4b15df3fdff8a0f80531501f614cce8bb23664c74bedbd959cd311e43c9bd83dc841933351968747eed968081c119509c355583a6afad22d4c618c4ea6b64ccb7441a56aa764ab3d3fc2b566259c9dce74cb66999efdecb9965bda0bab40662006a141bd498ed5ceb459c4a9e5e08557b53fe1ed9328b03437222e91d46f014337e73f393e1885642761ed045ceffaf63b37", &(0x7f0000000040)=""/35}, 0x20)
syz_open_dev$usbfs(0x0, 0xfffffffffffffff8, 0x410a00)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_clone(0x100100, &(0x7f0000003100), 0x0, 0x0, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x6000)

1.757286447s ago: executing program 1 (id=3289):
r0 = epoll_create1(0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
socket(0x10, 0x80002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'wg0\x00', <r5=>0x0})
sendto$packet(r4, &(0x7f0000000180)="0b03feff4f00020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
r6 = syz_io_uring_setup(0x6908, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000000180), &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_setup(0x1b3f, &(0x7f0000000300), &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r8, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r6, 0x184c, 0x0, 0x0, 0x0, 0x0)
r9 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r10 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r10, 0x2)
r11 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r11, 0x2)
r12 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r12, 0x2)
flock(r9, 0x2)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080))

1.574620073s ago: executing program 4 (id=3291):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
r1 = fsopen(&(0x7f0000003a80)='devpts\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000001c0)='[#\x00', 0x0, r1) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x2, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffffd3) (async)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000010c0)={0x18, 0xe, &(0x7f0000001180)=ANY=[@ANYBLOB="18000000ff010000000000000c00000018210000", @ANYRES32, @ANYBLOB="000000000500000085100000fbffffff5946fffff0ffffff186000000100000000000000020000001834000004000000000000000000000018260000", @ANYRES32=0x1, @ANYBLOB="000000003000000085200000010000009500000000000000862eebd87799e037fd6656bc6f9fa09e04996da6e62fc4d490d164f1c9c8a3d076d7667baa79ef21931c1e6b1a749a5e3dca16e5e1e7f2045488f6c653b4bda0e88d7a405cb6826bbea14aa84888c903e67f204aa11b"], &(0x7f0000000380)='syzkaller\x00', 0xa91, 0x12, &(0x7f0000000280)=""/18, 0x41100, 0x70, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x2, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000003c0)=[{0x7, 0x4, 0x7, 0x6}, {0x3, 0x2, 0x2, 0xb}, {0x2, 0x1, 0xc, 0x5}, {0x0, 0x2, 0x3, 0xc}, {0x5, 0x3, 0x1, 0xc}, {0x5, 0x3, 0xd, 0xc}], 0x10, 0x8001}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0xe, &(0x7f0000000480)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad1c9e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989425f5d0b79f6584d0416d7c4bb9f547b328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed70786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af608f000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005472b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92fe8bad99ca332af00f191b66b6a6f732a91f0e2e9190e4b448da7de018c58e950767f9b320be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c52573d9308a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7abb861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ee0a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d03ef3ea6c154b39fe2b0be093b9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e2d9583c9acc9f2921509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a42603b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e4a9f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f00000021f8547d393dabe616fbbde21c90be00b5a22671395c7a69c6dd4d022ffc97ddb6aa025131652d409da1d8cfc3d219d4b1c1b7b8170d7c33d91db2b73f7ae02485a209a2474b5d0790d05c01bec623056e4d3f4d3149373a28b26a15a1fcce73d57e6eaf7e6f315fe275ebc9ef7aeca277dde01dde724f419803a2172a7833ceab38d21ca4f1dea5e1f4d8824167b21dd289dd4e6ecfba9e163bdbc48e1e758ecde000000000941c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r4}, 0x90)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 64)
r5 = socket(0x200000000000011, 0x2, 0x0) (rerun: 64)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000280)={'syz_tun\x00', <r6=>0x0}) (async)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x19) (async, rerun: 32)
write$binfmt_aout(r7, &(0x7f0000002140)=ANY=[], 0xff2e) (rerun: 32)
bind$packet(r5, &(0x7f0000000080)={0x11, 0x800, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) (async)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x0, 0x0, @private2}, 0x5, 0x0}}], 0x1, 0x0) (async, rerun: 64)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88) (rerun: 64)
setsockopt$inet6_udp_int(r8, 0x11, 0x1, &(0x7f0000000040)=0x7fff, 0x4) (async, rerun: 64)
sendmmsg$inet6(r8, &(0x7f0000007e40), 0x4000000000000aa, 0x0) (rerun: 64)
r9 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000300)={'syz_tun\x00', <r10=>0x0})
bind$packet(r9, &(0x7f0000000080)={0x11, 0x800, r10, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_emit_ethernet(0x74, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000000000000000000080045000024000000000000e0000001eafffffffd9a90780200"/50], 0x0) (async)
socket$packet(0x11, 0x3, 0x300)

935.962068ms ago: executing program 3 (id=3295):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg$unix(r1, &(0x7f0000000180)={&(0x7f0000000280), 0x6e, &(0x7f0000000100)=[{&(0x7f0000000300)=""/179, 0xb3}], 0x1}, 0x0)
sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)

909.00267ms ago: executing program 1 (id=3296):
r0 = socket$inet6(0x10, 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5500000018007fd500fe01b2a4a280930a06000000a843089100fe800c00090008001100080000002d000f009b2c136ef75afb83de448daa72540d8102d2c55327c43ab82286ef1fdd20652383656d4d2449155037", 0x55}], 0x1}, 0x4040044)

876.619003ms ago: executing program 1 (id=3297):
set_mempolicy(0x1, &(0x7f0000000000)=0x1, 0x4)
unshare(0x46060480)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000002c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df01800059100ac45761547a681f009c050819ddf52fcb2a1fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a5d80e605007f71174aa951f3c63e5c83f134fe4de9f9e7ec5134edba2112ce68bf17a6e0", 0xbb)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="02130000"], 0x10}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r2 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r2, &(0x7f0000233000/0x2000)=nil, 0x3000)
r3 = shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000)
r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000380)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r5, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYRES16], 0x0, 0x4a}, 0x20)
write$binfmt_script(r6, &(0x7f0000000080), 0x10010)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/ip6_flowlabel\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
lseek(r7, 0x2074, 0x0)
shmctl$IPC_RMID(0x0, 0x0)
shmat(0x0, &(0x7f000018b000/0x3000)=nil, 0x5000)
mmap$binder(&(0x7f0000395000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0xec07)
set_mempolicy(0x8001, 0x0, 0x80)
shmdt(r3)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x4015, &(0x7f00000014c0), 0x1, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==")
socketpair$unix(0x1, 0x1, 0x0, 0x0)

855.767915ms ago: executing program 3 (id=3298):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='consume_skb\x00', r0}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='consume_skb\x00', r2}, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff)

817.115749ms ago: executing program 3 (id=3299):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x8000}, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0)
gettid()
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCSETA(r3, 0x5406, &(0x7f0000000340)={0xff02, 0x0, 0x0, 0xffff, 0x0, "5f730000a9003f00"})
ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x5412, &(0x7f00000006c0)=0x5f)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800803}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r5, 0x8, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x81, 0x3a}}}}, ["", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x2000}, 0x8000)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000780)={'#! ', './bus', [{0x20, ']'}, {0x20, '#\x8b\x14\xf8! \x05h\xbd\x0f\xda\x9d\xee\xb2u\xb2i*s\x9f\xd4-\xa4 \xcd9\x19\x8c\x05@\xb5\xeb\xcf?RN[\x18\"\'\xeeN\xd4^\xbb\xdd\xe3`\xd1\xfc\x89\\\xde\x91A\xb6\xddn\xf8\x7fz\xf2\x8f\xff\xa6\x01\xb9\x97\xc2\xb6\x84\xb0r\f!\xc3\xae \x9e\xaf\x1c\xb8\xb9\xca\xbb\xab\x9b\xaa\xdb\xe9m\xb6\xb8\x03\x8b\x83\xfd5Q|\xe9\f\'\xd9\xb2\xae\xdfJ\xaeFY\xa1\xf2x\x1e\x10 \xe3?\x8eda\x96\xb6\xd5\xa9\b(j\x8d\xbcf\xc6g\xf8\xe3\xb4\x94\xcc\t\x91%gI\x9bp\xe8^Je\x9dPr\xf6\xbe\xdc\x95W\x98\x7f\xb7n\xd7\xf1(RK\x89\xe5\xe4\xc8\xb5\x93\xceD\xa6I\xc31@T\x15\x99\xcfl\x9d\xe4~\xfds&\x1c\xc0\f\x1e_z\xac\xe7S\xaa\xb4o2\xff]\xdcP\x97\x19\xee\x90\xe3.K \x7f\xba(-\x8b\x1f\x1b\xc4\x9f;\xddvTe\xb6X\x00\xa3\xcb\xd4\x1c\x05J\x04\xbf\xba\f\x12+\xd9\x13\x0e^x/6\xc4\xfc\xb2\x10_\x98\xd5\xa3\x01-D\xc7e^\x0f\xfb\xa1\xcc\xa2\x82|\"b\xae\xd7\nx8\xd9\xa26\xca\x15\xcc\xd4\x99\xda\x9fTq\xc8\x93s\xc3?E1\xa0b\xc1\x82\xd1f\xb4\xa7Lb\xe5o\xf2\xef]\xef\xcdy\xc2N\x97\xa7~]!\xd6\x8e0\x850?\xf2\xef\xc6\x19g\x1d\xb6\xc4\x0f\xa1\xe7:S\f\xca\xe2\xa1\xe6\xd0\xeb\xb7\xf2{z\xbd\x01\xa48D\xc2O+!\xf2\xbbCWS\x81\xac\"z9\xef\xdc\xc0_$\xb6|\xfd\xa1\\\xc2?\xf9~\xa0\xd2\xcd\x9eF\x10\x02I\x95\x1a8py\xed\x97@zT\xc9\xa3\xd5s\x84\xbe'}]}, 0x1a7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
clock_adjtime(0x0, &(0x7f0000000040)={0x37db, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc99a3b})
socket$packet(0x11, 0x2, 0x300) (async)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x8000}, 0x4) (async)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0) (async)
gettid() (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) (async)
syz_open_dev$tty20(0xc, 0x4, 0x0) (async)
ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x5412, &(0x7f00000000c0)=0x13) (async)
ioctl$TCSETA(r3, 0x5406, &(0x7f0000000340)={0xff02, 0x0, 0x0, 0xffff, 0x0, "5f730000a9003f00"}) (async)
ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x5412, &(0x7f00000006c0)=0x5f) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800803}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r5, 0x8, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x81, 0x3a}}}}, ["", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x2000}, 0x8000) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) (async)
write$binfmt_script(r6, &(0x7f0000000780)={'#! ', './bus', [{0x20, ']'}, {0x20, '#\x8b\x14\xf8! \x05h\xbd\x0f\xda\x9d\xee\xb2u\xb2i*s\x9f\xd4-\xa4 \xcd9\x19\x8c\x05@\xb5\xeb\xcf?RN[\x18\"\'\xeeN\xd4^\xbb\xdd\xe3`\xd1\xfc\x89\\\xde\x91A\xb6\xddn\xf8\x7fz\xf2\x8f\xff\xa6\x01\xb9\x97\xc2\xb6\x84\xb0r\f!\xc3\xae \x9e\xaf\x1c\xb8\xb9\xca\xbb\xab\x9b\xaa\xdb\xe9m\xb6\xb8\x03\x8b\x83\xfd5Q|\xe9\f\'\xd9\xb2\xae\xdfJ\xaeFY\xa1\xf2x\x1e\x10 \xe3?\x8eda\x96\xb6\xd5\xa9\b(j\x8d\xbcf\xc6g\xf8\xe3\xb4\x94\xcc\t\x91%gI\x9bp\xe8^Je\x9dPr\xf6\xbe\xdc\x95W\x98\x7f\xb7n\xd7\xf1(RK\x89\xe5\xe4\xc8\xb5\x93\xceD\xa6I\xc31@T\x15\x99\xcfl\x9d\xe4~\xfds&\x1c\xc0\f\x1e_z\xac\xe7S\xaa\xb4o2\xff]\xdcP\x97\x19\xee\x90\xe3.K \x7f\xba(-\x8b\x1f\x1b\xc4\x9f;\xddvTe\xb6X\x00\xa3\xcb\xd4\x1c\x05J\x04\xbf\xba\f\x12+\xd9\x13\x0e^x/6\xc4\xfc\xb2\x10_\x98\xd5\xa3\x01-D\xc7e^\x0f\xfb\xa1\xcc\xa2\x82|\"b\xae\xd7\nx8\xd9\xa26\xca\x15\xcc\xd4\x99\xda\x9fTq\xc8\x93s\xc3?E1\xa0b\xc1\x82\xd1f\xb4\xa7Lb\xe5o\xf2\xef]\xef\xcdy\xc2N\x97\xa7~]!\xd6\x8e0\x850?\xf2\xef\xc6\x19g\x1d\xb6\xc4\x0f\xa1\xe7:S\f\xca\xe2\xa1\xe6\xd0\xeb\xb7\xf2{z\xbd\x01\xa48D\xc2O+!\xf2\xbbCWS\x81\xac\"z9\xef\xdc\xc0_$\xb6|\xfd\xa1\\\xc2?\xf9~\xa0\xd2\xcd\x9eF\x10\x02I\x95\x1a8py\xed\x97@zT\xc9\xa3\xd5s\x84\xbe'}]}, 0x1a7) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) (async)
clock_adjtime(0x0, &(0x7f0000000040)={0x37db, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc99a3b}) (async)

745.298785ms ago: executing program 3 (id=3300):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000680)={'vcan0\x00'})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[], 0x30}}, 0x0)

744.659265ms ago: executing program 3 (id=3301):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x3}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
unlinkat(0xffffffffffffffff, 0x0, 0x0)
readv(r1, &(0x7f0000000080)=[{&(0x7f00000005c0)=""/240, 0xf0}, {&(0x7f00000002c0)=""/124, 0x7c}, {&(0x7f0000000400)=""/188, 0xbc}, {&(0x7f00000004c0)=""/213, 0xd5}], 0x4)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x1000000, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)

716.700997ms ago: executing program 1 (id=3302):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000005c0)=""/155}, 0x20)
syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000240)='./file1\x00', 0x3200010, &(0x7f0000000780)=ANY=[@ANYRES16, @ANYBLOB="402f74506ec3ede42c701ee71cd8e88fd0e5f5140a9c6d0428863947cc1b8771be2d941a7c13da10e7e7d8465276fc7ec68d8ad90353adbffacee56d7fd0bfa95e3a484d17b3223be097a9559fe0c3ad5c909332d9f89eb4bb08fa59dc7b6c7433a1949a1959294ae1e000f8bfb131db914b4c39eb83748fee6baf706d89b336ea581dbf7e6bd2562d254c08713007d79131a3fa43ab93eeabb2dd6eff0e1272fc9b8c7b869eb2bb0afadd50cdec3d9d24a34a7d08d149e4a1867f648ce1e1602d"], 0x0, 0x7b9, &(0x7f0000000d40)="$eJzs3U1sHFcdAPD/uHbjulJUFVSiKE0nSZESEdzddeti9VC267E9rb1rdtcoOaC2apwqivuhVhU0B0IuLSAQ4sSx9Fr1wg3EAYkDcEKiBy4ckCr1hIoEEgIhJKPZj/gju3acxEk/fj8r+96+efPmP+PJ/HfXOzMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAERSmy2Vykks5vWVM+lwtdlmY2mH6f3xfrOl2GG5EUnxL8bH41C36dAXNyY/UDwcjyPdZ0divCjG49K9D9z3xBdGR/rz7xDQjTp2nf2SiO8VQV18fm1t9bV9COQ2+uGv9zzLf9aLx/msnrca+VJ1PkvzViOdmZ4uPbIw10rn8sWsdbbVzpbSWjOrthvN9GTtVFqemZlKs8mzjZX6/Gx1Mes3Pv7VSqk0nT49uZxVm61G/ZGnJ1u1hXxxMa/Pd/pUSt+Oos/jxY74TN5O21n1rkjPX1hbndot1KJTeUvLgS07zpGH7/vojQ//eWG12CGHDZL0dsxKuVyplKcfm3ns8VJptFKqbG0obRNXe8RIRNFjX3ZaPkVu3cEbbtJIL//HYuRRj5U4E2mkMdJ53PgZi/GYjWY0Yql4/uexbdOvyf9ffuTvf9xpuZvzfz/LH9qYfDg6+f9o99nRIfm/OChvj2P/furvd6PZ3PZ6vBmX4mI8H2uxFqvx2m2M54Z+Rm7tePORRT3yOBAReSxFtdOSRh6taEQaMzEd01GKZ2Mh5qIVacxFHouRRSvORivakXX2qFo0I4tqtKMRzUjjZNTiVKRRjpmYialII4vJOBuNWIl6zMdsVDujnI8Lne0+tS2uB7773K9e/NNH7xT1q53KO6xIUryYKzr9Y4dOvWT+UNxA/u/3kP8/a8Z7x6wBk+4a1HwrD99wU9Y7+X/0TocBAAAA7KOk8+l7EhFj8WCnNpd/404HBQAAANxSne81HymKsaL2YCRz+WJWGtDzg9seGwAAAHBrJJ1z7JKImIiHurX+6VKDPgQAAAAAPoU6f/8/WhQTEZc7Dd7/AwAAwGfM94ddY//Du3vX6G0tH0ju6vVePvNw8lK1qFVf6rX1im9eHbE9dzg52BukU0yPXro3iYjRWnYk6V/98n8HuuXHncfDGxcgHHat/6TZHEuuDA8gdg6g8yx+FMe6fY6d65bn+lO6S5mYyxezyVpj8Yly0vtwpP3Gyxe+E1Es/Qf1pYNJnL+wtjr5witr5zqxXClGufJS7/LwyR5iWe9tgXhw8BqPdU7E6C13orvc0ub1H+nOPrLzMpPNy3wrjnf7HJ/olhNb13+8WGZ58olyVKsHR9rZmfYb65vWvhdF+SbX/K040e1z4uSJbjEgisqWKF6+NorK5iiub1tcdxTvHLt85l+/ayTZ1G5RTN1kFAB3yvnOVX82stA9nSz03/WuIv9vy7v39Ofcy1Hu/MarjP78m3LdaOwpu/eTzYAj+slun5Pd1xOjhwfkldKAI/qrF179fe+I/uh7P/v5t47+4Rc3nt3ei1PdPr0i7v/tkBxbrPOPt2TV8Xi3mOPdIcstnlaSGOveO2Fj8uqLqy9XKlPTpUdLpccqMdZ5qdAr5B4ABtj1HjvXcReeRwe/q45+xrv/6lcKJuOFeCXW4lyc7pxtEBEPDR51YtPXEE7v8q51YtMdXk7v/N7y0MbpDZXtfQ+cSGLIuFObttiXftop/r1/vxMA2G/Hd8nD15P/T+/yvntrLj/VvXFu/91xDM/lg3xtvzcIAHwOZM2Pk4n220mzmS8/W56ZKVfbC1nabNSeSZv57HyW5vV21qwtVOvzWbrcbLQbtf4Hx7NZK22tLC83mu10rtFMlxut/Eznzu9p79bvrWypWm/ntdbyYlZtZWmtUW9Xa+10Nm/V0uWVpxbz1kLW7MzcWs5q+Vxeq7bzRj1tNVaatWwyTVtZtqljPpvV2/lcXlTr6XIzX6o2r0TE4spSls5mrVozX243ugP2l5XX5xrNpc6wk9eu/t9u9/YGgE+C19+8dPH5tbXV17ZW1pPtLYMrf3nz0sX+n+iHdo5Yv8NrCQBstjlLAwAAAAAAAAAAAAAAn0zXnq5XtO522t+WyljsofO2yoHhZw1+Litfeb/7a7kVA97MOPds+Z3e3dtZ7vz22XPluSefvDisz1OXDy38NYvYfZzB/1MGner69sGIu3/5k27L12/Xmn4Q3bWI0T3Nvp7s0OeOHZIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKj/BwAA//9roEsa")
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fchmodat(r2, &(0x7f0000000140)='./file1\x00', 0x120)

716.234147ms ago: executing program 1 (id=3303):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001000600000008000a00"], 0x44}}, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x1480e, &(0x7f0000000540)=ANY=[@ANYBLOB="6d61703d6f66662c6d61703d6f6666006e6f726f636b2c73657373696f6e3d3078303030303030303030303030303031662c636865636b3d72656c617865642c636865636b3d72656c61786564416e6f726f636b2c6e6f726f636b2c756e6869642ca757b2b584caaebfda96545499652c6d61703d61636f726e036f76657272696465726f63"], 0x1, 0x69d, &(0x7f00000015c0)="$eJzs3V1rG9kdx/HfyLItOyWEbgkhZJOTpAsOTZ2RvHEwKXTV0cieVtKIGbnYUFjSjb2EyNk2SaHxzdY3fYDtG+jd3vSiL6LQ630XvWthae8KpTBlHiTLlkaKNoqzD9+P2fX4zH/O+c+Moj9ja84IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcmq2XbbU8FrbOyafUwv85pj1aW/zupUu3Jo4rmTF/6lU0qW06dJ3jldfjP93Q1fSn66oFH8r6fDcxQv33yoWetuPSeiL0LQdPntx+PhBt7v39CVi5zR192+SCi8RtOm2vND3mtVN13ihbzbW1+07W/XQ1L2GG+6GHbdpnMAtdPzArDi3THljY824q7v+dmuzVm24vcZ736/Y9rr58WJ6oiUtSPIaDa+1mcTEq+OYe+aTn8WrL8itNo3Zf9TdWxuTXyE+5nFQedKexEGVSUEVu1IplyuV8vrdjbv3bLs41GDHLLtPQxEzf9HiK2aWb9/AKynE9f/vltRQSS1ta0dm5JejmgL5auasz/Tq/zt33GShmDPuYP3vVflL0g+z1ZeV1P+r6U9X8+p/Ti5GJtlg1Borp326r/kkI6NneqFDPdYDddXVnp7OoG8jc20mvZzB16ZcteQplC9PTVWTFpO1GG1oXeuy9b62VFcoo7o8NeQq1K5CdeQmryhHgVxV1ZGvQEYrcnRLRmVtaENrMnK1ql352lZLm6qpqv9EUbSvR8lxXxuTo3pB5ZyAxcGgypie8ur/zz9OX6dZ/bep/99U6etgMf322bgY4Esgyq7/p3Tt9WQDAAAAAABeByv57buV/O3+bUmR6l7Dtd90WgAAAAAAYIYsRYu6Iiu+/pf0tiyu/wEAAAAA+LqxknvsLEnLyYf6reM7oV7mlwBzZ5AiAAAAAAB4Rcmd/1cXpCiZtOKarKmu/wEAAAAAwFfA7wfm2C/25tiNen/WL0gK24vWX/+1qGDeOmrvfNc6qMZrqgdZzNAnADpRNhvq/beKyXy9C5KSaXsd94qVjZZNgtmfd/Dz/Ulz/VvBqQQW5gY7GEygftk6n21txSOvF7Of9Imup5tcz+aZf3hYULImHWW57jXcVcdv3C+rWj1f6Lg7nV89efRrKejv5/6j7t7qBx91Hya5HMVNRwdxpx+fSKcwlEvy7TiX58l8C8k9F6P2eEn13pB/aDWXrWRcu7f/c6oeFAYHytn/U2P+VjfSc3ZjOY1dPuzPuB/vfyne//JqcspO7H0wbx1nUT6956NORE4WpSSLm2nMzZWb6bdefnE/Bav0vTmpsjp8Dk5kURnMYvKxsP49dCzGZZEdi7U4i7/FHeVksTZdFkNnBADelP3jKpSU7aG62ysPvTe1L1R3Jlf3905W9+d/iqJkgzmpmP1tYuwoJcXv6CtWUocW0scOFC+PeEe3s7pSUs47uv0K1S0e6y/9ZyD8JgseyuK/URTdLyfj/vFUVf003uDT3HHDRmUuPoR3nh/8IpkAP/bh3od7TyqVtXX7Xdu+W9F8shua1/+6e/acqD0AgCGTn7EzMcJ6V9fTiOsP//lOunSi4n27/5GCVX2gj9TVQ93uPULg2uhelwc+hnA7vWrVwFWruXjh/pJ0Oras27lXdUktHYit9GPn1dvkZKU+jl0bdeiWz832VAAAcGZuTKjDo+t/6UT9v62VNGLl8sjr7pO1PLs67l/S58WWJyf/3qyPBgAA3wxu8Lm13PmdFQRe+/3yxka52tlyTeA7PzGBV9t0jdfquIGzVW1tuqYd+B3f8RumHWjRq7mhCbfbbT/omLofmLYfejvJk99N9uj30G1WWx3PCdsNtxq6xvFbnarTMTUvdEx7+0cNL9xyg2TjsO06Xt1zqh3Pb5nQ3w4cd9WY0HUHAr2a2+p4dS9ebJl24DWrwa75qd/Ybrqm5oZO4LU7ftphbyyvVfeDZtLtqqKpH3QIAMDX0bMXh48fdLt7T08vLMWX5mnLkXJihhcWRnTIHEEAAHzJHJfrKTYqvcaEAAAAAAAAAAAAAAAAAAAAAADAkMm39E25MD/qZkGp3/LL81mLkulx8/qxNOvEplkoTLtV75aIw8efjQle6rf0Dv9gzNGZ7eA/viWdS1qUthRnP9bSmJP7OhZ+sJ8e0dyYeOXIVYv9c1Gc/T+HeOHJn3NWRVEUjd98MT2GS1nLwrgdPLlQlPR04WVPQW9ejIFVZ/s+BODs/T8AAP//PBozFw==")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

688.72946ms ago: executing program 4 (id=3305):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r2 = gettid()
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r6, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc02082c"], 0xfdef)
sendmsg$unix(r3, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc11"], 0xfdef)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
readv(r7, &(0x7f0000000b00)=[{&(0x7f0000000540)=""/198, 0xc6}], 0x1)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r1, &(0x7f0000000100)="4d4b15df3fdff8a0f80531501f614cce8bb23664c74bedbd959cd311e43c9bd83dc841933351968747eed968081c119509c355583a6afad22d4c618c4ea6b64ccb7441a56aa764ab3d3fc2b566259c9dce74cb66999efdecb9965bda0bab40662006a141bd498ed5ceb459c4a9e5e08557b53fe1ed9328b03437222e91d46f014337e73f393e1885642761ed045ceffaf63b37", &(0x7f0000000040)=""/35}, 0x20)
syz_open_dev$usbfs(0x0, 0xfffffffffffffff8, 0x410a00)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_clone(0x100100, &(0x7f0000003100), 0x0, 0x0, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x6000)

644.020254ms ago: executing program 1 (id=3306):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x51)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)

603.469647ms ago: executing program 2 (id=3307):
r0 = socket$inet6(0x10, 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5500000018007fd500fe01b2a4a280930a06000000a843089100fe800c00090008001100080000002d000f009b2c136ef75afb83de448daa72540d8102d2c55327c43ab82286ef1fdd20652383656d4d2449155037", 0x55}], 0x1}, 0x4040044)

560.902801ms ago: executing program 2 (id=3308):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x53d, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82TesEeoAKSIBCQFF2400bVb20uYBQVQlRcUAcUmNvLJNdr/GuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IASxQjATSopkdO1t7TZbsepd6Px9pMvPmzcz3vWxm39u3m3kBTKyrEbEXEbMR8VZELBT7k2KJ1zpLdtzD/d3lg/3d5STa7Tf/muT52b7oOifzdHHN+Yj42pcjvpWcjNvc3rm/VKtVN4t0uVXfKDe3d26s1ZdWq6vV9Url9uLtmy/feqkytLpeqf/8wZfWXv/6r375yfd/u/fF72XFuljkdddjmDpVnzmKk5mOiNfPItgYTBXr2TGXgyeTRsRHIuIz+f2/EFP5v04A4DxrtxeivdCdBgDOuzQfA0vSUkSkadEJKHXG8J6LC2mt0Wxdv9fYWl/pjJVdipn03lqtevPy3O+/kx88k2TpxTwvz8/TlWPpWxFxOSJ+OPdUni4tN2or4+nyAMDEe7q7/Y+If8ylaanU16k9vtUDAD405sddAABg5LT/ADB5tP8AMHn6aP+LL/v3zrwsAMBo+PwPAJNH+w8Ak0f7DwAT5atvvJEt7YPi+dcrb29v3W+8fWOl2rxfqm8tl5Ybmxul1UZjNX9mT/1x16s1GhuLL8bWO+VWtdkqN7d37tYbW+utu/lzve9WZ0ZSKwDgv7l85b3fJRGx98pT+RJdczloq+F8S8ddAGBspgY5WQcBPtTM9gWTq68mPO8k/ObMywKMR8+Hec/33PygH/8PQfzOCP6vXPt4/+P/5niG88X4P0yuJxv/f3Xo5QBGz/g/TK52Ozk+5//sURYAcC4N8BO+9veH1QkBxupxk3kP5ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGcuRsS3I0lL+VzgafZnWipFPBMRl2ImubdWq96MiGfjSkTMzGXpxXEXGgAYUPrnpJj/69rCCxeP584m/5zL1xHx3Z+8+aN3llqtzcVs/9+O9s8dTh9WeXTeAPMKAgBDlrfflWLd9UH+4f7u8uEyyvI8uBP/LqYiXj7Y382XTs50ZDsj5vO+xIW/JzFdnDMfEc9HxNQQ4u+9GxEf61X/JB8buVTMfNodP4rYz4w0fvqB+Gme11lnna+PDqEsMGneuxMRr/W6/9K4mq973//z+TvU4B7c6Vzs8L3voCv+dBFpqkf87J6/2m+MF3/9lRM72wudvHcjnp/uFT85ip+cEv+FPuP/4ROf+sGrp+S1fxpxLXrH745VbtU3ys3tnRtr9aXV6mp1vVK5vXj75su3XqqU8zHq8uFI9Ul/eeX6s6eVLav/hVPiz/es/+zRuZ/rs/4/+9db3/z0o+Tc8fhf+Gzv1/+5nvE7sjbx833GX7rwi1On787ir5xS/8e9/tf7jP/+n3ZW+jwUABiB5vbO/aVarbo50Eb2KXQY1zmxkRWxv4MPu4uDBf1jnEUtnnBj5qz+Vs98Y/qorzjcK38ju+KIq5MOvRYDbTwcVazxvScBo/Hoph93SQAAAAAAAAAAAAAAgNOM4r8ujbuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CQAA//+zi8zo")
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB, @ANYRES32=r2, @ANYBLOB="040000000000800008000000", @ANYRES32=r2, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)

382.444617ms ago: executing program 2 (id=3309):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fdffffff39"], 0x38}}, 0x4000000)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(r3, 0x0, 0x0)
setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000240), &(0x7f0000000300), 0x2, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000001403000028feffff620af0fff8ffffff61a4f0ff000000001d0a0000000000004e000500000000005504000001ed0a0025000000170000006e040000000000007b0300fe000000000c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858a76846b2d31a76e42f2460d0"], 0x0}, 0x90)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="0107000000000000000020"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0)

75.288943ms ago: executing program 2 (id=3310):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000680)={'vcan0\x00'})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[], 0x30}}, 0x0)

60.237284ms ago: executing program 2 (id=3311):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="64000000020605020a0000000000000000000000100003006269746d61703a706f72740005000400000000000900020073797a3000000000050005000000000005000100060000001c0007800800084000000020060004400000000006000540"], 0x64}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440))
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000003c0)={'ip_vti0\x00', &(0x7f00000004c0)={'ip_vti0\x00', <r1=>0x0, 0x1, 0x8000, 0x48, 0xb, {{0xf, 0x4, 0x3, 0x2, 0x3c, 0x65, 0x0, 0xa8, 0x29, 0x0, @multicast2, @multicast1, {[@generic={0x88, 0x6, "86736d69"}, @ra={0x94, 0x4, 0x1}, @generic={0x83, 0x2}, @ssrr={0x89, 0x1b, 0xff, [@remote, @loopback, @dev={0xac, 0x14, 0x14, 0x39}, @remote, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x9, 0x10001, 0x7f, 0x1, 0x1, 0x8001, '\x00', r1, 0xffffffffffffffff, 0x3, 0x4, 0x2, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000003000083850000002d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83c6e613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038d0100a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b17680100969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06de269e97fbb0776bf56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105cfdf8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f01000080000000004febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60133641a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2e9a20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1015ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846899c6b23c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33694f40000000000005d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b95bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca86f750189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc681b6c9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8504611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c01446234437b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c64cd14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e87973d574ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7430100bf3825a1996c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb150963b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b16500"/4081], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000002c0)='kfree\x00', r4}, 0x10)
r5 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000340), 0x1, 0x0)
write$selinux_validatetrans(r5, 0x0, 0x63)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
r7 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000200))
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r9, 0x8953, &(0x7f0000000280))
r10 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0)
migrate_pages(r6, 0x4, &(0x7f00000001c0)=0x7, &(0x7f0000000300))
fallocate(r10, 0x0, 0x400000000000000, 0x7)

0s ago: executing program 2 (id=3312):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000000000000000000030000000003000000020000000200000000000000000000010500000010000000010000000000001101000000000000000061"], 0x0, 0x53, 0x0, 0x1}, 0x20)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x2, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0xffffffff, 0xe, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYRESHEX=r1, @ANYBLOB="e45efd54ba32468ada7bae02edc75c05ea9c0a2024df26266fd8854222d9", @ANYRES16=r3, @ANYRESOCT=0x0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r4}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000000000000000000030000000003000000020000000200000000000000000000010500000010000000010000000000001101000000000000000061"], 0x0, 0x53, 0x0, 0x1}, 0x20) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x2, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0xffffffff, 0xe, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYRESHEX=r1, @ANYBLOB="e45efd54ba32468ada7bae02edc75c05ea9c0a2024df26266fd8854222d9", @ANYRES16=r3, @ANYRESOCT=0x0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r4}, 0x10) (async)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) (async)
signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) (async)

kernel console output (not intermixed with test programs):

42/0x50
[  154.046594][T11995]  x64_sys_call+0x27d3/0x2d60
[  154.051306][T11995]  do_syscall_64+0xc9/0x1c0
[  154.055879][T11995]  ? clear_bhb_loop+0x55/0xb0
[  154.060548][T11995]  ? clear_bhb_loop+0x55/0xb0
[  154.065207][T11995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.071101][T11995] RIP: 0033:0x7f519052b93c
[  154.075548][T11995] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  154.095141][T11995] RSP: 002b:00007f518f1a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  154.103538][T11995] RAX: ffffffffffffffda RBX: 00007f51906e5f80 RCX: 00007f519052b93c
[  154.111532][T11995] RDX: 000000000000000f RSI: 00007f518f1a70a0 RDI: 0000000000000007
[  154.119488][T11995] RBP: 00007f518f1a7090 R08: 0000000000000000 R09: 0000000000000000
[  154.127456][T11995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.135428][T11995] R13: 0000000000000000 R14: 00007f51906e5f80 R15: 00007ffc45738468
[  154.143389][T11995]  </TASK>
[  154.171844][T12006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2482'.
[  154.227875][T12012] loop2: detected capacity change from 0 to 512
[  154.238102][T12012] ext4 filesystem being mounted at /152/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.258169][T12012] Process accounting resumed
[  154.328534][T12028] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2492'.
[  154.340000][T12028] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.385932][T12032] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2493'.
[  154.414066][T12028] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.461088][T12036] FAULT_INJECTION: forcing a failure.
[  154.461088][T12036] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.474208][T12036] CPU: 1 UID: 0 PID: 12036 Comm: syz.1.2494 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  154.485012][T12036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  154.495111][T12036] Call Trace:
[  154.498479][T12036]  <TASK>
[  154.501390][T12036]  dump_stack_lvl+0xf2/0x150
[  154.506078][T12036]  dump_stack+0x15/0x20
[  154.510211][T12036]  should_fail_ex+0x229/0x230
[  154.515021][T12036]  should_fail+0xb/0x10
[  154.519165][T12036]  should_fail_usercopy+0x1a/0x20
[  154.524177][T12036]  _copy_from_user+0x1e/0xd0
[  154.528759][T12036]  copy_msghdr_from_user+0x54/0x2a0
[  154.534017][T12036]  __sys_sendmsg+0x17d/0x280
[  154.538606][T12036]  __x64_sys_sendmsg+0x46/0x50
[  154.543386][T12036]  x64_sys_call+0x2689/0x2d60
[  154.548101][T12036]  do_syscall_64+0xc9/0x1c0
[  154.552629][T12036]  ? clear_bhb_loop+0x55/0xb0
[  154.557325][T12036]  ? clear_bhb_loop+0x55/0xb0
[  154.561990][T12036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.567991][T12036] RIP: 0033:0x7fdab3ebcef9
[  154.572405][T12036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.592014][T12036] RSP: 002b:00007fdab2b37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.600417][T12036] RAX: ffffffffffffffda RBX: 00007fdab4075f80 RCX: 00007fdab3ebcef9
[  154.608384][T12036] RDX: 0000000000000000 RSI: 0000000020000c00 RDI: 0000000000000005
[  154.616375][T12036] RBP: 00007fdab2b37090 R08: 0000000000000000 R09: 0000000000000000
[  154.624429][T12036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.632542][T12036] R13: 0000000000000000 R14: 00007fdab4075f80 R15: 00007ffdde07d6f8
[  154.640556][T12036]  </TASK>
[  154.647649][T12039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2495'.
[  154.663125][T12028] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.675736][T12039] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.711085][T12028] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.749189][T12039] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.766867][T12046] loop3: detected capacity change from 0 to 512
[  154.778097][T12046] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.811574][T12028] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  154.818339][T12051] loop3: detected capacity change from 0 to 512
[  154.823602][T12028] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  154.830790][T12051] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.2498: corrupted in-inode xattr: invalid ea_ino
[  154.837373][T12028] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  154.848989][T12051] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2498: couldn't read orphan inode 15 (err -117)
[  154.859780][T12028] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  154.878923][T12039] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.930917][T12060] loop2: detected capacity change from 0 to 512
[  154.938472][T12039] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.965180][T12065] ip6gretap0 speed is unknown, defaulting to 1000
[  154.973415][T12060] ext4 filesystem being mounted at /154/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.007390][T12071] FAULT_INJECTION: forcing a failure.
[  155.007390][T12071] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  155.020666][T12071] CPU: 0 UID: 0 PID: 12071 Comm: syz.4.2506 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  155.031496][T12071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  155.041534][T12071] Call Trace:
[  155.044794][T12071]  <TASK>
[  155.047705][T12071]  dump_stack_lvl+0xf2/0x150
[  155.052334][T12071]  dump_stack+0x15/0x20
[  155.056469][T12071]  should_fail_ex+0x229/0x230
[  155.061128][T12071]  should_fail+0xb/0x10
[  155.065287][T12071]  should_fail_usercopy+0x1a/0x20
[  155.070366][T12071]  _copy_from_user+0x1e/0xd0
[  155.075018][T12071]  memdup_user+0x64/0xc0
[  155.079324][T12071]  strndup_user+0x68/0xa0
[  155.083646][T12071]  __se_sys_mount+0x4e/0x2d0
[  155.088220][T12071]  ? fput+0x13b/0x180
[  155.092296][T12071]  ? ksys_write+0x178/0x1b0
[  155.096820][T12071]  __x64_sys_mount+0x67/0x80
[  155.101456][T12071]  x64_sys_call+0x203e/0x2d60
[  155.106128][T12071]  do_syscall_64+0xc9/0x1c0
[  155.110614][T12071]  ? clear_bhb_loop+0x55/0xb0
[  155.115269][T12071]  ? clear_bhb_loop+0x55/0xb0
[  155.119929][T12071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.125927][T12071] RIP: 0033:0x7fb129dccef9
[  155.130362][T12071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.150011][T12071] RSP: 002b:00007fb128a47038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  155.158403][T12071] RAX: ffffffffffffffda RBX: 00007fb129f85f80 RCX: 00007fb129dccef9
[  155.166436][T12071] RDX: 00000000200001c0 RSI: 00000000200004c0 RDI: 0000000000000000
[  155.174397][T12071] RBP: 00007fb128a47090 R08: 0000000020000700 R09: 0000000000000000
[  155.182348][T12071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.190329][T12071] R13: 0000000000000000 R14: 00007fb129f85f80 R15: 00007ffdeaad38a8
[  155.198288][T12071]  </TASK>
[  155.234855][T12039] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  155.255027][T12039] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  155.277293][T12039] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  155.289967][T12039] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  155.299478][T12080] netlink: 'syz.4.2510': attribute type 4 has an invalid length.
[  155.318667][T12084] netlink: 'syz.2.2512': attribute type 4 has an invalid length.
[  155.326566][T12086] ip6gretap0 speed is unknown, defaulting to 1000
[  155.329174][T12084] netlink: 'syz.2.2512': attribute type 4 has an invalid length.
[  155.418431][T12093] loop2: detected capacity change from 0 to 512
[  155.436981][T12097] ip6gretap0 speed is unknown, defaulting to 1000
[  155.499939][T12105] loop2: detected capacity change from 0 to 512
[  155.518435][T12112] loop4: detected capacity change from 0 to 1024
[  155.518688][T12105] ext4 filesystem being mounted at /157/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.540885][T12112] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  155.551945][T12112] FAULT_INJECTION: forcing a failure.
[  155.551945][T12112] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  155.565224][T12112] CPU: 1 UID: 0 PID: 12112 Comm: syz.4.2524 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  155.576001][T12112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  155.586039][T12112] Call Trace:
[  155.589296][T12112]  <TASK>
[  155.592291][T12112]  dump_stack_lvl+0xf2/0x150
[  155.596911][T12112]  dump_stack+0x15/0x20
[  155.601099][T12112]  should_fail_ex+0x229/0x230
[  155.605781][T12112]  should_fail+0xb/0x10
[  155.609923][T12112]  should_fail_usercopy+0x1a/0x20
[  155.614931][T12112]  _copy_to_user+0x1e/0xa0
[  155.619335][T12112]  simple_read_from_buffer+0xa0/0x110
[  155.624688][T12112]  proc_fail_nth_read+0xff/0x140
[  155.629718][T12112]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  155.635248][T12112]  vfs_read+0x1a2/0x6e0
[  155.639390][T12112]  ? __rcu_read_unlock+0x4e/0x70
[  155.644424][T12112]  ? __fget_files+0x1da/0x210
[  155.649090][T12112]  ksys_read+0xeb/0x1b0
[  155.653305][T12112]  __x64_sys_read+0x42/0x50
[  155.657843][T12112]  x64_sys_call+0x27d3/0x2d60
[  155.662502][T12112]  do_syscall_64+0xc9/0x1c0
[  155.667049][T12112]  ? clear_bhb_loop+0x55/0xb0
[  155.671713][T12112]  ? clear_bhb_loop+0x55/0xb0
[  155.676372][T12112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.682346][T12112] RIP: 0033:0x7fb129dcb93c
[  155.686749][T12112] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  155.706344][T12112] RSP: 002b:00007fb128a47030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  155.714752][T12112] RAX: ffffffffffffffda RBX: 00007fb129f85f80 RCX: 00007fb129dcb93c
[  155.722751][T12112] RDX: 000000000000000f RSI: 00007fb128a470a0 RDI: 0000000000000008
[  155.730816][T12112] RBP: 00007fb128a47090 R08: 0000000000000000 R09: 0000000000000000
[  155.738790][T12112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.746857][T12112] R13: 0000000000000000 R14: 00007fb129f85f80 R15: 00007ffdeaad38a8
[  155.754868][T12112]  </TASK>
[  155.775792][T12118] netlink: 'syz.0.2526': attribute type 4 has an invalid length.
[  155.811681][T12123] netlink: 'syz.2.2528': attribute type 4 has an invalid length.
[  155.837210][T12123] netlink: 'syz.2.2528': attribute type 4 has an invalid length.
[  155.873963][T12133] loop2: detected capacity change from 0 to 1024
[  155.882309][   T29] kauditd_printk_skb: 534 callbacks suppressed
[  155.882321][   T29] audit: type=1400 audit(1725761426.189:13487): avc:  denied  { read } for  pid=12130 comm="syz.4.2525" name="ptp0" dev="devtmpfs" ino=221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  155.912545][   T29] audit: type=1400 audit(1725761426.189:13488): avc:  denied  { open } for  pid=12130 comm="syz.4.2525" path="/dev/ptp0" dev="devtmpfs" ino=221 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  155.936156][   T29] audit: type=1400 audit(1725761426.199:13489): avc:  denied  { ioctl } for  pid=12130 comm="syz.4.2525" path="/dev/ptp0" dev="devtmpfs" ino=221 ioctlcmd=0x3d0f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  155.963049][   T29] audit: type=1326 audit(1725761426.219:13490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12134 comm="syz.0.2533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  155.986598][   T29] audit: type=1326 audit(1725761426.219:13491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12134 comm="syz.0.2533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  156.000479][T12141] ip6gretap0 speed is unknown, defaulting to 1000
[  156.012454][T12143] random: crng reseeded on system resumption
[  156.089405][T12149] loop4: detected capacity change from 0 to 512
[  156.104334][   T29] audit: type=1326 audit(1725761426.229:13492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12134 comm="syz.0.2533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  156.127981][   T29] audit: type=1326 audit(1725761426.229:13493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12134 comm="syz.0.2533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  156.151655][   T29] audit: type=1326 audit(1725761426.229:13494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12134 comm="syz.0.2533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  156.175255][   T29] audit: type=1326 audit(1725761426.229:13495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12134 comm="syz.0.2533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  156.198949][   T29] audit: type=1326 audit(1725761426.229:13496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12134 comm="syz.0.2533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  156.229831][T12133] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  156.258428][T12149] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  156.305100][T12160] loop3: detected capacity change from 0 to 2048
[  156.349525][T12160] EXT4-fs (loop3): shut down requested (0)
[  156.393593][T12170] loop4: detected capacity change from 0 to 1024
[  156.434152][T12175] loop3: detected capacity change from 0 to 1024
[  156.465958][T12183] random: crng reseeded on system resumption
[  156.467366][T12175] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  156.524565][T12184] loop2: detected capacity change from 0 to 512
[  156.588886][T12184] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.2551: corrupted in-inode xattr: invalid ea_ino
[  156.602912][T12184] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2551: couldn't read orphan inode 15 (err -117)
[  156.642992][T12192] netlink: 'syz.4.2554': attribute type 15 has an invalid length.
[  156.700771][T12204] ip6gretap0 speed is unknown, defaulting to 1000
[  157.075172][T12220] random: crng reseeded on system resumption
[  157.270770][T12235] loop3: detected capacity change from 0 to 512
[  157.293246][T12235] loop3: detected capacity change from 0 to 512
[  157.306024][T12235] EXT4-fs: Invalid want_extra_isize 1
[  157.417593][T12242] loop3: detected capacity change from 0 to 512
[  157.434759][T12242] EXT4-fs mount: 49 callbacks suppressed
[  157.434772][T12242] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.453047][T12242] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.464030][T12242] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.505383][T12259] loop2: detected capacity change from 0 to 512
[  157.515514][T12259] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.2580: corrupted in-inode xattr: invalid ea_ino
[  157.536044][T12259] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2580: couldn't read orphan inode 15 (err -117)
[  157.549022][T12259] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.581843][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.636267][T12280] ip6gretap0 speed is unknown, defaulting to 1000
[  157.933672][T12323] ªªªªª: renamed from bond_slave_1 (while UP)
[  158.038901][T12338] loop4: detected capacity change from 0 to 512
[  158.057321][T12338] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.2595: corrupted in-inode xattr: invalid ea_ino
[  158.080569][T12338] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2595: couldn't read orphan inode 15 (err -117)
[  158.102987][T12338] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.134080][T11803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.182996][T12366] netlink: 'syz.4.2597': attribute type 15 has an invalid length.
[  158.510903][T12440] loop2: detected capacity change from 0 to 2048
[  158.527674][T12440] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.550134][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.583879][T12449] netlink: 'syz.0.2609': attribute type 4 has an invalid length.
[  158.660297][T12455] netlink: 'syz.2.2608': attribute type 15 has an invalid length.
[  158.727568][T12461] loop4: detected capacity change from 0 to 256
[  159.352092][T12465] loop2: detected capacity change from 0 to 512
[  159.370670][T12465] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.371227][T12460] syz.1.2612[12460] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.383230][T12465] ext4 filesystem being mounted at /173/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.384316][T12460] syz.1.2612[12460] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.418413][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.563113][T12493] loop2: detected capacity change from 0 to 512
[  159.636828][T12550] FAULT_INJECTION: forcing a failure.
[  159.636828][T12550] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  159.649951][T12550] CPU: 1 UID: 0 PID: 12550 Comm: syz.4.2621 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  159.660719][T12550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  159.670783][T12550] Call Trace:
[  159.674148][T12550]  <TASK>
[  159.677084][T12550]  dump_stack_lvl+0xf2/0x150
[  159.681744][T12550]  dump_stack+0x15/0x20
[  159.685912][T12550]  should_fail_ex+0x229/0x230
[  159.690605][T12550]  should_fail+0xb/0x10
[  159.694905][T12550]  should_fail_usercopy+0x1a/0x20
[  159.700012][T12550]  _copy_from_user+0x1e/0xd0
[  159.704614][T12550]  move_addr_to_kernel+0x82/0x120
[  159.709653][T12550]  copy_msghdr_from_user+0x271/0x2a0
[  159.714964][T12550]  __sys_sendmsg+0x17d/0x280
[  159.719602][T12550]  __x64_sys_sendmsg+0x46/0x50
[  159.724492][T12550]  x64_sys_call+0x2689/0x2d60
[  159.729339][T12550]  do_syscall_64+0xc9/0x1c0
[  159.733901][T12550]  ? clear_bhb_loop+0x55/0xb0
[  159.738593][T12550]  ? clear_bhb_loop+0x55/0xb0
[  159.743276][T12550]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.749213][T12550] RIP: 0033:0x7fb129dccef9
[  159.752866][T12493] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.753615][T12550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.785635][T12550] RSP: 002b:00007fb128a26038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  159.794131][T12550] RAX: ffffffffffffffda RBX: 00007fb129f86058 RCX: 00007fb129dccef9
[  159.802152][T12550] RDX: 0000000000040000 RSI: 00000000200003c0 RDI: 0000000000000003
[  159.810136][T12550] RBP: 00007fb128a26090 R08: 0000000000000000 R09: 0000000000000000
[  159.818121][T12550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.823300][T12493] ext4 filesystem being mounted at /175/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.826116][T12550] R13: 0000000000000000 R14: 00007fb129f86058 R15: 00007ffdeaad38a8
[  159.826139][T12550]  </TASK>
[  159.903668][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.914944][T12566] loop3: detected capacity change from 0 to 2048
[  159.917906][T12569] ip6gretap0 speed is unknown, defaulting to 1000
[  159.944167][T12566] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  159.963990][T12566] EXT4-fs (loop3): shut down requested (2)
[  159.967615][T12577] netlink: 'syz.1.2627': attribute type 4 has an invalid length.
[  160.042514][T12589] loop2: detected capacity change from 0 to 512
[  160.058777][T12589] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.071601][T12589] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.099364][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.124968][T12601] netlink: 'syz.1.2638': attribute type 15 has an invalid length.
[  160.148388][T12603] ip6gretap0 speed is unknown, defaulting to 1000
[  160.148497][T12605] netlink: 'syz.1.2640': attribute type 4 has an invalid length.
[  160.170429][T12605] netlink: 'syz.1.2640': attribute type 4 has an invalid length.
[  160.215166][T12607] netlink: 'syz.1.2641': attribute type 4 has an invalid length.
[  160.270106][T12617] ip6gretap0 speed is unknown, defaulting to 1000
[  160.298826][T12621] 9pnet_fd: Insufficient options for proto=fd
[  160.334693][T12627] netlink: 'syz.2.2650': attribute type 15 has an invalid length.
[  160.344977][T12625] ip6gretap0 speed is unknown, defaulting to 1000
[  160.375383][T12629] ip6gretap0 speed is unknown, defaulting to 1000
[  160.456993][T12634] FAULT_INJECTION: forcing a failure.
[  160.456993][T12634] name failslab, interval 1, probability 0, space 0, times 0
[  160.469697][T12634] CPU: 0 UID: 0 PID: 12634 Comm: syz.2.2654 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  160.480518][T12634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  160.490636][T12634] Call Trace:
[  160.493923][T12634]  <TASK>
[  160.496849][T12634]  dump_stack_lvl+0xf2/0x150
[  160.501446][T12634]  dump_stack+0x15/0x20
[  160.505603][T12634]  should_fail_ex+0x229/0x230
[  160.510283][T12634]  ? build_skb+0x33/0x210
[  160.514686][T12634]  should_failslab+0x8f/0xb0
[  160.519344][T12634]  kmem_cache_alloc_noprof+0x4c/0x290
[  160.524732][T12634]  ? alloc_pages_mpol_noprof+0xd5/0x1e0
[  160.530282][T12634]  build_skb+0x33/0x210
[  160.534430][T12634]  __tun_build_skb+0x2b/0x1b0
[  160.539190][T12634]  ? tun_get_user+0x1474/0x24b0
[  160.544056][T12634]  tun_get_user+0x1494/0x24b0
[  160.548839][T12634]  ? ref_tracker_alloc+0x1f5/0x2f0
[  160.553962][T12634]  tun_chr_write_iter+0x18e/0x240
[  160.559018][T12634]  vfs_write+0x78f/0x900
[  160.563393][T12634]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  160.569012][T12634]  ksys_write+0xeb/0x1b0
[  160.573309][T12634]  __x64_sys_write+0x42/0x50
[  160.577984][T12634]  x64_sys_call+0x27dd/0x2d60
[  160.582705][T12634]  do_syscall_64+0xc9/0x1c0
[  160.587204][T12634]  ? clear_bhb_loop+0x55/0xb0
[  160.591920][T12634]  ? clear_bhb_loop+0x55/0xb0
[  160.596601][T12634]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.602549][T12634] RIP: 0033:0x7f519052b9df
[  160.606961][T12634] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  160.626578][T12634] RSP: 002b:00007f518f1a7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  160.634991][T12634] RAX: ffffffffffffffda RBX: 00007f51906e5f80 RCX: 00007f519052b9df
[  160.642978][T12634] RDX: 000000000000007e RSI: 00000000200006c0 RDI: 00000000000000c8
[  160.650951][T12634] RBP: 00007f518f1a7090 R08: 0000000000000000 R09: 0000000000000000
[  160.658918][T12634] R10: 000000000000007e R11: 0000000000000293 R12: 0000000000000001
[  160.666902][T12634] R13: 0000000000000000 R14: 00007f51906e5f80 R15: 00007ffc45738468
[  160.674956][T12634]  </TASK>
[  160.678777][ T9847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.733674][T12647] netlink: 'syz.3.2655': attribute type 4 has an invalid length.
[  160.743562][T12649] loop2: detected capacity change from 0 to 512
[  160.763506][T12651] loop4: detected capacity change from 0 to 2048
[  160.783172][T12649] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.2660: corrupted in-inode xattr: invalid ea_ino
[  160.797902][T12649] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2660: couldn't read orphan inode 15 (err -117)
[  160.822214][T12651] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.836517][T12649] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.852396][T12651] EXT4-fs (loop4): shut down requested (0)
[  160.864137][T12664] ip6gretap0 speed is unknown, defaulting to 1000
[  160.865781][T12649] EXT4-fs error (device loop2): ext4_lookup:1815: inode #2: comm syz.2.2660: deleted inode referenced: 15
[  160.886467][T12649] EXT4-fs error (device loop2): ext4_lookup:1815: inode #2: comm syz.2.2660: deleted inode referenced: 15
[  160.922039][T11803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.939655][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.984133][   T29] kauditd_printk_skb: 815 callbacks suppressed
[  160.984147][   T29] audit: type=1326 audit(1725761431.289:14312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12673 comm="syz.2.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  161.013997][   T29] audit: type=1326 audit(1725761431.289:14313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12673 comm="syz.2.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  161.042343][   T29] audit: type=1326 audit(1725761431.349:14314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12673 comm="syz.2.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  161.065940][   T29] audit: type=1326 audit(1725761431.349:14315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12673 comm="syz.2.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  161.089647][   T29] audit: type=1326 audit(1725761431.349:14316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12673 comm="syz.2.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  161.113328][   T29] audit: type=1326 audit(1725761431.349:14317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12673 comm="syz.2.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  161.137190][   T29] audit: type=1326 audit(1725761431.349:14318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12673 comm="syz.2.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  161.144393][T12680] ip6gretap0 speed is unknown, defaulting to 1000
[  161.160736][   T29] audit: type=1326 audit(1725761431.349:14319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12673 comm="syz.2.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  161.160769][   T29] audit: type=1326 audit(1725761431.349:14320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12673 comm="syz.2.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  161.214360][   T29] audit: type=1326 audit(1725761431.349:14321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12673 comm="syz.2.2669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  161.385161][T12692] loop2: detected capacity change from 0 to 512
[  161.411428][T12692] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  161.412568][ T9512] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.441808][T12692] ext4 filesystem being mounted at /195/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  161.465202][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.491907][ T9512] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.527965][T12689] ip6gretap0 speed is unknown, defaulting to 1000
[  161.539504][T12703] loop2: detected capacity change from 0 to 2048
[  161.549741][ T4654] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  161.560682][ T4654] CPU: 0 UID: 0 PID: 4654 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  161.571582][ T4654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  161.581683][ T4654] Call Trace:
[  161.584965][ T4654]  <TASK>
[  161.587898][ T4654]  dump_stack_lvl+0xf2/0x150
[  161.592572][ T4654]  dump_stack+0x15/0x20
[  161.596782][ T4654]  dump_header+0x83/0x2d0
[  161.601130][ T4654]  oom_kill_process+0x341/0x4c0
[  161.606087][ T4654]  out_of_memory+0x9af/0xbe0
[  161.610686][ T4654]  ? __rcu_read_unlock+0x4e/0x70
[  161.615803][ T4654]  mem_cgroup_out_of_memory+0x13e/0x190
[  161.621418][ T4654]  try_charge_memcg+0x51b/0x810
[  161.626422][ T4654]  mem_cgroup_swapin_charge_folio+0x107/0x1a0
[  161.632524][ T4654]  __read_swap_cache_async+0x2b7/0x520
[  161.637994][ T4654]  swap_cluster_readahead+0x276/0x3f0
[  161.643381][ T4654]  swapin_readahead+0xe4/0x760
[  161.648425][ T4654]  ? __filemap_get_folio+0x420/0x5b0
[  161.653741][ T4654]  ? swap_cache_get_folio+0x77/0x210
[  161.659049][ T4654]  do_swap_page+0x3da/0x1ef0
[  161.663655][ T4654]  ? hrtimer_start_range_ns+0x53d/0x580
[  161.669285][ T4654]  ? hrtimer_try_to_cancel+0x106/0x1d0
[  161.674846][ T4654]  ? __rcu_read_lock+0x36/0x50
[  161.679629][ T4654]  ? pte_offset_map_nolock+0x124/0x1d0
[  161.685216][ T4654]  handle_mm_fault+0x8cb/0x2a30
[  161.690140][ T4654]  exc_page_fault+0x3b9/0x650
[  161.694843][ T4654]  asm_exc_page_fault+0x26/0x30
[  161.699720][ T4654] RIP: 0033:0x7fb44ea1efa5
[  161.704133][ T4654] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e 15 15 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[  161.723751][ T4654] RSP: 002b:00007ffef1183048 EFLAGS: 00010246
[  161.729890][ T4654] RAX: 0000000000000000 RBX: 0000000000000465 RCX: 00007fb44ea1efa3
[  161.737864][ T4654] RDX: 00007ffef1183060 RSI: 0000000000000000 RDI: 0000000000000000
[  161.745920][ T4654] RBP: 00007ffef11830bc R08: 0000000018e67a02 R09: 7fffffffffffffff
[  161.753941][ T4654] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032
[  161.761918][ T4654] R13: 00000000000274f5 R14: 0000000000027493 R15: 00007ffef1183110
[  161.769904][ T4654]  </TASK>
[  161.773157][ T4654] memory: usage 307200kB, limit 307200kB, failcnt 7557
[  161.780060][ T4654] memory+swap: usage 307608kB, limit 9007199254740988kB, failcnt 0
[  161.787973][ T4654] kmem: usage 306796kB, limit 9007199254740988kB, failcnt 0
[  161.795331][ T4654] Memory cgroup stats for /syz0:
[  161.799665][ T4654] cache 393216
[  161.808042][ T4654] rss 0
[  161.810797][ T4654] shmem 0
[  161.813742][ T4654] mapped_file 393216
[  161.817486][T12703] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  161.817713][ T4654] dirty 393216
[  161.817720][ T4654] writeback 4096
[  161.836811][ T4654] workingset_refault_anon 102
[  161.841484][ T4654] workingset_refault_file 4153
[  161.842946][T12703] EXT4-fs (loop2): shut down requested (0)
[  161.846226][ T4654] swap 417792
[  161.846235][ T4654] swapcached 16384
[  161.846241][ T4654] pgpgin 259312
[  161.846247][ T4654] pgpgout 259212
[  161.866190][ T4654] pgfault 261615
[  161.869754][ T4654] pgmajfault 66
[  161.873200][ T4654] inactive_anon 0
[  161.876855][ T4654] active_anon 16384
[  161.880845][ T4654] inactive_file 0
[  161.884479][ T4654] active_file 393216
[  161.888400][ T4654] unevictable 0
[  161.891861][ T4654] hierarchical_memory_limit 314572800
[  161.897346][ T4654] hierarchical_memsw_limit 9223372036854771712
[  161.903497][ T4654] total_cache 393216
[  161.907441][ T4654] total_rss 0
[  161.910717][ T4654] total_shmem 0
[  161.914178][ T4654] total_mapped_file 393216
[  161.918643][ T4654] total_dirty 393216
[  161.922546][ T4654] total_writeback 4096
[  161.926621][ T4654] total_workingset_refault_anon 102
[  161.931809][ T4654] total_workingset_refault_file 4153
[  161.937287][ T4654] total_swap 417792
[  161.941266][ T4654] total_swapcached 16384
[  161.945683][ T4654] total_pgpgin 259312
[  161.949731][ T4654] total_pgpgout 259212
[  161.953810][ T4654] total_pgfault 261615
[  161.957956][ T4654] total_pgmajfault 66
[  161.961925][ T4654] total_inactive_anon 0
[  161.966135][ T4654] total_active_anon 16384
[  161.970483][ T4654] total_inactive_file 0
[  161.974632][ T4654] total_active_file 393216
[  161.979085][ T4654] total_unevictable 0
[  161.983059][ T4654] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2668,pid=12665,uid=0
[  161.998173][ T4654] Memory cgroup out of memory: Killed process 12665 (syz.0.2668) total-vm:89116kB, anon-rss:696kB, file-rss:16168kB, shmem-rss:0kB, UID:0 pgtables:104kB oom_score_adj:1000
[  162.018676][ T9512] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.053492][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.067302][T12689] chnl_net:caif_netlink_parms(): no params data found
[  162.087125][ T9512] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.189332][ T9512] bridge_slave_1: left allmulticast mode
[  162.189436][T12729] loop2: detected capacity change from 0 to 512
[  162.194999][ T9512] bridge_slave_1: left promiscuous mode
[  162.207057][ T9512] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.214940][ T9512] bridge_slave_0: left allmulticast mode
[  162.220721][ T9512] bridge_slave_0: left promiscuous mode
[  162.226708][ T9512] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.230295][T12729] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.246816][T12729] ext4 filesystem being mounted at /199/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.283175][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.452793][ T9512] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  162.464511][ T9512] bond0 (unregistering): (slave ªªªªª): Releasing backup interface
[  162.476410][ T9512] bond0 (unregistering): Released all slaves
[  162.532070][T12689] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.539199][T12689] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.549890][T12689] bridge_slave_0: entered allmulticast mode
[  162.556333][T12689] bridge_slave_0: entered promiscuous mode
[  162.564465][T12689] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.571636][T12689] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.581863][T12689] bridge_slave_1: entered allmulticast mode
[  162.590252][T12689] bridge_slave_1: entered promiscuous mode
[  162.610279][T12689] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  162.621876][T12689] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  162.645159][T12689] team0: Port device team_slave_0 added
[  162.652181][T12689] team0: Port device team_slave_1 added
[  162.666959][T12689] batman_adv: batadv0: Adding interface: batadv_slave_0
[  162.674022][T12689] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.700053][T12689] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  162.745732][T12689] batman_adv: batadv0: Adding interface: batadv_slave_1
[  162.752728][T12689] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.778771][T12689] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  162.843560][ T9512] hsr_slave_0: left promiscuous mode
[  162.850345][ T9512] hsr_slave_1: left promiscuous mode
[  162.856243][ T9512] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  162.863760][ T9512] batman_adv: batadv0: Removing interface: batadv_slave_0
[  162.874675][ T9512] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  162.882176][ T9512] batman_adv: batadv0: Removing interface: batadv_slave_1
[  162.892953][ T9512] veth1_macvtap: left promiscuous mode
[  162.898555][ T9512] veth0_macvtap: left promiscuous mode
[  162.904357][ T9512] veth1_vlan: left promiscuous mode
[  162.909730][ T9512] veth0_vlan: left promiscuous mode
[  163.022632][ T9512] team0 (unregistering): Port device team_slave_1 removed
[  163.033249][ T9512] team0 (unregistering): Port device team_slave_0 removed
[  163.074460][T12689] hsr_slave_0: entered promiscuous mode
[  163.080733][T12689] hsr_slave_1: entered promiscuous mode
[  163.087082][T12689] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  163.094669][T12689] Cannot create hsr debugfs directory
[  163.146324][T12742] ip6gretap0 speed is unknown, defaulting to 1000
[  163.225934][T12742] chnl_net:caif_netlink_parms(): no params data found
[  163.263677][T12742] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.270877][T12742] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.278762][T12742] bridge_slave_0: entered allmulticast mode
[  163.285426][T12742] bridge_slave_0: entered promiscuous mode
[  163.295460][T12742] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.302606][T12742] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.309947][T12742] bridge_slave_1: entered allmulticast mode
[  163.316319][T12742] bridge_slave_1: entered promiscuous mode
[  163.322883][T12774] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2700'.
[  163.336439][T12774] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.364481][T12742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  163.382498][T12742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  163.422679][T12774] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.436113][T12742] team0: Port device team_slave_0 added
[  163.442768][T12742] team0: Port device team_slave_1 added
[  163.462609][T12742] batman_adv: batadv0: Adding interface: batadv_slave_0
[  163.469707][T12742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  163.495811][T12742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  163.498186][T12785] loop2: detected capacity change from 0 to 2048
[  163.516436][T12774] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.517758][T12785] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.539275][T12742] batman_adv: batadv0: Adding interface: batadv_slave_1
[  163.542094][T12785] EXT4-fs (loop2): shut down requested (0)
[  163.546260][T12742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  163.578008][T12742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  163.594353][ T9512] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.614386][T12786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2701'.
[  163.624711][T12774] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.634856][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.650958][T12742] hsr_slave_0: entered promiscuous mode
[  163.657286][T12742] hsr_slave_1: entered promiscuous mode
[  163.663599][T12742] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  163.671248][T12742] Cannot create hsr debugfs directory
[  163.682365][ T9512] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.700763][T12795] validate_nla: 2 callbacks suppressed
[  163.700854][T12795] netlink: 'syz.2.2706': attribute type 15 has an invalid length.
[  163.715922][T12774] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.734839][T12798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2707'.
[  163.736113][T12689] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  163.761319][T12689] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  163.771872][ T9512] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.788214][T12689] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  163.790458][T12798] loop2: detected capacity change from 0 to 256
[  163.816579][T12689] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  163.840303][ T9512] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.857711][T12774] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  163.870298][T12774] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  163.881476][T12804] ip6gretap0 speed is unknown, defaulting to 1000
[  163.892586][T12774] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  163.903758][T12774] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  163.962374][ T9512] bridge_slave_1: left allmulticast mode
[  163.968064][ T9512] bridge_slave_1: left promiscuous mode
[  163.973689][ T9512] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.982138][ T9512] bridge_slave_0: left allmulticast mode
[  163.987906][ T9512] bridge_slave_0: left promiscuous mode
[  163.993523][ T9512] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.089457][ T9512] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  164.106664][ T9512] bond0 (unregistering): (slave ªªªªª): Releasing backup interface
[  164.116264][ T9512] bond0 (unregistering): Released all slaves
[  164.141579][T12813] ip6gretap0 speed is unknown, defaulting to 1000
[  164.145704][T12689] 8021q: adding VLAN 0 to HW filter on device bond0
[  164.188784][T12689] 8021q: adding VLAN 0 to HW filter on device team0
[  164.203653][ T3373] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.210805][ T3373] bridge0: port 1(bridge_slave_0) entered forwarding state
[  164.242238][ T9512] hsr_slave_0: left promiscuous mode
[  164.248083][ T9512] hsr_slave_1: left promiscuous mode
[  164.260513][ T9512] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  164.268038][ T9512] batman_adv: batadv0: Removing interface: batadv_slave_0
[  164.279974][ T9512] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  164.287516][ T9512] batman_adv: batadv0: Removing interface: batadv_slave_1
[  164.298475][ T9512] veth1_macvtap: left promiscuous mode
[  164.303972][ T9512] veth0_macvtap: left promiscuous mode
[  164.309584][ T9512] veth1_vlan: left promiscuous mode
[  164.314804][ T9512] veth0_vlan: left promiscuous mode
[  164.486177][ T9512] team0 (unregistering): Port device team_slave_1 removed
[  164.500589][ T9512] team0 (unregistering): Port device team_slave_0 removed
[  164.583308][T12427] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.590470][T12427] bridge0: port 2(bridge_slave_1) entered forwarding state
[  164.609213][T12829] netlink: 'syz.1.2717': attribute type 15 has an invalid length.
[  164.621340][T12825] ip6gretap0 speed is unknown, defaulting to 1000
[  164.651174][T12689] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  164.661813][T12689] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  164.703792][T12742] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  164.713010][T12742] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  164.729861][T12742] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  164.749690][T12742] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  164.759498][T12841] loop2: detected capacity change from 0 to 512
[  164.763605][T12689] 8021q: adding VLAN 0 to HW filter on device batadv0
[  164.778515][T12841] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.791138][T12841] ext4 filesystem being mounted at /211/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.802110][T12841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.814464][T12742] 8021q: adding VLAN 0 to HW filter on device bond0
[  164.828653][T12742] 8021q: adding VLAN 0 to HW filter on device team0
[  164.840431][ T3373] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.847574][ T3373] bridge0: port 1(bridge_slave_0) entered forwarding state
[  164.874260][ T3373] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.881566][ T3373] bridge0: port 2(bridge_slave_1) entered forwarding state
[  164.904000][T12742] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  164.942184][T12689] veth0_vlan: entered promiscuous mode
[  164.983656][T12861] loop2: detected capacity change from 0 to 1024
[  164.990490][T12861] EXT4-fs: Ignoring removed nobh option
[  164.992359][T12689] veth1_vlan: entered promiscuous mode
[  165.008673][T12861] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.015677][T12742] 8021q: adding VLAN 0 to HW filter on device batadv0
[  165.031399][T12861] FAULT_INJECTION: forcing a failure.
[  165.031399][T12861] name failslab, interval 1, probability 0, space 0, times 0
[  165.036587][T12689] veth0_macvtap: entered promiscuous mode
[  165.044106][T12861] CPU: 1 UID: 0 PID: 12861 Comm: syz.2.2724 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  165.051604][T12689] veth1_macvtap: entered promiscuous mode
[  165.060480][T12861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  165.060497][T12861] Call Trace:
[  165.060503][T12861]  <TASK>
[  165.060509][T12861]  dump_stack_lvl+0xf2/0x150
[  165.070399][T12689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  165.076245][T12861]  dump_stack+0x15/0x20
[  165.079523][T12689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.082411][T12861]  should_fail_ex+0x229/0x230
[  165.082433][T12861]  ? __es_insert_extent+0x575/0xf60
[  165.087692][T12689] batman_adv: batadv0: Interface activated: batadv_slave_0
[  165.097370][T12861]  should_failslab+0x8f/0xb0
[  165.097471][T12861]  kmem_cache_alloc_noprof+0x4c/0x290
[  165.102673][T12689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.111461][T12861]  __es_insert_extent+0x575/0xf60
[  165.116131][T12689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.121308][T12861]  ext4_es_insert_extent+0x3e5/0x1c10
[  165.128483][T12689] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.133078][T12861]  ext4_map_blocks+0xa93/0xf50
[  165.138419][T12689] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.148789][T12861]  ext4_convert_unwritten_extents+0x16c/0x2c0
[  165.155026][T12689] batman_adv: batadv0: Interface activated: batadv_slave_1
[  165.163660][T12861]  ext4_dio_write_end_io+0x93/0x370
[  165.170241][T12689] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.179415][T12861]  ? __pfx_ext4_dio_write_end_io+0x10/0x10
[  165.179442][T12861]  iomap_dio_complete+0xa4/0x4c0
[  165.184176][T12689] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.193941][T12861]  iomap_dio_rw+0x62/0x90
[  165.193970][T12861]  ext4_file_write_iter+0xaa4/0xe30
[  165.193987][T12861]  ? ext4_file_write_iter+0x501/0xe30
[  165.194009][T12861]  iter_file_splice_write+0x5e6/0x970
[  165.200098][T12689] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.207202][T12861]  ? __pfx_iter_file_splice_write+0x10/0x10
[  165.212379][T12689] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.221011][T12861]  direct_splice_actor+0x16c/0x2c0
[  165.289195][T12861]  splice_direct_to_actor+0x305/0x670
[  165.294580][T12861]  ? __pfx_direct_splice_actor+0x10/0x10
[  165.300246][T12861]  do_splice_direct+0xd7/0x150
[  165.305068][T12861]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  165.311015][T12861]  do_sendfile+0x3ab/0x950
[  165.315414][T12861]  __x64_sys_sendfile64+0x110/0x150
[  165.320601][T12861]  x64_sys_call+0xed5/0x2d60
[  165.325198][T12861]  do_syscall_64+0xc9/0x1c0
[  165.329692][T12861]  ? clear_bhb_loop+0x55/0xb0
[  165.334362][T12861]  ? clear_bhb_loop+0x55/0xb0
[  165.339058][T12861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.344949][T12861] RIP: 0033:0x7f519052cef9
[  165.349348][T12861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.368983][T12861] RSP: 002b:00007f518f1a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  165.377379][T12861] RAX: ffffffffffffffda RBX: 00007f51906e5f80 RCX: 00007f519052cef9
[  165.385330][T12861] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006
[  165.393290][T12861] RBP: 00007f518f1a7090 R08: 0000000000000000 R09: 0000000000000000
[  165.401243][T12861] R10: 0000000100000008 R11: 0000000000000246 R12: 0000000000000002
[  165.409217][T12861] R13: 0000000000000000 R14: 00007f51906e5f80 R15: 00007ffc45738468
[  165.417174][T12861]  </TASK>
[  165.447595][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.570641][T12742] veth0_vlan: entered promiscuous mode
[  165.578581][T12742] veth1_vlan: entered promiscuous mode
[  165.596873][T12742] veth0_macvtap: entered promiscuous mode
[  165.604407][T12742] veth1_macvtap: entered promiscuous mode
[  165.614312][T12742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  165.624853][T12742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.634700][T12742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  165.645146][T12742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.655777][T12742] batman_adv: batadv0: Interface activated: batadv_slave_0
[  165.672033][T12742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.682533][T12742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.692434][T12742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.703029][T12742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.712903][T12742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.723394][T12742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.734052][T12742] batman_adv: batadv0: Interface activated: batadv_slave_1
[  165.749544][T12742] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.758300][T12742] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.767082][T12742] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.775817][T12742] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.785906][T12904] netlink: 'syz.1.2735': attribute type 4 has an invalid length.
[  165.795492][T12906] netlink: 'syz.3.2736': attribute type 4 has an invalid length.
[  165.807214][T12903] netlink: 'syz.1.2735': attribute type 4 has an invalid length.
[  165.823584][T12906] netlink: 'syz.3.2736': attribute type 4 has an invalid length.
[  165.883908][T12913] FAULT_INJECTION: forcing a failure.
[  165.883908][T12913] name failslab, interval 1, probability 0, space 0, times 0
[  165.896574][T12913] CPU: 0 UID: 0 PID: 12913 Comm: syz.1.2738 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  165.907405][T12913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  165.917617][T12913] Call Trace:
[  165.920883][T12913]  <TASK>
[  165.923854][T12913]  dump_stack_lvl+0xf2/0x150
[  165.928502][T12913]  dump_stack+0x15/0x20
[  165.932683][T12913]  should_fail_ex+0x229/0x230
[  165.937405][T12913]  ? security_prepare_creds+0x4c/0x100
[  165.942898][T12913]  should_failslab+0x8f/0xb0
[  165.947579][T12913]  __kmalloc_noprof+0xa5/0x370
[  165.952401][T12913]  security_prepare_creds+0x4c/0x100
[  165.957681][T12913]  prepare_creds+0x346/0x480
[  165.962277][T12913]  __sys_setgid+0x66/0x1b0
[  165.966696][T12913]  __x64_sys_setgid+0x1e/0x30
[  165.971372][T12913]  x64_sys_call+0x2c01/0x2d60
[  165.976200][T12913]  do_syscall_64+0xc9/0x1c0
[  165.980695][T12913]  ? clear_bhb_loop+0x55/0xb0
[  165.985358][T12913]  ? clear_bhb_loop+0x55/0xb0
[  165.990021][T12913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.995919][T12913] RIP: 0033:0x7fdab3ebcef9
[  166.000320][T12913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.020053][T12913] RSP: 002b:00007fdab2b37038 EFLAGS: 00000246 ORIG_RAX: 000000000000006a
[  166.028463][T12913] RAX: ffffffffffffffda RBX: 00007fdab4075f80 RCX: 00007fdab3ebcef9
[  166.036488][T12913] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  166.044444][T12913] RBP: 00007fdab2b37090 R08: 0000000000000000 R09: 0000000000000000
[  166.052405][T12913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.060363][T12913] R13: 0000000000000000 R14: 00007fdab4075f80 R15: 00007ffdde07d6f8
[  166.068421][T12913]  </TASK>
[  166.087265][   T29] kauditd_printk_skb: 344 callbacks suppressed
[  166.087279][   T29] audit: type=1400 audit(1725761436.399:14666): avc:  denied  { read } for  pid=12912 comm="syz.1.2738" name="event0" dev="devtmpfs" ino=218 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  166.117236][   T29] audit: type=1400 audit(1725761436.399:14667): avc:  denied  { open } for  pid=12912 comm="syz.1.2738" path="/dev/input/event0" dev="devtmpfs" ino=218 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  166.119339][T12923] ip6gretap0 speed is unknown, defaulting to 1000
[  166.342006][T12930] netlink: 'syz.2.2743': attribute type 4 has an invalid length.
[  166.369992][T12930] netlink: 'syz.2.2743': attribute type 4 has an invalid length.
[  166.434059][T12933] loop2: detected capacity change from 0 to 512
[  166.490862][T12933] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.504360][T12933] ext4 filesystem being mounted at /217/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  166.523750][T12937] ip6gretap0 speed is unknown, defaulting to 1000
[  166.544927][T12933] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.606839][T12940] loop4: detected capacity change from 0 to 512
[  166.618125][T12940] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.635713][T12940] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  166.655663][T12742] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.677185][   T29] audit: type=1326 audit(1725761436.989:14668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12945 comm="syz.2.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  166.762393][T12944] loop4: detected capacity change from 0 to 512
[  166.776280][   T29] audit: type=1326 audit(1725761437.009:14669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12945 comm="syz.2.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  166.800004][   T29] audit: type=1326 audit(1725761437.009:14670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12945 comm="syz.2.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  166.823626][   T29] audit: type=1326 audit(1725761437.009:14671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12945 comm="syz.2.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  166.847555][   T29] audit: type=1326 audit(1725761437.009:14672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12945 comm="syz.2.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  166.871258][   T29] audit: type=1326 audit(1725761437.009:14673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12945 comm="syz.2.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  166.894935][   T29] audit: type=1326 audit(1725761437.009:14674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12945 comm="syz.2.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  166.918571][   T29] audit: type=1326 audit(1725761437.009:14675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12945 comm="syz.2.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  166.960391][T12944] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.983350][T12944] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  167.035128][T12925] syz.0.2742 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  167.036614][T12962] netlink: 'syz.3.2753': attribute type 15 has an invalid length.
[  167.046148][T12925] CPU: 1 UID: 0 PID: 12925 Comm: syz.0.2742 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  167.064727][T12925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  167.074851][T12925] Call Trace:
[  167.078193][T12925]  <TASK>
[  167.081159][T12925]  dump_stack_lvl+0xf2/0x150
[  167.085810][T12925]  dump_stack+0x15/0x20
[  167.089970][T12925]  dump_header+0x83/0x2d0
[  167.094366][T12925]  oom_kill_process+0x341/0x4c0
[  167.099225][T12925]  out_of_memory+0x9af/0xbe0
[  167.103855][T12925]  ? __rcu_read_unlock+0x4e/0x70
[  167.108797][T12925]  mem_cgroup_out_of_memory+0x13e/0x190
[  167.114369][T12925]  try_charge_memcg+0x51b/0x810
[  167.119233][T12925]  mem_cgroup_swapin_charge_folio+0x107/0x1a0
[  167.125312][T12925]  __read_swap_cache_async+0x2b7/0x520
[  167.130910][T12925]  swap_cluster_readahead+0x276/0x3f0
[  167.136352][T12925]  swapin_readahead+0xe4/0x760
[  167.141126][T12925]  ? __filemap_get_folio+0x420/0x5b0
[  167.146484][T12925]  ? swap_cache_get_folio+0x77/0x210
[  167.150912][T12952] ip6gretap0 speed is unknown, defaulting to 1000
[  167.151774][T12925]  do_swap_page+0x3da/0x1ef0
[  167.162756][T12925]  ? hrtimer_start_range_ns+0x53d/0x580
[  167.168393][T12925]  ? hrtimer_try_to_cancel+0x106/0x1d0
[  167.173939][T12925]  ? __rcu_read_lock+0x36/0x50
[  167.178777][T12925]  ? pte_offset_map_nolock+0x124/0x1d0
[  167.184247][T12925]  handle_mm_fault+0x8cb/0x2a30
[  167.189107][T12925]  exc_page_fault+0x3b9/0x650
[  167.193870][T12925]  asm_exc_page_fault+0x26/0x30
[  167.198790][T12925] RIP: 0033:0x7fb44e8c09cc
[  167.203213][T12925] Code: 72 64 0f 1f 40 00 69 3d e6 4c e1 00 e8 03 00 00 48 8d 1d c7 55 2e 00 e8 92 c4 12 00 eb 0c 48 81 c3 d8 00 00 00 48 39 dd 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 d8 00 00
[  167.222867][T12925] RSP: 002b:00007ffef1182e60 EFLAGS: 00010202
[  167.228932][T12925] RAX: 0000000000000000 RBX: 00007fb44eba5f80 RCX: 0000000000000000
[  167.236901][T12925] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055558caa3808
[  167.244933][T12925] RBP: 00007fb44eba7a80 R08: 0000000000000000 R09: 7fffffffffffffff
[  167.252907][T12925] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000028cc2
[  167.260876][T12925] R13: 00007ffef1182f60 R14: 0000000000000032 R15: ffffffffffffffff
[  167.268982][T12925]  </TASK>
[  167.272477][T12925] memory: usage 307200kB, limit 307200kB, failcnt 7782
[  167.280335][T12925] memory+swap: usage 307604kB, limit 9007199254740988kB, failcnt 0
[  167.288399][T12925] kmem: usage 306788kB, limit 9007199254740988kB, failcnt 0
[  167.295694][T12925] Memory cgroup stats for /syz0:
[  167.300375][T12742] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.324752][T12952] chnl_net:caif_netlink_parms(): no params data found
[  167.351867][T12977] random: crng reseeded on system resumption
[  167.404461][T12972] ip6gretap0 speed is unknown, defaulting to 1000
[  167.415762][T12952] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.422927][T12952] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.431254][T12925] cache 409600
[  167.434725][T12925] rss 8192
[  167.437796][T12925] shmem 0
[  167.440721][T12925] mapped_file 409600
[  167.444652][T12925] dirty 409600
[  167.448081][T12925] writeback 0
[  167.451358][T12925] workingset_refault_anon 129
[  167.456093][T12925] workingset_refault_file 4234
[  167.460949][T12925] swap 413696
[  167.464219][T12925] swapcached 12288
[  167.467974][T12925] pgpgin 263752
[  167.471417][T12925] pgpgout 263649
[  167.474944][T12925] pgfault 267107
[  167.478611][T12925] pgmajfault 76
[  167.482139][T12925] inactive_anon 0
[  167.485762][T12925] active_anon 12288
[  167.489565][T12925] inactive_file 0
[  167.493183][T12925] active_file 409600
[  167.497074][T12925] unevictable 0
[  167.500546][T12925] hierarchical_memory_limit 314572800
[  167.505959][T12925] hierarchical_memsw_limit 9223372036854771712
[  167.512165][T12925] total_cache 409600
[  167.516244][T12925] total_rss 8192
[  167.519803][T12925] total_shmem 0
[  167.523339][T12925] total_mapped_file 409600
[  167.527753][T12925] total_dirty 409600
[  167.531827][T12925] total_writeback 0
[  167.535619][T12925] total_workingset_refault_anon 129
[  167.538318][T12952] bridge_slave_0: entered allmulticast mode
[  167.540806][T12925] total_workingset_refault_file 4234
[  167.551964][T12925] total_swap 413696
[  167.555761][T12925] total_swapcached 12288
[  167.556766][T12952] bridge_slave_0: entered promiscuous mode
[  167.560003][T12925] total_pgpgin 263752
[  167.560012][T12925] total_pgpgout 263649
[  167.568205][T12952] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.569764][T12925] total_pgfault 267107
[  167.573894][T12952] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.580839][T12925] total_pgmajfault 76
[  167.580847][T12925] total_inactive_anon 0
[  167.580854][T12925] total_active_anon 12288
[  167.587343][T12952] bridge_slave_1: entered allmulticast mode
[  167.591921][T12925] total_inactive_file 0
[  167.603190][T12983] loop2: detected capacity change from 0 to 1024
[  167.604354][T12925] total_active_file 409600
[  167.613520][T12952] bridge_slave_1: entered promiscuous mode
[  167.614363][T12925] total_unevictable 0
[  167.629040][T12983] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.630920][T12925] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2742,pid=12925,uid=0
[  167.662515][T12925] Memory cgroup out of memory: Killed process 12925 (syz.0.2742) total-vm:87068kB, anon-rss:568kB, file-rss:16168kB, shmem-rss:0kB, UID:0 pgtables:104kB oom_score_adj:1000
[  167.702746][T12952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  167.715037][T12952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  167.752220][T12952] team0: Port device team_slave_0 added
[  167.759249][T12952] team0: Port device team_slave_1 added
[  167.779842][T12952] batman_adv: batadv0: Adding interface: batadv_slave_0
[  167.786855][T12952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  167.812795][T12952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  167.826079][T12952] batman_adv: batadv0: Adding interface: batadv_slave_1
[  167.833325][T12952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  167.859736][T12952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  167.890148][ T9490] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.913137][T12952] hsr_slave_0: entered promiscuous mode
[  167.919402][T12952] hsr_slave_1: entered promiscuous mode
[  167.925341][T12952] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  167.932994][T12952] Cannot create hsr debugfs directory
[  167.951592][ T9490] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.999861][ T9490] team0: Port device netdevsim1 removed
[  168.007867][ T9490] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.062282][T13010] netlink: 'syz.3.2768': attribute type 15 has an invalid length.
[  168.080390][ T9490] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.121554][T13012] loop3: detected capacity change from 0 to 2048
[  168.136852][T13012] EXT4-fs: Ignoring removed orlov option
[  168.148525][ T9490] bridge_slave_1: left allmulticast mode
[  168.154238][ T9490] bridge_slave_1: left promiscuous mode
[  168.159943][ T9490] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.169387][ T9490] bridge_slave_0: left allmulticast mode
[  168.169433][T13012] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  168.175027][ T9490] bridge_slave_0: left promiscuous mode
[  168.175132][ T9490] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.190813][T13012] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.358828][ T9490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  168.368892][ T9490] bond0 (unregistering): (slave ªªªªª): Releasing backup interface
[  168.378366][ T9490] bond0 (unregistering): Released all slaves
[  168.388357][   T24] ip6gretap0 speed is unknown, defaulting to 1000
[  168.390734][T13012] bridge0: port 3(vlan2) entered blocking state
[  168.401176][T13012] bridge0: port 3(vlan2) entered disabled state
[  168.407628][T13012] vlan2: entered allmulticast mode
[  168.413155][T13012] vlan2: left allmulticast mode
[  168.439915][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.519403][ T9490] hsr_slave_0: left promiscuous mode
[  168.529618][T13036] loop2: detected capacity change from 0 to 512
[  168.536973][ T9490] hsr_slave_1: left promiscuous mode
[  168.557249][ T9490] veth1_macvtap: left promiscuous mode
[  168.562767][ T9490] veth0_macvtap: left promiscuous mode
[  168.568374][ T9490] veth1_vlan: left promiscuous mode
[  168.573580][ T9490] veth0_vlan: left promiscuous mode
[  168.579789][T13036] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.598147][T13036] ext4 filesystem being mounted at /224/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.600024][    C0] vcan0: j1939_tp_rxtimer: 0xffff888115340000: rx timeout, send abort
[  168.616861][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888115340000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  168.696023][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.794011][ T9490] team0 (unregistering): Port device team_slave_1 removed
[  168.812882][ T9490] team0 (unregistering): Port device team_slave_0 removed
[  168.864111][T13054] validate_nla: 4 callbacks suppressed
[  168.864125][T13054] netlink: 'syz.4.2782': attribute type 4 has an invalid length.
[  168.886099][T13056] netlink: 'syz.2.2784': attribute type 4 has an invalid length.
[  168.899448][T13057] netlink: 'syz.4.2782': attribute type 4 has an invalid length.
[  168.968914][T13068] loop2: detected capacity change from 0 to 1024
[  168.978223][T13068] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.008590][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.049550][T13074] netlink: 'syz.2.2791': attribute type 15 has an invalid length.
[  169.068968][T13076] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  169.134287][T13079] loop4: detected capacity change from 0 to 256
[  169.173924][T12952] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  169.204012][T12952] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  169.234463][T12952] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  169.282182][T12952] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  169.406390][T12952] 8021q: adding VLAN 0 to HW filter on device bond0
[  169.419262][T12952] 8021q: adding VLAN 0 to HW filter on device team0
[  169.425621][T13084] loop3: detected capacity change from 0 to 2048
[  169.437430][ T9506] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.444553][ T9506] bridge0: port 1(bridge_slave_0) entered forwarding state
[  169.456291][T13084] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.486638][ T9506] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.493755][ T9506] bridge0: port 2(bridge_slave_1) entered forwarding state
[  169.504714][T13084] EXT4-fs (loop3): shut down requested (0)
[  169.535019][T12689] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.540645][T12952] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  169.554505][T12952] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  169.612212][T12952] 8021q: adding VLAN 0 to HW filter on device batadv0
[  169.651581][T13094] loop3: detected capacity change from 0 to 1024
[  169.679676][T13094] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.758847][T12952] veth0_vlan: entered promiscuous mode
[  169.763892][T13108] EXT4-fs error (device loop3): ext4_find_dest_de:2067: inode #2: block 16: comm syz.3.2797: bad entry in directory: inode out of bounds - offset=0, inode=1538, rec_len=12, size=1024 fake=1
[  169.766914][T12952] veth1_vlan: entered promiscuous mode
[  169.796320][T12952] veth0_macvtap: entered promiscuous mode
[  169.803902][T12952] veth1_macvtap: entered promiscuous mode
[  169.822708][T12952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.833289][T12952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.843252][T12952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.854005][T12952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.863939][T12952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.874417][T12952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.888365][T12952] batman_adv: batadv0: Interface activated: batadv_slave_0
[  169.892682][T13114] loop2: detected capacity change from 0 to 1024
[  169.907389][T12952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.909786][T13108] EXT4-fs (loop3): Remounting filesystem read-only
[  169.917925][T12952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.917939][T12952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.917952][T12952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.917963][T12952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.935840][T13114] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.944759][T12952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.987324][T12952] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.987339][T12952] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.991430][T12952] batman_adv: batadv0: Interface activated: batadv_slave_1
[  170.026015][T12952] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  170.034778][T12952] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  170.043707][T12952] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  170.052691][T12952] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  170.080019][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.120168][T13125] loop2: detected capacity change from 0 to 512
[  170.122305][T13127] loop4: detected capacity change from 0 to 764
[  170.133636][T13127] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  170.151549][T13125] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.164345][T13125] ext4 filesystem being mounted at /238/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  170.172339][T13136] netlink: 'syz.1.2808': attribute type 15 has an invalid length.
[  170.187202][T13125] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.384694][T13140] loop4: detected capacity change from 0 to 256
[  170.809532][T13144] loop2: detected capacity change from 0 to 256
[  171.105870][T12689] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.139271][   T29] kauditd_printk_skb: 522 callbacks suppressed
[  171.139286][   T29] audit: type=1400 audit(1725761441.439:15198): avc:  denied  { create } for  pid=13146 comm="syz.0.2811" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  171.183377][   T29] audit: type=1400 audit(1725761441.489:15199): avc:  denied  { read } for  pid=13147 comm="syz.4.2813" dev="nsfs" ino=4026532414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  171.192394][T13151] bond1: entered promiscuous mode
[  171.204872][   T29] audit: type=1400 audit(1725761441.489:15200): avc:  denied  { open } for  pid=13147 comm="syz.4.2813" path="net:[4026532414]" dev="nsfs" ino=4026532414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  171.210029][T13151] bond1: entered allmulticast mode
[  171.213767][T13151] 8021q: adding VLAN 0 to HW filter on device bond1
[  171.247826][   T29] audit: type=1400 audit(1725761441.559:15201): avc:  denied  { ioctl } for  pid=13147 comm="syz.4.2813" path="socket:[36873]" dev="sockfs" ino=36873 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  171.288603][T13153] loop3: detected capacity change from 0 to 164
[  171.296611][   T29] audit: type=1400 audit(1725761441.599:15202): avc:  denied  { mount } for  pid=13150 comm="syz.3.2812" name="/" dev="loop3" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  171.342473][T13149] loop4: detected capacity change from 0 to 164
[  171.368593][T13149] process 'syz.4.2813' launched './file0' with NULL argv: empty string added
[  171.377755][T13149] syz.4.2813: attempt to access beyond end of device
[  171.377755][T13149] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  171.391622][   T29] audit: type=1400 audit(1725761441.689:15203): avc:  denied  { create } for  pid=13150 comm="syz.3.2812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  171.411395][   T29] audit: type=1400 audit(1725761441.689:15204): avc:  denied  { bind } for  pid=13150 comm="syz.3.2812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  171.437411][T13149] syz.4.2813: attempt to access beyond end of device
[  171.437411][T13149] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[  171.461788][   T29] audit: type=1400 audit(1725761441.759:15205): avc:  denied  { execute } for  pid=13159 comm="syz.2.2815" path="/dev/bsg/blkio.throttle.io_service_bytes_recursive" dev="devtmpfs" ino=504 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=file permissive=1
[  171.489561][   T29] audit: type=1400 audit(1725761441.769:15206): avc:  denied  { unmount } for  pid=12742 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  171.534714][   T29] audit: type=1326 audit(1725761441.839:15207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13167 comm="syz.2.2818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  171.588862][T13175] loop2: detected capacity change from 0 to 764
[  171.599087][T13175] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  171.622126][T13178] loop3: detected capacity change from 0 to 512
[  171.632542][T13184] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2825'.
[  171.655526][T13184] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2825'.
[  171.720051][T13194] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2830'.
[  171.731034][T13194] FAULT_INJECTION: forcing a failure.
[  171.731034][T13194] name failslab, interval 1, probability 0, space 0, times 0
[  171.743719][T13194] CPU: 1 UID: 0 PID: 13194 Comm: syz.2.2830 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  171.754499][T13194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  171.764560][T13194] Call Trace:
[  171.767818][T13194]  <TASK>
[  171.770874][T13194]  dump_stack_lvl+0xf2/0x150
[  171.775453][T13194]  dump_stack+0x15/0x20
[  171.779622][T13194]  should_fail_ex+0x229/0x230
[  171.784284][T13194]  ? __alloc_skb+0x10b/0x310
[  171.788956][T13194]  should_failslab+0x8f/0xb0
[  171.793553][T13194]  kmem_cache_alloc_node_noprof+0x51/0x2b0
[  171.799368][T13194]  __alloc_skb+0x10b/0x310
[  171.803913][T13194]  netlink_alloc_large_skb+0xad/0xe0
[  171.809242][T13194]  netlink_sendmsg+0x3b4/0x6e0
[  171.814015][T13194]  ? __pfx_netlink_sendmsg+0x10/0x10
[  171.819348][T13194]  __sock_sendmsg+0x140/0x180
[  171.824015][T13194]  ____sys_sendmsg+0x312/0x410
[  171.828763][T13194]  __sys_sendmsg+0x1e9/0x280
[  171.833405][T13194]  __x64_sys_sendmsg+0x46/0x50
[  171.838281][T13194]  x64_sys_call+0x2689/0x2d60
[  171.842946][T13194]  do_syscall_64+0xc9/0x1c0
[  171.847474][T13194]  ? clear_bhb_loop+0x55/0xb0
[  171.852145][T13194]  ? clear_bhb_loop+0x55/0xb0
[  171.856808][T13194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.862718][T13194] RIP: 0033:0x7f519052cef9
[  171.867124][T13194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.886805][T13194] RSP: 002b:00007f518f1a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  171.895240][T13194] RAX: ffffffffffffffda RBX: 00007f51906e5f80 RCX: 00007f519052cef9
[  171.903219][T13194] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[  171.911226][T13194] RBP: 00007f518f1a7090 R08: 0000000000000000 R09: 0000000000000000
[  171.919236][T13194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.927188][T13194] R13: 0000000000000000 R14: 00007f51906e5f80 R15: 00007ffc45738468
[  171.935277][T13194]  </TASK>
[  172.013354][T13206] netlink: 'syz.2.2836': attribute type 15 has an invalid length.
[  172.091554][T13212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2835'.
[  172.100668][T13212] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  172.108133][T13212] batman_adv: batadv0: Removing interface: batadv_slave_0
[  172.117041][T13212] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  172.124459][T13212] batman_adv: batadv0: Removing interface: batadv_slave_1
[  172.269643][T13221] loop2: detected capacity change from 0 to 164
[  172.396333][T13243] loop2: detected capacity change from 0 to 512
[  172.436958][T13251] loop2: detected capacity change from 0 to 1024
[  172.446068][T13251] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.485936][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.580224][T13268] netlink: 'syz.0.2859': attribute type 15 has an invalid length.
[  172.603589][T13270] loop2: detected capacity change from 0 to 2048
[  172.619045][T13270] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.634228][T13270] EXT4-fs (loop2): shut down requested (2)
[  172.647091][T13282] loop4: detected capacity change from 0 to 1024
[  172.655989][T13282] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.680910][T12742] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.969433][T13304] netlink: 'syz.3.2871': attribute type 15 has an invalid length.
[  173.062567][T13306] loop4: detected capacity change from 0 to 512
[  173.127674][T13306] EXT4-fs: Ignoring removed i_version option
[  173.133699][T13306] EXT4-fs: Ignoring removed nobh option
[  173.145106][T13312] syz.3.2875[13312] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.145225][T13312] syz.3.2875[13312] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.148092][T13306] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  173.177856][T13306] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (5000000)
[  173.380492][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.396264][T13340] loop4: detected capacity change from 0 to 1024
[  173.413748][T13342] loop2: detected capacity change from 0 to 512
[  173.423255][T13340] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.462203][T12742] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.478842][T13348] netlink: 'syz.1.2889': attribute type 4 has an invalid length.
[  173.480312][T13350] syz.4.2888[13350] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.487620][T13350] syz.4.2888[13350] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  173.501084][T13348] netlink: 'syz.1.2889': attribute type 4 has an invalid length.
[  173.687250][T13368] loop4: detected capacity change from 0 to 512
[  173.828140][T13390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2906'.
[  173.839807][T13390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2906'.
[  173.923577][T13394] loop4: detected capacity change from 0 to 764
[  173.930599][T13394] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  173.989941][T13399] validate_nla: 3 callbacks suppressed
[  173.989953][T13399] netlink: 'syz.4.2910': attribute type 15 has an invalid length.
[  174.079875][T13405] loop4: detected capacity change from 0 to 512
[  174.201292][T13413] loop4: detected capacity change from 0 to 512
[  174.260359][T13413] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.281911][T13418] loop3: detected capacity change from 0 to 512
[  174.290609][T13413] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.331459][T13418] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.346781][T13418] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.749705][T13438] netlink: 'syz.4.2924': attribute type 15 has an invalid length.
[  174.764118][T13440] loop3: detected capacity change from 0 to 512
[  174.800916][T13446] netlink: 'syz.4.2928': attribute type 4 has an invalid length.
[  174.820413][T13448] netlink: 'syz.2.2929': attribute type 15 has an invalid length.
[  174.833882][T13446] netlink: 'syz.4.2928': attribute type 4 has an invalid length.
[  174.851042][T13449] loop3: detected capacity change from 0 to 764
[  174.871077][T13449] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  174.975070][T13455] netlink: 'syz.3.2932': attribute type 4 has an invalid length.
[  174.998468][T13455] netlink: 'syz.3.2932': attribute type 4 has an invalid length.
[  175.076259][T13466] loop4: detected capacity change from 0 to 256
[  175.479624][T13475] loop2: detected capacity change from 0 to 256
[  175.707838][T13473] random: crng reseeded on system resumption
[  175.823420][T13481] netlink: 'syz.4.2942': attribute type 4 has an invalid length.
[  175.840382][T13481] netlink: 'syz.4.2942': attribute type 4 has an invalid length.
[  175.883093][T13487] bond1: entered promiscuous mode
[  175.888285][T13487] bond1: entered allmulticast mode
[  175.901886][T13487] 8021q: adding VLAN 0 to HW filter on device bond1
[  175.977186][T13487] loop4: detected capacity change from 0 to 164
[  176.118872][T13516] netlink: 'syz.0.2955': attribute type 15 has an invalid length.
[  176.150432][T13514] loop2: detected capacity change from 0 to 512
[  176.327937][   T29] kauditd_printk_skb: 781 callbacks suppressed
[  176.327948][   T29] audit: type=1400 audit(1725761446.639:15989): avc:  denied  { setattr } for  pid=13513 comm="syz.2.2958" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  176.941512][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881154fa400: rx timeout, send abort
[  176.951020][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8881154fa400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  176.975631][T13544] loop2: detected capacity change from 0 to 764
[  176.982960][T13544] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  177.084079][   T29] audit: type=1326 audit(1725761447.389:15990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13546 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  177.084109][   T29] audit: type=1326 audit(1725761447.389:15991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13546 comm="syz.3.2968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  177.092960][   T29] audit: type=1400 audit(1725761447.389:15992): avc:  denied  { write } for  pid=13554 comm="syz.0.2971" name="001" dev="devtmpfs" ino=147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  177.131277][T13552] team0: Port device netdevsim1 added
[  177.172765][T13553] team0: Port device netdevsim1 removed
[  177.181699][T13553] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[  177.186083][   T29] audit: type=1400 audit(1725761447.489:15993): avc:  denied  { bind } for  pid=13559 comm="syz.2.2972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  177.210181][   T29] audit: type=1400 audit(1725761447.489:15994): avc:  denied  { name_bind } for  pid=13559 comm="syz.2.2972" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  177.231176][   T29] audit: type=1400 audit(1725761447.489:15995): avc:  denied  { node_bind } for  pid=13559 comm="syz.2.2972" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[  177.261675][   T29] audit: type=1400 audit(1725761447.499:15996): avc:  denied  { listen } for  pid=13559 comm="syz.2.2972" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  177.282564][   T29] audit: type=1400 audit(1725761447.499:15997): avc:  denied  { connect } for  pid=13559 comm="syz.2.2972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  177.302424][   T29] audit: type=1400 audit(1725761447.499:15998): avc:  denied  { name_connect } for  pid=13559 comm="syz.2.2972" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  177.331974][T13566] loop2: detected capacity change from 0 to 512
[  177.348253][T13566] ext4 filesystem being mounted at /275/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.451920][T13578] random: crng reseeded on system resumption
[  177.582618][T13580] loop2: detected capacity change from 0 to 256
[  177.867396][T13582] FAULT_INJECTION: forcing a failure.
[  177.867396][T13582] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.880768][T13582] CPU: 1 UID: 0 PID: 13582 Comm: syz.3.2979 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  177.891612][T13582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  177.901758][T13582] Call Trace:
[  177.905106][T13582]  <TASK>
[  177.908032][T13582]  dump_stack_lvl+0xf2/0x150
[  177.912630][T13582]  dump_stack+0x15/0x20
[  177.916811][T13582]  should_fail_ex+0x229/0x230
[  177.921524][T13582]  should_fail+0xb/0x10
[  177.925679][T13582]  should_fail_usercopy+0x1a/0x20
[  177.930773][T13582]  _copy_from_iter+0xd3/0xb00
[  177.935508][T13582]  ? rep_movs_alternative+0x4a/0x70
[  177.940719][T13582]  ? _copy_from_iter+0x161/0xb00
[  177.945973][T13582]  copy_page_from_iter+0x14f/0x280
[  177.951085][T13582]  skb_copy_datagram_from_iter+0x203/0x440
[  177.956928][T13582]  tun_get_user+0xb90/0x24b0
[  177.961616][T13582]  ? avc_has_perm+0xd4/0x160
[  177.966257][T13582]  ? ref_tracker_alloc+0x1f5/0x2f0
[  177.971396][T13582]  ? selinux_file_permission+0x32c/0x360
[  177.977114][T13582]  tun_chr_write_iter+0x18e/0x240
[  177.982182][T13582]  vfs_write+0x78f/0x900
[  177.986412][T13582]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  177.991972][T13582]  ksys_write+0xeb/0x1b0
[  177.996194][T13582]  __x64_sys_write+0x42/0x50
[  178.000845][T13582]  x64_sys_call+0x27dd/0x2d60
[  178.005501][T13582]  do_syscall_64+0xc9/0x1c0
[  178.010009][T13582]  ? clear_bhb_loop+0x55/0xb0
[  178.014897][T13582]  ? clear_bhb_loop+0x55/0xb0
[  178.019549][T13582]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.025465][T13582] RIP: 0033:0x7ff75523cef9
[  178.029865][T13582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.049484][T13582] RSP: 002b:00007ff753eb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  178.057890][T13582] RAX: ffffffffffffffda RBX: 00007ff7553f5f80 RCX: 00007ff75523cef9
[  178.065908][T13582] RDX: 000000000000fdef RSI: 0000000020000540 RDI: 00000000000000c8
[  178.073968][T13582] RBP: 00007ff753eb7090 R08: 0000000000000000 R09: 0000000000000000
[  178.082014][T13582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  178.090009][T13582] R13: 0000000000000000 R14: 00007ff7553f5f80 R15: 00007ffdc1839ab8
[  178.097996][T13582]  </TASK>
[  178.197868][T13593] loop3: detected capacity change from 0 to 1024
[  178.425605][T13596] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16)
[  178.468432][T13600] loop2: detected capacity change from 0 to 1024
[  178.514850][T13612] loop2: detected capacity change from 0 to 764
[  178.522419][T13612] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  178.531582][T13614] loop3: detected capacity change from 0 to 2048
[  178.562067][T13618] loop4: detected capacity change from 0 to 512
[  178.588442][T13618] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  178.601541][T13614] Alternate GPT is invalid, using primary GPT.
[  178.607967][T13614]  loop3: p2 p3 p7
[  178.639029][T13614] ieee802154 phy0 wpan0: encryption failed: -22
[  178.700537][    C0] vcan0: j1939_tp_rxtimer: 0xffff888114cfae00: rx timeout, send abort
[  178.708861][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888114cfae00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  178.741462][T13628] loop2: detected capacity change from 0 to 1024
[  178.917668][T13645] loop2: detected capacity change from 0 to 764
[  178.924643][T13645] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  179.053108][T13649] loop2: detected capacity change from 0 to 512
[  179.085315][T13649] ext4 filesystem being mounted at /285/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.169278][T13653] validate_nla: 5 callbacks suppressed
[  179.169292][T13653] netlink: 'syz.2.3006': attribute type 4 has an invalid length.
[  179.183814][T13653] netlink: 'syz.2.3006': attribute type 4 has an invalid length.
[  179.280537][T13655] bond1: entered promiscuous mode
[  179.285779][T13655] bond1: entered allmulticast mode
[  179.292421][T13655] 8021q: adding VLAN 0 to HW filter on device bond1
[  179.409715][T13658] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3008'.
[  179.428681][T13658] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13658 comm=syz.2.3008
[  179.468258][T13658] netlink: 'syz.2.3008': attribute type 3 has an invalid length.
[  179.662471][T13660] random: crng reseeded on system resumption
[  179.847751][T13684] netlink: 'syz.4.3020': attribute type 15 has an invalid length.
[  179.873938][T13686] loop4: detected capacity change from 0 to 512
[  179.889033][T13686] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.891298][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881152b8600: rx timeout, send abort
[  180.899610][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881152b8600: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  181.218112][T13754] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3034'.
[  181.494206][   T29] kauditd_printk_skb: 379 callbacks suppressed
[  181.494275][   T29] audit: type=1326 audit(1725761451.799:16378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13769 comm="syz.0.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  181.524075][   T29] audit: type=1326 audit(1725761451.799:16379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13769 comm="syz.0.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  181.564906][   T29] audit: type=1326 audit(1725761451.799:16380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13769 comm="syz.0.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  181.588560][   T29] audit: type=1326 audit(1725761451.799:16381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13769 comm="syz.0.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  181.612373][   T29] audit: type=1326 audit(1725761451.799:16382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13769 comm="syz.0.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  181.635978][   T29] audit: type=1326 audit(1725761451.799:16383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13769 comm="syz.0.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  181.659519][   T29] audit: type=1326 audit(1725761451.799:16384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13769 comm="syz.0.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  181.683086][   T29] audit: type=1326 audit(1725761451.799:16385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13769 comm="syz.0.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  181.706737][   T29] audit: type=1326 audit(1725761451.799:16386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13769 comm="syz.0.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  181.730296][   T29] audit: type=1326 audit(1725761451.799:16387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13769 comm="syz.0.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb44e9ecef9 code=0x7ffc0000
[  181.875457][T13794] netlink: 140 bytes leftover after parsing attributes in process `syz.3.3052'.
[  181.910207][T13794] pim6reg: entered allmulticast mode
[  181.926542][T13794] pim6reg: left allmulticast mode
[  181.961221][T13801] loop2: detected capacity change from 0 to 2048
[  182.023433][T13801] EXT4-fs (loop2): shut down requested (0)
[  182.089678][T13812] loop2: detected capacity change from 0 to 512
[  182.096574][T13813] netlink: 'syz.4.3057': attribute type 4 has an invalid length.
[  182.117276][T13813] netlink: 'syz.4.3057': attribute type 4 has an invalid length.
[  182.128414][T13812] ext4 filesystem being mounted at /292/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.334207][T13826] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  182.337978][T13830] loop2: detected capacity change from 0 to 512
[  182.360901][T13826] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  182.381459][T13832] loop2: detected capacity change from 0 to 512
[  182.418435][T13832] ext4 filesystem being mounted at /299/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.468548][T13838] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3067'.
[  182.552227][T13840] loop3: detected capacity change from 0 to 2048
[  182.571036][T13844] loop2: detected capacity change from 0 to 512
[  182.574180][T13840] EXT4-fs (loop3): shut down requested (0)
[  182.590477][T13844] ext4 filesystem being mounted at /302/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  182.680449][T13859] FAULT_INJECTION: forcing a failure.
[  182.680449][T13859] name failslab, interval 1, probability 0, space 0, times 0
[  182.693176][T13859] CPU: 1 UID: 0 PID: 13859 Comm: syz.3.3075 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  182.703943][T13859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  182.713988][T13859] Call Trace:
[  182.717252][T13859]  <TASK>
[  182.720170][T13859]  dump_stack_lvl+0xf2/0x150
[  182.724765][T13859]  dump_stack+0x15/0x20
[  182.728947][T13859]  should_fail_ex+0x229/0x230
[  182.733618][T13859]  ? iter_file_splice_write+0x108/0x970
[  182.739197][T13859]  should_failslab+0x8f/0xb0
[  182.743860][T13859]  __kmalloc_noprof+0xa5/0x370
[  182.748623][T13859]  iter_file_splice_write+0x108/0x970
[  182.754093][T13859]  ? shmem_file_splice_read+0x57b/0x5c0
[  182.759686][T13859]  ? __pfx_iter_file_splice_write+0x10/0x10
[  182.765597][T13859]  direct_splice_actor+0x16c/0x2c0
[  182.770696][T13859]  splice_direct_to_actor+0x305/0x670
[  182.776073][T13859]  ? __pfx_direct_splice_actor+0x10/0x10
[  182.781697][T13859]  do_splice_direct+0xd7/0x150
[  182.786457][T13859]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  182.792829][T13859]  do_sendfile+0x3ab/0x950
[  182.797328][T13859]  __x64_sys_sendfile64+0x110/0x150
[  182.802595][T13859]  x64_sys_call+0xed5/0x2d60
[  182.807287][T13859]  do_syscall_64+0xc9/0x1c0
[  182.811781][T13859]  ? clear_bhb_loop+0x55/0xb0
[  182.816445][T13859]  ? clear_bhb_loop+0x55/0xb0
[  182.821145][T13859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.827037][T13859] RIP: 0033:0x7ff75523cef9
[  182.831444][T13859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.851242][T13859] RSP: 002b:00007ff753eb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  182.859650][T13859] RAX: ffffffffffffffda RBX: 00007ff7553f5f80 RCX: 00007ff75523cef9
[  182.867615][T13859] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[  182.875624][T13859] RBP: 00007ff753eb7090 R08: 0000000000000000 R09: 0000000000000000
[  182.883644][T13859] R10: 00008000fffffffe R11: 0000000000000246 R12: 0000000000000001
[  182.891619][T13859] R13: 0000000000000000 R14: 00007ff7553f5f80 R15: 00007ffdc1839ab8
[  182.899586][T13859]  </TASK>
[  182.961217][T13863] netlink: 'syz.3.3077': attribute type 15 has an invalid length.
[  182.987519][T13865] loop2: detected capacity change from 0 to 764
[  183.004348][T13865] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  183.050994][T13869] loop2: detected capacity change from 0 to 2048
[  183.062818][T13871] loop3: detected capacity change from 0 to 512
[  183.089936][T13871] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  183.143649][T13877] bond2: entered promiscuous mode
[  183.148733][T13877] bond2: entered allmulticast mode
[  183.162004][T13877] 8021q: adding VLAN 0 to HW filter on device bond2
[  183.257708][T13885] loop4: detected capacity change from 0 to 164
[  183.268460][T13877] loop2: detected capacity change from 0 to 164
[  183.360199][T13890] loop3: detected capacity change from 0 to 256
[  183.640927][T13905] loop4: detected capacity change from 0 to 512
[  183.658174][T13905] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  184.128835][T13916] loop3: detected capacity change from 0 to 512
[  184.166814][T13916] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  184.215729][T13926] loop3: detected capacity change from 0 to 512
[  184.305023][T13926] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  184.340573][T13933] loop3: detected capacity change from 0 to 512
[  184.409500][T13934] loop4: detected capacity change from 0 to 256
[  185.635093][T13986] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3122'.
[  185.658136][T13983] loop2: detected capacity change from 0 to 764
[  185.664960][T13983] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  185.772756][T13995] netlink: 'syz.3.3125': attribute type 15 has an invalid length.
[  185.807959][T14002] FAULT_INJECTION: forcing a failure.
[  185.807959][T14002] name failslab, interval 1, probability 0, space 0, times 0
[  185.820767][T14002] CPU: 0 UID: 0 PID: 14002 Comm: syz.3.3129 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  185.831555][T14002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  185.840832][T14007] loop2: detected capacity change from 0 to 2048
[  185.841638][T14002] Call Trace:
[  185.841647][T14002]  <TASK>
[  185.841655][T14002]  dump_stack_lvl+0xf2/0x150
[  185.858733][T14002]  dump_stack+0x15/0x20
[  185.862895][T14002]  should_fail_ex+0x229/0x230
[  185.867569][T14002]  ? legacy_init_fs_context+0x31/0x70
[  185.872936][T14002]  should_failslab+0x8f/0xb0
[  185.877533][T14002]  __kmalloc_cache_noprof+0x4b/0x2a0
[  185.882897][T14002]  ? alloc_fs_context+0x44/0x4e0
[  185.887834][T14002]  legacy_init_fs_context+0x31/0x70
[  185.893126][T14002]  alloc_fs_context+0x3fb/0x4e0
[  185.898010][T14002]  fs_context_for_mount+0x21/0x30
[  185.903026][T14002]  do_new_mount+0xf3/0x690
[  185.907440][T14002]  path_mount+0x49b/0xb30
[  185.911760][T14002]  __se_sys_mount+0x27c/0x2d0
[  185.916475][T14002]  __x64_sys_mount+0x67/0x80
[  185.921080][T14002]  x64_sys_call+0x203e/0x2d60
[  185.925748][T14002]  do_syscall_64+0xc9/0x1c0
[  185.930319][T14002]  ? clear_bhb_loop+0x55/0xb0
[  185.935072][T14002]  ? clear_bhb_loop+0x55/0xb0
[  185.939737][T14002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.945624][T14002] RIP: 0033:0x7ff75523cef9
[  185.950075][T14002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.969670][T14002] RSP: 002b:00007ff753eb7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  185.978073][T14002] RAX: ffffffffffffffda RBX: 00007ff7553f5f80 RCX: 00007ff75523cef9
[  185.986031][T14002] RDX: 0000000020000180 RSI: 0000000020000000 RDI: 0000000000000000
[  185.993995][T14002] RBP: 00007ff753eb7090 R08: 0000000020000440 R09: 0000000000000000
[  186.001993][T14002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.009965][T14002] R13: 0000000000000000 R14: 00007ff7553f5f80 R15: 00007ffdc1839ab8
[  186.018025][T14002]  </TASK>
[  186.042157][T14011] loop3: detected capacity change from 0 to 164
[  186.053211][T14013] loop2: detected capacity change from 0 to 512
[  186.067641][T14015] loop3: detected capacity change from 0 to 512
[  186.078427][T14015] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  186.078450][T14013] ext4 filesystem being mounted at /323/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  186.162675][T14025] netlink: 'syz.1.3138': attribute type 15 has an invalid length.
[  186.255155][T14043] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  186.267158][T14046] loop3: detected capacity change from 0 to 164
[  186.391952][T14053] usb usb7: usbfs: process 14053 (syz.3.3148) did not claim interface 0 before use
[  186.464278][T14060] netlink: 'syz.3.3151': attribute type 15 has an invalid length.
[  186.529169][   T29] kauditd_printk_skb: 281 callbacks suppressed
[  186.529221][   T29] audit: type=1326 audit(1725761456.839:16669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14065 comm="syz.3.3154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  186.592333][   T29] audit: type=1326 audit(1725761456.869:16670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14065 comm="syz.3.3154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  186.615947][   T29] audit: type=1326 audit(1725761456.869:16671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14065 comm="syz.3.3154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  186.639593][   T29] audit: type=1326 audit(1725761456.869:16672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14065 comm="syz.3.3154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  186.663260][   T29] audit: type=1326 audit(1725761456.869:16673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14065 comm="syz.3.3154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  186.686872][   T29] audit: type=1326 audit(1725761456.869:16674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14065 comm="syz.3.3154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  186.710435][   T29] audit: type=1326 audit(1725761456.869:16675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14065 comm="syz.3.3154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  186.734013][   T29] audit: type=1326 audit(1725761456.869:16676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14065 comm="syz.3.3154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  186.757572][   T29] audit: type=1326 audit(1725761456.869:16677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14065 comm="syz.3.3154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  186.781203][   T29] audit: type=1326 audit(1725761456.869:16678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14065 comm="syz.3.3154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff75523cef9 code=0x7ffc0000
[  186.873154][T14077] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3159'.
[  186.896925][T14077] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3159'.
[  186.944112][T14086] netlink: 'syz.1.3163': attribute type 15 has an invalid length.
[  187.168615][T14093] 9pnet_fd: Insufficient options for proto=fd
[  187.291435][T14098] random: crng reseeded on system resumption
[  187.381056][T14102] loop2: detected capacity change from 0 to 512
[  187.444036][T14104] loop2: detected capacity change from 0 to 512
[  187.460179][T14104] EXT4-fs mount: 44 callbacks suppressed
[  187.460255][T14104] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.478663][T14104] ext4 filesystem being mounted at /330/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.494980][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.517476][T14108] bond3: entered promiscuous mode
[  187.522521][T14108] bond3: entered allmulticast mode
[  187.527988][T14108] 8021q: adding VLAN 0 to HW filter on device bond3
[  187.538897][T14108] loop2: detected capacity change from 0 to 164
[  187.635715][T14116] bond4: entered promiscuous mode
[  187.640879][T14116] bond4: entered allmulticast mode
[  187.646268][T14116] 8021q: adding VLAN 0 to HW filter on device bond4
[  187.661074][T14116] loop2: detected capacity change from 0 to 164
[  187.694348][T14121] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  187.706690][T14121] 9pnet_fd: p9_fd_create_tcp (14121): problem connecting socket to 127.0.0.1
[  187.891596][T14133] loop3: detected capacity change from 0 to 512
[  187.911685][T14133] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.935171][T14133] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.967777][T12689] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.190803][T14195] usb usb7: usbfs: process 14195 (syz.1.3206) did not claim interface 0 before use
[  188.252230][T14203] loop2: detected capacity change from 0 to 512
[  188.284987][T14209] loop2: detected capacity change from 0 to 256
[  188.535684][    C0] vcan0: j1939_tp_rxtimer: 0xffff88810436fe00: rx timeout, send abort
[  188.543956][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88810436fe00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  188.614758][T14215] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3213'.
[  188.712030][T14221] netlink: 'syz.4.3217': attribute type 15 has an invalid length.
[  188.801371][T14225] loop4: detected capacity change from 0 to 764
[  188.809038][T14225] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  188.850395][T14227] usb usb7: usbfs: process 14227 (syz.4.3220) did not claim interface 0 before use
[  188.892732][T14229] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3221'.
[  188.903691][T14229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3221'.
[  188.905753][T14231] loop3: detected capacity change from 0 to 512
[  188.927792][T14231] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.941197][T14231] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  188.959487][T12689] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.060932][T14243] usb usb8: usbfs: process 14243 (syz.4.3227) did not claim interface 0 before use
[  189.334051][T14264] loop2: detected capacity change from 0 to 512
[  189.349863][T14264] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.363392][T14264] ext4 filesystem being mounted at /357/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  189.384366][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.458019][T14273] loop2: detected capacity change from 0 to 764
[  189.464959][T14273] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  189.490827][T14276] bond5: entered promiscuous mode
[  189.495873][T14276] bond5: entered allmulticast mode
[  189.501152][T14276] 8021q: adding VLAN 0 to HW filter on device bond5
[  189.512302][T14276] loop2: detected capacity change from 0 to 164
[  189.535022][T14280] loop2: detected capacity change from 0 to 512
[  189.548135][T14280] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.566550][T14280] ext4 filesystem being mounted at /362/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  189.578620][T14280] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.687781][T14296] loop2: detected capacity change from 0 to 512
[  189.707823][T14296] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.720516][T14296] ext4 filesystem being mounted at /366/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  189.737653][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.766702][T14302] loop2: detected capacity change from 0 to 1024
[  189.778140][T14302] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.823209][T14306] loop3: detected capacity change from 0 to 764
[  189.829704][T14306] iso9660: Unknown parameter 'ÿÿ@/tPnÃíä'
[  189.901120][T14315] loop3: detected capacity change from 0 to 512
[  189.917770][T14315] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.930327][T14315] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  189.953940][T12689] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.202820][T14345] usb usb7: usbfs: process 14345 (syz.3.3263) did not claim interface 0 before use
[  190.232744][T14347] loop3: detected capacity change from 0 to 2048
[  190.247472][T14347] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.263034][T14347] EXT4-fs (loop3): shut down requested (0)
[  190.283040][T12689] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.304662][T14351] loop3: detected capacity change from 0 to 512
[  190.318494][T14351] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.331131][T14351] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  190.363118][T12689] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.521471][T14360] ieee802154 phy0 wpan0: encryption failed: -90
[  190.607782][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.798502][T14368] loop4: detected capacity change from 0 to 256
[  190.812739][T14368] 9pnet_fd: Insufficient options for proto=fd
[  190.870945][T14370] netlink: 'syz.1.3272': attribute type 15 has an invalid length.
[  190.991601][T14376] usb usb7: usbfs: process 14376 (syz.1.3274) did not claim interface 0 before use
[  191.225912][T14394] loop3: detected capacity change from 0 to 164
[  191.247601][T14398] netlink: 'syz.3.3284': attribute type 15 has an invalid length.
[  191.248122][T14396] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3283'.
[  191.513346][T14420] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3292'.
[  191.536557][   T29] kauditd_printk_skb: 422 callbacks suppressed
[  191.536568][   T29] audit: type=1326 audit(1725761461.839:17101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14421 comm="syz.2.3293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  191.569443][   T29] audit: type=1326 audit(1725761461.879:17102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14421 comm="syz.2.3293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  191.593377][   T29] audit: type=1326 audit(1725761461.879:17103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14421 comm="syz.2.3293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  191.617102][   T29] audit: type=1326 audit(1725761461.879:17104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14421 comm="syz.2.3293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  191.641105][   T29] audit: type=1326 audit(1725761461.879:17105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14421 comm="syz.2.3293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  191.664734][   T29] audit: type=1326 audit(1725761461.879:17106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14421 comm="syz.2.3293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  192.031481][   T29] audit: type=1400 audit(1725761462.339:17107): avc:  denied  { mounton } for  pid=14426 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  192.139987][T14426] chnl_net:caif_netlink_parms(): no params data found
[  192.171388][T14442] netlink: 'syz.1.3296': attribute type 15 has an invalid length.
[  192.184480][T14426] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.191741][T14426] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.199616][T14426] bridge_slave_0: entered allmulticast mode
[  192.206153][T14426] bridge_slave_0: entered promiscuous mode
[  192.215597][T14426] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.222804][T14426] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.230153][T14426] bridge_slave_1: entered allmulticast mode
[  192.237186][T14426] bridge_slave_1: entered promiscuous mode
[  192.259344][ T9506] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.284076][T14426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  192.297578][T14426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  192.310455][ T9506] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.332555][   T29] audit: type=1326 audit(1725761462.639:17108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14457 comm="syz.3.3301" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff75523cef9 code=0x0
[  192.359041][T14426] team0: Port device team_slave_0 added
[  192.365699][T14426] team0: Port device team_slave_1 added
[  192.384178][   T29] audit: type=1400 audit(1725761462.689:17109): avc:  denied  { unlink } for  pid=12742 comm="syz-executor" name="file0" dev="tmpfs" ino=603 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  192.388157][T14466] loop2: detected capacity change from 0 to 512
[  192.414506][ T9506] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.485974][T14471] netlink: 'syz.2.3307': attribute type 15 has an invalid length.
[  192.496703][T14426] batman_adv: batadv0: Adding interface: batadv_slave_0
[  192.503656][T14426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.529608][T14426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  192.546413][T14474] loop2: detected capacity change from 0 to 512
[  192.547562][ T9506] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.564306][T14426] batman_adv: batadv0: Adding interface: batadv_slave_1
[  192.571329][T14426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.572803][T14474] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.597270][T14426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  192.611041][T14474] ext4 filesystem being mounted at /375/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  192.650331][T14426] hsr_slave_0: entered promiscuous mode
[  192.671962][T14426] hsr_slave_1: entered promiscuous mode
[  192.690537][ T8582] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.743208][ T9506] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.774650][ T9506] bridge_slave_0: left allmulticast mode
[  192.780357][ T9506] bridge_slave_0: left promiscuous mode
[  192.785979][ T9506] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.921373][ T9506] @ (unregistering): (slave bond_slave_0): Releasing backup interface
[  192.934082][ T9506] @ (unregistering): (slave ªªªªª): Releasing backup interface
[  192.943926][ T9506] @ (unregistering): Released all slaves
[  192.952339][T14483] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3309'.
[  192.973628][T14483] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3309'.
[  192.990803][ T9506] tipc: Disabling bearer <udp:s>
[  192.995873][ T9506] tipc: Left network mode
[  193.014887][   T29] audit: type=1326 audit(1725761463.319:17110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14486 comm="syz.2.3311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519052cef9 code=0x7ffc0000
[  193.075995][T14490] ==================================================================
[  193.084080][T14490] BUG: KCSAN: data-race in mas_wr_modify / mtree_range_walk
[  193.091356][T14490] 
[  193.093660][T14490] write to 0xffff8881032ba110 of 8 bytes by task 14488 on cpu 0:
[  193.101355][T14490]  mas_wr_modify+0x155c/0x3c90
[  193.106099][T14490]  mas_wr_store_entry+0x250/0x390
[  193.111111][T14490]  mas_store_prealloc+0x151/0x2b0
[  193.116125][T14490]  vma_expand+0x57f/0x660
[  193.120436][T14490]  mmap_region+0x80c/0x1620
[  193.124932][T14490]  do_mmap+0x72a/0xb70
[  193.128983][T14490]  vm_mmap_pgoff+0x133/0x290
[  193.133565][T14490]  ksys_mmap_pgoff+0xd0/0x340
[  193.138240][T14490]  x64_sys_call+0x1884/0x2d60
[  193.142918][T14490]  do_syscall_64+0xc9/0x1c0
[  193.147407][T14490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.153295][T14490] 
[  193.155596][T14490] read to 0xffff8881032ba110 of 8 bytes by task 14490 on cpu 1:
[  193.163203][T14490]  mtree_range_walk+0x1b4/0x460
[  193.168039][T14490]  mas_walk+0x16e/0x320
[  193.172181][T14490]  lock_vma_under_rcu+0x84/0x260
[  193.177114][T14490]  exc_page_fault+0x150/0x650
[  193.181796][T14490]  asm_exc_page_fault+0x26/0x30
[  193.186636][T14490] 
[  193.188946][T14490] value changed: 0x00007f518f165fff -> 0x00007f518f144fff
[  193.196026][T14490] 
[  193.198325][T14490] Reported by Kernel Concurrency Sanitizer on:
[  193.204450][T14490] CPU: 1 UID: 0 PID: 14490 Comm: syz.2.3312 Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a #0
[  193.215186][T14490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  193.225228][T14490] ==================================================================
[  193.299156][ T9506] hsr_slave_0: left promiscuous mode
[  193.304782][ T9506] hsr_slave_1: left promiscuous mode
[  193.310911][ T9506] batman_adv: batadv0: Removing interface: batadv_slave_0
[  193.319151][ T9506] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  193.326639][ T9506] batman_adv: batadv0: Removing interface: batadv_slave_1
[  193.335342][ T9506] veth1_macvtap: left promiscuous mode
[  193.340970][ T9506] veth0_macvtap: left promiscuous mode
[  193.346506][ T9506] veth1_vlan: left promiscuous mode
[  193.351760][ T9506] veth0_vlan: left promiscuous mode
[  193.422518][ T9506] team0 (unregistering): Port device team_slave_1 removed
[  193.432811][ T9506] team0 (unregistering): Port device team_slave_0 removed
[  193.648755][T14426] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  193.657058][T14426] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  193.665161][T14426] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  193.673787][T14426] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  193.706278][T14426] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.718257][T14426] 8021q: adding VLAN 0 to HW filter on device team0
[  193.727292][ T9512] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.734494][ T9512] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.753950][ T3373] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.761105][ T3373] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.777973][T14426] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  193.825129][T14426] 8021q: adding VLAN 0 to HW filter on device batadv0
[  193.894792][T14426] veth0_vlan: entered promiscuous mode
[  193.903335][T14426] veth1_vlan: entered promiscuous mode
[  193.917782][T14426] veth0_macvtap: entered promiscuous mode
[  193.924766][T14426] veth1_macvtap: entered promiscuous mode
[  193.934229][T14426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.944695][T14426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.954599][T14426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.966455][T14426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.976257][T14426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  193.986845][T14426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.998119][T14426] batman_adv: batadv0: Interface activated: batadv_slave_0
[  194.009674][T14426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.020270][T14426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.030161][T14426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.040756][T14426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.050659][T14426] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  194.061103][T14426] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  194.071994][T14426] batman_adv: batadv0: Interface activated: batadv_slave_1
[  194.081815][T14426] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  194.090682][T14426] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  194.099428][T14426] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  194.108213][T14426] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0