last executing test programs:

16.075192679s ago: executing program 3 (id=297):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32=0x0], 0x48)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000140), &(0x7f0000000280)=0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0xfffffffffffff001}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18070000000000010000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

16.009034151s ago: executing program 3 (id=298):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mknod$loop(0x0, 0x0, 0x1)
unlink(0x0)
socket$rds(0x15, 0x5, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x37)
socket$kcm(0x2, 0x200000000000001, 0x106)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0x40, 0x5d, 0x2, 0x8}, {0x6, 0x0, 0x6, 0x1}]}, 0x10)
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000140)="24000000010006", 0x7)

15.833815903s ago: executing program 3 (id=302):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = gettid()
sendmsg$unix(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000007c0)='>', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r4, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r3, @ANYRES32=r2, @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r2, @ANYBLOB="e5ffff6e18"], 0xa0}, 0x4004881)
r5 = creat(&(0x7f0000000040)='./file0\x00', 0x50)
ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000180)={'team_slave_0\x00', @random="eb5c89a535fe"})
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2008052, &(0x7f00000005c0)={[{@noauto_da_alloc}, {@errors_remount}, {@bsdgroups}]}, 0x3, 0x4cf, &(0x7f0000000740)="$eJzs3E9sFNUfAPDvbFta/v3oDxEFUYtobCS2UFA4mBiMJh40MeJBj01bCFKooSURgmZJDB4NiXfj0asHr+qFGE8mXvFoYkiI4QKYGNfM7szudpltabvt2vTzSZZ5b/699+bNm33zXpcANqyh9J+kFr4ZETsiotS6w1Btce/OlYn7d65MRLlSOflnUj3sbhrPZKeJrVlkuBRR+ixpbGgye+ny2fHp6akLWXx07txHo7OXLr945tz46anTU+fHjh8/euTwsZfHXlp6oQrSS8t1d++nM/v2vPnB9bcnevP1A9myuRydMhRDRVmpeq7TiXXZ9qZw0tvFjLAk6f2fVldftf3viJ5QebBRVCqVSn/7zeVKq6sPrAHWrSS6nQOgO/Iv+vT9N/8UdQQ2rU73o+tun6i9AKXlvpd9Ip6urszHQfpa3m87aSgi3i//9VX6iVUahwAAaPbDibwn2NL/G6zNjPx98car6fJ/2RzKYET8PyJ2RsQjEbErIh6NiN0R8VhEPN5y/p6IqCyQ/lBLvJ5+fRKqdKtDRS2U9v9eyea2Gv2/eRkY7Mli2yPyDvPUoeyaDEdf/6kz01OHF0jjx9d//aLdtub+X/pJ08/7glk+bvW2DNBNjs+NL7vALW5fjdjb21r+pDciqc8EJBGxJyL2LuG8g03hMy98s68e6Zu/3+Llr6oUzqN1YKqi8nXE87X6L8e8+m+kmCw8Pzk6ENNTh0bTu+BQYRo//3LtnXbpL1r+735vPeSNY9+fzFrWyqX1v6Xp/o98/rZR/sEkIqnP184uPY1rv33e9p1muff/puS9ajh/L/14fG7uwuGITclbD64faxybx9NllGvlHz5Q3P53ZsekV+KJiEhv4icj4qmovSGmed8fEc9ExIEFyv/Ta89+uPzyr660/JOFz7959d+Yr28XSMq1vQs29Zzdf/N+m4fHw9X/0WpoOFtT/PxL5j0i2uU0/7ZL1/yz0osHAAAA60QpIrY1jSVti1JpZKQ2BrQrtpSmZ2bnDp6auXh+Mt0WMRh9pXykqzYe3Jfk45+DTfGxlviRbNz4y57N1fjIxMz0ZFdLDmyttvmkNFJ/FtTaf+qPzgwxA/9lfvIDG9dC7T/txO++voaZAdbUw3//3/hkVTMCrLmm9l9us0t5GX/3BawD3v+BhnbdgAbPDFj/KtoybGhLav8HF+8bAOtHb7xbD5e6mhNgren/w4a06O/6VxSo9BdvGogHd46BhU/YE8vLxuaCtLoSSHtWXUl983KOyv83hbb7RGlpJ+yPztTpqRVejfKF2dO7O37zV7K/le90DX67Ju20KNCVxxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDH/RsAAP//sp/iug==")
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x160)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})

15.370622181s ago: executing program 3 (id=307):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x20081e, &(0x7f0000000000), 0x1, 0x503, &(0x7f0000000140)="$eJzs3c9vG1kdAPDvOL+cbHaTXfYACNiyLBRU1Unc3Wi1B1hOCKGVEHsEqRsSN4pix1HsLJvQQ/o/IFGJExz5Azj3xJ0LghuXckDiRwRqKnHwasaT1E3tJm0SO4o/H2k08+Y5830v7rxnf934BTC0rkXEXkSMR8QnETGTn0/yLT5sb+njHu3fXT7Yv7ucRKv18b+TrD49Fx0/k3olv2YxIn7yg4ifJ8/Gbezsri9Vq5WtdnFyrlnbnGvs7N5cqy2tVlYrG+Xy4sLi/Pu33iufW1/fqo3nR199+Ke97/wybdZ0fqazH+ep3fWxozip0Yj40UUEG4CRvD/jg24IL6UQEW9ExNvZ/T8TI9mzCQBcZa3WTLRmOssAwFVXyHJgSaGU5wKmo1Aoldo5vDdjqlCtN5o37tS3N1baubLZGCvcWatW5vNc4WyMJWl5ITt+Ui4fK9+KiNcj4lcTk1m5tFyvrgzyhQ8ADLFXjs3//5toz/8AwBVXHHQDAIC+M/8DwPAx/wPA8DH/A8DwMf8DwPAx/wPA8DH/A8BQ+fFHH6Vb6yD//uuVT3e21+uf3lypNNZLte3l0nJ9a7O0Wq+vZt/ZUzvpetV6fXPh3dj+bPa7m43mXGNn93atvr3RvJ19r/ftylhfegUAPM/rbz34axIRex9MZlt0rOVgroarrTDoBgADMzLoBgADc7TalwXcYOic4T2+9ABcEV2W6H1KMSImj59stVqti2sScMGuf0n+H4ZVR/7f/wKGISP/D8NrdNANAAam1UpOu+Z/nPaBAMDlJscP9Pj8/418//v8w4GfrRx/xP2LbBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcbofr/5bytcCno1AolSJejYjZGEvurFUr8xHxWkT8ZWJsIi0vDLjNAMBZFf6R5Ot/XZ95Z/p47XjyeCLbR8QvfvPxrz9baja3/pye/89Ekp9v3s/PlwfSAQDgBIfzdLbveCP/aP/u8uHWz/b88/sRUWzHP9gfj4Oj+KMxmu2LMRYRU/9N8nJb0pG7OIu9exHxxW79T2I6y4G0Vz49Hj+N/Wpf4xeeil/I6tr79HfxhXNoCwybB+n482G3+68Q17J99/u/mI1QZ5ePf+mllg+yMfBJ/MPxb6TH+HfttDHe/eMP20eTz9bdi/jyaMRh7IOO8ecwftIj/junjP+3r3zt7V51rd9GXI/u8TtjzTVrm3ONnd2ba7Wl1cpqZaNcXlxYnH//1nvluSxHPdd7NvjXBzde61WX9n+qR/ziCf3/5in7/7v/f/LTrz8n/re/0S1+Id58Tvx0TvzWKeMvTf2h2Ksujb/So/8nPf83Thn/4d93n1k2HAAYnMbO7vpStVrZ6ufB4QuJvgZ18CIHI3G+F4yIvXO4Tvqv5lL8frocfK9fscbjhX6q1XqpWL1GjPPIugGXwdFNHxGPB90YAAAAAAAAAAAAAACgq378xdKg+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDV9XkAAAD///ogzOo=")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYRESDEC=r1], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="a1ab000000000000000032"], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x4800000, 0x8005, 0x0, 0x0, 0x20009, 0x18, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d10a00966d61fdcf335263bd9bffbcc2542ded71038259ca0400e1a311efec32d71e14ef3dc177b5b48b00", "f2fdffffffffffffff810000000000d300e6d602000000000000000000000001", [0xca4e]})

15.061103136s ago: executing program 3 (id=313):
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
socket$inet6(0xa, 0x3, 0x8000000003c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

14.652740132s ago: executing program 3 (id=319):
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0x8042)
r0 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\x01\x04\x00\x00\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r0, &(0x7f00000000c0)=[{&(0x7f00000004c0)="5904773fc40dcf0634617815ec82172ff9288255d2f1ecc82428ade60f53b36a3da89b67af8c7f305cd56efb8e2e1b76e440cb4c1b6c64685762629abafd3ae3f3ec052e21c9e4f3116f8daa5c1b9254ae263a7dfc697dd17d3ccc2a21cb8981afb206e440efd1e9e3c2ac830fcceb61c7c90bff71f327ddad637ec68addd884cbedb6", 0x83}], 0x1, 0x9, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad433ec50000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r1}, 0x10)
socket(0x10, 0x3, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x3000c001)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x4}}}]}]}], {0x14}}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
close(r2)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
read(r5, &(0x7f00000019c0)=""/4097, 0x1001) (fail_nth: 7)

14.628498713s ago: executing program 32 (id=319):
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0x8042)
r0 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\x01\x04\x00\x00\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
pwritev(r0, &(0x7f00000000c0)=[{&(0x7f00000004c0)="5904773fc40dcf0634617815ec82172ff9288255d2f1ecc82428ade60f53b36a3da89b67af8c7f305cd56efb8e2e1b76e440cb4c1b6c64685762629abafd3ae3f3ec052e21c9e4f3116f8daa5c1b9254ae263a7dfc697dd17d3ccc2a21cb8981afb206e440efd1e9e3c2ac830fcceb61c7c90bff71f327ddad637ec68addd884cbedb6", 0x83}], 0x1, 0x9, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad433ec50000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r1}, 0x10)
socket(0x10, 0x3, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x3000c001)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x4}}}]}]}], {0x14}}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
close(r2)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
read(r5, &(0x7f00000019c0)=""/4097, 0x1001) (fail_nth: 7)

2.43787341s ago: executing program 5 (id=459):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async, rerun: 32)
r0 = socket$inet(0x2, 0x2, 0x0) (rerun: 32)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 32)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010700000000fcdbdf256700000008000300", @ANYRES32=0x0, @ANYBLOB="0800c3"], 0x2c}, 0x1, 0x0, 0x0, 0x24000891}, 0x40000c0) (async)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x2c) (async)
bind$rxrpc(0xffffffffffffffff, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}, 0x24) (async, rerun: 64)
setsockopt$inet_tcp_int(r0, 0x6, 0x7, &(0x7f0000000340)=0x8, 0x4) (async, rerun: 64)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x8}, 0x18) (async)
r4 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
fallocate(r4, 0x3, 0x9, 0x10000) (async)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") (async)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
request_key(&(0x7f0000000540)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)=',$:@^@,\x00', 0x0) (async)
r5 = socket$netlink(0x10, 0x3, 0x0) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x26, &(0x7f0000000000)={0x1})
fcntl$lock(r6, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x200000007})
fcntl$lock(r6, 0x25, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x80000000}) (async, rerun: 32)
fcntl$getown(r6, 0x9) (async, rerun: 32)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x10, &(0x7f00000000c0)={<r8=>0xffffffffffffffff}, 0x13f}}, 0x20)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
write$RDMA_USER_CM_CMD_LISTEN(r7, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r8, 0x4}}, 0x10) (async, rerun: 32)
write$RDMA_USER_CM_CMD_DESTROY_ID(r7, &(0x7f00000003c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000140), r8}}, 0x18) (async, rerun: 32)
bind$unix(r6, &(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e) (async)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

2.43718533s ago: executing program 5 (id=460):
syz_read_part_table(0x618, &(0x7f0000002200)="$eJzs3D+IFGcUAPC3dzc7dwqehUWwiWctBMXSK6LsbQwGZE0IHBb5iwhXXeBgQxY3eEVyheIWYplGApviXKvoFVY5FFIHsTAIW9gETBNiipsws3O3GzgOEjaE4O9XfN/bnTfvzQfTvgn+1yYiKaMsLbY3PtozP5sdxu14r1tbOJtlWfZuRCUuRhJzyYFeRExF9G6NVI2jEbF/pM7tb/ZtfP3rW0n3yYVktH470jiY51YjL1ma2e1R0r99WMZufX5z9urqcv1a/qPe6m+9H3HnRa1x79xapzeZnPkk//9KxMMyf6pYZya27/9wKv5yZQ9fDsPKaP/tl+Py43qrf6v77PjW4frk95dOvTyycf3BiYiVvPL5KF72oeo/P/Oo9fnNrFT0X5m7sdhpnT5299DNk837jxrPJ38vLw9aToynLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/5L1fFmtxrXm/OXH9Vb/q59+fOfOi1rj3rm1Tu/t6pmnlUHewzJ/qtw/i2Z8HklELMVSfBrLu5d/bSc6sBMtVkb7z2/OXl1drg/6/7Ev4tnxrcP17sylUy8XNq4/OFFkVWI63ybGevRd+rf6K3M3Fjut08fuHrp5snn/UeP55CBvKY2Pi+NGRDr+xwAAAAAAAAAAAAAAAAAAAOAVV1s4e+T8m42DeXxxOiJ++aKYss/Sme+imLwfOFruT9PBKP/t6cG3ALpPLvxW/eCHtZ/Lofh2pNGOiP3fJhHx+k6fK8W6/fWASIaV+S/9GQAA///p7o1q")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711837000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="58000000100023ff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000010560100300012800b000100697036746e6c000020000280140002"], 0x58}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp6=r5}, @IFLA_GTP_FD0={0x8, 0x1, @udp=r6}]}}}]}, 0x40}, 0x1, 0xba01}, 0x0)
r7 = open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r8 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r8, &(0x7f0000001900)={0x0, 0xffffffea, 0x0}, 0x20040005)
sendmsg$inet(r8, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
ioctl$PPPIOCBRIDGECHAN(0xffffffffffffffff, 0x40047435, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x28, r10, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
sendmsg$kcm(r8, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20048040)
preadv2(r7, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)

2.273784943s ago: executing program 5 (id=462):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003f80)=ANY=[], 0x1, 0x2f4, &(0x7f0000000900)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOn8oKVMKYVKEb6fhMxhzj3tvZ2SnNt02Lrz+nEhZ2k5vSLBmJKAiMi2yIgExRNwj0E7jkqzF3Jx8NvH/2/dvXcjnclMzig1lZ69lFJKDY++e/Is7g5bH5DNkQdbX1NfNv/e/Hfr5+yjvKXyliqWKkpXc6XPFX3ONNRC3ipoSk2bhm4ZKl+0jLKTLzn5nFlaXKwqvbgwlFgsG5al9GJVFYyqqpRUpVxVoYd6vqg0TVNDCUEn2ZWZGT19yOL5Hk8Gv0m5nNZDIhLfk8mu9GVCAACgr1r7/6CoXvb/q+c2KoO314bd/n896tf/X/7kPNau/j8mIr79v/f8vv2/3l3/v7cjOluO1P/jZBiN7jkVaIT1ZDmtJ9y/X9vL+6tjdkD/DwAAAAAAAAAAAAAAAAAAAADAn2C7VkvWarWkd/R+6rmYiDT/3iIkIlePf8bopXbXf6Dz9ccp0LhxLzwsYr5ayi5lnaM7YENETDFkTJLyw34/uOqxd+eRqhuR9+ayW7+8lA3ZmXRO8nb9uCQj0lpfq01dz0yOK8fu+ogkmutTkpS//OtTvvVRuXC+qV6TpHyYl5KYsmDPo1H/fFypazczLfVxexwAAAAAAKeBpnb47t81rV3eqd/ZX7d+PhBq7K/HfPfnYfkv3N+1AwAAAABwVljVpwXdNI3yPkFcOo9xgsgBxrQG4W4GdxF4Kzxolfddhh5P42CB9+S7UjH3ZM9flkAXL0ubICiHqRqtr0YddRXex0btxsj0xPFfQTv4583b7717wCtrsQ4rPXwQ2v8NEHG//gUAAADgFGk0/d6Zif5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+g4/jtav9cIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBS/AgAA//9p2gTn")
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0)
fdatasync(r6)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x3}, 0x18)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c80)={&(0x7f0000000cc0)='rpc_xdr_alignment\x00', r7, 0x0, 0xae5}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61154c00000000006113300000000000bfa00000000000001503000008004e002d35010000000000950000bc000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4501000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a81426104000000000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546ccd3f1d5ab2af27546e7c0700000000000000b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4d08000000ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43000000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d0000000000000000b712c1e47be511fe32fbc90e2364a55e9bb609c64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd4722a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c835d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff5af657a67463d7dbf85ae9321fad16ee751cd7dde94ec97549c2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8bf377b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059a6cffb92e2a0cfd81434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5c4d188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a5cbb8be3f7741b18007dff12eb95066cc6bc256f0a12282224bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873d0ecdf904c2bdbef81f246d26f4b40df949e12bdac18532f4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566fffffffffc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054e5deb27f7922fe6c14eba96c9af409da03290e4009f872d5aaca63dbe239efb1e02dd4fc07f8c5b070e2ddeb4b5afa6df2e7e162962e334d8553cc56008ddc8277fa9e8f6684513bfa827686b6fb71259743f55f46fa7e6379312e93213faf275f0441d46bc5690181244c44bea45854ed4ccd99f3fd328110ae22ef1504ec0566652d742ed8a7e202539c6531824f7399b486fbb906a91b77f2a6ba27bf97ebc7482cea32278a7acd9f2210e6ed2defcbd112f29a92401c5a37c58835f870b056186ef3971d3d9effa5661cabc2a059689dcfb030dd4ac0fe54db67510d3e9a5d36b900000000000000000000000000000000c9e484cf5f8c0955c11b285de46871d62f9d986e73658d228225b21f694dd2dc80e96ce476496973ee14e3d4fd03507c6f7c0c8ae809ddc9a36b4f30d15d08cc8e72d750f5e529cf4cec823b923d382f3f2c42dcb4b316eba77e7f767ae17d4d3427c9379eadbd040fbbe0c6dd8100f1558354bdd35626052c2e66cc34f4e266cc04218764824533cac2736e236b50ae4d800565910200af9cb11002791a91d834ffcc65a6226ecafe0372e3ace29c2441eca24371857aa9eb9b3910a2eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

1.442220156s ago: executing program 1 (id=474):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040))
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000500)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, 0x1}, 0x24000)
socket$netlink(0x10, 0x3, 0x0)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb57ae0fffc5a2a630b00c145", 0x18, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x530, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x33826ea7f2700603, @perf_bp={0x0, 0xd}, 0x106263, 0x10000, 0x0, 0x7, 0x5, 0x4, 0xb, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r1 = socket$inet6(0xa, 0x1, 0x0)
sendmsg$inet6(r1, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1400000000000000010000000c"], 0x30}, 0x4000010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
getrandom(0x0, 0x0, 0xc078c563989fede1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x8, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={&(0x7f0000000740)="df5890ea90c4e1e8826d0701ecc5bd317bd15865d16755dce87a7057ecceaadfd9a4f85ff4bacf6f66529106d05af6603d470f8e25fbd13cd8e2f264756ba4da91365f0822edb60bb1b821e7946d803e09f3f93bc2e41b3cc70c05510924bb25df089625f17c4c1f467aab59be7aa518e23184455edb287fca28f2619445d3e8a695192633f10be7be754e0dbd72e269c61f496663b29ae6717b9044032741d1cc4bc9", &(0x7f0000000800)=""/253, &(0x7f0000000a00)="e9b4c4ecd16f0a6a9cd9da923c6c948b295fbc99c443d044c4ade48f5a5d21854867ff7fc8695cde9d3c3dfcb8feb4fb97f405a164dabbf9dfda441e179384bdb844bef51714d228e17a93e0864e86eda6ccfd4094c9789e7368cde49159e650fde9eeea019b7068418b1cabda163e72aaa0619f6d7249a2c0de8dfd3b52f92a64fb68a01140b3b3a7f86f82ad858ae4789aefa0ecf614ab34a838cb2e5a2d600f3e40145f26b44d3f0b21bb77c3d882f806b52bf4934e07d24885016bf8eb40bf8213f80f210dff8b443593ee35f936231d0aea22064d8249b0d5c2f701199d574e545c42a3491d86d01c38d0da9b11b2", &(0x7f00000005c0)="489b9b8cbc5c03b6f6b8ecd81b7ea9d264a6b49e5fa05239cbf1663ffc64eb99995f2e1fc8c193dd981c41cd0568d247f2b06b60936675", 0x81d, r2}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r3}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r3, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0], <r4=>0x0, 0x49, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0xb9, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
r5 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x11, 0x2, 0x4}, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r5, 0x2401, 0x5)
syz_io_uring_setup(0x2ddb, &(0x7f00000004c0)={0x0, 0x0, 0x2, 0x0, 0x3}, 0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x8)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000004c0)={'vxcan1\x00', <r6=>0x0})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000480)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x0, 0x1, '\x00', r6, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, r3, 0x0, 0x0, 0x0, 0x0, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)

1.297162359s ago: executing program 0 (id=475):
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000005c0)='sys_enter\x00'}, 0x18)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000580)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x0)

1.295992309s ago: executing program 1 (id=476):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mount$tmpfs(0x0, &(0x7f0000000080)='.\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="636f6e74657874f9517c218776bd1af376bdc35b3d73797361646d5f752c"])
mkdir(&(0x7f0000000000)='./file0\x00', 0x15a)
mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f0000000080), 0x0, 0x0)
connect$802154_dgram(0xffffffffffffffff, &(0x7f0000000080)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0002}}}, 0x14)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r0 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x13)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000003100)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000ac0)=""/62, 0x3e}], 0x1}}, {{0x0, 0x0, &(0x7f0000002b00)=[{&(0x7f00000007c0)=""/196, 0xc4}], 0x1}}], 0x3, 0x400122a0, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
tkill(r0, 0x12)
wait4(r0, 0x0, 0x4000000a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000002085"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r3 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

1.280702939s ago: executing program 0 (id=478):
socket(0x11, 0x5, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0xa0002, 0x0)
readv(r0, &(0x7f0000000180)=[{0x0, 0x100000}, {&(0x7f00000012c0)=""/73, 0x49}], 0x2)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
rename(0x0, 0x0)
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0xfe, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xaa0d, 0x2}, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xa, 0xffffffffffffffff, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r2}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001200)='svcsock_tcp_state\x00'}, 0x18)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000080))

1.096683342s ago: executing program 2 (id=481):
getpid()
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x1, 0x0)
vmsplice(r2, &(0x7f0000000240)=[{&(0x7f0000000340)}, {&(0x7f0000000800)="7d171b", 0x3}], 0x2, 0x6)
write(r0, 0x0, 0x0)
personality(0x5000000)

1.048944542s ago: executing program 5 (id=482):
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
r1 = perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0xa, 0x0, 0x0, 0x0, 0x0, 0x9, 0x414a97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x5, 0x0, @perf_config_ext={0x8000000000000001, 0x8}, 0x720c, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x9)
write$cgroup_pid(r0, &(0x7f0000000000), 0x2a979d)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000)
r3 = socket$key(0xf, 0x3, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYRESHEX=r4, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095a1d8cf2b2bebffa123512bd8b88090"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
sendmsg$key(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="02130000050000000000000000000000030008"], 0x28}}, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ffc000/0x2000)=nil)
timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x40400)
read(r7, &(0x7f0000000240)=""/195, 0xc3)

1.045071853s ago: executing program 1 (id=484):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001540)=@newtaction={0x88c, 0x30, 0x12f, 0x4000, 0x0, {}, [{0x878, 0xf5, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x7c3, 0x2, 0x3, 0xffffff81, 0x10, 0xc, 0x2, 0x3, 0x40, 0x200, 0x8, 0x9, 0x0, 0x5, 0x0, 0x8, 0xa, 0x6, 0x200, 0x1, 0x3, 0xcc37, 0x5, 0xb5, 0x649f, 0x4, 0x0, 0x6, 0xfb1, 0x72a4, 0xd, 0x7fff, 0x5, 0x3, 0x0, 0x3, 0x7, 0xc3a0, 0x4, 0xc, 0x0, 0xaf, 0x1, 0x6, 0x4, 0x6, 0x5, 0x80, 0xe, 0x2, 0x7, 0x6, 0x7, 0x1991, 0x8, 0xfffffe29, 0x5, 0x3, 0x101, 0xfff, 0x4, 0x5, 0x8000, 0x4, 0x7, 0x3, 0x0, 0xfffffff3, 0x1, 0x9, 0x80020003, 0x2, 0x3, 0x5, 0x101, 0x1, 0xfffffffc, 0x6, 0x7fffffff, 0x200, 0x1, 0x7309, 0x6, 0x3, 0x100, 0x2, 0x7, 0x6d0, 0x226, 0x7ff, 0x0, 0x6, 0x7, 0xfffff001, 0x6, 0x7ed8, 0x3, 0xffff, 0x0, 0x0, 0x249, 0x5, 0x2fbf, 0x2, 0x8000, 0x7, 0x25fe9fd5, 0x1, 0x9, 0x1, 0xe, 0x9, 0x0, 0x3, 0x4e, 0xa158, 0x8, 0x1, 0x119203c5, 0xd0, 0x7, 0x80000001, 0x3226, 0x80000008, 0x3, 0x4, 0xc64f, 0xffffff6d, 0x5, 0x6, 0x6, 0xfffffff7, 0x6, 0x7, 0x5, 0xc, 0xe, 0x7, 0x200, 0x60459141, 0x1, 0x5, 0x6, 0x84, 0x0, 0x1, 0x5, 0x2, 0x8, 0x0, 0x2d5, 0x7, 0xfffffffa, 0x1000, 0x6, 0x94, 0x15a, 0x4, 0x6, 0x2, 0x4002, 0x2, 0x4, 0x1001, 0x5, 0x1, 0x3, 0x4003, 0x80, 0x7a5b054a, 0x8, 0xffffff80, 0x1, 0xfff, 0x3, 0xb, 0x8, 0x3, 0x7, 0x2, 0x6, 0xf, 0x5, 0x7, 0x1, 0x77, 0x20009, 0x274d, 0x6, 0x40, 0xfffffffe, 0xb, 0x7, 0x1, 0x9ab, 0x7, 0xffffffc0, 0x200, 0x4943, 0x3c, 0x2c7, 0x7, 0x8, 0x4, 0x0, 0x99f, 0x5, 0x7ff, 0x6, 0x6, 0x4, 0x4, 0xb, 0x7ff, 0x1e, 0x3, 0xe49, 0x56, 0x9, 0x1, 0x6, 0x2, 0x6a1c, 0x9, 0x8, 0x4dbda2da, 0x7fff, 0x5, 0x5, 0x0, 0x7, 0x8, 0x7fff, 0xed, 0x7fff, 0x1000, 0xcbe, 0x7ff, 0x6, 0x8, 0xb, 0xff, 0x5, 0x1, 0x7, 0x9, 0x5, 0x8, 0x5, 0x4, 0xfffffffd, 0x2, 0xeffe, 0xe74, 0x8]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x6, 0x3a40da20, 0x9, 0x7, 0x4, 0x8000, 0x7fffffff, 0x2, 0x1, 0x7fff, 0x86, 0x10000, 0x2, 0x40, 0x2, 0x99d, 0x6, 0xffffff92, 0xe9c, 0x3ff, 0xfffffffe, 0x10001, 0xa, 0xfffff000, 0x7f, 0x4, 0x0, 0x81, 0x6f0, 0x18e, 0x8, 0x4, 0x3, 0x4, 0x2, 0xffffffff, 0x0, 0x80000000, 0x3, 0x9, 0xfffc, 0x2, 0xd, 0x3, 0x5, 0x1, 0x4, 0x8, 0x7, 0x2, 0xd92e, 0x7fffffff, 0x3, 0x90, 0xc0, 0x5b, 0x1, 0xe6, 0x40, 0x5, 0x1000, 0x3, 0x10, 0x0, 0x5, 0x6, 0x6, 0x100, 0xf3, 0x1, 0xa92, 0x0, 0x6, 0x7, 0x0, 0x8, 0x8, 0x10000, 0x3, 0x3, 0x3, 0xa, 0x5, 0x1, 0xee7e, 0x800, 0xd1, 0x7fff, 0x9f3, 0x3, 0x5, 0x4, 0xffffff89, 0x7, 0xfffffff3, 0x2, 0xffffffff, 0x9, 0x5, 0x2, 0x101, 0x7fffffff, 0xfffff001, 0x64, 0x4, 0xffffffff, 0x5, 0x9, 0x1, 0x0, 0xb3e, 0x8, 0xf4, 0x401, 0x401, 0x9, 0x8, 0x2, 0xb, 0x0, 0x0, 0x9, 0xffffffff, 0x25c, 0x7, 0x5, 0x0, 0x9, 0xfffffff9, 0x3, 0xe2, 0x8, 0x1, 0x8, 0x9, 0x0, 0x9, 0x2, 0x1, 0x9, 0x80, 0x5, 0xd3c3, 0x5, 0x2, 0x1, 0x472a8800, 0xc, 0xfffffff0, 0xfffffff8, 0x9, 0x8, 0xfffffffc, 0x9, 0x5, 0x9, 0x5, 0x6, 0x6, 0x7, 0x87f, 0x59, 0x4eedcacd, 0x1, 0x4, 0x9df4, 0xffffffff, 0x7, 0x5, 0xfff, 0x3828, 0x0, 0x1, 0x7, 0xcf6, 0x7f, 0x4, 0x7, 0x2120, 0xfffffffa, 0x80, 0x3, 0xdbff, 0x52b6, 0xfffffffa, 0x49, 0x70, 0x0, 0xe1, 0x1401, 0xa, 0x101, 0x3ff, 0x101, 0x0, 0x7ffe, 0x80000000, 0x81, 0xfffffff7, 0x3, 0x1, 0x7514, 0x7, 0x3, 0x1, 0x4, 0x2, 0x9, 0x4, 0x10000, 0x3ff, 0x0, 0x100, 0x7ef2, 0x300000, 0x1, 0xe, 0xd, 0x4, 0x6, 0x8, 0x4, 0x10001, 0xc01, 0x400, 0x436, 0x3, 0x205, 0x0, 0x0, 0x0, 0xbc, 0x8, 0x0, 0x900, 0x7, 0x1, 0x81, 0x3, 0x2, 0x7, 0x4, 0x4, 0x2445c87b, 0x6, 0xd, 0x9, 0x2, 0x10, 0x2, 0x7, 0x57, 0x5, 0xd, 0x1000, 0x10000003]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xff, 0x7, 0x2, 0x7ff, 0x6, {0x9, 0x1, 0x8, 0xef3, 0x9, 0x1}, {0x2, 0x1, 0x2, 0x827, 0x29a, 0x100}, 0x3, 0x9, 0x7}}]]}, {0x4}, {0xc, 0xb, {0x0, 0x1}}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0)

1.011742073s ago: executing program 1 (id=485):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x54, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0xd}, 0x10000, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x5da30000)
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x50)
mount$9p_fd(0x0, &(0x7f00000006c0)='./bus\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',afdno=', @ANYRESHEX=r0, @ANYBLOB=',\x00'])
r1 = memfd_create(&(0x7f0000000bc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F91 ^x\x85\x80[\xa3B\n#!\xc2R\xdd\xf4)\xba\x1e\xfb6U\xabc\xda\x9a)\xc3\x9a\x06\xc5\xccP)\xdf.\xa7-\x84\xdf8\xbf\xfc1^}B\xee\xccR/z\x1e\xe8\x1e\x99\x99\n\xf4u\xd4\xbd^L\xb2j\xda\xff\x1d\x10\xc8\xad\xbd_OI\xb1\xe8y\x003\a\x06\x92\x8e\n\x8b\xf3\xd4G\x85\xbd\x1a\x81+3\x99jq\xd1\xacK^\xef\xb6!8\xcd?\x1e\\\x16W2\xbd4$zn\xa9\x7f\x9dE\xaf\x0f\xdb\xe0\xfa\x10\xc3\xb2\xf8\x80\x8c\xec$\xda\xc0\x94y1\t\xc5`\xda\xca\xd1\xab:\x18\x10\x9b\xd0w', 0x1)
fcntl$setstatus(r1, 0x4, 0x4c00)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x8d2, 0x0, 0x0, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2000009, 0x2172, 0xffffffffffffffff, 0x60f4b000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
r2 = msgget(0x3, 0x710)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="18af0200000000000000000000000000950000000000000043616e00faf1947ab21f45f9f5a31fb3d5baba29b983138a863bd36e76578743cf42ff2839c0a904b30745a625c33ee3c2cd231ee4378831eb11c606e6c3ae623c8c1277374074e357b3a37f5886bc"], &(0x7f0000000080)='GPL\x00', 0xa, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x18, &(0x7f0000000200), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
msgget(0x2, 0x624)
r3 = msgget(0x0, 0x200)
msgctl$IPC_RMID(r3, 0x0)
open(0x0, 0x143142, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
msgctl$IPC_RMID(r2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4, <r5=>0xffffffffffffffff}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10)
writev(0xffffffffffffffff, &(0x7f00000003c0), 0x0)

948.536334ms ago: executing program 1 (id=487):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x1, 0x1, 0x8, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0xa000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
ioctl$USBDEVFS_ALLOC_STREAMS(0xffffffffffffffff, 0x8008551c, &(0x7f0000000040)={0xf29c, 0xb, [{0xf}, {0x5}, {0xf}, {0xa, 0x1}, {0x8, 0x1}, {0x5}, {0xa, 0x1}, {0xc, 0x1}, {0xe, 0x1}, {0x1}, {0x0, 0x1}]})
epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

947.665174ms ago: executing program 2 (id=488):
syz_read_part_table(0x618, &(0x7f0000002200)="$eJzs3D+IFGcUAPC3dzc7dwqehUWwiWctBMXSK6LsbQwGZE0IHBb5iwhXXeBgQxY3eEVyheIWYplGApviXKvoFVY5FFIHsTAIW9gETBNiipsws3O3GzgOEjaE4O9XfN/bnTfvzQfTvgn+1yYiKaMsLbY3PtozP5sdxu14r1tbOJtlWfZuRCUuRhJzyYFeRExF9G6NVI2jEbF/pM7tb/ZtfP3rW0n3yYVktH470jiY51YjL1ma2e1R0r99WMZufX5z9urqcv1a/qPe6m+9H3HnRa1x79xapzeZnPkk//9KxMMyf6pYZya27/9wKv5yZQ9fDsPKaP/tl+Py43qrf6v77PjW4frk95dOvTyycf3BiYiVvPL5KF72oeo/P/Oo9fnNrFT0X5m7sdhpnT5299DNk837jxrPJ38vLw9aToynLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/5L1fFmtxrXm/OXH9Vb/q59+fOfOi1rj3rm1Tu/t6pmnlUHewzJ/qtw/i2Z8HklELMVSfBrLu5d/bSc6sBMtVkb7z2/OXl1drg/6/7Ev4tnxrcP17sylUy8XNq4/OFFkVWI63ybGevRd+rf6K3M3Fjut08fuHrp5snn/UeP55CBvKY2Pi+NGRDr+xwAAAAAAAAAAAAAAAAAAAOAVV1s4e+T8m42DeXxxOiJ++aKYss/Sme+imLwfOFruT9PBKP/t6cG3ALpPLvxW/eCHtZ/Lofh2pNGOiP3fJhHx+k6fK8W6/fWASIaV+S/9GQAA///p7o1q")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711837000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="58000000100023ff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000010560100300012800b000100697036746e6c0000200002801400020000000000000000000000ffffac1414"], 0x58}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp6=r5}, @IFLA_GTP_FD0={0x8, 0x1, @udp=r6}]}}}]}, 0x40}, 0x1, 0xba01}, 0x0)
r7 = open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r8 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r8, &(0x7f0000001900)={0x0, 0xffffffea, 0x0}, 0x20040005)
sendmsg$inet(r8, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
ioctl$PPPIOCBRIDGECHAN(0xffffffffffffffff, 0x40047435, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x28, r10, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
sendmsg$kcm(r8, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20048040)
preadv2(r7, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)

824.498856ms ago: executing program 2 (id=490):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r0}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = gettid()
r4 = socket(0x1e, 0x4, 0x0)
r5 = socket(0x1e, 0x2, 0x0)
kexec_load(0x0, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x1)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = dup3(r5, r4, 0x0)
recvmmsg(r6, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000540)=""/99, 0x63}], 0x1}, 0x1}], 0x1, 0x40000001, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r8}, 0x10)
sendmsg$unix(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000640)='>', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="e5ffff6e18"], 0xa0}, 0x4004881)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x160)

767.341757ms ago: executing program 4 (id=491):
r0 = semget$private(0x0, 0x4000, 0x0)
semctl$GETALL(r0, 0x0, 0xd, 0x0)

689.455259ms ago: executing program 4 (id=492):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'erspan0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/20, @ANYRES32=r4, @ANYBLOB="ebffffffffffffff280012800b00010065727370616e000018000280040012000500160001000000080015"], 0x48}}, 0x0) (async)
sendmsg$nl_xfrm(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=@getae={0x70, 0x1f, 0x10, 0x70bd2c, 0x25dfdbfb, {{@in=@local, 0x4d5, 0xa, 0x3c}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x3, 0x3503}, [@offload={0xc, 0x1c, {r4, 0x1}}, @replay_esn_val={0x24, 0x17, {0x2, 0x70bd2c, 0x70bd2c, 0x70bd25, 0x70bd2d, 0x3, [0x9f, 0x8]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x4) (async)
bind$unix(r0, &(0x7f0000003000)=@file={0x1}, 0x6e) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
futex(0x0, 0x9, 0x0, &(0x7f0000000300)={0x77359400}, 0x0, 0x0) (async)
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000003000)=@abs={0x1, 0x0, 0xffffffff}, 0x6e) (async)
io_setup(0x20, &(0x7f0000000040)=<r6=>0x0) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x4, 0x6, 0x7ffc1ffc}]}) (async)
ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381) (async)
readlink(0x0, 0x0, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
io_submit(r6, 0x1, &(0x7f0000000300)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0xffff, r7, 0x0}]) (async)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
pread64(r8, &(0x7f0000000100)=""/166, 0xa6, 0x81)

667.203529ms ago: executing program 2 (id=493):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)=ANY=[], 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
r3 = socket$unix(0x1, 0x1, 0x0)
sendmmsg$unix(r3, &(0x7f0000000280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x20040801}}], 0x1, 0x4000001)
getpeername$packet(0xffffffffffffffff, &(0x7f00000004c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'vxcan1\x00', <r5=>0x0})
r6 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0xfff1, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x60, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x6, 0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0xc, 0xc89f, 0xffff5ef5, 0x0, 0x19, 0x3}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x803}, 0x20004004)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000700)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000580)={&(0x7f0000000640)={0xa8, r2, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xe77d49c6769b4e71}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x801}, 0x20000881)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000000)=ANY=[@ANYRES32=r4, @ANYRESOCT=r5], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r7, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r8}, 0x10)
socket$kcm(0x10, 0x3, 0x10)
close(0xffffffffffffffff)
ioctl$EVIOCGABS20(0xffffffffffffffff, 0x40044591, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syslog(0x9, &(0x7f0000001a00)=""/4103, 0x1007)

632.583699ms ago: executing program 2 (id=494):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
write$tun(r1, &(0x7f0000000540)={@void, @void, @eth={@random="339ed397e389", @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @val={@val={0x88a8, 0x2, 0x1}, {0x8100, 0x7, 0x1, 0x4}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0xe000, 0xbc, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2}, {0xa000, 0x86da, 0x9, 0x0, @opaque="8a"}}}}}}, 0x33)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0500000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="01000000000000000000000000447706802c70a78f55", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r2}, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kmem_cache_free\x00', r3}, 0x10)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0xfffffff9, @rand_addr=' \x01\x00', 0x8000}, 0x1c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0xa, 0x300)
socket$packet(0x11, 0xa, 0x300)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0), 0xffffffffffffffff)

623.749119ms ago: executing program 4 (id=495):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='xprtrdma_inline_thresh\x00', 0xffffffffffffffff, 0x0, 0x9}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESHEX=r0, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001000000", @ANYRESHEX, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000c3c990a300000000000000000000000000000000000000716590aa3f93597d52814d61000000"], 0x48) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001000000", @ANYRESHEX, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000c3c990a300000000000000000000000000000000000000716590aa3f93597d52814d61000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b80)={{r1}, &(0x7f0000000500), &(0x7f0000000380)}, 0x20)
mkdir(&(0x7f0000000400)='./file0\x00', 0x101) (async)
mkdir(&(0x7f0000000400)='./file0\x00', 0x101)
bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r2}, 0x10)
pipe2$9p(&(0x7f0000001900)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB="f10600ff000000", @ANYRESHEX=r5, @ANYBLOB=',k'])
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r6}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000002c0)={'ip_vti0\x00', 0x2000})
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r8}, 0x18)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r10, 0x6, 0x3, &(0x7f00000001c0)=0x3, 0x4) (async)
setsockopt$inet_tcp_int(r10, 0x6, 0x3, &(0x7f00000001c0)=0x3, 0x4)
bind$inet(r10, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) (async)
bind$inet(r10, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
clock_settime(0x1, &(0x7f00000004c0)={0x77359400})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r9}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
lsm_set_self_attr(0x69, 0x0, 0x42, 0x0) (async)
lsm_set_self_attr(0x69, 0x0, 0x42, 0x0)
r11 = open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x8b7c, 0x100, 0x200007, 0x25, 0x0, r11}, &(0x7f0000000940), &(0x7f0000000280))

545.212611ms ago: executing program 4 (id=496):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c00000003060102000000000000000000000006050001"], 0x1c}}, 0x0)

544.37697ms ago: executing program 4 (id=497):
syz_io_uring_submit(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000008c0)='./file0\x00', 0x1008490, &(0x7f0000000a40)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000a80)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3477, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7535}}]}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1)
pwrite64(r3, &(0x7f0000000140)='2', 0x1, 0x8080c61)
pwrite64(r2, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61)

461.404542ms ago: executing program 4 (id=498):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000300)='thermal_power_allocator_pid\x00', r0, 0x0, 0xfffffffffffffffd}, 0xb)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYRES8=r0], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r2, 0x0, 0x800000000}, 0x18)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000476000907000000000000000007020000", @ANYRES32=0x0, @ANYBLOB="0c000d800500030002000000"], 0x24}, 0x1, 0x5502000000000000}, 0x0)
syz_io_uring_setup(0x1239, &(0x7f0000000480)={0x0, 0xec21, 0x2, 0x1, 0x326}, &(0x7f0000000040), &(0x7f0000000200))
setsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f00000001c0)=0x1, 0x4)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10)
ioctl$HIDIOCGREPORTINFO(0xffffffffffffffff, 0xc00c4809, &(0x7f0000000340)={0x3, 0xffffffff, 0x7fff})
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[], 0x2c}], 0x1}, 0x0)
lsetxattr$security_selinux(&(0x7f0000000400)='./file2\x00', &(0x7f0000000000), &(0x7f0000000280)='system_u:object_r:fsadm_exec_t:s0\x00', 0x22, 0x2)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x100000b, 0x2013, r6, 0x0)
connect$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)

418.528212ms ago: executing program 0 (id=499):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000001000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000200), &(0x7f00000003c0)=r5}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r6}, 0x10)
sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x1c}}, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r7, 0x800448d2, &(0x7f0000000100))
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r8, 0x11c, 0x3, &(0x7f0000000280)=""/86, &(0x7f0000000000)=0x56)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x40}}, 0x0)

345.013464ms ago: executing program 0 (id=500):
syz_read_part_table(0x618, &(0x7f0000002200)="$eJzs3D+IFGcUAPC3dzc7dwqehUWwiWctBMXSK6LsbQwGZE0IHBb5iwhXXeBgQxY3eEVyheIWYplGApviXKvoFVY5FFIHsTAIW9gETBNiipsws3O3GzgOEjaE4O9XfN/bnTfvzQfTvgn+1yYiKaMsLbY3PtozP5sdxu14r1tbOJtlWfZuRCUuRhJzyYFeRExF9G6NVI2jEbF/pM7tb/ZtfP3rW0n3yYVktH470jiY51YjL1ma2e1R0r99WMZufX5z9urqcv1a/qPe6m+9H3HnRa1x79xapzeZnPkk//9KxMMyf6pYZya27/9wKv5yZQ9fDsPKaP/tl+Py43qrf6v77PjW4frk95dOvTyycf3BiYiVvPL5KF72oeo/P/Oo9fnNrFT0X5m7sdhpnT5299DNk837jxrPJ38vLw9aToynLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/5L1fFmtxrXm/OXH9Vb/q59+fOfOi1rj3rm1Tu/t6pmnlUHewzJ/qtw/i2Z8HklELMVSfBrLu5d/bSc6sBMtVkb7z2/OXl1drg/6/7Ev4tnxrcP17sylUy8XNq4/OFFkVWI63ybGevRd+rf6K3M3Fjut08fuHrp5snn/UeP55CBvKY2Pi+NGRDr+xwAAAAAAAAAAAAAAAAAAAOAVV1s4e+T8m42DeXxxOiJ++aKYss/Sme+imLwfOFruT9PBKP/t6cG3ALpPLvxW/eCHtZ/Lofh2pNGOiP3fJhHx+k6fK8W6/fWASIaV+S/9GQAA///p7o1q")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711837000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="58000000100023ff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000010560100300012800b000100697036746e6c0000200002801400020000000000000000000000ffffac1414"], 0x58}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8, 0x2, @udp6=r5}, @IFLA_GTP_FD0={0x8, 0x1, @udp=r6}]}}}]}, 0x40}, 0x1, 0xba01}, 0x0)
r7 = open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r8 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r8, &(0x7f0000001900)={0x0, 0xffffffea, 0x0}, 0x20040005)
sendmsg$inet(r8, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
ioctl$PPPIOCBRIDGECHAN(0xffffffffffffffff, 0x40047435, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x28, r10, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
sendmsg$kcm(r8, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20048040)
preadv2(r7, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)

344.388264ms ago: executing program 2 (id=501):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
listen(0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x2}], 0x1, 0xca9a3b00000000, &(0x7f0000001100)={0x77359400}, 0x0)

193.335536ms ago: executing program 5 (id=502):
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f0000000000)='rss_stat\x00', r0}, 0x18)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
pipe2(0x0, 0x84880)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000400)='signal_generate\x00', r2}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
fcntl$addseals(0xffffffffffffffff, 0x409, 0xa)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r3}, 0x10)
getrusage(0x0, &(0x7f0000000540))
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
listen(0xffffffffffffffff, 0x6)
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000759, &(0x7f0000000580)={[{@jqfmt_vfsold}, {@noblock_validity}, {@discard}, {@errors_remount}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xff}, 0x0}, {@noauto_da_alloc}, {@max_batch_time={'max_batch_time', 0x3d, 0xc}}, {@jqfmt_vfsv1}, {@nombcache}, {@lazytime}, {@resuid}, {@dax_always}, {@test_dummy_encryption_v1}, {@auto_da_alloc}, {@nodioread_nolock}, {@data_writeback}, {@noblock_validity}], [], 0x2c}, 0x0, 0x51b, &(0x7f0000001300)="$eJzs3E1vFOcdAPD/rtc2LlC79I23lm1pVatVMTavhx4AtRKXSpVaVfS4tQ2iGKiwK4FlFVNVIPXQik/QNrdI+QQ5JZcoiXJIlGtQrlEkFPkCySGaaHZnNrveXXtt1l4Z/37SLs/MPjPz/Gfmwc/Lzgawa5XTt0LEvoj4KCJGa4vNGcq1f56vLE1/vrI0XYgk+f1nhWq+ZytL03nWfLu92cJ4MaL4z0IcaT3s8Py9xRuVubnZO9mKiYVilrpZuTZ7bfbW1Pnzp0+NnDs7daYncaZlenb477ePHrr8p8e/nb7y+M/vvJaWN8k+b4yjZqz6PtT1EQZa1pSj3HwuG/y0+6LvCPsb0oVS+l7sX2HoWnrXppdrsFr/R2OgulQzGr/5R18LB2ypJEmS4Za19b9ly0mjQqG2QZI8SICXQCH6XQKgP/I/9M9W0p7q0nRrP/jl9vRiVHtAadzPs1ftk1K1B1seq/WNBrfo+N+JiCvLX/w3fUXbcQgAgN5642LEo0u1dkf+qn1SjO815PtmNjc0FhHfiogDEfHtrP3y3Yhq3u9HxMGGbfZ3MQtQXrXc2v75YCRLNDZXeyZt//0qm9tqbv/VSz42kC3tr8Y/WLh6fW72ZHZOxmNwOF2ebN11fVjtzV9/+J9Oxy83tP/SV3r8vC2YlePT0qoBupnKQuVF4849fVA9sfdb4y9EqZCnIg5FxOFN7D89Z9d//urRTp83xZ/G2RL/vzvvvLSJAq2S/D/iZ7XrvxzV+POxz1rwQ1lqYuHmXyfm7y3+8nrj/OTkubNTZyb2xNzsyYn8rmj17vsPf5clW7oRzdc/SRquf141tnQiLb3+32h7/9dnLsfSVH2+dn7jx3j45FHHPs1m7/+hwh+q6Xx+9m5lYeHOZMRQYbl1/dTX296tjDTlT+MfP96+/h+I+PJ/2XZHIiK9iX8QET+MiGNZ2X8UET+OiONrxP/2pZ/8pVMXcv34t1Ya/8yGrv+9xZHIEvU1aeLCexHNa/LEwI23Xm858L/KLfEPRqfrf7qaGs/WzFQW9qwXV5sCtk288AkEAACAHeBYROyLQvFENtC0L4rFEyci9tZHUOYXfnH19t9uzdSeERiLwWI+0jXaMB46mY0Np8vpVlMNy+nnp6rjxkmSJCPpctp/nzvY39Bh19vbof6nPml9pAV42WxoHq3TE23AjrS6/j/pesvefyED2F49+B4NsEOp/7B7dV3/t+opOKBv2tX/+xHP+1AUYJu1q/9/bFlzYVvKAmyvdvXf3D/sDpsf//NlANjpjP/DrtTVQ/KbSBy4vEaeQqm7/ZS6fox/vUQx1v4VgLGo/6ZB3qZZe4cfFyN6c8YGenrmR5quabFtnj3Ri2NFcd08pQ38EMP2JoqVubn8AZe+l2c4Ita5e+s32/08sbjVBauem1f69z8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAb3wVAAD//8B9zog=")
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r4}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x4, &(0x7f0000000780)=ANY=[@ANYRESDEC=r4], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00', r5}, 0x10)
unshare(0x8000000)
r6 = semget$private(0x0, 0x4000, 0x0)
semctl$GETALL(r6, 0x0, 0xd, 0x0)

177.235297ms ago: executing program 0 (id=503):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_NAME(0xf, &(0x7f0000000440)='+\xee!\xa4\xdfX\xbei\xe0\x9eZu{\x90\xca_\xb7X\x1a\xc6u\xf4\x88\xb3\xf4p1u\xc6_\xd7\xb0\xb9y:\xdfE\x8dDja\x00\xffp/=\xaa4y.dc\x04\xecb)\x8eu\xb3#f\xb7z\x14h\xb0\xc2\xd4\x98\xd2\xb5\xf4{\x14\xd5\x1d\n\x1c\x93\xe0E\xfc\x87\x0e\xef\xbc')
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000180)={{0x0, 0x7, 0x0, 0x4, 0xff, 0xa, 0x3, 0x8, 0x3, 0x4a51, 0x4, 0x3, 0xa, 0x9, 0x8}})
sched_setscheduler(0x0, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f0000000540)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3f}, @rand_addr=' \x01\x00', 0x40, 0x40, 0x9}})
add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
splice(r5, 0x0, r8, 0x0, 0x10003, 0x0)
readv(r7, &(0x7f0000000280)=[{&(0x7f0000000200)=""/59, 0x3b}], 0x1)
write$binfmt_elf64(r6, &(0x7f00000001c0)=ANY=[], 0x10034)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @empty, 0x0, 0x0, 0x1000000, 0x30000}})

25.247879ms ago: executing program 1 (id=504):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0x50)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x3, 0x1000002, 0x0, 0xff, "d4e9002b2c000000ff00"})
r2 = syz_open_pts(r1, 0x0)
r3 = dup(r2)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3)
r4 = dup3(r1, r3, 0x0)
ioctl$BLKGETZONESZ(r3, 0x80041284, &(0x7f0000000080)=0x7)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000002000000000000000000000903000000000000000000000d008d0f61"], &(0x7f0000000100)=""/223, 0x3e, 0xdf, 0x1, 0x0, 0x0, @void, @value}, 0x28)
perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x15594, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10003, 0x0, 0x4, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FS_IOC_FSGETXATTR(r4, 0x801c581f, &(0x7f0000000240)={0xf, 0xfff, 0x0, 0x2, 0x7f})
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="640000000206010100000000000000000000000005000100070000000900020073797a30000000001400078008001240fffffffe080013400000080015000300686173683a69702c706f72742c6e6574000000000500050002000000050004"], 0x64}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0xa, 0x1c, &(0x7f0000000340)=ANY=[@ANYBLOB="05000000000000009500000000000000b7080000000000007b8af8", @ANYRES32, @ANYBLOB="0000000000002000b70500f7ffffff0085000000a5000000b7080000000000007b8af8ff00000000b7080000050000007b8af0ff00000000bfa100000000000007010000f8"], 0x0, 0x1, 0x93, &(0x7f0000000480)=""/147, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x0, &(0x7f0000000980)=[{0x40001, 0x1, 0x2000007}, {0x5, 0x0, 0xf, 0xa}, {0x5, 0x2, 0xe, 0x9}, {0x0, 0x3, 0x0, 0x7}], 0x10, 0x7, @void, @value}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000090000008b00000044"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r8}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r8}, 0x38)

24.177789ms ago: executing program 5 (id=505):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]}) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e1007000000fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000040)='io_uring_submit_sqe\x00', r0}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket(0x10, 0x3, 0x0) (async)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001600010027bd7000fddbdf250a000000", @ANYRES32=0x0, @ANYBLOB="08000a0001419282"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000180)={0x84, @remote, 0x0, 0x0, 'lblc\x00'}, 0x2c)
setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000001280)={0x20000000000084, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 'rr\x00', 0x19}, 0x2c)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) (async)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0)=<r8=>0x0)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r7, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0xfd45}}, 0x0) (async)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r7, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0xfd45}}, 0x0)
write$nci(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="71050404030382fb1014c77b0205078001d0"], 0x12) (async)
write$nci(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="71050404030382fb1014c77b0205078001d0"], 0x12)
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400003434fe19670ca63be38e00", @ANYRES16=r2, @ANYBLOB="0908000000000000000001000000"], 0x14}}, 0x0)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)

0s ago: executing program 0 (id=506):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001340)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x6}, 0x18)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8937, &(0x7f0000000680)='lo:\x96o8\x14d\xa1\xe3\xd7\\b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x02\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00\xb1\x88\xebW_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x1f\x9c,\x113\x7f\x03\x93\xe1\xcc\xe7f\r\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0Z\x9f\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc5<J\x1f\xba\xfc\x90(\x985\x93\xa8\xd4\xf0\xbdTy\x18\xc8\xa0\xbb\x99\x8c\xe0Q\xffCl\xbdX~3\xa1\xa2\xf4\xd9\xf7\xc7\xfb\xce\x959x\xfeW\r\xf0{\xcaT\xecp)=\x9d\xdfG8\xa1\xe3=\xa6\x00\x98\xc1\xb3\x91-\xab\'W\x8al?d<JN\xcb\xd4H\xb0_jO\xf3\x90\xe8/l\xdfg)\x8d#\xfdo\xa9L\xdeA*\xec\xa1\x14,\xe8\x8d^\xb9r=\xc0\x18\xd4\x11dU[Ry\xed\xd6\x97\x8a\xe8\xca\x99\x10\x8e\xc8P\xa3\xae/\xdaof\x06\x7f\xf7\x80$f\b\x92\xae\xeb\xdd\"\x89\xb8\xf0\xc3\b\x00\x00\x00\x00')
r1 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001540)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
readv(r1, &(0x7f0000001800)=[{&(0x7f0000001580)=""/21, 0x15}, {0x0}], 0x2)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_aout(r2, &(0x7f0000000480)=ANY=[], 0xff2e)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TCFLSH(r3, 0x540b, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0000fa00ea8000"})
r4 = syz_open_pts(r2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
syz_open_dev$sg(0x0, 0x0, 0x0)
r7 = dup3(r4, r2, 0x0)
ioctl$TCSETSW(r7, 0x5403, &(0x7f0000000300)={0x800, 0x400, 0x7, 0x3, 0x1b, "1fdcab858507b99f4291a39fb2a903d3107883"})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r9, 0x6, 0x9, 0x0, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002680)=ANY=[@ANYBLOB="140000001000010000000000000007000000000a60000000060a0b0400000000000000000200000034000480200001800e000100636f6e6e6c696d69740000000c000280080001400000000010000180090001006c617374000000000900010073797a30000000000900020073797a32"], 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0, r10}, 0x18)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
semtimedop(0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
semop(0x0, &(0x7f00000000c0)=[{0x2}], 0x1)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000240))
sendmsg$can_raw(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@can={{}, 0x4, 0x0, 0x0, 0x0, "95fc4c2254ee2b0f"}, 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)

kernel console output (not intermixed with test programs):

00000000094 RSI: 0000200000000400 RDI: 0000000000000005
[   44.198858][ T3690] RBP: 00007f02fc5b7090 R08: 0000000000000000 R09: 0000000000000000
[   44.198946][ T3690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.198960][ T3690] R13: 0000000000000001 R14: 00007f02fe175fa0 R15: 00007ffca9259258
[   44.198981][ T3690]  </TASK>
[   44.431524][ T3690] syz.3.62: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0
[   44.448791][   T29] kauditd_printk_skb: 263 callbacks suppressed
[   44.448809][   T29] audit: type=1400 audit(1750620947.914:401): avc:  denied  { add_name } for  pid=3660 comm="syz.2.57" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   44.448842][   T29] audit: type=1400 audit(1750620947.914:402): avc:  denied  { create } for  pid=3660 comm="syz.2.57" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   44.448920][   T29] audit: type=1400 audit(1750620947.914:403): avc:  denied  { read write open } for  pid=3660 comm="syz.2.57" path="/11/file1/bus" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   44.482461][ T3683] netlink: 'syz.4.60': attribute type 13 has an invalid length.
[   44.495422][ T3690] CPU: 0 UID: 0 PID: 3690 Comm: syz.3.62 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   44.495463][ T3690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   44.495539][ T3690] Call Trace:
[   44.495548][ T3690]  <TASK>
[   44.495559][ T3690]  __dump_stack+0x1d/0x30
[   44.495586][ T3690]  dump_stack_lvl+0xe8/0x140
[   44.495611][ T3690]  dump_stack+0x15/0x1b
[   44.495633][ T3690]  warn_alloc+0x12b/0x1a0
[   44.495673][ T3690]  ? should_failslab+0x8c/0xb0
[   44.495744][ T3690]  __vmalloc_node_range_noprof+0x497/0xe00
[   44.495856][ T3690]  ? selinux_capable+0x1f9/0x270
[   44.495912][ T3690]  ? bpf_prog_alloc_no_stats+0x47/0x390
[   44.495953][ T3690]  __vmalloc_noprof+0x83/0xc0
[   44.496045][ T3690]  ? bpf_prog_alloc_no_stats+0x47/0x390
[   44.496085][ T3690]  bpf_prog_alloc_no_stats+0x47/0x390
[   44.496168][ T3690]  ? bpf_prog_alloc+0x2a/0x150
[   44.496207][ T3690]  bpf_prog_alloc+0x3c/0x150
[   44.496286][ T3690]  bpf_prog_load+0x514/0x1070
[   44.496390][ T3690]  ? security_bpf+0x2b/0x90
[   44.496417][ T3690]  __sys_bpf+0x51d/0x790
[   44.496465][ T3690]  __x64_sys_bpf+0x41/0x50
[   44.496502][ T3690]  x64_sys_call+0x2478/0x2fb0
[   44.496595][ T3690]  do_syscall_64+0xd2/0x200
[   44.496620][ T3690]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   44.496657][ T3690]  ? clear_bhb_loop+0x40/0x90
[   44.496743][ T3690]  ? clear_bhb_loop+0x40/0x90
[   44.496774][ T3690]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.496869][ T3690] RIP: 0033:0x7f02fdf4e929
[   44.496892][ T3690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   44.496917][ T3690] RSP: 002b:00007f02fc5b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   44.496944][ T3690] RAX: ffffffffffffffda RBX: 00007f02fe175fa0 RCX: 00007f02fdf4e929
[   44.497050][ T3690] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005
[   44.497066][ T3690] RBP: 00007f02fc5b7090 R08: 0000000000000000 R09: 0000000000000000
[   44.497083][ T3690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.497143][ T3690] R13: 0000000000000001 R14: 00007f02fe175fa0 R15: 00007ffca9259258
[   44.497169][ T3690]  </TASK>
[   44.497195][ T3690] Mem-Info:
[   44.518730][ T3683] netlink: 152 bytes leftover after parsing attributes in process `syz.4.60'.
[   44.756889][ T3690] active_anon:5789 inactive_anon:0 isolated_anon:0
[   44.756889][ T3690]  active_file:6242 inactive_file:2197 isolated_file:0
[   44.756889][ T3690]  unevictable:0 dirty:1565 writeback:0
[   44.756889][ T3690]  slab_reclaimable:2905 slab_unreclaimable:13509
[   44.756889][ T3690]  mapped:29375 shmem:247 pagetables:1133
[   44.756889][ T3690]  sec_pagetables:0 bounce:0
[   44.756889][ T3690]  kernel_misc_reclaimable:0
[   44.756889][ T3690]  free:1892656 free_pcp:18312 free_cma:0
[   44.801857][ T3690] Node 0 active_anon:23156kB inactive_anon:0kB active_file:24968kB inactive_file:8788kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117500kB dirty:6260kB writeback:0kB shmem:988kB writeback_tmp:0kB kernel_stack:3424kB pagetables:4532kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   44.831009][ T3690] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   44.860091][ T3690] lowmem_reserve[]: 0 2882 7860 7860
[   44.865428][ T3690] Node 0 DMA32 free:2947836kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951364kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:3528kB free_cma:0kB
[   44.895862][ T3690] lowmem_reserve[]: 0 0 4978 4978
[   44.901121][ T3690] Node 0 Normal free:4607428kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23156kB inactive_anon:0kB active_file:24968kB inactive_file:8788kB unevictable:0kB writepending:6256kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:69716kB local_pcp:55528kB free_cma:0kB
[   44.933283][ T3690] lowmem_reserve[]: 0 0 0 0
[   44.937892][ T3690] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   44.950590][ T3690] Node 0 DMA32: 3*4kB (M) 4*8kB (M) 5*16kB (M) 2*32kB (M) 5*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947836kB
[   44.966739][ T3690] Node 0 Normal: 87*4kB (ME) 45*8kB (UM) 76*16kB (UME) 76*32kB (UM) 55*64kB (UME) 32*128kB (UME) 31*256kB (UME) 24*512kB (UM) 24*1024kB (UE) 18*2048kB (UME) 1102*4096kB (UM) = 4607428kB
[   44.985460][ T3690] Node 0 hugepages_total=8 hugepages_free=0 hugepages_surp=4 hugepages_size=2048kB
[   44.994905][ T3690] 8683 total pagecache pages
[   44.999546][ T3690] 0 pages in swap cache
[   45.003775][ T3690] Free swap  = 124996kB
[   45.007923][ T3690] Total swap = 124996kB
[   45.012105][ T3690] 2097051 pages RAM
[   45.015919][ T3690] 0 pages HighMem/MovableOnly
[   45.020690][ T3690] 80810 pages reserved
[   45.025362][ T3683] erspan0: refused to change device tx_queue_len
[   45.034071][   T29] audit: type=1400 audit(1750620948.764:404): avc:  denied  { mount } for  pid=3691 comm="syz.1.63" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   45.059631][ T3683] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[   45.108414][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.145903][ T3702] loop2: detected capacity change from 0 to 512
[   45.150887][ T3701] bond0: entered promiscuous mode
[   45.157271][ T3701] bond_slave_0: entered promiscuous mode
[   45.163197][ T3701] bond_slave_1: entered promiscuous mode
[   45.175306][ T3703] netlink: 4 bytes leftover after parsing attributes in process `syz.4.68'.
[   45.193043][ T3701] batadv0: entered promiscuous mode
[   45.201350][ T3701] 8021q: adding VLAN 0 to HW filter on device hsr1
[   45.218173][   T29] audit: type=1400 audit(1750620948.944:405): avc:  denied  { create } for  pid=3698 comm="syz.1.66" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   45.237560][   T29] audit: type=1400 audit(1750620948.944:406): avc:  denied  { connect } for  pid=3698 comm="syz.1.66" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   45.256992][   T29] audit: type=1400 audit(1750620948.944:407): avc:  denied  { write } for  pid=3698 comm="syz.1.66" path="socket:[4387]" dev="sockfs" ino=4387 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   45.281483][ T3701] bond0: left promiscuous mode
[   45.286336][ T3701] bond_slave_0: left promiscuous mode
[   45.291877][ T3701] bond_slave_1: left promiscuous mode
[   45.305492][ T3701] batadv0: left promiscuous mode
[   45.325023][   T29] audit: type=1400 audit(1750620949.044:408): avc:  denied  { read write } for  pid=3710 comm="syz.2.69" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   45.348343][   T29] audit: type=1400 audit(1750620949.044:409): avc:  denied  { open } for  pid=3710 comm="syz.2.69" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   45.371507][   T29] audit: type=1400 audit(1750620949.044:410): avc:  denied  { ioctl } for  pid=3710 comm="syz.2.69" path="/dev/rtc0" dev="devtmpfs" ino=244 ioctlcmd=0x7004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   45.384996][ T3713] loop3: detected capacity change from 0 to 2048
[   45.402779][ T3703] netlink: 4 bytes leftover after parsing attributes in process `syz.4.68'.
[   45.418219][ T3703] bond0: (slave bond_slave_0): Releasing backup interface
[   45.455094][ T3709] Driver unsupported XDP return value 0 on prog  (id 59) dev N/A, expect packet loss!
[   45.475040][ T3716] loop1: detected capacity change from 0 to 2048
[   45.482118][ T3713]  loop3: p1 < > p4
[   45.488738][ T3713] loop3: p4 size 8388608 extends beyond EOD, truncated
[   45.530013][ T3716]  loop1: p1 < > p4
[   45.534311][ T3724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.74'.
[   45.549615][ T3716] loop1: p4 size 8388608 extends beyond EOD, truncated
[   45.559147][ T2996]  loop3: p1 < > p4
[   45.577604][ T2996] loop3: p4 size 8388608 extends beyond EOD, truncated
[   45.690849][ T3495] udevd[3495]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   45.711667][ T3734] __vm_enough_memory: pid: 3734, comm: syz.1.77, bytes: 21200345194496 not enough memory for the allocation
[   45.725138][ T3489] udevd[3489]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[   45.749053][ T3495] udevd[3495]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   45.753015][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   45.813073][ T3738] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   45.825300][ T3740] loop3: detected capacity change from 0 to 512
[   45.858356][ T3742] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[   45.866648][ T3742] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[   45.880464][ T3740] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.894480][ T3740] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   45.895553][ T3747] netlink: 8 bytes leftover after parsing attributes in process `syz.4.82'.
[   45.915555][ T3742] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   46.043952][ T3761] loop4: detected capacity change from 0 to 2048
[   46.068300][ T3740] syz.3.80 (3740) used greatest stack depth: 10336 bytes left
[   46.079415][ T3763] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3763 comm=syz.0.84
[   46.102347][ T3495]  loop4: p1 < > p4
[   46.110997][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.116364][ T3495] loop4: p4 size 8388608 extends beyond EOD, truncated
[   46.129247][ T3765] loop2: detected capacity change from 0 to 2048
[   46.136367][ T3763] IPVS: set_ctl: invalid protocol: 59 172.20.20.45:20001
[   46.152675][ T3761]  loop4: p1 < > p4
[   46.160653][ T3761] loop4: p4 size 8388608 extends beyond EOD, truncated
[   46.161185][ T3767] FAULT_INJECTION: forcing a failure.
[   46.161185][ T3767] name failslab, interval 1, probability 0, space 0, times 0
[   46.180330][ T3767] CPU: 0 UID: 0 PID: 3767 Comm: +}[@ Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   46.180363][ T3767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   46.180378][ T3767] Call Trace:
[   46.180435][ T3767]  <TASK>
[   46.180442][ T3767]  __dump_stack+0x1d/0x30
[   46.180464][ T3767]  dump_stack_lvl+0xe8/0x140
[   46.180484][ T3767]  dump_stack+0x15/0x1b
[   46.180580][ T3767]  should_fail_ex+0x265/0x280
[   46.180618][ T3767]  should_failslab+0x8c/0xb0
[   46.180653][ T3767]  __kmalloc_noprof+0xa5/0x3e0
[   46.180684][ T3767]  ? nft_obj_init+0x3c/0x220
[   46.180728][ T3767]  nft_obj_init+0x3c/0x220
[   46.180755][ T3767]  nf_tables_newobj+0x72f/0xcc0
[   46.180794][ T3767]  nfnetlink_rcv+0xb96/0x1690
[   46.180887][ T3767]  netlink_unicast+0x59e/0x670
[   46.180923][ T3767]  netlink_sendmsg+0x58b/0x6b0
[   46.181018][ T3767]  ? __pfx_netlink_sendmsg+0x10/0x10
[   46.181040][ T3767]  __sock_sendmsg+0x142/0x180
[   46.181071][ T3767]  ____sys_sendmsg+0x31e/0x4e0
[   46.181172][ T3767]  ___sys_sendmsg+0x17b/0x1d0
[   46.181231][ T3767]  __x64_sys_sendmsg+0xd4/0x160
[   46.181272][ T3767]  x64_sys_call+0x2999/0x2fb0
[   46.181337][ T3767]  do_syscall_64+0xd2/0x200
[   46.181360][ T3767]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   46.181387][ T3767]  ? clear_bhb_loop+0x40/0x90
[   46.181414][ T3767]  ? clear_bhb_loop+0x40/0x90
[   46.181470][ T3767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.181490][ T3767] RIP: 0033:0x7f02fdf4e929
[   46.181504][ T3767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   46.181524][ T3767] RSP: 002b:00007f02fc5b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   46.181562][ T3767] RAX: ffffffffffffffda RBX: 00007f02fe175fa0 RCX: 00007f02fdf4e929
[   46.181574][ T3767] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[   46.181585][ T3767] RBP: 00007f02fc5b7090 R08: 0000000000000000 R09: 0000000000000000
[   46.181596][ T3767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   46.181622][ T3767] R13: 0000000000000000 R14: 00007f02fe175fa0 R15: 00007ffca9259258
[   46.181647][ T3767]  </TASK>
[   46.188807][ T2996]  loop4: p1 < > p4
[   46.202404][ T3297]  loop2: p1 < > p4
[   46.235433][ T2996] loop4: p4 size 8388608 extends beyond EOD, 
[   46.316110][ T3297] loop2: p4 size 8388608 extends beyond EOD, 
[   46.316648][ T2996] truncated
[   46.321244][ T3297] truncated
[   46.463376][ T2996]  loop4: p1 < > p4
[   46.466546][ T3765]  loop2: p1 < > p4
[   46.476593][ T2996] loop4: p4 size 8388608 extends beyond EOD, truncated
[   46.485236][ T3765] loop2: p4 size 8388608 extends beyond EOD, truncated
[   46.561280][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   46.568744][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   46.574285][ T3495] udevd[3495]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   46.596696][ T3489] udevd[3489]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   46.656661][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[   46.660035][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[   46.871011][ T3812] loop0: detected capacity change from 0 to 2048
[   46.909326][ T3297]  loop0: p1 < > p4
[   46.913846][ T3297] loop0: p4 size 8388608 extends beyond EOD, truncated
[   46.925841][ T3812]  loop0: p1 < > p4
[   46.930542][ T3812] loop0: p4 size 8388608 extends beyond EOD, truncated
[   47.048887][ T3824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   47.066980][ T3822] loop4: detected capacity change from 0 to 2048
[   47.075687][ T3824] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   47.121397][ T3826] loop0: detected capacity change from 0 to 512
[   47.129149][ T3300]  loop4: p1 < > p4
[   47.134085][ T3300] loop4: p4 size 8388608 extends beyond EOD, truncated
[   47.142861][ T3826] EXT4-fs: Ignoring removed oldalloc option
[   47.151477][ T3822]  loop4: p1 < > p4
[   47.156406][ T3826] EXT4-fs: Mount option(s) incompatible with ext2
[   47.164162][ T3822] loop4: p4 size 8388608 extends beyond EOD, truncated
[   47.245256][ T3787] loop2: detected capacity change from 0 to 128
[   47.252002][ T3831] FAULT_INJECTION: forcing a failure.
[   47.252002][ T3831] name failslab, interval 1, probability 0, space 0, times 0
[   47.252882][ T3787] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal
[   47.264696][ T3831] CPU: 1 UID: 0 PID: 3831 Comm: syz.0.107 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   47.264725][ T3831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   47.264737][ T3831] Call Trace:
[   47.264743][ T3831]  <TASK>
[   47.264751][ T3831]  __dump_stack+0x1d/0x30
[   47.264859][ T3831]  dump_stack_lvl+0xe8/0x140
[   47.264887][ T3831]  dump_stack+0x15/0x1b
[   47.264911][ T3831]  should_fail_ex+0x265/0x280
[   47.264976][ T3831]  should_failslab+0x8c/0xb0
[   47.265009][ T3831]  kmem_cache_alloc_node_noprof+0x57/0x320
[   47.265049][ T3831]  ? __alloc_skb+0x101/0x320
[   47.265119][ T3831]  __alloc_skb+0x101/0x320
[   47.265156][ T3831]  ? audit_log_start+0x365/0x6c0
[   47.265202][ T3831]  audit_log_start+0x380/0x6c0
[   47.265250][ T3831]  audit_seccomp+0x48/0x100
[   47.265289][ T3831]  ? __seccomp_filter+0x68c/0x10d0
[   47.265322][ T3831]  __seccomp_filter+0x69d/0x10d0
[   47.265445][ T3831]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   47.265493][ T3831]  ? vfs_write+0x75e/0x8e0
[   47.265539][ T3831]  ? __rcu_read_unlock+0x4f/0x70
[   47.265583][ T3831]  ? __fget_files+0x184/0x1c0
[   47.265629][ T3831]  __secure_computing+0x82/0x150
[   47.265679][ T3831]  syscall_trace_enter+0xcf/0x1e0
[   47.265755][ T3831]  do_syscall_64+0xac/0x200
[   47.265781][ T3831]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   47.265819][ T3831]  ? clear_bhb_loop+0x40/0x90
[   47.265895][ T3831]  ? clear_bhb_loop+0x40/0x90
[   47.265928][ T3831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   47.265957][ T3831] RIP: 0033:0x7f738546e929
[   47.265980][ T3831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   47.266004][ T3831] RSP: 002b:00007f7383ad7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[   47.266030][ T3831] RAX: ffffffffffffffda RBX: 00007f7385695fa0 RCX: 00007f738546e929
[   47.266048][ T3831] RDX: 0000000000000000 RSI: 000000000000002f RDI: 0000000000000010
[   47.266135][ T3831] RBP: 00007f7383ad7090 R08: 0000000000000000 R09: 0000000000000000
[   47.266152][ T3831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   47.266168][ T3831] R13: 0000000000000000 R14: 00007f7385695fa0 R15: 00007fff536b2918
[   47.266194][ T3831]  </TASK>
[   47.392387][ T3836] FAULT_INJECTION: forcing a failure.
[   47.392387][ T3836] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   47.508452][ T3836] CPU: 1 UID: 0 PID: 3836 Comm: syz.4.110 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   47.508501][ T3836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   47.508515][ T3836] Call Trace:
[   47.508523][ T3836]  <TASK>
[   47.508533][ T3836]  __dump_stack+0x1d/0x30
[   47.508556][ T3836]  dump_stack_lvl+0xe8/0x140
[   47.508579][ T3836]  dump_stack+0x15/0x1b
[   47.508598][ T3836]  should_fail_ex+0x265/0x280
[   47.508654][ T3836]  should_fail+0xb/0x20
[   47.508688][ T3836]  should_fail_usercopy+0x1a/0x20
[   47.508725][ T3836]  _copy_to_user+0x20/0xa0
[   47.508799][ T3836]  simple_read_from_buffer+0xb5/0x130
[   47.508871][ T3836]  proc_fail_nth_read+0x100/0x140
[   47.508895][ T3836]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   47.508956][ T3836]  vfs_read+0x1a0/0x6f0
[   47.508986][ T3836]  ? __rcu_read_unlock+0x4f/0x70
[   47.509049][ T3836]  ? __fget_files+0x184/0x1c0
[   47.509071][ T3836]  ksys_read+0xda/0x1a0
[   47.509121][ T3836]  __x64_sys_read+0x40/0x50
[   47.509205][ T3836]  x64_sys_call+0x2d77/0x2fb0
[   47.509225][ T3836]  do_syscall_64+0xd2/0x200
[   47.509282][ T3836]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   47.509309][ T3836]  ? clear_bhb_loop+0x40/0x90
[   47.509331][ T3836]  ? clear_bhb_loop+0x40/0x90
[   47.509353][ T3836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   47.509379][ T3836] RIP: 0033:0x7f52096fd33c
[   47.509394][ T3836] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   47.509412][ T3836] RSP: 002b:00007f5207d67030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   47.509449][ T3836] RAX: ffffffffffffffda RBX: 00007f5209925fa0 RCX: 00007f52096fd33c
[   47.509461][ T3836] RDX: 000000000000000f RSI: 00007f5207d670a0 RDI: 0000000000000003
[   47.509473][ T3836] RBP: 00007f5207d67090 R08: 0000000000000000 R09: 0000000000000000
[   47.509485][ T3836] R10: 000000000004c831 R11: 0000000000000246 R12: 0000000000000002
[   47.509501][ T3836] R13: 0000000000000000 R14: 00007f5209925fa0 R15: 00007fff0a44dab8
[   47.509524][ T3836]  </TASK>
[   47.746652][ T3844] tipc: Started in network mode
[   47.751703][ T3844] tipc: Node identity ac14140f, cluster identity 4711
[   47.767855][ T3844] tipc: New replicast peer: 255.255.255.255
[   47.774126][ T3844] tipc: Enabled bearer <udp:s>, priority 10
[   47.781549][ T3848] netlink: 8 bytes leftover after parsing attributes in process `syz.4.115'.
[   47.826350][ T3853] loop2: detected capacity change from 0 to 2048
[   47.833972][ T3855] loop0: detected capacity change from 0 to 2048
[   47.908761][ T3495]  loop0: p1 < > p4
[   47.913748][ T3495] loop0: p4 size 8388608 extends beyond EOD, truncated
[   47.940123][ T3853]  loop2: p1 < > p4
[   47.944567][ T3853] loop2: p4 size 8388608 extends beyond EOD, truncated
[   47.966371][ T3855]  loop0: p1 < > p4
[   47.974066][ T3855] loop0: p4 size 8388608 extends beyond EOD, truncated
[   48.214345][ T3869] netlink: 24 bytes leftover after parsing attributes in process `syz.0.123'.
[   48.232987][ T3866] netlink: 'syz.2.122': attribute type 1 has an invalid length.
[   48.262369][ T3869] FAULT_INJECTION: forcing a failure.
[   48.262369][ T3869] name failslab, interval 1, probability 0, space 0, times 0
[   48.275145][ T3869] CPU: 1 UID: 0 PID: 3869 Comm: syz.0.123 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   48.275224][ T3869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   48.275238][ T3869] Call Trace:
[   48.275246][ T3869]  <TASK>
[   48.275254][ T3869]  __dump_stack+0x1d/0x30
[   48.275278][ T3869]  dump_stack_lvl+0xe8/0x140
[   48.275296][ T3869]  dump_stack+0x15/0x1b
[   48.275310][ T3869]  should_fail_ex+0x265/0x280
[   48.275392][ T3869]  should_failslab+0x8c/0xb0
[   48.275429][ T3869]  kmem_cache_alloc_noprof+0x50/0x310
[   48.275465][ T3869]  ? skb_clone+0x151/0x1f0
[   48.275550][ T3869]  skb_clone+0x151/0x1f0
[   48.275566][ T3869]  __netlink_deliver_tap+0x2c9/0x500
[   48.275678][ T3869]  netlink_unicast+0x64c/0x670
[   48.275707][ T3869]  netlink_sendmsg+0x58b/0x6b0
[   48.275732][ T3869]  ? __pfx_netlink_sendmsg+0x10/0x10
[   48.275810][ T3869]  __sock_sendmsg+0x142/0x180
[   48.275833][ T3869]  ____sys_sendmsg+0x31e/0x4e0
[   48.275874][ T3869]  ___sys_sendmsg+0x17b/0x1d0
[   48.275967][ T3869]  __x64_sys_sendmsg+0xd4/0x160
[   48.276063][ T3869]  x64_sys_call+0x2999/0x2fb0
[   48.276088][ T3869]  do_syscall_64+0xd2/0x200
[   48.276109][ T3869]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   48.276205][ T3869]  ? clear_bhb_loop+0x40/0x90
[   48.276296][ T3869]  ? clear_bhb_loop+0x40/0x90
[   48.276321][ T3869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.276340][ T3869] RIP: 0033:0x7f738546e929
[   48.276354][ T3869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.276374][ T3869] RSP: 002b:00007f7383ad7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   48.276396][ T3869] RAX: ffffffffffffffda RBX: 00007f7385695fa0 RCX: 00007f738546e929
[   48.276426][ T3869] RDX: 0000000000004000 RSI: 0000200000000300 RDI: 0000000000000003
[   48.276440][ T3869] RBP: 00007f7383ad7090 R08: 0000000000000000 R09: 0000000000000000
[   48.276454][ T3869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   48.276476][ T3869] R13: 0000000000000000 R14: 00007f7385695fa0 R15: 00007fff536b2918
[   48.276542][ T3869]  </TASK>
[   48.517870][ T3866] syz.2.122 (3866) used greatest stack depth: 9280 bytes left
[   48.525557][ T3871] loop4: detected capacity change from 0 to 1024
[   48.557516][ T3873] netlink: 12 bytes leftover after parsing attributes in process `syz.2.126'.
[   48.578666][ T3873] bridge1: port 1(ip6gretap1) entered blocking state
[   48.585451][ T3873] bridge1: port 1(ip6gretap1) entered disabled state
[   48.592575][ T3873] ip6gretap1: entered allmulticast mode
[   48.600509][ T3873] ip6gretap1: entered promiscuous mode
[   48.607967][ T3873] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   48.643680][ T3874] veth3: entered promiscuous mode
[   48.649287][ T3874] bridge1: port 2(veth3) entered blocking state
[   48.655601][ T3874] bridge1: port 2(veth3) entered disabled state
[   48.663011][ T3874] veth3: entered allmulticast mode
[   48.697689][ T3871] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.743851][ T3885] syz.2.128 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   48.817930][ T3894] loop1: detected capacity change from 0 to 256
[   48.864932][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.885428][ T3898] netlink: 204 bytes leftover after parsing attributes in process `syz.3.132'.
[   48.898210][   T10] tipc: Node number set to 2886997007
[   48.962509][ T3909] netlink: 24 bytes leftover after parsing attributes in process `syz.1.134'.
[   48.974572][ T3900] loop4: detected capacity change from 0 to 2048
[   49.020336][ T3914] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   49.027856][ T3914] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   49.036721][ T3297]  loop4: p1 < > p4
[   49.042362][ T3297] loop4: p4 size 8388608 extends beyond EOD, truncated
[   49.062720][ T3900]  loop4: p1 < > p4
[   49.067384][ T3900] loop4: p4 size 8388608 extends beyond EOD, truncated
[   49.075349][ T3923] SELinux:  truncated policydb string identifier
[   49.081970][ T3923] SELinux: failed to load policy
[   49.124829][ T2996]  loop4: p1 < > p4
[   49.138988][ T2996] loop4: p4 size 8388608 extends beyond EOD, truncated
[   49.197122][ T3933] netlink: 'syz.4.142': attribute type 3 has an invalid length.
[   49.225800][ T3933] netlink: 4 bytes leftover after parsing attributes in process `syz.4.142'.
[   49.243073][ T3937] loop1: detected capacity change from 0 to 512
[   49.262617][ T3937] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2798: inode #11: comm syz.1.143: corrupted xattr block 95: invalid header
[   49.303243][ T3937] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 11. Delete some EAs or run e2fsck.
[   49.323297][ T3937] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.143: bg 0: block 7: invalid block bitmap
[   49.346873][ T3937] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   49.362646][ T3937] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2962: inode #11: comm syz.1.143: corrupted xattr block 95: invalid header
[   49.399566][ T3937] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[   49.436509][ T3937] EXT4-fs (loop1): 1 orphan inode deleted
[   49.445457][ T3937] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.468616][ T3953] netlink: 20 bytes leftover after parsing attributes in process `syz.0.149'.
[   49.470598][   T29] kauditd_printk_skb: 274 callbacks suppressed
[   49.470614][   T29] audit: type=1326 audit(1750620953.204:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3951 comm="syz.4.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   49.535583][ T3956] loop0: detected capacity change from 0 to 512
[   49.535583][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.543301][   T29] audit: type=1326 audit(1750620953.214:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3951 comm="syz.4.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   49.574348][   T29] audit: type=1400 audit(1750620953.214:685): avc:  denied  { getattr } for  pid=3951 comm="syz.4.150" name="/" dev="pidfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   49.596792][   T29] audit: type=1326 audit(1750620953.214:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3951 comm="syz.4.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   49.620258][   T29] audit: type=1326 audit(1750620953.214:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3951 comm="syz.4.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   49.643666][   T29] audit: type=1326 audit(1750620953.214:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3951 comm="syz.4.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   49.655384][ T3956] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.667117][   T29] audit: type=1326 audit(1750620953.214:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3951 comm="syz.4.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   49.679716][ T3956] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.703063][   T29] audit: type=1326 audit(1750620953.214:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3951 comm="syz.4.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   49.703172][   T29] audit: type=1400 audit(1750620953.214:691): avc:  denied  { create } for  pid=3951 comm="syz.4.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   49.703199][   T29] audit: type=1326 audit(1750620953.214:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3951 comm="syz.4.150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   49.755706][ T3966] loop1: detected capacity change from 0 to 2048
[   49.829803][ T3495]  loop1: p1 < > p4
[   49.837659][ T3495] loop1: p4 size 8388608 extends beyond EOD, truncated
[   49.855793][ T3966]  loop1: p1 < > p4
[   49.877378][ T3966] loop1: p4 size 8388608 extends beyond EOD, truncated
[   49.914068][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.944823][ T3970] C: renamed from team_slave_0 (while UP)
[   49.957054][ T3970] netlink: 'syz.3.155': attribute type 1 has an invalid length.
[   49.964823][ T3970] netlink: 152 bytes leftover after parsing attributes in process `syz.3.155'.
[   49.973814][ T3970] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   50.117370][ T3972] netlink: 'syz.2.157': attribute type 10 has an invalid length.
[   50.125237][ T3972] netlink: 2 bytes leftover after parsing attributes in process `syz.2.157'.
[   50.155610][ T3985] loop0: detected capacity change from 0 to 1024
[   50.161689][ T3972] team0: entered promiscuous mode
[   50.169546][ T3985] EXT4-fs: Ignoring removed nobh option
[   50.171905][ T3972] team_slave_0: entered promiscuous mode
[   50.175552][ T3985] EXT4-fs: Ignoring removed bh option
[   50.181300][ T3972] team_slave_1: entered promiscuous mode
[   50.197025][ T3987] loop3: detected capacity change from 0 to 512
[   50.203806][ T3987] EXT4-fs: Ignoring removed nomblk_io_submit option
[   50.210795][ T3987] EXT4-fs: Ignoring removed mblk_io_submit option
[   50.217605][ T3972] bridge0: port 3(team0) entered blocking state
[   50.223997][ T3972] bridge0: port 3(team0) entered disabled state
[   50.230642][ T3972] team0: entered allmulticast mode
[   50.236158][ T3972] team_slave_0: entered allmulticast mode
[   50.241957][ T3972] team_slave_1: entered allmulticast mode
[   50.251043][ T3987] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[   50.260908][ T3985] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.274774][ T3987] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[   50.283178][ T3972] bridge0: port 3(team0) entered blocking state
[   50.289525][ T3972] bridge0: port 3(team0) entered forwarding state
[   50.298705][ T3982] loop2: detected capacity change from 0 to 8192
[   50.305443][ T3987] EXT4-fs (loop3): 1 truncate cleaned up
[   50.315913][ T3987] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.329454][ T3987] ext4: Unknown parameter '·'
[   50.374426][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.561586][ T4006] netlink: 'syz.4.166': attribute type 4 has an invalid length.
[   50.565671][ T4009] loop3: detected capacity change from 0 to 1024
[   50.601325][ T4006] netlink: 'syz.4.166': attribute type 4 has an invalid length.
[   50.604164][ T2996]  loop1: p1 < > p4
[   50.618568][ T4009] EXT4-fs: Ignoring removed oldalloc option
[   50.624546][ T4009] EXT4-fs: Ignoring removed bh option
[   50.638916][ T2996] loop1: p4 size 8388608 extends beyond EOD, truncated
[   50.703577][ T4012] loop4: detected capacity change from 0 to 2048
[   50.705336][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.727142][ T4009] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.742066][ T2996]  loop4: p1 < > p4
[   50.748154][ T2996] loop4: p4 size 8388608 extends beyond EOD, truncated
[   50.760204][ T4009] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   50.769898][ T4012]  loop4: p1 < > p4
[   50.776937][ T4012] loop4: p4 size 8388608 extends beyond EOD, truncated
[   50.825618][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.845236][ T2996]  loop4: p1 < > p4
[   50.858266][ T2996] loop4: p4 size 8388608 extends beyond EOD, truncated
[   50.873124][ T4022] loop3: detected capacity change from 0 to 2048
[   50.903479][ T2996]  loop4: p1 < > p4
[   50.908202][ T2996] loop4: p4 size 8388608 extends beyond EOD, truncated
[   50.917255][ T4026] __nla_validate_parse: 2 callbacks suppressed
[   50.917317][ T4026] netlink: 8 bytes leftover after parsing attributes in process `syz.0.174'.
[   50.932893][ T4026] netlink: 8 bytes leftover after parsing attributes in process `syz.0.174'.
[   50.942350][ T4026] netlink: 8 bytes leftover after parsing attributes in process `syz.0.174'.
[   50.948855][ T4022]  loop3: p1 < > p4
[   50.975916][ T4022] loop3: p4 size 8388608 extends beyond EOD, truncated
[   51.023547][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   51.039648][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[   51.093837][ T2996]  loop3: p1 < > p4
[   51.100373][ T2996] loop3: p4 size 8388608 extends beyond EOD, truncated
[   51.127350][ T4034] loop0: detected capacity change from 0 to 512
[   51.135058][ T4034] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   51.170589][ T4036] loop3: detected capacity change from 0 to 2048
[   51.181665][ T4034] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002]
[   51.191247][ T3790] udevd[3790]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   51.203927][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   51.223301][ T4034] EXT4-fs (loop0): orphan cleanup on readonly fs
[   51.231584][ T3495]  loop3: p1 < > p4
[   51.236199][ T3495] loop3: p4 size 8388608 extends beyond EOD, truncated
[   51.246755][ T4034] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #11: comm syz.0.178: attempt to clear invalid blocks 1024 len 1
[   51.261876][ T3794] udevd[3794]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   51.283853][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   51.294860][ T4036]  loop3: p1 < > p4
[   51.299863][ T4034] EXT4-fs (loop0): Remounting filesystem read-only
[   51.300715][ T4036] loop3: p4 size 8388608 extends beyond EOD, truncated
[   51.323684][ T4034] EXT4-fs (loop0): 1 truncate cleaned up
[   51.333671][ T4034] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[   51.347638][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   51.349782][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   51.463072][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[   51.515268][ T3300] udevd[3300]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   51.535335][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   51.556617][ T4043] SELinux: syz.0.181 (4043) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   51.609471][ T4045] loop4: detected capacity change from 0 to 256
[   51.638241][ T4045] FAULT_INJECTION: forcing a failure.
[   51.638241][ T4045] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   51.651720][ T4045] CPU: 1 UID: 0 PID: 4045 Comm: syz.4.182 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   51.651750][ T4045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   51.651762][ T4045] Call Trace:
[   51.651767][ T4045]  <TASK>
[   51.651775][ T4045]  __dump_stack+0x1d/0x30
[   51.651797][ T4045]  dump_stack_lvl+0xe8/0x140
[   51.651846][ T4045]  dump_stack+0x15/0x1b
[   51.651863][ T4045]  should_fail_ex+0x265/0x280
[   51.651940][ T4045]  should_fail_alloc_page+0xf2/0x100
[   51.651963][ T4045]  __alloc_frozen_pages_noprof+0xff/0x360
[   51.652004][ T4045]  alloc_pages_mpol+0xb3/0x250
[   51.652071][ T4045]  vma_alloc_folio_noprof+0x1aa/0x300
[   51.652107][ T4045]  handle_mm_fault+0xec2/0x2be0
[   51.652167][ T4045]  ? __rcu_read_lock+0x37/0x50
[   51.652250][ T4045]  __get_user_pages+0x1036/0x1fb0
[   51.652280][ T4045]  faultin_page_range+0x10f/0x5b0
[   51.652371][ T4045]  madvise_do_behavior+0x120/0x1f20
[   51.652402][ T4045]  ? kstrtoull+0x111/0x140
[   51.652430][ T4045]  ? kstrtouint+0x76/0xc0
[   51.652479][ T4045]  ? 0xffffffff81000000
[   51.652496][ T4045]  ? get_pid_task+0x96/0xd0
[   51.652519][ T4045]  ? proc_fail_nth_write+0x12d/0x160
[   51.652542][ T4045]  ? down_read+0x77/0xe0
[   51.652607][ T4045]  do_madvise+0x103/0x190
[   51.652644][ T4045]  __x64_sys_madvise+0x64/0x80
[   51.652669][ T4045]  x64_sys_call+0x2455/0x2fb0
[   51.652689][ T4045]  do_syscall_64+0xd2/0x200
[   51.652748][ T4045]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   51.652783][ T4045]  ? clear_bhb_loop+0x40/0x90
[   51.652855][ T4045]  ? clear_bhb_loop+0x40/0x90
[   51.652875][ T4045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.652894][ T4045] RIP: 0033:0x7f52096fe929
[   51.652908][ T4045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.652926][ T4045] RSP: 002b:00007f5207d67038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[   51.652943][ T4045] RAX: ffffffffffffffda RBX: 00007f5209925fa0 RCX: 00007f52096fe929
[   51.652954][ T4045] RDX: 0000000000000017 RSI: 0000000000800000 RDI: 00002000000ec000
[   51.653038][ T4045] RBP: 00007f5207d67090 R08: 0000000000000000 R09: 0000000000000000
[   51.653051][ T4045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   51.653114][ T4045] R13: 0000000000000000 R14: 00007f5209925fa0 R15: 00007fff0a44dab8
[   51.653140][ T4045]  </TASK>
[   51.976799][ T4057] loop3: detected capacity change from 0 to 2048
[   52.019289][ T3495]  loop3: p1 < > p4
[   52.033758][ T3495] loop3: p4 size 8388608 extends beyond EOD, truncated
[   52.059444][ T4057]  loop3: p1 < > p4
[   52.076064][ T4057] loop3: p4 size 8388608 extends beyond EOD, truncated
[   52.088398][ T4063] hub 2-0:1.0: USB hub found
[   52.115115][ T4063] hub 2-0:1.0: 8 ports detected
[   52.292845][ T4062] loop0: detected capacity change from 0 to 8192
[   52.428439][ T3495]  loop0: p1 p2 p3
[   52.971202][ T4062]  loop0: p1 p2 p3
[   53.136410][ T4086] loop0: detected capacity change from 0 to 2048
[   53.165918][ T4088] loop4: detected capacity change from 0 to 512
[   53.212404][ T4086]  loop0: p1 < > p4
[   53.219406][ T4086] loop0: p4 size 8388608 extends beyond EOD, truncated
[   53.233184][ T4088] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.258370][ T4092] loop3: detected capacity change from 0 to 128
[   53.274684][ T4088] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.374752][ T4096] loop2: detected capacity change from 0 to 128
[   53.451712][ T2996]  loop0: p1 < > p4
[   53.456345][ T2996] loop0: p4 size 8388608 extends beyond EOD, truncated
[   53.472773][ T4092] syz.3.193: attempt to access beyond end of device
[   53.472773][ T4092] loop3: rw=2049, sector=153, nr_sectors = 8 limit=128
[   53.496818][ T4092] syz.3.193: attempt to access beyond end of device
[   53.496818][ T4092] loop3: rw=524288, sector=153, nr_sectors = 8 limit=128
[   53.535087][ T4092] syz.3.193: attempt to access beyond end of device
[   53.535087][ T4092] loop3: rw=0, sector=153, nr_sectors = 8 limit=128
[   53.550800][ T4092] syz.3.193: attempt to access beyond end of device
[   53.550800][ T4092] loop3: rw=0, sector=153, nr_sectors = 8 limit=128
[   53.580763][ T4084] hub 2-0:1.0: USB hub found
[   53.586170][ T4092] syz.3.193: attempt to access beyond end of device
[   53.586170][ T4092] loop3: rw=0, sector=153, nr_sectors = 8 limit=128
[   53.600922][ T4084] hub 2-0:1.0: 8 ports detected
[   53.734935][ T4092] syz.3.193: attempt to access beyond end of device
[   53.734935][ T4092] loop3: rw=0, sector=153, nr_sectors = 8 limit=128
[   53.792928][ T4096] syz.2.195: attempt to access beyond end of device
[   53.792928][ T4096] loop2: rw=2049, sector=153, nr_sectors = 8 limit=128
[   53.880485][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.888699][ T4092] syz.3.193: attempt to access beyond end of device
[   53.888699][ T4092] loop3: rw=0, sector=153, nr_sectors = 8 limit=128
[   53.930737][ T4096] syz.2.195: attempt to access beyond end of device
[   53.930737][ T4096] loop2: rw=2049, sector=169, nr_sectors = 8 limit=128
[   53.945496][ T4096] syz.2.195: attempt to access beyond end of device
[   53.945496][ T4096] loop2: rw=2049, sector=185, nr_sectors = 8 limit=128
[   54.093523][ T4113] netlink: 4 bytes leftover after parsing attributes in process `syz.3.203'.
[   54.125143][ T4113] bridge_slave_1: left allmulticast mode
[   54.130954][ T4113] bridge_slave_1: left promiscuous mode
[   54.136740][ T4113] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.147680][ T4115] loop3: detected capacity change from 0 to 512
[   54.174944][ T4115] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   54.217542][ T4111] loop2: detected capacity change from 0 to 128
[   54.232917][ T4113] bridge_slave_0: left allmulticast mode
[   54.238897][ T4113] bridge_slave_0: left promiscuous mode
[   54.244739][ T4113] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.253920][ T4105] loop0: detected capacity change from 0 to 256
[   54.276467][ T4115] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:169: inode #17: comm syz.3.203: inline data xattr refers to an external xattr inode
[   54.310559][ T4115] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.203: couldn't read orphan inode 17 (err -117)
[   54.339555][ T4115] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   54.353368][ T4105] FAT-fs (loop0): codepage cp860 not found
[   54.487026][   T29] kauditd_printk_skb: 446 callbacks suppressed
[   54.487043][   T29] audit: type=1400 audit(1750620958.214:1139): avc:  denied  { map_create } for  pid=4110 comm="syz.2.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   54.536126][ T4124] netlink: 'syz.1.205': attribute type 21 has an invalid length.
[   54.543938][ T4124] netlink: 156 bytes leftover after parsing attributes in process `syz.1.205'.
[   54.557374][   T29] audit: type=1400 audit(1750620958.284:1140): avc:  denied  { prog_load } for  pid=4110 comm="syz.2.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   54.596246][   T29] audit: type=1400 audit(1750620958.284:1141): avc:  denied  { bpf } for  pid=4110 comm="syz.2.202" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   54.616839][   T29] audit: type=1400 audit(1750620958.284:1142): avc:  denied  { perfmon } for  pid=4110 comm="syz.2.202" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   54.935146][   T29] audit: type=1400 audit(1750620958.634:1143): avc:  denied  { unmount } for  pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   54.954881][   T29] audit: type=1400 audit(1750620958.654:1144): avc:  denied  { unmount } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   54.958337][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.974861][   T29] audit: type=1400 audit(1750620958.664:1145): avc:  denied  { read write } for  pid=3308 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   54.974896][   T29] audit: type=1400 audit(1750620958.664:1146): avc:  denied  { open } for  pid=3308 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   55.032186][   T29] audit: type=1400 audit(1750620958.664:1147): avc:  denied  { ioctl } for  pid=3308 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=104 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   55.062860][   T29] audit: type=1400 audit(1750620958.794:1148): avc:  denied  { map_read map_write } for  pid=4126 comm="syz.4.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   55.242044][ T4131] loop3: detected capacity change from 0 to 8192
[   55.318126][ T3495]  loop3: p1 p2 p3
[   55.340128][ T4131]  loop3: p1 p2 p3
[   55.558295][ T4146] loop0: detected capacity change from 0 to 512
[   55.783341][ T4146] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.831252][ T4146] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.898082][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.910868][ T4154] loop1: detected capacity change from 0 to 2048
[   55.968970][ T4154]  loop1: p1 < > p4
[   55.974169][ T4154] loop1: p4 size 8388608 extends beyond EOD, truncated
[   55.992680][ T4159] loop0: detected capacity change from 0 to 1024
[   56.010193][ T4158] loop4: detected capacity change from 0 to 512
[   56.032454][ T4159] EXT4-fs (loop0): orphan cleanup on readonly fs
[   56.039427][ T4159] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.215: Failed to acquire dquot type 0
[   56.052385][ T4159] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   56.069447][ T4159] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #13: comm syz.0.215: corrupted inode contents
[   56.081525][ T4159] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #13: comm syz.0.215: mark_inode_dirty error
[   56.107941][ T4159] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #13: comm syz.0.215: corrupted inode contents
[   56.122558][ T4163] FAULT_INJECTION: forcing a failure.
[   56.122558][ T4163] name failslab, interval 1, probability 0, space 0, times 0
[   56.135377][ T4163] CPU: 1 UID: 0 PID: 4163 Comm: syz.2.217 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   56.135467][ T4163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   56.135481][ T4163] Call Trace:
[   56.135488][ T4163]  <TASK>
[   56.135496][ T4163]  __dump_stack+0x1d/0x30
[   56.135515][ T4163]  dump_stack_lvl+0xe8/0x140
[   56.135602][ T4163]  dump_stack+0x15/0x1b
[   56.135618][ T4163]  should_fail_ex+0x265/0x280
[   56.135665][ T4163]  should_failslab+0x8c/0xb0
[   56.135687][ T4163]  kmem_cache_alloc_node_noprof+0x57/0x320
[   56.135745][ T4163]  ? __alloc_skb+0x101/0x320
[   56.135773][ T4163]  __alloc_skb+0x101/0x320
[   56.135848][ T4163]  ? audit_log_start+0x365/0x6c0
[   56.135938][ T4163]  audit_log_start+0x380/0x6c0
[   56.135969][ T4163]  ? send_signal_locked+0x34e/0x3c0
[   56.135999][ T4163]  audit_seccomp+0x48/0x100
[   56.136041][ T4163]  ? __seccomp_filter+0x68c/0x10d0
[   56.136063][ T4163]  __seccomp_filter+0x69d/0x10d0
[   56.136088][ T4163]  ? vfs_write+0x75e/0x8e0
[   56.136187][ T4163]  ? __rcu_read_unlock+0x4f/0x70
[   56.136208][ T4163]  ? __fget_files+0x184/0x1c0
[   56.136226][ T4163]  ? __fget_files+0x184/0x1c0
[   56.136306][ T4163]  __secure_computing+0x82/0x150
[   56.136328][ T4163]  syscall_trace_enter+0xcf/0x1e0
[   56.136352][ T4163]  do_syscall_64+0xac/0x200
[   56.136387][ T4163]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   56.136411][ T4163]  ? clear_bhb_loop+0x40/0x90
[   56.136432][ T4163]  ? clear_bhb_loop+0x40/0x90
[   56.136508][ T4163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.136527][ T4163] RIP: 0033:0x7fc516d1d33c
[   56.136542][ T4163] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   56.136559][ T4163] RSP: 002b:00007fc515387030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   56.136622][ T4163] RAX: ffffffffffffffda RBX: 00007fc516f45fa0 RCX: 00007fc516d1d33c
[   56.136633][ T4163] RDX: 000000000000000f RSI: 00007fc5153870a0 RDI: 0000000000000007
[   56.136680][ T4163] RBP: 00007fc515387090 R08: 0000000000000000 R09: 0000000000000000
[   56.136691][ T4163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   56.136703][ T4163] R13: 0000000000000000 R14: 00007fc516f45fa0 R15: 00007ffda4876b08
[   56.136721][ T4163]  </TASK>
[   56.376249][ T4159] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #13: comm syz.0.215: mark_inode_dirty error
[   56.395139][ T4158] EXT4-fs (loop4): too many log groups per flexible block group
[   56.402946][ T4159] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #13: comm syz.0.215: corrupted inode contents
[   56.402971][ T4158] EXT4-fs (loop4): failed to initialize mballoc (-12)
[   56.402997][ T4158] EXT4-fs (loop4): mount failed
[   56.419871][ T4159] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
[   56.435620][ T4159] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #13: comm syz.0.215: corrupted inode contents
[   56.466307][ T4159] EXT4-fs error (device loop0): ext4_truncate:4597: inode #13: comm syz.0.215: mark_inode_dirty error
[   56.501202][ T4159] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
[   56.515462][ T4159] EXT4-fs (loop0): 1 truncate cleaned up
[   56.522984][ T4159] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   56.592086][ T4179] random: crng reseeded on system resumption
[   56.599744][ T4180] loop3: detected capacity change from 0 to 128
[   56.605188][ T3297] printk: udevd: 59 output lines suppressed due to ratelimiting
[   56.606149][ T4172] loop2: detected capacity change from 0 to 8192
[   56.638431][ T4179] netlink: 14 bytes leftover after parsing attributes in process `syz.4.222'.
[   56.648334][ T4179] hsr_slave_0: left promiscuous mode
[   56.654308][ T4179] hsr_slave_1: left promiscuous mode
[   56.671685][ T4172]  loop2: p1 p2 p3
[   56.765328][ T4168] hub 2-0:1.0: USB hub found
[   56.779276][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.803711][ T4168] hub 2-0:1.0: 8 ports detected
[   56.832893][ T4193] loop1: detected capacity change from 0 to 512
[   56.901577][ T4193] EXT4-fs (loop1): too many log groups per flexible block group
[   56.909352][ T4193] EXT4-fs (loop1): failed to initialize mballoc (-12)
[   56.927437][ T4193] EXT4-fs (loop1): mount failed
[   57.246583][ T4209] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.230' sets config #0
[   57.457062][ T4193] FAULT_INJECTION: forcing a failure.
[   57.457062][ T4193] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   57.470322][ T4193] CPU: 0 UID: 0 PID: 4193 Comm: syz.1.226 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   57.470354][ T4193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   57.470369][ T4193] Call Trace:
[   57.470376][ T4193]  <TASK>
[   57.470384][ T4193]  __dump_stack+0x1d/0x30
[   57.470418][ T4193]  dump_stack_lvl+0xe8/0x140
[   57.470436][ T4193]  dump_stack+0x15/0x1b
[   57.470450][ T4193]  should_fail_ex+0x265/0x280
[   57.470534][ T4193]  should_fail+0xb/0x20
[   57.470616][ T4193]  should_fail_usercopy+0x1a/0x20
[   57.470685][ T4193]  strncpy_from_user+0x25/0x230
[   57.470708][ T4193]  ? kmem_cache_alloc_noprof+0x186/0x310
[   57.470793][ T4193]  ? getname_flags+0x80/0x3b0
[   57.470821][ T4193]  getname_flags+0xae/0x3b0
[   57.470885][ T4193]  user_path_at+0x28/0x130
[   57.470912][ T4193]  user_statfs+0x4d/0x110
[   57.470964][ T4193]  __x64_sys_statfs+0x65/0xf0
[   57.471022][ T4193]  ? fput+0x8f/0xc0
[   57.471050][ T4193]  ? ksys_write+0x192/0x1a0
[   57.471067][ T4193]  x64_sys_call+0x1edd/0x2fb0
[   57.471085][ T4193]  do_syscall_64+0xd2/0x200
[   57.471100][ T4193]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   57.471194][ T4193]  ? clear_bhb_loop+0x40/0x90
[   57.471215][ T4193]  ? clear_bhb_loop+0x40/0x90
[   57.471264][ T4193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.471362][ T4193] RIP: 0033:0x7f34f3a7e929
[   57.471375][ T4193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.471390][ T4193] RSP: 002b:00007f34f20e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000089
[   57.471408][ T4193] RAX: ffffffffffffffda RBX: 00007f34f3ca5fa0 RCX: 00007f34f3a7e929
[   57.471421][ T4193] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000200000000580
[   57.471435][ T4193] RBP: 00007f34f20e7090 R08: 0000000000000000 R09: 0000000000000000
[   57.471463][ T4193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.471528][ T4193] R13: 0000000000000000 R14: 00007f34f3ca5fa0 R15: 00007fffb3a716c8
[   57.471553][ T4193]  </TASK>
[   57.736541][ T4216] loop1: detected capacity change from 0 to 8192
[   57.754288][ T4218] loop0: detected capacity change from 0 to 2048
[   57.768006][ T4216]  loop1: p1 p2 p3
[   57.790773][ T4218]  loop0: p1 < > p4
[   57.795230][ T4218] loop0: p4 size 8388608 extends beyond EOD, truncated
[   57.852316][ T4227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.238'.
[   57.872685][ T4227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.238'.
[   57.886491][ T4230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.240'.
[   57.911308][ T4227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.238'.
[   57.920270][ T4226] netlink: 8 bytes leftover after parsing attributes in process `syz.0.238'.
[   57.920574][ T4227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.238'.
[   57.940513][ T4230] team0 (unregistering): Port device team_slave_0 removed
[   57.963445][ T4230] team0 (unregistering): Port device team_slave_1 removed
[   58.231458][ T4254] loop0: detected capacity change from 0 to 8192
[   58.353862][ T4267] loop3: detected capacity change from 0 to 2048
[   58.419143][ T4267]  loop3: p1 < > p4
[   58.423137][ T4254]  loop0: p1 p2 p3
[   58.428387][ T4267] loop3: p4 size 8388608 extends beyond EOD, truncated
[   58.576618][ T4270] FAULT_INJECTION: forcing a failure.
[   58.576618][ T4270] name failslab, interval 1, probability 0, space 0, times 0
[   58.589465][ T4270] CPU: 1 UID: 0 PID: 4270 Comm: syz.0.251 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   58.589539][ T4270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   58.589555][ T4270] Call Trace:
[   58.589580][ T4270]  <TASK>
[   58.589590][ T4270]  __dump_stack+0x1d/0x30
[   58.589611][ T4270]  dump_stack_lvl+0xe8/0x140
[   58.589673][ T4270]  dump_stack+0x15/0x1b
[   58.589694][ T4270]  should_fail_ex+0x265/0x280
[   58.589747][ T4270]  should_failslab+0x8c/0xb0
[   58.589778][ T4270]  kmem_cache_alloc_node_noprof+0x57/0x320
[   58.589815][ T4270]  ? __alloc_skb+0x101/0x320
[   58.589855][ T4270]  __alloc_skb+0x101/0x320
[   58.589884][ T4270]  ? audit_log_start+0x365/0x6c0
[   58.589917][ T4270]  audit_log_start+0x380/0x6c0
[   58.590011][ T4270]  audit_seccomp+0x48/0x100
[   58.590045][ T4270]  ? __seccomp_filter+0x68c/0x10d0
[   58.590091][ T4270]  __seccomp_filter+0x69d/0x10d0
[   58.590124][ T4270]  ? save_fpregs_to_fpstate+0x100/0x160
[   58.590153][ T4270]  ? _raw_spin_unlock+0x26/0x50
[   58.590180][ T4270]  __secure_computing+0x82/0x150
[   58.590206][ T4270]  syscall_trace_enter+0xcf/0x1e0
[   58.590279][ T4270]  do_syscall_64+0xac/0x200
[   58.590301][ T4270]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.590330][ T4270]  ? clear_bhb_loop+0x40/0x90
[   58.590357][ T4270]  ? clear_bhb_loop+0x40/0x90
[   58.590385][ T4270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.590447][ T4270] RIP: 0033:0x7f738546d33c
[   58.590461][ T4270] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   58.590482][ T4270] RSP: 002b:00007f7383ad7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   58.590505][ T4270] RAX: ffffffffffffffda RBX: 00007f7385695fa0 RCX: 00007f738546d33c
[   58.590535][ T4270] RDX: 000000000000000f RSI: 00007f7383ad70a0 RDI: 0000000000000005
[   58.590550][ T4270] RBP: 00007f7383ad7090 R08: 0000000000000000 R09: 0000000000000000
[   58.590564][ T4270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.590577][ T4270] R13: 0000000000000000 R14: 00007f7385695fa0 R15: 00007fff536b2918
[   58.590601][ T4270]  </TASK>
[   58.836809][ T4277] loop0: detected capacity change from 0 to 128
[   58.904774][ T4294] loop4: detected capacity change from 0 to 512
[   58.918878][ T4294] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.258: Failed to acquire dquot type 1
[   58.932401][ T4294] EXT4-fs (loop4): 1 truncate cleaned up
[   58.946875][ T4294] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   58.959999][ T4294] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.973967][ T4294] netlink: 20 bytes leftover after parsing attributes in process `syz.4.258'.
[   59.013913][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.069940][ T4302] loop0: detected capacity change from 0 to 8192
[   59.081779][ T4305] loop2: detected capacity change from 0 to 512
[   59.099505][ T4305] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   59.112138][ T4305] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.112409][ T4302]  loop0: p1 p2 p3
[   59.201090][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.275130][ T4338] netlink: 'syz.0.270': attribute type 21 has an invalid length.
[   59.283153][ T4338] netlink: 128 bytes leftover after parsing attributes in process `syz.0.270'.
[   59.292535][ T4338] netlink: 'syz.0.270': attribute type 5 has an invalid length.
[   59.300242][ T4338] netlink: 'syz.0.270': attribute type 6 has an invalid length.
[   59.307930][ T4338] netlink: 3 bytes leftover after parsing attributes in process `syz.0.270'.
[   59.374439][ T4351] loop0: detected capacity change from 0 to 512
[   59.383409][ T4351] EXT4-fs (loop0): orphan cleanup on readonly fs
[   59.401159][ T4351] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.270: bg 0: block 248: padding at end of block bitmap is not set
[   59.416539][ T4351] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.270: Failed to acquire dquot type 1
[   59.429806][ T4351] EXT4-fs (loop0): 1 truncate cleaned up
[   59.436142][ T4351] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   59.461011][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.493796][   T29] kauditd_printk_skb: 436 callbacks suppressed
[   59.493810][   T29] audit: type=1400 audit(1750620963.224:1575): avc:  denied  { listen } for  pid=4361 comm="syz.0.272" lport=34991 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   59.526275][   T29] audit: type=1400 audit(1750620963.234:1576): avc:  denied  { accept } for  pid=4361 comm="syz.0.272" lport=34991 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   59.549281][   T29] audit: type=1400 audit(1750620963.234:1577): avc:  denied  { write } for  pid=4361 comm="syz.0.272" lport=34991 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[   59.572850][   T29] audit: type=1400 audit(1750620963.254:1578): avc:  denied  { map } for  pid=4361 comm="syz.0.272" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=6748 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   59.596922][   T29] audit: type=1400 audit(1750620963.254:1579): avc:  denied  { read write } for  pid=4361 comm="syz.0.272" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=6748 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   60.133681][ T4376] loop2: detected capacity change from 0 to 8192
[   60.198518][ T4376]  loop2: p1 p2 p3
[   60.300033][   T29] audit: type=1400 audit(1750620964.034:1580): avc:  denied  { create } for  pid=4382 comm="syz.2.277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   60.360690][   T29] audit: type=1400 audit(1750620964.094:1581): avc:  denied  { read write } for  pid=4385 comm="syz.0.279" name="rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   60.385257][   T29] audit: type=1400 audit(1750620964.094:1582): avc:  denied  { open } for  pid=4385 comm="syz.0.279" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   60.387670][ T4387] 9pnet_fd: Insufficient options for proto=fd
[   60.431393][ T4383] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   60.443052][ T4383] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   60.447497][   T29] audit: type=1400 audit(1750620964.164:1583): avc:  denied  { ioctl } for  pid=4382 comm="syz.2.277" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   60.480263][ T4390] wg2: entered promiscuous mode
[   60.485204][ T4390] wg2: entered allmulticast mode
[   60.508687][   T29] audit: type=1326 audit(1750620964.234:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4389 comm="syz.0.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f738546e929 code=0x7ffc0000
[   60.556947][ T4392] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[   60.556947][ T4392] The task syz.0.280 (4392) triggered the difference, watch for misbehavior.
[   60.584414][ T4392] loop0: detected capacity change from 0 to 1024
[   60.594603][ T4392] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   60.605580][ T4392] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   60.616438][ T4392] JBD2: no valid journal superblock found
[   60.622347][ T4392] EXT4-fs (loop0): Could not load journal inode
[   61.363548][ T4409] SELinux:  Context Ü is not valid (left unmapped).
[   61.484625][ T4411] loop0: detected capacity change from 0 to 8192
[   61.538021][ T4411]  loop0: p1 p2 p3
[   61.746093][ T4417] pim6reg1: entered promiscuous mode
[   61.751531][ T4417] pim6reg1: entered allmulticast mode
[   61.757070][ T4419] loop0: detected capacity change from 0 to 2048
[   61.763959][   T36] IPVS: starting estimator thread 0...
[   61.809224][ T4419]  loop0: p1 < > p4
[   61.813829][ T4419] loop0: p4 size 8388608 extends beyond EOD, truncated
[   61.825523][ T4419] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4419 comm=syz.0.291
[   61.872608][ T4424] FAULT_INJECTION: forcing a failure.
[   61.872608][ T4424] name failslab, interval 1, probability 0, space 0, times 0
[   61.885421][ T4424] CPU: 0 UID: 0 PID: 4424 Comm: syz.0.293 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   61.885444][ T4424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   61.885456][ T4424] Call Trace:
[   61.885510][ T4424]  <TASK>
[   61.885516][ T4424]  __dump_stack+0x1d/0x30
[   61.885538][ T4424]  dump_stack_lvl+0xe8/0x140
[   61.885554][ T4424]  dump_stack+0x15/0x1b
[   61.885566][ T4424]  should_fail_ex+0x265/0x280
[   61.885647][ T4424]  should_failslab+0x8c/0xb0
[   61.885672][ T4424]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   61.885708][ T4424]  ? security_context_to_sid_core+0xbf/0x3b0
[   61.885733][ T4424]  kstrdup+0x3e/0xd0
[   61.885797][ T4424]  security_context_to_sid_core+0xbf/0x3b0
[   61.885820][ T4424]  security_context_to_sid_force+0x30/0x40
[   61.885839][ T4424]  selinux_lsm_setattr+0x330/0x660
[   61.885864][ T4424]  selinux_setprocattr+0x4f/0x70
[   61.885887][ T4424]  security_setprocattr+0x1a4/0x1d0
[   61.885912][ T4424]  proc_pid_attr_write+0x1eb/0x220
[   61.886028][ T4424]  vfs_writev+0x403/0x8b0
[   61.886047][ T4424]  ? __pfx_proc_pid_attr_write+0x10/0x10
[   61.886079][ T4424]  ? mutex_lock+0xd/0x30
[   61.886154][ T4424]  do_writev+0xe7/0x210
[   61.886173][ T4424]  __x64_sys_writev+0x45/0x50
[   61.886266][ T4424]  x64_sys_call+0x2006/0x2fb0
[   61.886284][ T4424]  do_syscall_64+0xd2/0x200
[   61.886298][ T4424]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   61.886347][ T4424]  ? clear_bhb_loop+0x40/0x90
[   61.886369][ T4424]  ? clear_bhb_loop+0x40/0x90
[   61.886427][ T4424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.886443][ T4424] RIP: 0033:0x7f738546e929
[   61.886461][ T4424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.886476][ T4424] RSP: 002b:00007f7383ad7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   61.886490][ T4424] RAX: ffffffffffffffda RBX: 00007f7385695fa0 RCX: 00007f738546e929
[   61.886500][ T4424] RDX: 0000000000000008 RSI: 00002000000000c0 RDI: 0000000000000003
[   61.886523][ T4424] RBP: 00007f7383ad7090 R08: 0000000000000000 R09: 0000000000000000
[   61.886532][ T4424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   61.886541][ T4424] R13: 0000000000000000 R14: 00007f7385695fa0 R15: 00007fff536b2918
[   61.886557][ T4424]  </TASK>
[   61.887508][ T4420] IPVS: using max 2352 ests per chain, 117600 per kthread
[   62.074327][ T4427] loop0: detected capacity change from 0 to 128
[   62.202576][ T4442] Invalid ELF header type: 3 != 1
[   62.242545][ T4446] loop2: detected capacity change from 0 to 512
[   62.250349][ T4446] EXT4-fs: Ignoring removed bh option
[   62.256028][ T4446] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   62.272932][ T4432] bio_check_eod: 6683 callbacks suppressed
[   62.273038][ T4432] syz.0.294: attempt to access beyond end of device
[   62.273038][ T4432] loop0: rw=2049, sector=153, nr_sectors = 8 limit=128
[   62.295731][ T4432] syz.0.294: attempt to access beyond end of device
[   62.295731][ T4432] loop0: rw=2049, sector=169, nr_sectors = 8 limit=128
[   62.319526][ T4451] loop3: detected capacity change from 0 to 512
[   62.339101][ T4432] syz.0.294: attempt to access beyond end of device
[   62.339101][ T4432] loop0: rw=2049, sector=185, nr_sectors = 8 limit=128
[   62.348897][ T4451] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.302: invalid block
[   62.354122][ T4446] EXT4-fs (loop2): 1 truncate cleaned up
[   62.370510][ T4446] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   62.384060][ T4432] syz.0.294: attempt to access beyond end of device
[   62.384060][ T4432] loop0: rw=2049, sector=201, nr_sectors = 8 limit=128
[   62.385201][ T4446] EXT4-fs warning (device loop2): verify_group_input:137: Cannot add at group 9 (only 1 groups)
[   62.404241][ T4451] EXT4-fs (loop3): Remounting filesystem read-only
[   62.412947][ T4446] netlink: 'syz.2.300': attribute type 4 has an invalid length.
[   62.425943][ T4427] hub 2-0:1.0: USB hub found
[   62.438420][ T4427] hub 2-0:1.0: 8 ports detected
[   62.450313][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   62.459664][ T4451] EXT4-fs (loop3): 2 truncates cleaned up
[   62.465896][ T4451] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   62.481241][ T4432] syz.0.294: attempt to access beyond end of device
[   62.481241][ T4432] loop0: rw=2049, sector=217, nr_sectors = 8 limit=128
[   62.524765][ T4432] syz.0.294: attempt to access beyond end of device
[   62.524765][ T4432] loop0: rw=2049, sector=233, nr_sectors = 8 limit=128
[   62.524896][ T4451] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   62.551128][ T4458] loop4: detected capacity change from 0 to 512
[   62.561830][ T4462] loop2: detected capacity change from 0 to 2048
[   62.568209][ T4458] EXT4-fs: Ignoring removed i_version option
[   62.574904][ T4432] syz.0.294: attempt to access beyond end of device
[   62.574904][ T4432] loop0: rw=2049, sector=249, nr_sectors = 8 limit=128
[   62.574918][ T4458] EXT4-fs: Ignoring removed mblk_io_submit option
[   62.576126][ T4432] syz.0.294: attempt to access beyond end of device
[   62.576126][ T4432] loop0: rw=2049, sector=265, nr_sectors = 8 limit=128
[   62.612286][ T4432] syz.0.294: attempt to access beyond end of device
[   62.612286][ T4432] loop0: rw=2049, sector=281, nr_sectors = 8 limit=128
[   62.612509][ T4460] loop1: detected capacity change from 0 to 512
[   62.632128][ T4432] syz.0.294: attempt to access beyond end of device
[   62.632128][ T4432] loop0: rw=2049, sector=297, nr_sectors = 8 limit=128
[   62.632855][ T4458] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   62.660668][ T4462]  loop2: p1 < > p4
[   62.665122][ T4462] loop2: p4 size 8388608 extends beyond EOD, truncated
[   62.682350][ T4467] loop3: detected capacity change from 0 to 512
[   62.690534][ T4460] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.305: Failed to acquire dquot type 1
[   62.702245][ T4458] EXT4-fs (loop4): can't mount with data_err=abort, fs mounted w/o journal
[   62.721533][ T4460] EXT4-fs (loop1): 1 truncate cleaned up
[   62.735216][ T4460] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   62.751249][ T4460] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   62.765527][ T4467] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   62.787516][ T4467] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   62.810412][ T4467] __nla_validate_parse: 3 callbacks suppressed
[   62.810426][ T4467] netlink: 28 bytes leftover after parsing attributes in process `syz.3.307'.
[   62.884560][ T4460] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   62.917847][ T4480] netlink: 8 bytes leftover after parsing attributes in process `syz.1.312'.
[   62.952008][ T3315] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816
[   62.968504][ T3315] EXT4-fs error (device loop3): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816
[   63.160309][ T4489] netlink: 'syz.1.316': attribute type 6 has an invalid length.
[   63.168133][ T4489] IPv6: NLM_F_CREATE should be specified when creating new route
[   63.319773][ T4495] loop4: detected capacity change from 0 to 256
[   63.343757][ T4495] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   63.370536][ T4497] loop1: detected capacity change from 0 to 2048
[   63.409957][ T4497]  loop1: p1 < > p4
[   63.410841][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   63.415468][ T4497] loop1: p4 size 8388608 extends beyond EOD, truncated
[   63.436068][  T363] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.520833][  T363] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.563900][  T363] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.643127][  T363] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.659898][ T4511] Invalid ELF header type: 3 != 1
[   63.692063][ T4500] chnl_net:caif_netlink_parms(): no params data found
[   63.795294][  T363] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   63.805289][  T363] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   63.821905][  T363] bond0 (unregistering): Released all slaves
[   63.859918][ T4500] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.859960][ T4500] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.860052][ T4500] bridge_slave_0: entered allmulticast mode
[   63.860856][ T4500] bridge_slave_0: entered promiscuous mode
[   63.887216][ T4521] netlink: 4 bytes leftover after parsing attributes in process `syz.0.324'.
[   63.898659][ T4500] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.898704][ T4500] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.906278][ T4521] netlink: 4 bytes leftover after parsing attributes in process `syz.0.324'.
[   63.914612][ T4500] bridge_slave_1: entered allmulticast mode
[   63.928318][ T4500] bridge_slave_1: entered promiscuous mode
[   63.968697][ T4540] netlink: 'syz.0.325': attribute type 21 has an invalid length.
[   63.976672][ T4540] netlink: 156 bytes leftover after parsing attributes in process `syz.0.325'.
[   63.991863][  T363] hsr_slave_0: left promiscuous mode
[   63.998294][  T363] hsr_slave_1: left promiscuous mode
[   64.003965][  T363] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.011517][  T363] batman_adv: batadv0: Removing interface: batadv_slave_0
[   64.021497][  T363] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.029284][  T363] batman_adv: batadv0: Removing interface: batadv_slave_1
[   64.033930][ T4542] loop0: detected capacity change from 0 to 512
[   64.046377][ T4542] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   64.056453][  T363] veth1_macvtap: left promiscuous mode
[   64.057561][ T4542] EXT4-fs (loop0): 1 truncate cleaned up
[   64.063324][  T363] veth0_macvtap: left promiscuous mode
[   64.069411][ T4542] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   64.074573][  T363] veth1_vlan: left promiscuous mode
[   64.091307][  T363] veth0_vlan: left promiscuous mode
[   64.109686][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   64.189444][  T363] team0 (unregistering): Port device team_slave_1 removed
[   64.200586][  T363] team0 (unregistering): Port device C removed
[   64.256992][ T4500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.270423][ T4500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.330238][ T4556] loop0: detected capacity change from 0 to 128
[   64.338337][ T4500] team0: Port device team_slave_0 added
[   64.348875][ T4500] team0: Port device team_slave_1 added
[   64.431066][ T4556] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   64.443901][ T4556] ext4 filesystem being mounted at /68/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   64.509904][   T29] kauditd_printk_skb: 222 callbacks suppressed
[   64.509923][   T29] audit: type=1400 audit(1750620968.195:1805): avc:  denied  { setopt } for  pid=4548 comm="syz.0.328" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   64.612421][ T4500] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.619614][ T4500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.645829][ T4500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.716087][   T29] audit: type=1326 audit(1750620968.445:1806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4558 comm="syz.1.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f3a7e929 code=0x7ffc0000
[   64.748666][ T4559] FAULT_INJECTION: forcing a failure.
[   64.748666][ T4559] name failslab, interval 1, probability 0, space 0, times 0
[   64.761327][ T4559] CPU: 1 UID: 0 PID: 4559 Comm: syz.1.331 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   64.761361][ T4559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   64.761376][ T4559] Call Trace:
[   64.761384][ T4559]  <TASK>
[   64.761405][ T4559]  __dump_stack+0x1d/0x30
[   64.761427][ T4559]  dump_stack_lvl+0xe8/0x140
[   64.761446][ T4559]  dump_stack+0x15/0x1b
[   64.761519][ T4559]  should_fail_ex+0x265/0x280
[   64.761560][ T4559]  should_failslab+0x8c/0xb0
[   64.761589][ T4559]  kmem_cache_alloc_node_noprof+0x57/0x320
[   64.761625][ T4559]  ? __alloc_skb+0x101/0x320
[   64.761673][ T4559]  __alloc_skb+0x101/0x320
[   64.761698][ T4559]  ? audit_log_start+0x365/0x6c0
[   64.761738][ T4559]  audit_log_start+0x380/0x6c0
[   64.761817][ T4559]  audit_seccomp+0x48/0x100
[   64.761861][ T4559]  ? __seccomp_filter+0x68c/0x10d0
[   64.761906][ T4559]  __seccomp_filter+0x69d/0x10d0
[   64.761931][ T4559]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   64.761964][ T4559]  ? dev_map_lookup_elem+0x5a/0x80
[   64.762017][ T4559]  ? down_write_killable+0x3a/0x80
[   64.762105][ T4559]  ? up_write+0x18/0x60
[   64.762130][ T4559]  ? __se_sys_brk+0x72b/0x7f0
[   64.762237][ T4559]  __secure_computing+0x82/0x150
[   64.762264][ T4559]  syscall_trace_enter+0xcf/0x1e0
[   64.762293][ T4559]  do_syscall_64+0xac/0x200
[   64.762421][ T4559]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   64.762450][ T4559]  ? clear_bhb_loop+0x40/0x90
[   64.762521][ T4559]  ? clear_bhb_loop+0x40/0x90
[   64.762583][ T4559]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.762604][ T4559] RIP: 0033:0x7f34f3a7d33c
[   64.762616][ T4559] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   64.762681][ T4559] RSP: 002b:00007f34f20e7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   64.762702][ T4559] RAX: ffffffffffffffda RBX: 00007f34f3ca5fa0 RCX: 00007f34f3a7d33c
[   64.762713][ T4559] RDX: 000000000000000f RSI: 00007f34f20e70a0 RDI: 0000000000000005
[   64.762724][ T4559] RBP: 00007f34f20e7090 R08: 0000000000000000 R09: 0000000000000000
[   64.762734][ T4559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   64.762744][ T4559] R13: 0000000000000000 R14: 00007f34f3ca5fa0 R15: 00007fffb3a716c8
[   64.762762][ T4559]  </TASK>
[   64.762781][ T4559] audit: audit_lost=4 audit_rate_limit=0 audit_backlog_limit=64
[   64.997772][ T4559] audit: out of memory in audit_log_start
[   65.089690][   T29] audit: type=1326 audit(1750620968.485:1807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4558 comm="syz.1.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f34f3a7d290 code=0x7ffc0000
[   65.113075][   T29] audit: type=1326 audit(1750620968.485:1808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4558 comm="syz.1.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f34f3a7d3df code=0x7ffc0000
[   65.136271][   T29] audit: type=1326 audit(1750620968.485:1809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4558 comm="syz.1.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f34f3a7e929 code=0x7ffc0000
[   65.161183][ T4500] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.168260][ T4500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.194220][ T4500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.296918][   T29] audit: type=1326 audit(1750620969.025:1810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4560 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc516d1e929 code=0x7ffc0000
[   65.320522][   T29] audit: type=1326 audit(1750620969.025:1811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4560 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc516d1e929 code=0x7ffc0000
[   65.344022][   T29] audit: type=1326 audit(1750620969.025:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4560 comm="syz.2.332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc516d1e929 code=0x7ffc0000
[   65.379260][ T4561] netlink: 'syz.2.332': attribute type 1 has an invalid length.
[   65.474076][ T4561] bond1: entered promiscuous mode
[   65.484689][ T4573] SELinux: syz.4.335 (4573) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   65.500665][ T4561] 8021q: adding VLAN 0 to HW filter on device bond1
[   65.512562][ T4572] loop1: detected capacity change from 0 to 8192
[   65.537159][ T4500] hsr_slave_0: entered promiscuous mode
[   65.544766][ T4500] hsr_slave_1: entered promiscuous mode
[   65.561743][ T4500] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   65.576306][ T4500] Cannot create hsr debugfs directory
[   65.586731][ T4575] FAULT_INJECTION: forcing a failure.
[   65.586731][ T4575] name failslab, interval 1, probability 0, space 0, times 0
[   65.599633][ T4575] CPU: 1 UID: 0 PID: 4575 Comm: syz.2.337 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   65.599681][ T4575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   65.599712][ T4575] Call Trace:
[   65.599719][ T4575]  <TASK>
[   65.599727][ T4575]  __dump_stack+0x1d/0x30
[   65.599751][ T4575]  dump_stack_lvl+0xe8/0x140
[   65.599775][ T4575]  dump_stack+0x15/0x1b
[   65.599795][ T4575]  should_fail_ex+0x265/0x280
[   65.599897][ T4575]  ? audit_log_d_path+0x8d/0x150
[   65.599956][ T4575]  should_failslab+0x8c/0xb0
[   65.599986][ T4575]  __kmalloc_cache_noprof+0x4c/0x320
[   65.600019][ T4575]  audit_log_d_path+0x8d/0x150
[   65.600135][ T4575]  audit_log_d_path_exe+0x42/0x70
[   65.600225][ T4575]  audit_log_task+0x1e9/0x250
[   65.600295][ T4575]  audit_seccomp+0x61/0x100
[   65.600331][ T4575]  ? __seccomp_filter+0x68c/0x10d0
[   65.600411][ T4575]  __seccomp_filter+0x69d/0x10d0
[   65.600456][ T4575]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   65.600476][ T4575]  ? vfs_write+0x75e/0x8e0
[   65.600595][ T4575]  __secure_computing+0x82/0x150
[   65.600618][ T4575]  syscall_trace_enter+0xcf/0x1e0
[   65.600644][ T4575]  do_syscall_64+0xac/0x200
[   65.600662][ T4575]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   65.600695][ T4575]  ? clear_bhb_loop+0x40/0x90
[   65.600750][ T4575]  ? clear_bhb_loop+0x40/0x90
[   65.600773][ T4575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.600798][ T4575] RIP: 0033:0x7fc516d1e929
[   65.600817][ T4575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.600834][ T4575] RSP: 002b:00007fc515387038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6
[   65.600863][ T4575] RAX: ffffffffffffffda RBX: 00007fc516f45fa0 RCX: 00007fc516d1e929
[   65.600906][ T4575] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ff0f
[   65.600946][ T4575] RBP: 00007fc515387090 R08: 0000000000000000 R09: 0000000000000000
[   65.600962][ T4575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   65.600978][ T4575] R13: 0000000000000000 R14: 00007fc516f45fa0 R15: 00007ffda4876b08
[   65.601003][ T4575]  </TASK>
[   65.796185][ T4572]  loop1: p1 p2 p3
[   65.837030][ T3309] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   65.911314][ T4588] loop4: detected capacity change from 0 to 2048
[   65.942008][ T4588]  loop4: p1 < > p4
[   65.947887][ T4588] loop4: p4 size 8388608 extends beyond EOD, truncated
[   65.977424][ T4597] loop1: detected capacity change from 0 to 512
[   65.999854][ T4500] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   66.009259][ T4597] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.022979][ T4597] ext4 filesystem being mounted at /68/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   66.046589][ T4500] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   66.055910][ T4500] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   66.066969][ T4500] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   66.156599][ T4500] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.481559][ T4597] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.345'.
[   66.514665][ T4628] netlink: 8 bytes leftover after parsing attributes in process `syz.2.351'.
[   66.535640][ T4597] netlink: zone id is out of range
[   66.561532][ T4597] netlink: zone id is out of range
[   66.566775][ T4597] netlink: zone id is out of range
[   66.571927][ T4597] netlink: zone id is out of range
[   66.582980][ T4597] netlink: zone id is out of range
[   66.588157][ T4597] netlink: zone id is out of range
[   66.593415][ T4597] netlink: zone id is out of range
[   66.599604][ T4597] netlink: zone id is out of range
[   66.604793][ T4597] netlink: zone id is out of range
[   66.611729][ T4597] netlink: del zone limit has 8 unknown bytes
[   66.624273][ T4500] 8021q: adding VLAN 0 to HW filter on device team0
[   66.638757][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.645924][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.661199][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.668340][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.772456][ T4651] loop2: detected capacity change from 0 to 2048
[   66.792558][ T4500] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.808531][ T4651]  loop2: p1 < > p4
[   66.813021][ T4651] loop2: p4 size 8388608 extends beyond EOD, truncated
[   66.947767][ T4662] loop4: detected capacity change from 0 to 512
[   66.955996][ T4662] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.359: iget: bad i_size value: 38620345925642
[   66.972884][ T4662] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.359: couldn't read orphan inode 15 (err -117)
[   66.992145][ T4662] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.012502][ T4662] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.359: bg 0: block 5: invalid block bitmap
[   67.035241][ T4662] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 16 with error 28
[   67.047743][ T4662] EXT4-fs (loop4): This should not happen!! Data will be lost
[   67.047743][ T4662] 
[   67.057492][ T4662] EXT4-fs (loop4): Total free blocks count 0
[   67.063541][ T4662] EXT4-fs (loop4): Free/Dirty block details
[   67.069520][ T4662] EXT4-fs (loop4): free_blocks=0
[   67.074548][ T4662] EXT4-fs (loop4): dirty_blocks=16
[   67.079795][ T4662] EXT4-fs (loop4): Block reservation details
[   67.085784][ T4662] EXT4-fs (loop4): i_reserved_data_blocks=16
[   67.114316][ T4500] veth0_vlan: entered promiscuous mode
[   67.123399][ T4500] veth1_vlan: entered promiscuous mode
[   67.139026][ T4500] veth0_macvtap: entered promiscuous mode
[   67.150325][ T4500] veth1_macvtap: entered promiscuous mode
[   67.172419][ T4500] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.184183][ T4500] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.195483][ T4679] SELinux: syz.0.363 (4679) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   67.205006][ T4500] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.217723][ T4500] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.226482][ T4500] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.233525][ T4679] FAULT_INJECTION: forcing a failure.
[   67.233525][ T4679] name failslab, interval 1, probability 0, space 0, times 0
[   67.235340][ T4500] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.247808][ T4679] CPU: 1 UID: 0 PID: 4679 Comm: syz.0.363 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   67.247897][ T4679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   67.247931][ T4679] Call Trace:
[   67.247939][ T4679]  <TASK>
[   67.247949][ T4679]  __dump_stack+0x1d/0x30
[   67.248037][ T4679]  dump_stack_lvl+0xe8/0x140
[   67.248124][ T4679]  dump_stack+0x15/0x1b
[   67.248144][ T4679]  should_fail_ex+0x265/0x280
[   67.248213][ T4679]  ? security_get_user_sids+0xa9/0x950
[   67.248246][ T4679]  should_failslab+0x8c/0xb0
[   67.248277][ T4679]  __kmalloc_cache_noprof+0x4c/0x320
[   67.248340][ T4679]  security_get_user_sids+0xa9/0x950
[   67.248372][ T4679]  ? security_context_to_sid_core+0x375/0x3b0
[   67.248401][ T4679]  ? string_to_context_struct+0x2dc/0x2f0
[   67.248474][ T4679]  ? security_context_to_sid_core+0x37d/0x3b0
[   67.248510][ T4679]  sel_write_user+0x2a3/0x440
[   67.248620][ T4679]  selinux_transaction_write+0xc3/0x110
[   67.248718][ T4679]  ? __pfx_selinux_transaction_write+0x10/0x10
[   67.248768][ T4679]  vfs_write+0x266/0x8e0
[   67.248856][ T4679]  ? __rcu_read_unlock+0x4f/0x70
[   67.248885][ T4679]  ? __fget_files+0x184/0x1c0
[   67.248913][ T4679]  ksys_write+0xda/0x1a0
[   67.248997][ T4679]  __x64_sys_write+0x40/0x50
[   67.249020][ T4679]  x64_sys_call+0x2cdd/0x2fb0
[   67.249047][ T4679]  do_syscall_64+0xd2/0x200
[   67.249110][ T4679]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   67.249134][ T4679]  ? clear_bhb_loop+0x40/0x90
[   67.249160][ T4679]  ? clear_bhb_loop+0x40/0x90
[   67.249188][ T4679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.249216][ T4679] RIP: 0033:0x7f738546e929
[   67.249307][ T4679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.249333][ T4679] RSP: 002b:00007f7383ad7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   67.249357][ T4679] RAX: ffffffffffffffda RBX: 00007f7385695fa0 RCX: 00007f738546e929
[   67.249373][ T4679] RDX: 0000000000000027 RSI: 0000200000000080 RDI: 0000000000000004
[   67.249389][ T4679] RBP: 00007f7383ad7090 R08: 0000000000000000 R09: 0000000000000000
[   67.249404][ T4679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   67.249420][ T4679] R13: 0000000000000000 R14: 00007f7385695fa0 R15: 00007fff536b2918
[   67.249444][ T4679]  </TASK>
[   67.271333][ T4679] loop0: detected capacity change from 0 to 512
[   67.352235][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.505926][ T4679] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.523279][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.542594][ T4679] ext4 filesystem being mounted at /75/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   67.575012][ T4679] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #18: comm syz.0.363: corrupted inode contents
[   67.624377][ T4679] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #18: comm syz.0.363: mark_inode_dirty error
[   67.630864][ T4686] loop1: detected capacity change from 0 to 164
[   67.650493][ T4679] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #18: comm syz.0.363: corrupted inode contents
[   67.675194][ T4679] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2991: inode #18: comm syz.0.363: mark_inode_dirty error
[   67.685172][ T4686] bio_check_eod: 40 callbacks suppressed
[   67.685263][ T4686] syz.1.364: attempt to access beyond end of device
[   67.685263][ T4686] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   67.690038][ T4679] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2994: inode #18: comm syz.0.363: mark inode dirty (error -117)
[   67.719218][ T4686] syz.1.364: attempt to access beyond end of device
[   67.719218][ T4686] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[   67.730236][ T4700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   67.742965][ T4700] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   67.743391][ T4701] loop5: detected capacity change from 0 to 128
[   67.757023][ T4698] loop4: detected capacity change from 0 to 512
[   67.765398][ T4686] xt_hashlimit: max too large, truncated to 1048576
[   67.767103][ T4679] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117)
[   67.774335][ T4698] EXT4-fs: Ignoring removed oldalloc option
[   67.789360][ T4698] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[   67.831903][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.843933][ T4704] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4704 comm=syz.1.370
[   67.862888][ T4701] syz.5.320: attempt to access beyond end of device
[   67.862888][ T4701] loop5: rw=2049, sector=153, nr_sectors = 8 limit=128
[   67.890038][ T4701] syz.5.320: attempt to access beyond end of device
[   67.890038][ T4701] loop5: rw=2049, sector=169, nr_sectors = 8 limit=128
[   67.905678][ T4701] syz.5.320: attempt to access beyond end of device
[   67.905678][ T4701] loop5: rw=2049, sector=185, nr_sectors = 8 limit=128
[   67.931494][ T4701] syz.5.320: attempt to access beyond end of device
[   67.931494][ T4701] loop5: rw=2049, sector=201, nr_sectors = 8 limit=128
[   67.950976][ T4701] syz.5.320: attempt to access beyond end of device
[   67.950976][ T4701] loop5: rw=2049, sector=217, nr_sectors = 8 limit=128
[   67.964642][ T4701] syz.5.320: attempt to access beyond end of device
[   67.964642][ T4701] loop5: rw=2049, sector=233, nr_sectors = 8 limit=128
[   67.983209][ T4701] syz.5.320: attempt to access beyond end of device
[   67.983209][ T4701] loop5: rw=2049, sector=249, nr_sectors = 8 limit=128
[   68.011279][ T4715] netdevsim netdevsim4: Direct firmware load for ..€ failed with error -2
[   68.032602][   T37] kworker/u8:2: attempt to access beyond end of device
[   68.032602][   T37] loop5: rw=1, sector=185, nr_sectors = 8 limit=128
[   68.058833][ T4721] loop5: detected capacity change from 0 to 164
[   68.068053][ T4721] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   68.121202][ T4719] netlink: 104 bytes leftover after parsing attributes in process `syz.4.377'.
[   68.146566][ T4723] netlink: 'syz.1.378': attribute type 4 has an invalid length.
[   68.451761][ T4723] netlink: 'syz.1.378': attribute type 4 has an invalid length.
[   68.493177][ T4732] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.676704][ T4732] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.180613][ T4732] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.254924][ T4743] loop1: detected capacity change from 0 to 512
[   69.267271][ T4732] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.327852][ T4743] EXT4-fs: Ignoring removed orlov option
[   69.378149][ T4732] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.387322][ T4743] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   69.399263][ T4743] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[   69.415093][ T4749] loop4: detected capacity change from 0 to 2048
[   69.423246][ T4745] loop0: detected capacity change from 0 to 8192
[   69.433349][ T4732] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.450953][ T4732] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.471794][ T4743] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.384: corrupted in-inode xattr: e_value size too large
[   69.489534][ T4732] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.499209][ T4745]  loop0: p1 p2 p3
[   69.524539][ T4749]  loop4: p1 < > p4
[   69.529176][ T4749] loop4: p4 size 8388608 extends beyond EOD, truncated
[   69.550185][ T4753] loop5: detected capacity change from 0 to 2048
[   69.568223][ T4743] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.384: couldn't read orphan inode 15 (err -117)
[   69.588502][ T4753]  loop5: p1 < > p4
[   69.611242][ T4753] loop5: p4 size 8388608 extends beyond EOD, truncated
[   69.622478][   T29] kauditd_printk_skb: 237 callbacks suppressed
[   69.622512][   T29] audit: type=1400 audit(1750620973.355:2050): avc:  denied  { append } for  pid=4742 comm="syz.1.384" path="/74/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/blkio.bfq.io_merged" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   69.691528][ T4753] netlink: 56 bytes leftover after parsing attributes in process `syz.5.389'.
[   69.736317][ T4768] loop4: detected capacity change from 0 to 512
[   69.777918][ T4773] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.785134][   T29] audit: type=1400 audit(1750620973.465:2051): avc:  denied  { mounton } for  pid=4765 comm="syz.4.392" path="/proc/245/task" dev="proc" ino=9558 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   69.797990][ T4773] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.808917][   T29] audit: type=1326 audit(1750620973.465:2052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.4.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   69.840949][   T29] audit: type=1326 audit(1750620973.465:2053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.4.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   69.864638][   T29] audit: type=1326 audit(1750620973.465:2054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.4.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   69.888103][   T29] audit: type=1326 audit(1750620973.465:2055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.4.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   69.911606][   T29] audit: type=1326 audit(1750620973.465:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.4.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   69.935040][   T29] audit: type=1326 audit(1750620973.465:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.4.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   69.958613][   T29] audit: type=1326 audit(1750620973.465:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.4.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f52096fe929 code=0x7ffc0000
[   69.982018][   T29] audit: type=1326 audit(1750620973.465:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.4.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f52096fe963 code=0x7ffc0000
[   70.110214][ T3306] EXT4-fs unmount: 1 callbacks suppressed
[   70.110232][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.686460][ T4796] loop4: detected capacity change from 0 to 512
[   71.692975][ T4798] netlink: 'syz.5.403': attribute type 1 has an invalid length.
[   71.719872][ T4796] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.401: Failed to acquire dquot type 1
[   71.737193][ T4799] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1539 sclass=netlink_route_socket pid=4799 comm=syz.5.403
[   71.914572][ T4796] EXT4-fs (loop4): 1 truncate cleaned up
[   71.954439][ T4796] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.094843][ T4796] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   72.126420][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.128741][ T4816] loop1: detected capacity change from 0 to 2048
[   72.147835][ T4813] loop5: detected capacity change from 0 to 128
[   72.178998][ T4810] loop0: detected capacity change from 0 to 128
[   72.188930][ T4816]  loop1: p1 < > p4
[   72.198493][ T4816] loop1: p4 size 8388608 extends beyond EOD, truncated
[   72.340162][ T4827] loop4: detected capacity change from 0 to 2048
[   72.347522][ T4820] hub 2-0:1.0: USB hub found
[   72.352358][ T4820] hub 2-0:1.0: 8 ports detected
[   72.387701][ T4827]  loop4: p1 < > p4
[   72.392164][ T4827] loop4: p4 size 8388608 extends beyond EOD, truncated
[   72.404303][ T4827] netlink: 56 bytes leftover after parsing attributes in process `syz.4.409'.
[   72.676928][ T4813] bio_check_eod: 1037 callbacks suppressed
[   72.676982][ T4813] syz.5.405: attempt to access beyond end of device
[   72.676982][ T4813] loop5: rw=0, sector=153, nr_sectors = 8 limit=128
[   72.689871][ T4810] syz.0.404: attempt to access beyond end of device
[   72.689871][ T4810] loop0: rw=0, sector=153, nr_sectors = 8 limit=128
[   72.701276][ T4813] syz.5.405: attempt to access beyond end of device
[   72.701276][ T4813] loop5: rw=0, sector=153, nr_sectors = 8 limit=128
[   72.729461][ T4813] syz.5.405: attempt to access beyond end of device
[   72.729461][ T4813] loop5: rw=0, sector=153, nr_sectors = 8 limit=128
[   72.841333][ T4813] syz.5.405: attempt to access beyond end of device
[   72.841333][ T4813] loop5: rw=0, sector=153, nr_sectors = 8 limit=128
[   72.923476][ T4843] vlan2: entered promiscuous mode
[   72.928643][ T4843] bridge0: entered promiscuous mode
[   73.021405][ T4847] netlink: 12 bytes leftover after parsing attributes in process `syz.4.416'.
[   73.076575][ T4850] loop1: detected capacity change from 0 to 512
[   73.155650][ T4850] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.168966][ T4850] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   73.229649][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.475025][ T4880] netlink: 'syz.4.426': attribute type 13 has an invalid length.
[   73.515799][ T4874] loop5: detected capacity change from 0 to 128
[   73.635640][ T4880] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.643004][ T4880] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.695474][ T4880] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   73.706485][ T4880] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.752334][ T4884] syz.5.425: attempt to access beyond end of device
[   73.752334][ T4884] loop5: rw=2049, sector=153, nr_sectors = 8 limit=128
[   73.761835][ T4880] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.766901][ T4884] syz.5.425: attempt to access beyond end of device
[   73.766901][ T4884] loop5: rw=2049, sector=169, nr_sectors = 8 limit=128
[   73.774915][ T4880] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.797315][ T4880] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.797369][ T4880] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.798118][ T4884] syz.5.425: attempt to access beyond end of device
[   73.798118][ T4884] loop5: rw=2049, sector=185, nr_sectors = 8 limit=128
[   73.831241][ T4884] syz.5.425: attempt to access beyond end of device
[   73.831241][ T4884] loop5: rw=2049, sector=201, nr_sectors = 8 limit=128
[   73.851576][ T4874] hub 2-0:1.0: USB hub found
[   73.862101][ T4874] hub 2-0:1.0: 8 ports detected
[   73.877708][ T4884] syz.5.425: attempt to access beyond end of device
[   73.877708][ T4884] loop5: rw=2049, sector=217, nr_sectors = 8 limit=128
[   73.878277][ T4886] lo speed is unknown, defaulting to 1000
[   73.906498][ T4887] siw: device registration error -23
[   73.907425][ T4886] lo speed is unknown, defaulting to 1000
[   73.928914][ T4886] lo speed is unknown, defaulting to 1000
[   73.935049][ T4886] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   73.946352][ T4886] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   73.959361][ T4886] lo speed is unknown, defaulting to 1000
[   74.022384][ T4886] lo speed is unknown, defaulting to 1000
[   74.028657][ T4886] lo speed is unknown, defaulting to 1000
[   74.035784][ T4886] lo speed is unknown, defaulting to 1000
[   74.042414][ T4886] lo speed is unknown, defaulting to 1000
[   74.070918][ T4895] loop5: detected capacity change from 0 to 512
[   74.079524][ T4895] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   74.137327][ T4893] loop0: detected capacity change from 0 to 1024
[   74.147217][ T4895] EXT4-fs (loop5): 1 truncate cleaned up
[   74.155534][ T4895] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.201965][ T4904] loop1: detected capacity change from 0 to 512
[   74.211190][ T4895] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.233025][ T4904] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.246099][ T4904] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   74.258412][ T4893] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.278556][ T4909] loop5: detected capacity change from 0 to 1024
[   74.299698][ T4909] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.344991][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.405751][ T4916] netlink: 4 bytes leftover after parsing attributes in process `syz.4.435'.
[   74.416359][ T4916] bridge_slave_1: left allmulticast mode
[   74.422172][ T4916] bridge_slave_1: left promiscuous mode
[   74.422215][ T4918] loop1: detected capacity change from 0 to 512
[   74.427979][ T4916] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.448562][ T4918] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.461709][ T4916] bridge_slave_0: left allmulticast mode
[   74.462345][ T4918] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   74.467497][ T4916] bridge_slave_0: left promiscuous mode
[   74.483632][ T4916] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.502728][ T4921] loop4: detected capacity change from 0 to 512
[   74.516026][ T4921] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   74.543968][ T4500] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.546534][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.547946][ T4923] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[   74.548217][ T4923] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28
[   74.548245][ T4923] EXT4-fs (loop0): This should not happen!! Data will be lost
[   74.548245][ T4923] 
[   74.548260][ T4923] EXT4-fs (loop0): Total free blocks count 0
[   74.548275][ T4923] EXT4-fs (loop0): Free/Dirty block details
[   74.548297][ T4923] EXT4-fs (loop0): free_blocks=68451041280
[   74.548380][ T4923] EXT4-fs (loop0): dirty_blocks=32
[   74.548395][ T4923] EXT4-fs (loop0): Block reservation details
[   74.548467][ T4923] EXT4-fs (loop0): i_reserved_data_blocks=2
[   74.550555][ T4921] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:169: inode #17: comm syz.4.435: inline data xattr refers to an external xattr inode
[   74.550791][ T4921] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.435: couldn't read orphan inode 17 (err -117)
[   74.551453][ T4921] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.628007][   T29] kauditd_printk_skb: 417 callbacks suppressed
[   74.628027][   T29] audit: type=1326 audit(1750620978.365:2475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4931 comm="syz.1.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f3a7e929 code=0x7ffc0000
[   74.746415][   T29] audit: type=1326 audit(1750620978.385:2476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4931 comm="syz.1.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f3a7e929 code=0x7ffc0000
[   74.769875][   T29] audit: type=1326 audit(1750620978.385:2477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4931 comm="syz.1.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f34f3a7e929 code=0x7ffc0000
[   74.793271][   T29] audit: type=1400 audit(1750620978.385:2478): avc:  denied  { getattr } for  pid=4931 comm="syz.1.438" name="/" dev="pidfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   74.815755][   T29] audit: type=1326 audit(1750620978.385:2479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4931 comm="syz.1.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f3a7e929 code=0x7ffc0000
[   74.839239][   T29] audit: type=1326 audit(1750620978.385:2480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4931 comm="syz.1.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f34f3a7e929 code=0x7ffc0000
[   74.862562][   T29] audit: type=1326 audit(1750620978.385:2481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4931 comm="syz.1.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f3a7e929 code=0x7ffc0000
[   74.885985][   T29] audit: type=1326 audit(1750620978.385:2482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4931 comm="syz.1.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f34f3a7e929 code=0x7ffc0000
[   74.909368][   T29] audit: type=1400 audit(1750620978.385:2483): avc:  denied  { create } for  pid=4931 comm="syz.1.438" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   74.928725][   T29] audit: type=1326 audit(1750620978.385:2484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4931 comm="syz.1.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34f3a7e929 code=0x7ffc0000
[   74.953272][ T4079] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   74.971018][ T4937] loop1: detected capacity change from 0 to 512
[   75.013592][ T4937] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.031961][ T4937] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.085492][ T4952] xt_connbytes: Forcing CT accounting to be enabled
[   75.092339][ T4952] Cannot find set identified by id 0 to match
[   75.113702][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.137860][ T4958] loop5: detected capacity change from 0 to 2048
[   75.177309][ T4958]  loop5: p1 < > p4
[   75.191500][ T4958] loop5: p4 size 8388608 extends beyond EOD, truncated
[   75.203363][ T4958] netlink: 8 bytes leftover after parsing attributes in process `syz.5.447'.
[   75.212395][ T4958] netlink: 8 bytes leftover after parsing attributes in process `syz.5.447'.
[   75.272245][ T4969] loop5: detected capacity change from 0 to 512
[   75.279363][ T4969] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   75.290075][ T4969] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002]
[   75.298097][ T4969] EXT4-fs (loop5): orphan cleanup on readonly fs
[   75.308122][ T4969] EXT4-fs error (device loop5): ext4_clear_blocks:876: inode #11: comm syz.5.450: attempt to clear invalid blocks 1024 len 1
[   75.322732][ T4969] EXT4-fs (loop5): Remounting filesystem read-only
[   75.330195][ T4969] EXT4-fs (loop5): 1 truncate cleaned up
[   75.336389][ T4969] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[   75.369530][ T4500] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[   75.441107][ T4986] FAULT_INJECTION: forcing a failure.
[   75.441107][ T4986] name failslab, interval 1, probability 0, space 0, times 0
[   75.453898][ T4986] CPU: 0 UID: 0 PID: 4986 Comm: syz.5.456 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   75.453950][ T4986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   75.453963][ T4986] Call Trace:
[   75.453969][ T4986]  <TASK>
[   75.453978][ T4986]  __dump_stack+0x1d/0x30
[   75.454011][ T4986]  dump_stack_lvl+0xe8/0x140
[   75.454034][ T4986]  dump_stack+0x15/0x1b
[   75.454052][ T4986]  should_fail_ex+0x265/0x280
[   75.454082][ T4986]  should_failslab+0x8c/0xb0
[   75.454105][ T4986]  __kmalloc_noprof+0xa5/0x3e0
[   75.454137][ T4986]  ? io_cache_alloc_new+0x2a/0xb0
[   75.454162][ T4986]  io_cache_alloc_new+0x2a/0xb0
[   75.454186][ T4986]  io_sqe_buffer_register+0xea/0x1310
[   75.454214][ T4986]  ? __memcg_slab_post_alloc_hook+0x44c/0x580
[   75.454297][ T4986]  ? __kvmalloc_node_noprof+0x398/0x4e0
[   75.454329][ T4986]  ? io_sqe_buffers_register+0xc2/0x530
[   75.454418][ T4986]  io_sqe_buffers_register+0x2ac/0x530
[   75.454452][ T4986]  __se_sys_io_uring_register+0xa9f/0xeb0
[   75.454474][ T4986]  ? fput+0x8f/0xc0
[   75.454495][ T4986]  ? ksys_write+0x192/0x1a0
[   75.454549][ T4986]  __x64_sys_io_uring_register+0x55/0x70
[   75.454572][ T4986]  x64_sys_call+0xc91/0x2fb0
[   75.454597][ T4986]  do_syscall_64+0xd2/0x200
[   75.454618][ T4986]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   75.454656][ T4986]  ? clear_bhb_loop+0x40/0x90
[   75.454690][ T4986]  ? clear_bhb_loop+0x40/0x90
[   75.454709][ T4986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.454731][ T4986] RIP: 0033:0x7fa4f742e929
[   75.454748][ T4986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.454820][ T4986] RSP: 002b:00007fa4f5a97038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[   75.454836][ T4986] RAX: ffffffffffffffda RBX: 00007fa4f7655fa0 RCX: 00007fa4f742e929
[   75.454847][ T4986] RDX: 00002000000002c0 RSI: 0000000000000000 RDI: 0000000000000003
[   75.454858][ T4986] RBP: 00007fa4f5a97090 R08: 0000000000000000 R09: 0000000000000000
[   75.454871][ T4986] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001
[   75.454885][ T4986] R13: 0000000000000000 R14: 00007fa4f7655fa0 R15: 00007fff3403ada8
[   75.454906][ T4986]  </TASK>
[   75.501377][ T4988] 9pnet: Could not find request transport: 0xffffffffffffffff
[   75.564138][ T4991] loop0: detected capacity change from 0 to 512
[   75.648515][ T4998] loop5: detected capacity change from 0 to 2048
[   75.658005][ T4991] ext2: Unknown parameter 'euid>00000000000000060928'
[   75.748036][ T4998]  loop5: p1 < > p4
[   75.752321][ T4998] loop5: p4 size 8388608 extends beyond EOD, truncated
[   75.759430][ T5000] loop0: detected capacity change from 0 to 8189
[   75.770267][ T4998] netlink: 8 bytes leftover after parsing attributes in process `syz.5.460'.
[   75.779260][ T4998] netlink: 8 bytes leftover after parsing attributes in process `syz.5.460'.
[   75.902858][ T5002] loop5: detected capacity change from 0 to 128
[   76.086707][ T5010] hub 2-0:1.0: USB hub found
[   76.091439][ T5010] hub 2-0:1.0: 8 ports detected
[   76.099428][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.132492][ T5018] loop4: detected capacity change from 0 to 512
[   76.168480][ T5018] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.197551][ T5018] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   76.212546][ T5012] loop2: detected capacity change from 0 to 128
[   76.334571][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.365000][ T5027] af_packet: tpacket_rcv: packet too big, clamped from 64989 to 3952. macoff=96
[   76.418262][ T5028] netlink: 'syz.0.471': attribute type 10 has an invalid length.
[   76.505435][ T5033] loop4: detected capacity change from 0 to 2048
[   76.542519][ T5012] hub 2-0:1.0: USB hub found
[   76.558885][ T5012] hub 2-0:1.0: 8 ports detected
[   76.585533][ T5035] loop0: detected capacity change from 0 to 512
[   76.607562][ T5033]  loop4: p1 < > p4
[   76.613005][ T5033] loop4: p4 size 8388608 extends beyond EOD, truncated
[   76.652971][ T5033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.472'.
[   76.661883][ T5033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.472'.
[   76.689341][ T5028] team0: Port device dummy0 added
[   76.818887][ T5044] tmpfs: Unknown parameter 'contextùQ|!‡v½óv½Ã['
[   77.021806][ T5060] loop4: detected capacity change from 0 to 512
[   77.042391][ T5060] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.062973][ T5060] ext4 filesystem being mounted at /109/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   77.080882][ T5070] 9pnet_fd: Insufficient options for proto=fd
[   77.115389][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.149275][ T5077] netlink: 36 bytes leftover after parsing attributes in process `syz.4.486'.
[   77.153304][ T5076] loop2: detected capacity change from 0 to 2048
[   77.167863][ T5077] netlink: 28 bytes leftover after parsing attributes in process `syz.4.486'.
[   77.194944][ T5079] netlink: 20 bytes leftover after parsing attributes in process `syz.4.489'.
[   77.218542][ T5076]  loop2: p1 < > p4
[   77.222979][ T5076] loop2: p4 size 8388608 extends beyond EOD, truncated
[   77.469184][ T5097] 9pnet_fd: Insufficient options for proto=fd
[   77.532294][ T5105] loop4: detected capacity change from 0 to 512
[   77.560474][ T5105] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.574132][ T5105] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   77.619168][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.657392][ T5109] loop4: detected capacity change from 0 to 128
[   77.688472][ T5109] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   77.699896][ T5109] FAT-fs (loop4): Filesystem has been set read-only
[   77.708257][ T5109] bio_check_eod: 1291 callbacks suppressed
[   77.708310][ T5109] syz.4.498: attempt to access beyond end of device
[   77.708310][ T5109] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   77.729718][ T5114] loop0: detected capacity change from 0 to 2048
[   77.741764][ T5109] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   77.750986][ T5109] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[   77.757818][ T5114]  loop0: p1 < > p4
[   77.760702][ T5109] syz.4.498: attempt to access beyond end of device
[   77.760702][ T5109] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.766159][ T5114] loop0: p4 size 8388608 extends beyond EOD, truncated
[   77.778481][ T5109] syz.4.498: attempt to access beyond end of device
[   77.778481][ T5109] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.807601][ T5109] syz.4.498: attempt to access beyond end of device
[   77.807601][ T5109] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.822251][ T5109] syz.4.498: attempt to access beyond end of device
[   77.822251][ T5109] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.836693][ T5109] syz.4.498: attempt to access beyond end of device
[   77.836693][ T5109] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.851816][ T5109] syz.4.498: attempt to access beyond end of device
[   77.851816][ T5109] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.869012][ T5109] syz.4.498: attempt to access beyond end of device
[   77.869012][ T5109] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.883282][ T5109] syz.4.498: attempt to access beyond end of device
[   77.883282][ T5109] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.909099][ T5109] syz.4.498: attempt to access beyond end of device
[   77.909099][ T5109] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[   77.927804][ T5119] loop5: detected capacity change from 0 to 512
[   77.939329][ T5119] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   77.955666][ T5119] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002]
[   77.964705][ T5119] EXT4-fs (loop5): orphan cleanup on readonly fs
[   77.980346][ T5119] EXT4-fs error (device loop5): ext4_clear_blocks:876: inode #11: comm syz.5.502: attempt to clear invalid blocks 1024 len 1
[   77.993595][ T5119] EXT4-fs (loop5): Remounting filesystem read-only
[   78.001571][ T5119] EXT4-fs (loop5): 1 truncate cleaned up
[   78.007966][ T5119] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[   78.061150][ T4500] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[   78.119866][    T9] IPVS: starting estimator thread 0...
[   78.178763][ T4079] ==================================================================
[   78.186904][ T4079] BUG: KCSAN: data-race in n_tty_receive_char_flow_ctrl / tty_set_termios
[   78.195448][ T4079] 
[   78.197803][ T4079] write to 0xffff888103f6dd08 of 44 bytes by task 5136 on cpu 1:
[   78.205564][ T4079]  tty_set_termios+0xc0/0x8c0
[   78.210267][ T4079]  set_termios+0x496/0x4e0
[   78.214721][ T4079]  tty_mode_ioctl+0x379/0x5c0
[   78.219429][ T4079]  n_tty_ioctl_helper+0x91/0x210
[   78.224490][ T4079]  n_tty_ioctl+0x101/0x200
[   78.228944][ T4079]  tty_ioctl+0x845/0xb80
[   78.233228][ T4079]  __se_sys_ioctl+0xce/0x140
[   78.236556][ T5132] IPVS: using max 2400 ests per chain, 120000 per kthread
[   78.237836][ T4079]  __x64_sys_ioctl+0x43/0x50
[   78.249580][ T4079]  x64_sys_call+0x19a8/0x2fb0
[   78.254282][ T4079]  do_syscall_64+0xd2/0x200
[   78.258803][ T4079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.264729][ T4079] 
[   78.267072][ T4079] read to 0xffff888103f6dd21 of 1 bytes by task 4079 on cpu 0:
[   78.274643][ T4079]  n_tty_receive_char_flow_ctrl+0x23/0x1a0
[   78.280479][ T4079]  n_tty_lookahead_flow_ctrl+0xed/0x130
[   78.286059][ T4079]  tty_port_default_lookahead_buf+0x8e/0xc0
[   78.292025][ T4079]  flush_to_ldisc+0x281/0x360
[   78.296736][ T4079]  process_scheduled_works+0x4ce/0x9d0
[   78.302226][ T4079]  worker_thread+0x582/0x770
[   78.306844][ T4079]  kthread+0x486/0x510
[   78.310936][ T4079]  ret_from_fork+0xdd/0x150
[   78.315460][ T4079]  ret_from_fork_asm+0x1a/0x30
[   78.320259][ T4079] 
[   78.322612][ T4079] value changed: 0x11 -> 0x42
[   78.327297][ T4079] 
[   78.329649][ T4079] Reported by Kernel Concurrency Sanitizer on:
[   78.335818][ T4079] CPU: 0 UID: 0 PID: 4079 Comm: kworker/u8:8 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(voluntary) 
[   78.348437][ T4079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   78.358525][ T4079] Workqueue: events_unbound flush_to_ldisc
[   78.364391][ T4079] ==================================================================