last executing test programs:

1.957794611s ago: executing program 3 (id=2335):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009e0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x4}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000f3, 0x8, 0x0, 0x0}}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
kexec_load(0x0, 0x0, &(0x7f0000000140), 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETA(r3, 0x5406, &(0x7f0000000200)={0xffff, 0x0, 0x0, 0x800a, 0x2, "5f7300fbffffff00"})
ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x4, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r6, 0x84, 0x81, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r6, &(0x7f0000000780)="d2", 0xffe0, 0xc0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
syz_open_dev$usbfs(&(0x7f0000002000), 0xb947, 0x508000)
request_key(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000140)='\\\\@[*#)\x00', 0xfffffffffffffffe)
copy_file_range(0xffffffffffffffff, &(0x7f00000002c0)=0x5a56, r4, &(0x7f0000000300)=0x4, 0x7fffffffffffffff, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000a00)=""/213, 0xd5, 0x0, &(0x7f0000000b00)=""/136, 0x88}}, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073727a3100000000080041007369770014003300626f6e643000000000"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000e50003000000000085100000fcffffff250000001000000006000000faffffff95"], &(0x7f0000000140)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000, @void, @value}, 0x94)

1.892808092s ago: executing program 3 (id=2337):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16=<r1=>0xffffffffffffffff], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r2, &(0x7f0000000000)=0x10000000000000, 0xffffff6a)
r3 = creat(&(0x7f0000000580)='./bus\x00', 0x0)
io_setup(0x1, &(0x7f0000000040)=<r4=>0x0)
io_submit(r4, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x15, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x1a00001a}])
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'dummy0\x00'})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES32=r1], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000b40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r6, 0x0, 0x4000006}, 0x18)
removexattr(&(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000004c0)=@known='user.incfs.metadata\x00')
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000000000000000000014", @ANYRES8=0x0, @ANYRES32=r7], 0x30}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[], 0x44}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00'}, 0x10)
r9 = socket(0x10, 0x803, 0x0)
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x90, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r12, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x64, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xe, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0xfffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0xa}}, @TCA_U32_INDEV={0x14, 0x8, 'netdevsim0\x00'}]}}]}, 0x90}}, 0x24040084)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000800)='start_task_reaping\x00'}, 0x18)
socket$rds(0x15, 0x5, 0x0)

1.697179905s ago: executing program 4 (id=2349):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94)
r6 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x21e}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(r6, 0x47fa, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r9, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x40032043, 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r5, 0x0, 0x9}, 0x18)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newsa={0x138, 0x10, 0x713, 0x70bd26, 0x0, {{@in=@loopback, @in6=@local, 0x4e22, 0x0, 0x0, 0x3fff}, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x400000}, {0xffffffff}, 0xfffffffc, 0x0, 0xa, 0x4, 0x2, 0x2f}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x4054}, 0x0)
r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r12 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
dup(r11)
writev(r12, &(0x7f0000000480)=[{&(0x7f00000002c0)='\f7', 0x2}], 0x1)
bind$rds(r0, 0x0, 0x0)

1.552435907s ago: executing program 4 (id=2351):
socket$packet(0x11, 0x3, 0x300)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x5}, 0x18)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000480)="c3e972bd85a6d84136d6dd55048d3593a74f338ce6772ab9a6f64041c2f6fbbecdc08ebcd3192b6a53662dae7c8e9c665e80a5d0925f728dcac30c29793992e588952653d414cb8ccdabc38767fee819ec5af0c5ee936880fe8549b4ed347779cab4ffd4e0b62c53a1c01db28f2b3f91c34211c9353bc1dece61511917c2245fd66cb8dffeacb4d46d627c97b498bf1ff6b313bfbc9765457c831771d5eec7997ec242e4505f01c1bb3e069b2e630f42a2be86598a61", 0xb6}, {&(0x7f0000000300)='V', 0x1}, {&(0x7f0000001600)="3eed50d0125719a810f88e3f47186fe4dae74182dfd109a2587c4797410c9b8e39bd3d9aa144d5908647c30c8db69b5c17084c9b1bfbb8680737c4f88abcdbc7d294d72ab1b344270915df9ddf5635644c351c22b29d948ac4106bce7107570beed63077cfbc98ef71699eae65d37724d995b553e7a3ade619b522313ab382caf879feb48942878e605ee3ee2872794e3abe22a3f025068b628a5d92468092a5cc649bbbd978b5772e537939432a502122235ced312dafd108c9ffeb0b38cc16da9418ca01d485a6afb5827da4df6e1121ec307de14bb32b6a977608e4576a998182dd93d592ff43e55bfdbbce23ecd501e43b3e93ef8d9d01711dff54c301e299d3801a3cffe6c9883fbd0e47124dc02569f62d48b878fcb58ce99fcffcd2a5166eff3ad93cf1d137274993d86a3b3730d63ded759f6ca88fa449e5575b15321e5a58a1f888eed7466db4976ce35f6d2efb5ad05d99a66482dc607cb5acb24d326803bd337519cc98103f59c63b5962cd72e4497d1b00817d6e09de70270a09b493c2226617b1c9ef9d506be00d6e07f14633a966f04ecca90fb8d2b963ad6f3817935bd6534fa3da1c5dc468789cbf1192f3c0bff3777f1edd2ada5d35f88f12f29e952c44445ce623509d66811c80a9e0f13ad85aba37d86ff0da4dda601d9e8acb264233bc939fb056316612cff687d5c44157be05bcc88b333ff2a40041d98f1acfe6e2231a84e09bd7a54a0442cf87ce3ee8fd8da39da1862862ae40fc3cb3055c8b70e62f243850707341f51426bb3e71c7a4fffefab060db786000618b05eb087a424a2f30f6a232ff44b605f70ceec0a8f70e37907f6e0bbba21e9d5b7ecb6d287742b75c101ba79525918c3473eae38f3c177249dfa8816661c9921f0b0c858d53ab87c8407b97950c842111002edd1d1e80b801b495da28bcd5409bc971e55dab1857e188ac9728efc8f9a4543945f86ade13b445eacecbbf848a96410ac37c57e3e9e8bc8b8fadd559d225c7468639da2b5d1208558b51e94c14faa7947a7c60e81a96bb5d194cc7289adbc02ebb4b49be1f1efc429db2f9b79b5a22919dba0c35341042c5776942c52365367c4bfc95b42be383cca7107161ded7e851d0126da33d581f1e2b08d0c061e86d31e7a83f9b51c79b4034c7deda7697034e1404c6e8e459f76c2efe64350146c7437ef808e04ca14df5f6f500264fd977272bbf8fc096774e8eb61d0963430751ac1425a073f84346b0eba368cba7fa34adc420800d4f99927280eba199f9695cf88124fafc3a2b1226d2f2ab3ea27c69a127650cf5c725b54c02bd8729033cf699ce7f030f9a3442056244da3cfb61a8126dba11377624f39eb009242152fd7b8b88de7dd86057f29bfcb7b7df0e65e7e9ac9eeaa41afa62743698bff03d5b2d51fb6bca2d92294e8e177cfa3661b26f1c040e9bed983b7bc0aa154eb9c92e4ee25091318c53113a1c23ac62d2d71504cba99041f29a4f332133292cf20abec9222a2acca57cac48fa6c0668ee5eecb494741a64d33b011dcca74696d4614c5b45a5d20983b1708d365ed3ffa60f9161972a611c22642c3c259b41f943f6d7a8b60f284d325e38fe76f0645e069ff70cae38850ccf973193b6232c987df26239a574691f7f07fffa6deae1eb0324fe546573c36f2a2c31cd442517a9b036ae6a2a491e7343864693c107a5dc2585820863c146c1ba6caa4fea9b87d567716f4c8ca1a9d2848055cd750512d3b7415d090019dc8a04a1a1d28931093cd8f00e94c407ca1fa2a5ce903d9df26e008c07cd13afa783220e1bd5e6b60645f3dbb6ecb4156fedafa2dd25498c6a99d94f0b38125ea7741b75109dcac9f80635f79f5c8a0483bb9f05a3a5bf721c7541edb252449f8b13e63c370a6146332f03ca1f1b6fe0bed984f13744bb7fa0fe322e83ddf9ffb2083e94f33604a0a199220c450dad94bf154805e7f9e4350ca2d81adf2978c87dcc8a8a7d56297ec124bfef0d28f35777205e973272c87e01070f14f5b14daa3b5104d9ff6b296c4f16ed49eb42d35e7ba3bccb7a26c33a263df88aadd596e9d9de0abbd4d449df11081f2cd62e1d8962b9b9feb25a3b8e03537d61a61c11ac22b7211d12c84e60a6abcc219e558b2513d8c530b3c7a57cdc47de545aafbb2a13c0e6c75b1b92fa241c713c83a09c92b2b61d565120372a9143415583c9596f27a663d4967cd653b08cebd6cb96c1f0dc80d57267ac9a8281d7149bde880828ee27d69a6818db58320db29d1b044eaf6ab8a5108bc522de406990b5393b1f7e7bab71bf6cf8eed1cd59c7607d662e8b313f5c4fce0f59b1027371381011b63dd5b2b09739082c0d62ffad96e30153a395234937d377c32fe7af82aca3a19d0ebc4a5c5fb5ff190f14d5695c703b571fb4bf03756635cafc6cf6267eab836c347a9d07e8089fc105346934cf3364e5be370b3c42b94bc5ae3d17a817398566a2953251eb91697d67278145df9a4b917bcca1bf211780b22f4caacfcb7604c84f943d05f6fdf8edbd258d7d8dbf84f9d99e57472c5b1c2337d749a1f345e662e2536d23c7a63bbbbf00f8b5b0a2106a0342ab27b9a10b82e82668cd49e0cbb09d7be0217645f1dda3be59c8232fa290d34791cda52aa5b5cec6339ab96a2eb3f5328cc7c0e6717c2824344547a2ed518f6b2b4e4fe5b684596aa6a9d3988fc5d5ff4cb46cec99d951b8386b10949a163af974b7543df97b4882a4ed60e927a1deb67c5f814235bef65fea79a2c712815be7403c93a3707fb90d4604ec3a6a3b0928f253f6ab6bd56c958e026c8c58172c4ac2a3efe2ecd5cea70c8313f9ac2d638bc296ba99e2ca86d2fd06b5402cdcddc3f3c9845d5ae77f6f36963b91e8f6cdccd17abe8d40ed02463af4bb0e496344f350097f1cc13313fa1e172b63556ed2b8a8121c01a5fb343ff7767821626fc49b0d6bd522e1c9bf137d5a5bccb4bc8dbb64c83a82ef6c2894f3896c9f6bf0c3764011d53eeb6db9ea9dae22d3ebcca4942d5828c0bca0d9ea37701d5a06c066ac4fe318e11e9c0d6c658ac810fb5d7836cfffe4ccbb0934e5567d74695980a156d4bf1c18861c5a29ccd349999dc20562d00e1f6c1851ae563541086438d60b975c8ceb466414ff60efa0b2dee790fd0659ffa98b92414c13d5a6825368f56c4984412205041cd8e006c7127d4395ecdffb5addf80ef938ce54a367154c4fc286d5f969325c12b13655a9a956dd3b98281f537e837669fc55d8930676e807aa8cd046e0f4583d59f86cb99f3f7a7ddde1fb39111fdec7677d2fee4b8f4814a5def5ebcc67c653384ce80eaffd880405f7edf8fd3ea049f040595df4a75e2f892e7a85e0ba351fb8d263bfff7168bb85017b360fcd2ba89346682a6ea7ccc46afbdb5ab444e3f477238b2ab503bde914d3cf1789539cde9c0621152cd97bff9f235d88a1ef4ea4309db3a05d401af7fb82784b050ef529dab4f1f003eb29710a962f7538c521e617e2f0efac36182d09985e1d725cc38c3833a53742a02f76fb2854a9e45f0febacf3bda83f11183ef5b9fef02ebcdf56d4104b175bad937d8f61964f97d673577cdcbbb48d8eb62b063ee6563b9ff053719baff871bcd83822d865b2f7ef023076425ac5cd71b1f2309de0c6f14cc9c4d3e8fad945f756a7c8a084ea1bfdf5ac6e740043e7f7bdaca06774b084ae314c2636529d4fdcd965c7f8c07156572620b827d694efdc9d2bfc5aa9391220a83765f2c71fcd48d4acaed60afb53d1013fa3b15e948ec4159f7d130ef85b594018346e99034c18738285223ea53a6b1d5cf11a607de2e19608ba03ec970a915b773824261f3fc931dd6d3b934d89f07baf14776314c3eeb8cd0537ef5736f565fbd14e520d4ab2f77ed9597b76ff91f8d1f99ebd6e473efda7accb273975a06944d1037032129992b994ca791a09b4d83980a1e494b0f97098df5f6fb6bbb02722adb11dc319c565c2c363cbd19d9fb3efb4613b62d6584cd53f7bd80e3e89304f444ce9dd1835661e3bb4de02ccf568a2a5daaf0d56898d4286c3fb62e22af62d7ac318685834467f337561dde2e0c1e2827cdffcf42c17728ee64b3ff4ccc0227590badd0bd7e448b8cca0892d6a5e0130d2ac665f47c6b28daa101c1b319869bdd39fa924d6d9ba7d72feda5f21ac78641c7d4801d41c7879721b3be4dab40d9c4a78552440101f373489cc5240b0144a9ce32691a784b6dfe971a21bb5980ff67da2d1bb90b223c9e192a39c1aeadd1f5c790811079c0b51a97105c99b6f95d71bb3ea47c33d9dcb0a53c929c44499e184a3cd722c908d3b0d157e28ffdeb2ed7192e780d96a7a2f0fd5a87bdc973e049da0caf931f26f5a21813e2e602ceb2259997e0205ce48fd9424bd6d4d75dd4301f429ee30745cd839a40dbeab4c3db2f0f10bbaea071ca41d1392385681730a3678a5f60f604dbe19cb9d7dd234337e327451b8cc65394af399432ef7fc3765d055874ebdca14e5999292d6f72f31e92bacf25db5ef8f5212952c1910de06ddbe1687a0e1837922f2228289916ed3aeb7b9cc24da3ae47139e371930afa6d3573df6732c26c0c7ae06d9cedfa77160711bcb06e6553338deae4c5731cf53cc154113096d02f3036d7d9edfcdc331e4bb860c5208489212e904eab70e7f860b0379895cbdecbf7a0b7a25e5b853c7dbe08a4e296a30afec8cf5a9f6ea4aef32a508655d539a770b21e660c9ee1d7688c56abeb7cf1afccc8d59780cf26312589e0c8e1bc00ad7b1325cd9a5dd69246e0b33407c381ea09265154aec297e4ccdf9785a1042a83e77c13d4ce4360782f2428f9916b5cd123b089eb683d30c1e895b9944aa905a1a5b52301d8cc5e4741834ead6ebdb5dc05c9c49c5e883e99d40b9838037beaf876534d747856103e59caf6266fbbe760b6ef83d004634b74f14f8eb4aef93c4cc9cbbd78d83d532c70feef51ea3f170b25d81a6a9b074bfca7e9b3771bf83517e0dd9d0600f70b86b20f61fe36076f8bada334b2390fa954973bc901619a3cfd039349cb328625f495ab288dbdd6dbfd022c2a83f59e0b998619a12e35891b5ae9e83a71765507b4a571cd2241e5885c705244c1022688bef7c5065fbcf219fc01753adb611b3fbc09403dcb10a4f99d788667eff75fa27074ca8481a633530e26163ccf7dada049d23e717e067b6fa5b2f652bc50abda9e7ccdc5f2f3c35ecc2c4431c819c9691be4422e379750774e9f39dae06f26423c8a4278789c9f3111b43f6dd25b0ad47c4cc5fda3f3ed82079c9366e0adced883488f429c1d7e1b351fd0bb204dd7977ef224c4df6d7a5f7697bc6500a7d03a8a914154779fa7092bf1be6bad4092367ce5d295a5d5d0e7c469f372ca2011d612637025e89f178ae9ada0c5b73bcb7d7c034ff595263cd4216e3c76ba5f3d81932a088a90bf8043e877e299c670ef1622a098d5519d9adc4ee7d4cd00e5934a4375fa83fdb81214b892482b31bdde59a70aaf25cb7f417c3a2a91c4e54b48149f6c41d9d396ee6ff13e3028c64a7c9b1f2e7c6e67184a3d52d6f570db3d225c947423c4c6533f22df57d15c5e5a3183422bd378b06fe4732a9401dcb19840fb8fa5c50a0ff497fef362c507753e46b8881d3e767f3b1d893a3805941c94f2efa05ce34b9ea81d716984af6834230d4707a87089d40779503ee6a9bb245d7d997f14acb80e89731c042bbbbe3dcd05177b0ee0eec23455830ef5b65aca357f2b0b887e0b9821c0", 0x1000}, {&(0x7f0000000340)="b768eb20304f2fdc5a9694a4867840d93170ca1a86406f", 0x17}], 0x4, 0x0, 0x0, 0x8010}, 0x0)

1.36702827s ago: executing program 4 (id=2352):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x244200, 0x0)
sendmsg$nl_generic(r1, 0x0, 0xc000)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDARP(r3, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @remote}, 0x0, {0x2, 0x2, @private}, 'syz_tun\x00'})
utime(&(0x7f0000000000)='.\x00', 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000bc0)={0x28, 0x0, 0xffffffff, @local}, 0x10)
connect$vsock_stream(r5, &(0x7f00000001c0)={0x28, 0x0, 0x2710}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
r7 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
sendmmsg$inet(r7, &(0x7f0000003a40)=[{{&(0x7f00000003c0)={0x2, 0x1, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000540)="a9050000000074000000000035528c2771cc874d997efa5ff0850d2cf1bde5c064c60000", 0x24}], 0x1}}, {{&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000080)="ba0ac9697c3a940000edd9bb9449bfe71847200b", 0x14}], 0x1}}], 0x2, 0x840)

1.186749643s ago: executing program 3 (id=2360):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x18020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8002, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
unshare(0x26020480)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}, 0x16)
r3 = geteuid()
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8042, &(0x7f0000000800)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}], [{@permit_directio}, {@euid_eq={'euid', 0x3d, r3}}, {@fowner_eq={'fowner', 0x3d, r3}}, {@smackfsdef}, {@smackfsroot={'smackfsroot', 0x3d, '^@\x8e\xdb\x19('}}, {@smackfsfloor={'smackfsfloor', 0x3d, ',[[$}*:'}}, {@appraise_type}]}, 0x3, 0x4f3, &(0x7f00000012c0)="$eJzs3F1oXFUeAPD/nXz2a5vd7Xa33e5uut1lwxaTNq02D4JUFHxQECuojyFJS23aSJOCLVWmIPVRCr6Lj7764Kv6UsQnwdf6KEihSF/aCuLInbl3vjKTNJNkxpjfD27mnHtn7jnnnnvunHtO5gawbY2mf5JK+E5E7I2IQvMbRisvD+9fn3l0//pMFEulMz8m5Y89SOOZbDexK4uMFSIK7yW1DXUWr167MD0/P3c5i08sXXxrYvHqtSfOD2drpqaS/g4L1SK9tFwPDr67cOjAC2/cemmmuuc8tfpybJTRGG2VlbL/bnRiPbanLtxxvdF16fmfVtdAuf3vjb5YqfKKXcwZsNlKpVJpqP3mYqnZjWVrgC0rhnudA6A38i/69P43X1p1BAY3p/vRc/dOV26A0nI/zJaIf5VX5uMgA033txtpNCJeL/70UbrEJo1DAADU++J03hNs6v+NVGZGfr5y+5n09Q/ZHMpIRPwxIv4UEX+OiH0R8ZeI2B8Rf42IvzXtvy8iSiukP9oUr6ZfnYQq3N2goraU9v+ezua20qU291UNjfRlsT0ReYd57lh2TMZiYOjs+fm54yuk8eVz337Qblt9/y9d0jzkfcEsH3f7mwboZqeXpjsr7XL3bkQc7K+Vv9L/TfojkupMQBIRByLi4Br2O1IXPv//Tw5VIwON71u9/GWllvNoGzDPVPo44n+V+i9GtfzRMImYNMxPXpw+N3du7tLk1NTJE8dPPTX55MRwzM8dm0jPgmMt0/j6m5svt0t/1fJ/9n3zR54/9fmZrGWtX1r/O+vO/8jnb2vlH0kikup87eLa07j53ftt72k6Pf8Hk1fL4fy+9O3ppaXLxyMGkxeXr5+sfTaPp69RrJR/7Ejz+V9Ot3yNy4/E3yMiPYn/ERH/jModYpr3wxHx74g4skL5v3r2P292Xv7NlZZ/NhrLX6n5hvqvzde3CyTZ3GDDpsFIA30XDt951Obi8Xj1f7IcGsvWtL7+JQ2XiHY5zb/t0jW/rPvoAQAAwNZQiIjddWNJu6NQGB+vjAHti52F+YXFpaNnF65cmk23RYzEQCEf6aqMBw8k+fjnSF18sil+Ihs3/rBvRzk+PrMwP9vTkgO7ym0+KYxHvNZX1/5TP2zMEDPwW+b3WrB9rdT+0078/ltdzAzQVY///X/7nU3NCNB1de2/3S/8ix383xewBbj/B2pWf9CPawZsfSVtGba1NbX/ox4CCL8n/fFKNVzoaU6AbtP/h21p1d/1rytQGmq9aTiWvzmGV95hX3SWjR0t0upJIO1Z9ST1HZ18Kn+aQtv3RGFtOxyKxjWDHdbp2XUejeLlxXP7ayd//myRdR7nUva/8htdg592pZ22CnT9UgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALApfg0AAP//XhrXwA==")
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f00000007c0)=@acquire={0x168, 0x17, 0x8, 0x70bd25, 0x25dfdbfc, {{@in=@remote, 0x4d3, 0x32}, @in=@loopback, {@in=@remote, @in=@rand_addr=0x64010101, 0x4e24, 0x5, 0x4e24, 0x8, 0x2, 0x20, 0x0, 0x6}, {{@in=@dev={0xac, 0x14, 0x14, 0x3a}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x0, 0x4e22, 0x8, 0xa, 0x80, 0x20, 0x2b}, {0x200, 0x100000001, 0x7f, 0x1, 0x1, 0x7, 0xda16, 0x3}, {0x1, 0x8, 0x7, 0x4e0577e7}, 0x401, 0x6e6bb7, 0x1, 0x0, 0x6}, 0x8, 0xf7f, 0x4, 0x70bd27}, [@replay_val={0x10, 0xa, {0x70bd2d, 0x70bd25, 0x5}}, @XFRMA_IF_ID={0x8, 0x1f, 0x5}, @address_filter={0x28, 0x1a, {@in=@private=0xa010102, @in=@multicast1, 0xa, 0x9, 0xc8}}]}, 0x168}, 0x1, 0x0, 0x0, 0x44}, 0xc861)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r4 = timerfd_create(0x8, 0x0)
read(r4, &(0x7f0000000380)=""/189, 0x8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2c, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20854}, 0x0)
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x28}}, 0x0)
r7 = io_uring_setup(0x6c4, &(0x7f0000000080)={0x0, 0x4075, 0x18, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

1.103500954s ago: executing program 2 (id=2364):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000)=0x10000000000000, 0xffffff6a)
r2 = creat(&(0x7f0000000580)='./bus\x00', 0x0)
io_setup(0x1, &(0x7f0000000040)=<r3=>0x0)
io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x15, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x1a00001a}])
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'dummy0\x00'})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000b40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0x4000006}, 0x18)
removexattr(&(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000004c0)=@known='user.incfs.metadata\x00')
r5 = socket(0x10, 0x3, 0x0)
setsockopt(r2, 0x9, 0x5, &(0x7f0000000380)="31660e3cf939028a3a4567d3ba412a4857634cd0eaa2454c63eb5be5264e33f2ec6b4b81737af1ebdc794b029a43db009b6f5c67aaebca824a4f5102da3efe5c51abd8d7fd1a888c6dbf7db14be116b8d3857670f93529803f7a9c1011c9fc756b8e79b13699227a3b886e", 0x6b)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000000000000000000014", @ANYRES8=0x0, @ANYRES32=r5], 0x30}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[], 0x44}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00'}, 0x10)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x90, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x64, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xe, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0xfffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0xa}}, @TCA_U32_INDEV={0x14, 0x8, 'netdevsim0\x00'}]}}]}, 0x90}}, 0x24040084)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000800)='start_task_reaping\x00'}, 0x18)
socket$rds(0x15, 0x5, 0x0)

964.451946ms ago: executing program 3 (id=2370):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x2, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x10000002}, 0x18)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)

876.885957ms ago: executing program 3 (id=2371):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16=<r1=>0xffffffffffffffff], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r2, &(0x7f0000000000)=0x10000000000000, 0xffffff6a)
r3 = creat(&(0x7f0000000580)='./bus\x00', 0x0)
io_setup(0x1, &(0x7f0000000040)=<r4=>0x0)
io_submit(r4, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x15, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x1a00001a}])
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'dummy0\x00'})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES32=r1], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000b40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r6, 0x0, 0x4000006}, 0x18)
removexattr(&(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000004c0)=@known='user.incfs.metadata\x00')
setsockopt(r3, 0x9, 0x5, &(0x7f0000000380)="31660e3cf939028a3a4567d3ba412a4857634cd0eaa2454c63eb5be5264e33f2ec6b4b81737af1ebdc794b029a43db009b6f5c67aaebca824a4f5102da3efe5c51abd8d7fd1a888c6dbf7db14be116b8d3857670f93529803f7a9c1011c9fc756b8e79b13699227a3b886e", 0x6b)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000000000000000000014", @ANYRES8=0x0, @ANYRES32], 0x30}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[], 0x44}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00'}, 0x10)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x90, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x64, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xe, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0xfffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0xa}}, @TCA_U32_INDEV={0x14, 0x8, 'netdevsim0\x00'}]}}]}, 0x90}}, 0x24040084)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000800)='start_task_reaping\x00'}, 0x18)
socket$rds(0x15, 0x5, 0x0)

688.34278ms ago: executing program 1 (id=2375):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = accept$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'lo\x00'})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6)
sendmsg$nl_xfrm(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={0x0, 0x124}}, 0x0)
socket$rds(0x15, 0x5, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r7}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000000c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r11}, 0x2c, {[{@version_9p2000}]}})
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @empty}, {0x0, @link_local}, 0xa, {0x2, 0x0, @multicast2}, 'lo\x00'})
r12 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="9feb010018000000000000007501000075010000050000000100000000000010020000000c000000040000050900000003000000050000000300000003000000050000000800000001000000040000000800000001000000010000000f0000000e00000000000007000000000a00000008000005368300000a00000005000000060000000100000005000000400000000f00000004000000100000000f000000030000000200000002000000050000006c0500000d000000020000a5156796d7505b620003000000050000000300000002000000008000000a0000000000000c02000000000000000600000d0000000005000000030000000d000000000000000f0000000200000001000000040000000a0000000100000006000000040000000e00000002000084090000000700000002000000000200000d0000000000000010f100000c0000000000000202000000060000000000000200000000070000000300000f010000000400000006000000ff0700000100000007000000fbffffff05000000ff000000000000000600000000002e6100"], &(0x7f00000002c0)=""/46, 0x195, 0x2e, 0x0, 0x100, 0x0, @void, @value}, 0x28)
writev(r12, &(0x7f00000000c0)=[{0x0}], 0x1)

660.76654ms ago: executing program 1 (id=2377):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(0xffffffffffffffff)
write$P9_RLERRORu(r2, &(0x7f0000000500)=ANY=[@ANYBLOB='S\x00'], 0x53)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000100)={0x8, @local, 0x4e22, 0x4, 'none\x00', 0x4, 0x7e, 0x7b}, 0x2c)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='bic\x00', 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0xc, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x25, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = io_uring_setup(0x6280, &(0x7f0000000580)={0x0, 0x90000000, 0x1, 0x0, 0x1d2})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000002700)=""/4096, 0x1000}], &(0x7f0000000200), 0x1}, 0x20)

602.199961ms ago: executing program 1 (id=2378):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$ext4(&(0x7f00000002c0)='ext3\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f0000000300)={[{@noauto_da_alloc}, {@errors_remount}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
r2 = socket(0x10, 0x803, 0x6)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) (async)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
socket$inet(0x2, 0x2, 0x0) (async)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000900)={0x2, 0x4e23, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x60000000}, 0x800)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x24000084}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xc}, {0xfffb}, {0xfff1, 0x3d}}}, 0x24}}, 0x0)

601.309171ms ago: executing program 2 (id=2379):
r0 = syz_open_dev$usbfs(0x0, 0x77, 0x41341)
ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000000240))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x109c78ee, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
mlockall(0x7)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0xfeffff, 0xf7, 0x0, &(0x7f0000000700)="c45c573d395de5b2891a7d637a223920f181c2e57d71483cfb2d075a3fa67258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb89", 0x0, 0xf0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x85}, 0x4000000)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000006, 0x12, r4, 0xe93f6000)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x52}, 0x7cdd68a1db89a483)
r5 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c)
sendmsg(r5, &(0x7f00000000c0)={0x0, 0x9588, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)

490.841593ms ago: executing program 1 (id=2381):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x2, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="0500000004000000080000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x10000002}, 0x18)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)

490.219283ms ago: executing program 4 (id=2382):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP")
openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080), 0x18)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000000)=<r3=>0x0)
syz_open_procfs$namespace(r3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=0x0], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000034ed00000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x2d)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001380)=@newtfilter={0x74, 0x2c, 0xd2b, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0x9}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_POLICE={0x40, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x8, 0x0, 0xec95, 0xffffffff, {0x7, 0x1, 0x8000, 0xc, 0xeb, 0xf}, {0x5, 0x2, 0x8, 0x3, 0x101, 0x5c}, 0x9, 0x3, 0x3}}]}]}}]}, 0x74}}, 0x24044094)

457.171643ms ago: executing program 1 (id=2385):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb57ae0fffc5a2a630b00c145", 0x18, 0xffffffffffffffff)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xfff0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff3, 0xfff2}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0)

430.609434ms ago: executing program 4 (id=2386):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = gettid()
socket$packet(0x11, 0x3, 0x300)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x8c, r3, 0x1, 0x0, 0x0, {0x37}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}]}, 0x8c}}, 0x0)
preadv2(r1, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x5, 0xa5d4}, 0x4c58, 0x5, 0x0, 0x1, 0x8, 0x20002, 0x7, 0x0, 0x0, 0x0, 0x1000000000002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$netlink(r2, &(0x7f00000000c0)=@unspec, 0xc)
r4 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x2000c16, &(0x7f0000000000)={[{@usrquota}, {@acl}]}, 0xfb, 0x257, &(0x7f0000000b00)="$eJzs3U9oFFccB/DfzO42TbKUtL0USv9AKaUNhPRW6CW9tBAoIZRSaAsppfSiJEJM8JZ48uJBj6KSk5cg3oweJZfgRRE8Rc0hXgQNHgweVFjZnQTyTxOzmx1xPh+YzEzy5v3eMPN9ExaGDaCweiJiICJKEdEbEZWISDY2+DJbetZ2ZzoXRiJqtd8eJ4122X5m/bjuiJiOiB8iYj5N4lA5YnLur+Wni798c3Ki8vWFuT8723qSa1aWl35dPT904vLg95M3bz8cSmIgqpvOq/WSHX5XTiI+Oohib4mknPcI2IvhY5fu1HP/cUR81ch/JdLILt6p8ffmK/HduVcde/rRrU/bOVag9Wq1Sv0ZOF0DCieNiGokaV9EZNtp2teX/Q9/t9SVHh4bP9r7/9jE6H95z1RAq1Qjln6+2nGle0v+H5Sy/APvqOxDqaXfh2fv1TdWS3kPCGiLz7JV/fnf+8/UtyH/UDjyD8Ul/1Bc8g/FJf9QXPIPxSX/UFzyD8Ul/1Bc+87/mRcHNyigLTbmHwAollrHvt4abv2LyEDb5T3/AAAAAAAAAAAAAAAAAAAA2810LoysL63psbxri+tnI1Z+yppur19qfB9xxPuNn11Pkk09Jnuq8Hp/f9FkB026mPPb1x/cz7f+jc/zrT81GjF9PCL6y+Xt91+ydv/t34e7/L3yb5MF3lCyZf/HP9pbf6vns/nWH1yMuFaff/p3mn/S+KSx3nn+qdavX5P1jzxrsgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa5mUAAAD//7FLbdg=")
r5 = getpid()
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r6 = getpgrp(0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000d80)=ANY=[@ANYBLOB="78030000160000022abd7000ffdbdf2513000000180044800400f9800800a500", @ANYRES32=r5, @ANYBLOB="0800b200", @ANYRES32, @ANYBLOB="0700310061636c00040006000c004b000500000000000000268171c759ad96d3387f5daea9acbeadef668d39e20f230ece4571c7976c1fc6f4b6d0f546e1918a16a05d4cc4d4bab33c70c870bb73c08aff5de3d63efc2e275206f13f1ebdd587836c6c07bff0df3ba67409209f5f5dd51171e2412631fb199dcfcbd8a3c6e8082e72dfb549e7ef98808760a6a2ed2efa2c78be82cb9cedc4d0083f2cf2221ffdd9b012853c3a227b490a47066eb498f3fdb6a36f5c342c2a77e3e6035dc287a08505b84ff5b0d6ad4fb2dede8bc3b460ab133c46247646a0c7cf9450676f446303b0220c824cdec195e8ac220b03377436ab5fc2264c5f33c5eae86cf88f5ebe752fbf086cc910cba042211060ea277169c89c88cf940494b7a48dd04a1d5a680c9de78228e1c016c2fb4d11039c0e9fe8b48f0d765fba80f12821c10b5bb31568ff6606df9ad5232d995b54523b7b62a29e9640d51711e8b75cdd15aeb1974366422560c6b764017e800900d90065787434000000000c00a800090000000000000026001200cbd85df6329157c6a1abc33bd48f50f011e4bd1511f330a91feaea730b2796d0b20300004ba9c89fffe9834157e561286905e442e86cd49715797bf370518ceb9bdf96f37bcce9255eba5753824fc27e80d4f200aa6770bfc7407b798b170b8b5223d282627b02ba185805d4597193eb9686ae9db4e3b7770524c357188508009400", @ANYRES32=r4, @ANYBLOB="08001100", @ANYRES32=r4, @ANYBLOB="563e47ce18654aba28116e727817cc81c79ebd78337652f91eed9b7ed26f989c162d79d1eec0840a920ba4b79fd46d0584f8d64983c0e1677a8cc496281f6509a43a25196f3ce6075b820965c2da3a0190f92e4e51ea361334fe6b20f200eb352b66e10ec90b7a30f558c9da8541a4049ac010635d53156895c2d0d31542c5ce6eade66b41827dfbef9afe2691e8144735300fd9170a8ac6d48b46c2666ecac127a10840ed8f9a49ba2e29d704541f76201de09e4bb8637d003880e59d7daea3132fa4abe2428985c09186bf2446218825d1d737e743d0e9bb5dce5673360c81000000000000007535f7109225847dea648c487042e34524ec17a1d414001d00fe8000000000000000000000000000aa08006c000000000008008300f8d8b6e4ae77038eb0973d05b39fa60ea633b29f4f8d55162e95419640ad802b74010529a65ecc3f125f1992757d84e149dcc323231d02d48a9371cf85bc6ac0d656eaaa7365b0a1e72d3aa777479203844e10b5441304097b9a251bb0d4a2bd3fd2e72898598497c5f72fdaa462e579dd681a0aeec46bdb6e16ffffd3f62b5a3c6afcbe2ff10aba7906aa5cd6f177d5f4144aaf68d0f1c4fc643f8defa60a41edfd83b4bda81048700687c4728f65bd51af04ff61d6b8394432c70e56c0", @ANYRES32, @ANYBLOB="0400b4800800d400", @ANYRES32=r6, @ANYBLOB="0400e680040053800000000000"], 0x378}, 0x1, 0x0, 0x0, 0x40000}, 0x8c0)
r7 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45)
ioctl$FS_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000140))
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x48241, 0x0)
pwrite64(r8, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61)
ioctl$EXT4_IOC_MIGRATE(r7, 0x6609)

362.105465ms ago: executing program 0 (id=2387):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = accept$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'lo\x00'})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6)
sendmsg$nl_xfrm(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={0x0, 0x124}}, 0x0)
socket$rds(0x15, 0x5, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r7}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000000c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r11}, 0x2c, {[{@version_9p2000}]}})
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @empty}, {0x0, @link_local}, 0xa, {0x2, 0x0, @multicast2}, 'lo\x00'})
r12 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="9feb010018000000000000007501000075010000050000000100000000000010020000000c000000040000050900000003000000050000000300000003000000050000000800000001000000040000000800000001000000010000000f0000000e00000000000007000000000a00000008000005368300000a00000005000000060000000100000005000000400000000f00000004000000100000000f000000030000000200000002000000050000006c0500000d000000020000a5156796d7505b620003000000050000000300000002000000008000000a0000000000000c02000000000000000600000d0000000005000000030000000d000000000000000f0000000200000001000000040000000a0000000100000006000000040000000e00000002000084090000000700000002000000000200000d0000000000000010f100000c0000000000000202000000060000000000000200000000070000000300000f010000000400000006000000ff0700000100000007000000fbffffff05000000ff000000000000000600000000002e6100"], &(0x7f00000002c0)=""/46, 0x195, 0x2e, 0x0, 0x100, 0x0, @void, @value}, 0x28)
writev(r12, &(0x7f00000000c0)=[{0x0}], 0x1)

361.752655ms ago: executing program 0 (id=2388):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94)
r6 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x21e}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(r6, 0x47fa, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r9=>0xffffffffffffffff})
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r9, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x40032043, 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r5, 0x0, 0x9}, 0x18)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newsa={0x138, 0x10, 0x713, 0x70bd26, 0x0, {{@in=@loopback, @in6=@local, 0x4e22, 0x0, 0x0, 0x3fff}, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x400000}, {0xffffffff}, 0xfffffffc, 0x0, 0xa, 0x4, 0x2, 0x2f}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x4054}, 0x0)
socket$key(0xf, 0x3, 0x2)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r11 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
dup(r10)
writev(r11, &(0x7f0000000480)=[{&(0x7f00000002c0)='\f7', 0x2}], 0x1)
bind$rds(r0, 0x0, 0x0)

361.187315ms ago: executing program 1 (id=2389):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000)=0x10000000000000, 0xffffff6a)
r2 = creat(&(0x7f0000000580)='./bus\x00', 0x0)
io_setup(0x1, &(0x7f0000000040)=<r3=>0x0)
io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x15, 0x0, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x1a00001a}])
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'dummy0\x00'})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000b40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0x4000006}, 0x18)
removexattr(&(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000004c0)=@known='user.incfs.metadata\x00')
r5 = socket(0x10, 0x3, 0x0)
setsockopt(r2, 0x9, 0x5, &(0x7f0000000380)="31660e3cf939028a3a4567d3ba412a4857634cd0eaa2454c63eb5be5264e33f2ec6b4b81737af1ebdc794b029a43db009b6f5c67aaebca824a4f5102da3efe5c51abd8d7fd1a888c6dbf7db14be116b8d3857670f93529803f7a9c1011c9fc756b8e79b13699227a3b886e", 0x6b)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000000000000000000014", @ANYRES8=0x0, @ANYRES32=r5], 0x30}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[], 0x44}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00'}, 0x10)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x90, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x64, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0xe, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0xfffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0xa}}, @TCA_U32_INDEV={0x14, 0x8, 'netdevsim0\x00'}]}}]}, 0x90}}, 0x24040084)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000800)='start_task_reaping\x00'}, 0x18)
socket$rds(0x15, 0x5, 0x0)

268.978906ms ago: executing program 2 (id=2390):
r0 = open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffb)
sendfile(r0, r0, 0x0, 0x800000009)
ioctl$TIOCGWINSZ(r0, 0x5413, &(0x7f00000000c0))
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
creat(&(0x7f0000000100)='./file0\x00', 0x101)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
acct(&(0x7f00000001c0)='./file0\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = syz_io_uring_setup(0x10b, &(0x7f0000000580)={0x0, 0xd736, 0x8, 0x0, 0x3d9}, &(0x7f00000003c0)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80, 0x6000})
io_uring_enter(r2, 0x1c3a, 0xe176, 0x22, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x9)
connect$netlink(r5, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$NL80211_CMD_DEL_TX_TS(r5, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x20, 0x0, 0x8, 0x70bd2a, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x4, 0x17}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4000004}, 0x40010)

268.496716ms ago: executing program 0 (id=2391):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000001c0)=@newqdisc={0x468, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x43c, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x0, 0x4, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25cf, 0x800000, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x20000, 0xfffffffd, 0x0, 0x400000, 0x0, 0x4, 0x0, 0x8000, 0x0, 0x0, 0xd, 0xffffad55, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000, 0x0, 0xfffffffd, 0x0, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x80000000, 0xfffffffa, 0x7fffffff, 0x9, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x400000, 0x7b2, 0x0, 0x0, 0x0, 0x6, 0x0, 0x5, 0xfffffefe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x100000, 0x10001, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x5, 0x7, 0xd4, 0xc, 0x5, 0x0, 0x0, 0x0, 0x3032, 0x0, 0x1, 0x0, 0x6, 0x8, 0x0, 0x1, 0x0, 0x7, 0x0, 0x0, 0x8, 0x0, 0x1, 0x20000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x3ff, 0xfffffffc, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0xa, 0x0, 0x0, 0x40000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4]}, @TCA_TBF_RATE64={0xc}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x1}, {0x2, 0x0, 0x5, 0x0, 0x0, 0xb4d}}}]}}]}, 0x468}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffe2, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x800)
recvmmsg(0xffffffffffffffff, &(0x7f0000002b80)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000001540)=""/132, 0x84}, {&(0x7f0000001600)=""/228, 0xe4}, {0x0}, {&(0x7f0000000a00)=""/38, 0x26}, {&(0x7f0000002800)=""/153, 0x99}, {&(0x7f00000028c0)=""/182, 0xb6}, {&(0x7f0000002a00)=""/148, 0x94}], 0x7}, 0x592}], 0x4, 0x40012100, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = syz_io_uring_setup(0x1725, &(0x7f0000000080)={0x0, 0x0, 0x80, 0x400002, 0x9c}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000200)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000240)=0xfffffc04, 0x0, 0x4)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
unshare(0x28000600)
syz_io_uring_submit(r7, r8, &(0x7f0000000180)=@IORING_OP_MKDIRAT={0x25, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)='./file0\x00', 0x84, 0x0, 0x1})
io_uring_enter(r6, 0x264b, 0x4, 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
sync()
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r9)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r10, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054)

200.703657ms ago: executing program 0 (id=2392):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009e0000000b"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x14, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x4}, 0x18)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000f3, 0x8, 0x0, 0x0}}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
kexec_load(0x0, 0x0, &(0x7f0000000140), 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
request_key(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000140)='\\\\@[*#)\x00', 0xfffffffffffffffe)
copy_file_range(0xffffffffffffffff, &(0x7f00000002c0)=0x5a56, 0xffffffffffffffff, &(0x7f0000000300)=0x4, 0x7fffffffffffffff, 0x0)

153.789938ms ago: executing program 4 (id=2393):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200), 0x244200, 0x0)
sendmsg$nl_generic(r1, 0x0, 0xc000)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDARP(r3, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @remote}, 0x0, {0x2, 0x2, @private}, 'syz_tun\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000bc0)={0x28, 0x0, 0xffffffff, @local}, 0x10)
connect$vsock_stream(r5, &(0x7f00000001c0)={0x28, 0x0, 0x2710}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
r7 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
sendmmsg$inet(r7, &(0x7f0000003a40)=[{{&(0x7f00000003c0)={0x2, 0x1, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000540)="a9050000000074000000000035528c2771cc874d997efa5ff0850d2cf1bde5c064c60000", 0x24}], 0x1}}, {{&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000080)="ba0ac9697c3a940000edd9bb9449bfe71847200b", 0x14}], 0x1}}], 0x2, 0x840)

121.220348ms ago: executing program 2 (id=2394):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x80000, 0x0, 0x0, 0xa}, {}, 0x0, 0x0, 0x0, 0x0, 0x2}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000c"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x3)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f0000"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r3, 0x0, 0x8000000000000}, 0x18)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)

105.711999ms ago: executing program 0 (id=2395):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x0, &(0x7f0000000080)})
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))

77.130789ms ago: executing program 3 (id=2396):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000007c0)='ext4\x00', &(0x7f00000006c0)='./file1\x00', 0x40, &(0x7f00000000c0)={[{@user_xattr}, {@nodioread_nolock}]}, 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP")
openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080), 0x18)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000000)=<r3=>0x0)
syz_open_procfs$namespace(r3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=0x0], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000034ed00000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x2d)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001380)=@newtfilter={0x74, 0x2c, 0xd2b, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0x9}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_POLICE={0x40, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x8, 0x0, 0xec95, 0xffffffff, {0x7, 0x1, 0x8000, 0xc, 0xeb, 0xf}, {0x5, 0x2, 0x8, 0x3, 0x101, 0x5c}, 0x9, 0x3, 0x3}}]}]}}]}, 0x74}}, 0x24044094)

62.574929ms ago: executing program 2 (id=2397):
socket$packet(0x11, 0x3, 0x300)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x5}, 0x18)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmsg$tipc(r2, &(0x7f00000003c0)={&(0x7f0000000180), 0x10, 0x0, 0x0, 0x0, 0x0, 0x8010}, 0x0)

666.11µs ago: executing program 0 (id=2398):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = accept$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'lo\x00'})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6)
sendmsg$nl_xfrm(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={0x0, 0x124}}, 0x0)
socket$rds(0x15, 0x5, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r7}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000000c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r11}, 0x2c, {[{@version_9p2000}]}})
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @empty}, {0x0, @link_local}, 0xa, {0x2, 0x0, @multicast2}, 'lo\x00'})
r12 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="9feb010018000000000000007501000075010000050000000100000000000010020000000c000000040000050900000003000000050000000300000003000000050000000800000001000000040000000800000001000000010000000f0000000e00000000000007000000000a00000008000005368300000a00000005000000060000000100000005000000400000000f00000004000000100000000f000000030000000200000002000000050000006c0500000d000000020000a5156796d7505b620003000000050000000300000002000000008000000a0000000000000c02000000000000000600000d0000000005000000030000000d000000000000000f0000000200000001000000040000000a0000000100000006000000040000000e00000002000084090000000700000002000000000200000d0000000000000010f100000c0000000000000202000000060000000000000200000000070000000300000f010000000400000006000000ff0700000100000007000000fbffffff05000000ff000000000000000600000000002e6100"], &(0x7f00000002c0)=""/46, 0x195, 0x2e, 0x0, 0x100, 0x0, @void, @value}, 0x28)
writev(r12, &(0x7f00000000c0)=[{0x0}], 0x1)

0s ago: executing program 2 (id=2399):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000240)=0x10) (async)
mount(0x0, 0x0, 0x0, 0x1000, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r4, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x14a0, 0x2c, 0x4, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6, 0x1}, {0x1}, {0x6, 0x10}}, [@f_rsvp6={{0xa}, {0x1458, 0x2, [@TCA_RSVP_ACT={0x1440, 0x6, [@m_police={0x143c, 0x8, 0x0, 0x0, {{0xb}, {0x410, 0x2, 0x0, 0x1, [[@TCA_POLICE_RESULT={0x8, 0x5, 0x2}], [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x10000, 0x1, 0x317b, 0x8, 0x3, 0x0, 0x2, 0x62, 0x95e4, 0x9, 0x3, 0x1, 0x8001, 0x6, 0x2, 0x1ff, 0x6, 0xd, 0x0, 0x5, 0x59d4, 0x0, 0x3, 0x9, 0x7, 0xe, 0xe960, 0x3, 0x2, 0x4a74, 0xfffffff9, 0x0, 0x8, 0x3, 0x5, 0xd, 0xd, 0x200, 0xafd, 0x6, 0x100, 0x4, 0x2, 0x10, 0x3, 0xb8, 0x5, 0xfffffeff, 0x5d, 0xbcc, 0x1, 0x3ff, 0x2, 0x7fffffff, 0xff, 0x0, 0x2, 0x2, 0x6, 0x6, 0x7, 0x4, 0x1, 0x2, 0x2, 0xaa, 0xffff0001, 0xfffff1cb, 0xfffffffd, 0x0, 0x1, 0x80000000, 0x2, 0x8, 0x3, 0x5, 0x9, 0x9, 0xf9d0, 0xffff, 0x9, 0x7fffffff, 0x844, 0x2, 0x0, 0x5, 0x8, 0xfffffffe, 0xb, 0x6350852a, 0x7d99, 0x1, 0x7ff, 0x82e, 0x1, 0xe7b9, 0x7fff, 0x6, 0x3, 0x513d2f0a, 0x5, 0xe, 0x8, 0x3, 0x8, 0x6, 0x3, 0xffffff80, 0x9ac3, 0x8001, 0x1, 0x1, 0x6, 0x5, 0x3ff, 0xe, 0x1f6759d5, 0x2161, 0x5c, 0x2, 0x4, 0x8000, 0x0, 0x7, 0x5f, 0x6, 0xc4, 0x0, 0x6, 0xffff07c8, 0x1, 0xfffffffe, 0x5, 0x6, 0x3, 0x7fff, 0x96, 0x0, 0x81, 0x80000001, 0x1, 0x7, 0x10, 0x4, 0x3, 0x2, 0x4, 0x5, 0x6ce, 0x9, 0x5, 0x3, 0x8, 0x6, 0x0, 0x9a8, 0x80000000, 0x80000001, 0xb, 0x833f, 0x0, 0x101, 0xc, 0x9c9, 0x2, 0x3c, 0x873, 0xb78d, 0x6, 0x4, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5, 0xd7d, 0x20, 0x3, 0x2, 0x5, 0x7f, 0x7, 0x8, 0x8001, 0x0, 0xffffff00, 0x7, 0x6, 0x7, 0x1, 0x2, 0x4, 0x6, 0x8, 0xd6a, 0x5, 0x401, 0x5, 0x7ff, 0x4, 0x2, 0x4, 0x524e, 0x1, 0x100, 0x0, 0xffffff7f, 0x8, 0xffffff2a, 0x1, 0x8001, 0x21, 0x6, 0x2, 0x5, 0x2, 0xfffffff7, 0x92, 0x2, 0x3ff, 0x1ff, 0x7, 0x4, 0x7ff, 0xa, 0x100, 0x9, 0xf1, 0x4, 0x6, 0x400, 0x0, 0x1, 0x2, 0x9, 0xfffffe00, 0x733, 0xd5b, 0x8, 0x40, 0x51, 0x0, 0x7fff, 0x2, 0x7, 0x6, 0x0, 0xe, 0x8, 0x9, 0x2, 0x100, 0x5, 0xffffffff]}]]}, {0x1004, 0x6, "ac87583a161346b3cb25f4a14cae5982ef4cba8215a30d23368f341c173d20cffa4b3afef80566e172a235100dde939588a2e9bebf16ae232223eb811f01d171c7784885a7d19a70d7d811b4a5244b417259ee7d5dc3bc351c1a0e865046dacfdeddfa7b228caf5b8af018874318191c2d369c32de1cca621cda74ef29567321f7d55132d24e2d972fd605bb8b2babb6e995bb016d48eaff5ff76bf7675fd84952595ddf7fe4d83dacd6e843ff777a32200f15c0bd6b627a9773b0a78aab68468c8e0ddc5a35c92f541af8bebb1c58d0cf4184fa1d1411ce9b8b9dc3bc61a72d2cfe156a6869e3d61681e459960b6b4e11cc4a4bd9854d7ed47f4e9360ea600ba78fde5537fa0479f44e6d0ccb7f36c150edc57b6bf26cc22e6f21c0d7a9b4f56d92ca0071505737b7d66d72be89b22d2129011ba327298510a1fe71da77906b8ccc01c8dc2326598bed1342a065b38931d8519d1c3e2676bdba2071f215afebb92553a9a0e7710f236bd995bcbd0706bd049375f0e243b8346f10056d1f9de5c34e1ca219e86d1446bf04ac791fe72e5ef34c386748d6f9846cf329ee926b336830713bf8327c8037e804a9d21d4cc20812ef76fd566c2b0c348034121b73a66800463e6ddd3170db7217dd3f6476b7300f3c055e4ec08c0c9a0bfea552df06bda6d25537f26999333ac2418c509c89f3ae14bd9e9b8a60f254d7781a8825df89d12e66c8d382a135b5611dac60040917f25a58ebb09d17ab87f8ec5999b57236e347d85d5fa2c7253fe465b4c7f856084cf4e3e7489003db0a3d7c23ff55a3ace04fec758844fe0f06db40e50e3d5757be628f06b0f27e806b1124fc8dee5f108a1268b162f2f19bb25c6d204c979f3874a7684cad0ba89e5887f0d2dc8c0252f7028c7b57c4b55b69801ee300b52587ad0cdcb9c70c8f38314024ad4b91afa6a778f30a01b9aed29520994e39d4dd8c57adcffeb568989b456e55f0aded2a9f038d1203acb2f71c24bbc34d2c38a1dd0432245a373f4e4a50614033b2866e8d82410e538be5ef63115697295108c99b78a8409e21f1c9909f312aa1649aeee2508e94a277d93737db97d6f094bb45ee9f92ebd12a4d1915e65cebc815a7909724cfb58eb4dff231a345b309b26a84b4bade65ed6e2e3e52c302a1c75bf525541eb65d4cca1ea685c064d4888e4d676ff62b2872c307187e5e993b2b451ae5e636139a890a2ae6cdee78dda3334e3f4cd6067d5a1d252061bd733316d5420531027519b8a4e5c27e0cca457a850aad2b5413a6b4a5ddd55759da5a95746c41f28976e9ffdf21977c4c74e18960d4c287f845953230787769f20713aefe258d03e0004db770c48b0474db2b13f8b4ab2e33797ef54665e6662c2a29e2ea11fceffaa74b0dc84c860d4ffcdb601be1e561d9baa8572a856a5b573a4529958471f90db4a0731aa228b195490448ed26a300d2c78beb0ea2e66bb70fa9f2643a234535deffc9029b298b2cc39c503ecdd79fd3292d034e41ec8d3da1ea05e9b8272b871015585608617815048ef164e4e8d368dc55f8d62b11fa5d397e5dad6ed7389e5cf4fbf4643ccedf7b459c2f4e31d8408efe4b2721d56ec5dbd17759a6852394af63dcfde54b5f462227fb0f2b4a5126e55c6248a8c0cdbc89ed44cf29b68e7b41882ef8a3ecdb329abf69d3cbc40055187c9af25ea2038e70706e78c0e54d9960f7f82422132ac55f2760469d5d01aa484dfbc21862e38b64ad089ffb06a231bff4d5b9fcc14fe74a0d29981098a9fcd66013195784b84e73aa27f1ca878ddacdc5aa11d857007cf0897efd7211c8a7dcb356dbb33d6e20eb39b13517c6a68ee5ca389d05be0a277a5dd52b051828785a38360950e67aed6df74ed6ac5a59e1e27cb9e93da4fde3d5cb3c0eb253a0d3c7ae37491f9800a93fa5f38c52c73961fd7eccd20d62ec9234291218f25d76ca8a2e1e490e79222bcb445b43c0e555a7f61db32a195379b378e583e1de5a3f01fa9cd10a3b380e62e7e982f0347f690883322781ef2d813290117c923799adb9a3b34c3511224b746dc60483b9b1fa13f0a286c4d82b907b6b14a4bdb70cbb5317bb151d4483d19df976fca24ccf6076c401f1e185976fadd1df33124d265bb6d77499b28f531a2a42e08196da03221fe5d64035b1d4d02c2ffc0afbb45280d36ffff522884249078f9f87a48b76f2c9f593231a66b7b1494bfe3265e046f91f0ddb119e846ceb35505d47e627f412cfc46801828f5e3577c9cd122fbc0e34148a3aa63e5499fc3828ff61c07fac6055743ac9da72d12e49ae8793192f539a00ede88d6fb8791afc3b268d4d3c389254ca5330ba739aa6e6c71b83281b60b97ed5f96bf516a6911b9e7dcf3b0909e2501752f3d96cb34d13f0d94e67d808e8455e7b095292ea8abab0eebeea696f380aad9fa7b072df02c7ba0af552b491f288123bc9a89a46f06c4ce26d4a42dba16ab6f4b8fa69a4caf3c4f48628ed9ef545d3264a9aa25253f89b16af5dc9dba19c3f066c3d9f6a86b5e9abb34d5ada583b9c7fc89ed7b462419d9e75cae001ebe0ca67231736b307a92fefe625028d203a17f1563c7d4a4316f7549e2d6c8377b913e3940e5fd45436427af6587fd0f0e92fd882590747aca821f0beddb74ae801d9344b7f955515ecc1a7fdd4d248533d08ca157d17e0f2198360bdabdfd5e280cb2586932dc3a194591151936664b0ed8d005c81a0ee8813dd16f2308275419cfa8ee3a99a148a67e7da8c828fa9dda9ff4f9b12726d5d8cb9e365a02f126ae5c32a4e16b57f7cbfe4c307b147e03ac238cce9b52a940bcd0b154db5380939e9a5c666e3fc13fa6952cfc44ba482dc9b0788fef4327706b1dd47e4baa856a77878faa739c72385e40917a8e6f7769545508b3b7e5febdff37bee2e6cff54ed48de2243a1c9682fce56415b2dd79c54039cdf85689b075100202c9232f46204e53c08d2dbd3ecf814f52b66eb54c8394f2dad96236179fe9616c411d05ba2f0d5bf700d332dd874dca52cec722f371d5700cf57d4c1df5ca58c494c884ac41249d12ce57c35c9293d17b6c59df1d9f4f05bddc30a0019f8f2f2a1f87987783474558e83ece0d56651e1ef45af3eb689ccd6a1cd3843964cb366489b0b2eefff51e4c8290ee4a0b70c144cfd95f4c91357ce519a0690cf7bb8e5711143e9da34041669875c50d17bd2e88e3d6816f2880ee311bb7c8a8e2e99e7210bcd5587d2f4edfa626ba7808af78a2bafbdc3909b05f3814d3a2452de35d2c80212552f8143e5f73cae5e61b29afe7041e2fdf1dd0083a8cbdde8bad47cb1c38b9d0878070bf754daee0d65fa16f4a6547fd0e9a8d70c86a2742e27e5932ba4882fc7f66579559aea368ee72fe841c9116caab4de8d55880ee4e8901a117a1af7cc741b18e7bf24e78d88c8888c95726e4e166bff293a276862c678df2191b5e43221699207d3f0eb22df544f3a6de8fa784a7861644cd7e78b338c7d8742a0ccfdf927b763012220628d58830e5b641c6e54822d071cf94641efd6ba3a6cd1f7dd6ad749de7d54e4c8c93264d5ca370477a899c7c20572eb274bd8e458e8dbbfc0de588e839dc6bb559115f5157373a49a773230d144890dd5d8050c43daf0ccdecf2e765f30429702b9a111c2f8da7949f290f2b910cead6742692fbdaf4b2679ec36db83c6e98bc8f1e224274c750f301fe5140e94f6480c661417d85dd961fcd6786120d2b3c06a97b30befabd38a80a65c3bb50490184a216ddbaad6703510c198fcbcb09929d84c185f7053d647ce68c81eb4c7458d8394d9c9a9b927a562b11a503b320c033c4fbe8dd44cf8a138fb5bb8bfb569134d9cddeb65fe7eb8561a3b4e21d4590b1563a86923b42e13fc35167fb83258f7e141eafe0f57a7ed663266cbff3301767b0a1914d1f1316fe8b65ec7a5bc415fe4e1c2245676c2b18cf0dc0e1c51885fcbfcb129c6482e8afd76672464246afffeebddc85c5d0f7fd28a7684159a6e97f2768f112090d885c1a8e28544b0ca4828d2355af7340a1e622327940823972bfd38be3b174cedb43d6c7545be95826616561f7b0b49574365b8f2d90109f761f08cf00ba2040d97258d727d55a11feee4bd76e8deb7ade5e0b027a021ad403e76abd307d91b175333029e9880647b76129321951134df73504770d31509a1349ae88fefbe4f0ea7764b59f25cc2d58131633451b879d428682e60d40d599f9fa235ccc62d2f10eb630af8c8a3a9e23ef4a67ebae33dabfa87174dfd3edd1ae67faaca769382c5f603d1328f06279c643cf4e93aa687d564905249669b95a7643e3930fc923f703bfb0452415bf4391493587a396b66152b83252ecb268745cc8c576feb24c07a7dd355b87ea00ee0af87c830ca7df287b5ef99f1c103999592125a360a242f3981c6fcebe9997b0ebe76d61d1624f20bad9295faf8e28550d8f72b4c35ef7eedf2ba97e8c31e8a17cc3af69934e692d0eb675304d2ad973922a886cf38e1b830f6d770a3e1b0ef5aa781e0da91b7254291406add225f69f04467f5b748e186431093355b7e680c52ad9aaf00684d97b10b7eeeac79c510824019e56e23fd8c0455cec56a16d99e72e9c01010769c9d6520acfb06b5783cd3bb8a0d05ee0db98579634f3502c5846a9d7a58737330bb2727a71e226ec2132ad9b3fa81be869e280d5fec0a081c04a9f5011c2496fb11f8c75536537315b5004f783bc19ded9a79116099a4e7fe7f7e270e76557e42cbade1b03a21b7b2a2845bb9a0dc02bbaf61706c4e61977e45f87a73d47f8d81e7e1c572a30a083b22dbdabb28ffe35f527d0924faba5f1d4c844ec3d5f4a993fffec07c311cfd5e8c220943ca08bac4be1892934ad9498378df61f4dde0c76cebd6921aff05ab04481a58e0401cf2dda5da7ffdb5af9bb7e1d0079a8770c29139caa9c8860f5c885f6d423a8bbaa26c5a2fd699f06b021be5fe67fd8fce4cdbaa72e405f6668bc31adde9959418ea92b3f098224b948719f4b3e54eaba21622ed2dd5c0d3234b0c66b805860a4731c33e639e7201107e3097945c3de84c3a375bc6913cc0c11762bba44b2acde252c50bfc5bd14efef61df8f3f4f5f6f5a5db98940028ae97e2c41865fdd2d8ede90008c2b1b2e3ca27de4e06c150a3da83899014f2c2b5b5fc2c25a936b3a4d111ccf222dccac4e566fc75376e3236616b49747d002e53c5e0e6631910a532c119690d7cd21534afbc0c3e3ba9d1739485ac4c73072b850cdce2180af2bc2be805f7a56d9d8e05e99f271307912ffd5740e5e9536d14f7ae922007b9c733e7bc60417f2b8541b1492de79f2ba839d4bfa0343c4697299dc219995407a6edcdc7af050ba14a55a8d7177b1ec25fc97025d010d4443003ff6df3f00a381bda06f4839d66fec10b1c528c575e1352b4867294c9744ae18c1f7ad68fb2d7ad41ac0c4ac73bb09557a7d69ab5d5a5655b3a447eef2a2ca856d8037733f0b37e01fbe5035e6012f8505db05c672fb5e055454b1ea4282f69cfd5518c3b0828b9bcd2616121b29e74deccbdd101d51baa52d83acd22c4b978121d37fa1bfdc4afa9f4d34e05c385de9ad33ac45f648a2787fbb103e517ee2d0c37ec615e919af54aae7650350dbddf568c1c8a21da927ec63bb869edd86bdf41990e24c203eec3b92ee0b69262f37767ce56cbdfa4567d9d27904f5f403fa7b65dafa8ba0aa96e72418e845f4ccfd9e103e6459179b5fc84ce94339bdb9ebc495a54"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_RSVP_DST={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}]}}, @f_rsvp={{0x9}, {0xc, 0x2, [@TCA_RSVP_CLASSID={0x8, 0x1, {0x4, 0x10}}]}}]}, 0x14a0}, 0x1, 0x0, 0x0, 0x20000000}, 0x40045)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18) (async)
syz_clone(0x42000000, 0x0, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

4: attempt to access beyond end of device
[   91.563294][ T5799] loop2: rw=2049, sector=177, nr_sectors = 8 limit=128
[   91.609465][ T5799] syz.2.704: attempt to access beyond end of device
[   91.609465][ T5799] loop2: rw=2049, sector=193, nr_sectors = 8 limit=128
[   91.634909][ T5804] hub 1-0:1.0: USB hub found
[   91.639755][ T5804] hub 1-0:1.0: 8 ports detected
[   91.695151][ T5799] syz.2.704: attempt to access beyond end of device
[   91.695151][ T5799] loop2: rw=2049, sector=209, nr_sectors = 8 limit=128
[   91.725870][ T5799] syz.2.704: attempt to access beyond end of device
[   91.725870][ T5799] loop2: rw=2049, sector=225, nr_sectors = 8 limit=128
[   91.766418][ T5799] syz.2.704: attempt to access beyond end of device
[   91.766418][ T5799] loop2: rw=2049, sector=241, nr_sectors = 8 limit=128
[   91.797091][ T5799] syz.2.704: attempt to access beyond end of device
[   91.797091][ T5799] loop2: rw=2049, sector=257, nr_sectors = 8 limit=128
[   91.831459][ T5799] syz.2.704: attempt to access beyond end of device
[   91.831459][ T5799] loop2: rw=2049, sector=273, nr_sectors = 8 limit=128
[   91.863827][ T5799] syz.2.704: attempt to access beyond end of device
[   91.863827][ T5799] loop2: rw=2049, sector=289, nr_sectors = 8 limit=128
[   91.989085][ T5809] netlink: 4 bytes leftover after parsing attributes in process `syz.4.707'.
[   92.007693][ T5808] siw: device registration error -23
[   92.018989][ T5809] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   92.026565][ T5809] batman_adv: batadv0: Removing interface: batadv_slave_0
[   92.055206][ T5809] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   92.062649][ T5809] batman_adv: batadv0: Removing interface: batadv_slave_1
[   92.169932][ T5815] loop2: detected capacity change from 0 to 2048
[   92.241225][ T5815] lo speed is unknown, defaulting to 1000
[   92.313770][ T5817] hub 1-0:1.0: USB hub found
[   92.329573][ T5817] hub 1-0:1.0: 8 ports detected
[   92.371959][ T5822] loop3: detected capacity change from 0 to 2048
[   92.448740][ T5830] FAULT_INJECTION: forcing a failure.
[   92.448740][ T5830] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.462032][ T5830] CPU: 1 UID: 0 PID: 5830 Comm: syz.3.716 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[   92.462146][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   92.462159][ T5830] Call Trace:
[   92.462167][ T5830]  <TASK>
[   92.462177][ T5830]  __dump_stack+0x1d/0x30
[   92.462204][ T5830]  dump_stack_lvl+0xe8/0x140
[   92.462229][ T5830]  dump_stack+0x15/0x1b
[   92.462246][ T5830]  should_fail_ex+0x265/0x280
[   92.462273][ T5830]  should_fail+0xb/0x20
[   92.462371][ T5830]  should_fail_usercopy+0x1a/0x20
[   92.462400][ T5830]  _copy_to_user+0x20/0xa0
[   92.462433][ T5830]  simple_read_from_buffer+0xb5/0x130
[   92.462457][ T5830]  proc_fail_nth_read+0x100/0x140
[   92.462535][ T5830]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   92.462565][ T5830]  vfs_read+0x1a0/0x6f0
[   92.462663][ T5830]  ? __rcu_read_unlock+0x4f/0x70
[   92.462693][ T5830]  ? __fget_files+0x184/0x1c0
[   92.462724][ T5830]  ksys_read+0xda/0x1a0
[   92.462814][ T5830]  __x64_sys_read+0x40/0x50
[   92.462843][ T5830]  x64_sys_call+0x2d77/0x2fb0
[   92.462870][ T5830]  do_syscall_64+0xd2/0x200
[   92.462907][ T5830]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   92.462953][ T5830]  ? clear_bhb_loop+0x40/0x90
[   92.462975][ T5830]  ? clear_bhb_loop+0x40/0x90
[   92.463081][ T5830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.463109][ T5830] RIP: 0033:0x7f4a70a7d37c
[   92.463127][ T5830] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   92.463148][ T5830] RSP: 002b:00007f4a6f0e7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   92.463167][ T5830] RAX: ffffffffffffffda RBX: 00007f4a70ca5fa0 RCX: 00007f4a70a7d37c
[   92.463181][ T5830] RDX: 000000000000000f RSI: 00007f4a6f0e70a0 RDI: 0000000000000005
[   92.463212][ T5830] RBP: 00007f4a6f0e7090 R08: 0000000000000000 R09: 0000000000000000
[   92.463228][ T5830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.463243][ T5830] R13: 0000000000000000 R14: 00007f4a70ca5fa0 R15: 00007ffddca996e8
[   92.463267][ T5830]  </TASK>
[   92.721225][ T5832] netlink: 'syz.3.717': attribute type 4 has an invalid length.
[   92.774142][ T5834] loop2: detected capacity change from 0 to 2048
[   92.848163][ T5840] loop4: detected capacity change from 0 to 1024
[   92.869746][ T5842] loop3: detected capacity change from 0 to 128
[   92.870667][ T5844] netlink: 12 bytes leftover after parsing attributes in process `syz.1.722'.
[   92.906008][ T5840] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   92.950683][ T5850] loop2: detected capacity change from 0 to 764
[   92.986098][ T5850] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub
[   93.125541][ T5858] lo speed is unknown, defaulting to 1000
[   93.166340][ T5866] netlink: 16 bytes leftover after parsing attributes in process `syz.2.728'.
[   93.197822][ T5866] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[   93.206818][ T5866] xt_CT: You must specify a L4 protocol and not use inversions on it
[   93.289031][ T5872] netlink: 'syz.1.731': attribute type 4 has an invalid length.
[   93.356417][ T5876] loop1: detected capacity change from 0 to 2048
[   93.483822][ T5888] loop2: detected capacity change from 0 to 1024
[   93.526648][ T5890] tipc: Started in network mode
[   93.531639][ T5890] tipc: Node identity 725a17d20c42, cluster identity 4711
[   93.538930][ T5890] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   93.547876][ T5888] ext4 filesystem being mounted at /139/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.561109][ T5889] tipc: Disabling bearer <eth:syzkaller0>
[   93.670571][ T5894] netlink: 28 bytes leftover after parsing attributes in process `syz.1.740'.
[   93.679589][ T5894] netlink: 28 bytes leftover after parsing attributes in process `syz.1.740'.
[   93.714499][ T5894] loop1: detected capacity change from 0 to 128
[   93.932226][ T5894] buffer_io_error: 590 callbacks suppressed
[   93.932241][ T5894] Buffer I/O error on dev loop1, logical block 2065, async page read
[   93.992866][ T5912] netlink: 'syz.0.743': attribute type 4 has an invalid length.
[   94.063067][ T5894] Buffer I/O error on dev loop1, logical block 2066, async page read
[   94.126231][ T5894] Buffer I/O error on dev loop1, logical block 2067, async page read
[   94.180210][ T5894] Buffer I/O error on dev loop1, logical block 2068, async page read
[   94.193472][ T5894] Buffer I/O error on dev loop1, logical block 2069, async page read
[   94.202817][ T5894] Buffer I/O error on dev loop1, logical block 2070, async page read
[   94.211164][ T5894] Buffer I/O error on dev loop1, logical block 2071, async page read
[   94.236024][ T5894] Buffer I/O error on dev loop1, logical block 2072, async page read
[   94.248068][ T5894] Buffer I/O error on dev loop1, logical block 2065, async page read
[   94.256668][ T5894] Buffer I/O error on dev loop1, logical block 2066, async page read
[   94.304089][ T5928] loop1: detected capacity change from 0 to 2048
[   94.386622][ T5937] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   94.407352][ T5935] tipc: Disabling bearer <eth:syzkaller0>
[   94.528542][ T5943] loop2: detected capacity change from 0 to 8192
[   94.704510][ T5963] loop9: detected capacity change from 0 to 7
[   94.724046][ T5963]  loop9: unable to read partition table
[   94.791033][ T5964] loop1: detected capacity change from 0 to 512
[   94.848217][ T5963] loop_reread_partitions: partition scan of loop9 (þ被üŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[   94.848217][ T5963] 
Uªÿÿÿÿÿÿ) failed (rc=-5)
[   94.936367][ T5964] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   94.944513][ T5964] EXT4-fs (loop1): orphan cleanup on readonly fs
[   94.951456][ T5964] __quota_error: 128 callbacks suppressed
[   94.951470][ T5964] Quota error (device loop1): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[   94.967873][ T5964] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   94.983515][ T5964] EXT4-fs (loop1): Cannot turn on quotas: error -117
[   94.992077][ T5964] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.761: bg 0: block 40: padding at end of block bitmap is not set
[   95.008902][ T5964] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   95.018717][ T5964] EXT4-fs (loop1): 1 truncate cleaned up
[   95.114290][ T5968] xt_hashlimit: max too large, truncated to 1048576
[   95.134261][ T5968] netlink: '+}[@': attribute type 2 has an invalid length.
[   95.141742][ T5968] netlink: '+}[@': attribute type 1 has an invalid length.
[   95.162923][ T5970] FAULT_INJECTION: forcing a failure.
[   95.162923][ T5970] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   95.176196][ T5970] CPU: 1 UID: 0 PID: 5970 Comm: syz.0.765 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[   95.176231][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   95.176246][ T5970] Call Trace:
[   95.176254][ T5970]  <TASK>
[   95.176263][ T5970]  __dump_stack+0x1d/0x30
[   95.176287][ T5970]  dump_stack_lvl+0xe8/0x140
[   95.176373][ T5970]  dump_stack+0x15/0x1b
[   95.176394][ T5970]  should_fail_ex+0x265/0x280
[   95.176419][ T5970]  should_fail+0xb/0x20
[   95.176501][ T5970]  should_fail_usercopy+0x1a/0x20
[   95.176590][ T5970]  _copy_from_user+0x1c/0xb0
[   95.176625][ T5970]  lo_ioctl+0x290/0x15d0
[   95.176654][ T5970]  ? avc_has_extended_perms+0x73d/0x940
[   95.176753][ T5970]  ? blkdev_common_ioctl+0xad6/0x1ac0
[   95.176827][ T5970]  ? do_vfs_ioctl+0x9df/0x11d0
[   95.176854][ T5970]  ? selinux_file_ioctl+0x2e3/0x370
[   95.176956][ T5970]  ? __pfx_lo_ioctl+0x10/0x10
[   95.176981][ T5970]  ? __pfx_blkdev_ioctl+0x10/0x10
[   95.177073][ T5970]  blkdev_ioctl+0x34f/0x440
[   95.177133][ T5970]  __se_sys_ioctl+0xcb/0x140
[   95.177158][ T5970]  __x64_sys_ioctl+0x43/0x50
[   95.177201][ T5970]  x64_sys_call+0x19a8/0x2fb0
[   95.177290][ T5970]  do_syscall_64+0xd2/0x200
[   95.177347][ T5970]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   95.177383][ T5970]  ? clear_bhb_loop+0x40/0x90
[   95.177410][ T5970]  ? clear_bhb_loop+0x40/0x90
[   95.177439][ T5970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.177468][ T5970] RIP: 0033:0x7f74ceb8e969
[   95.177544][ T5970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.177621][ T5970] RSP: 002b:00007f74cd1f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   95.177646][ T5970] RAX: ffffffffffffffda RBX: 00007f74cedb5fa0 RCX: 00007f74ceb8e969
[   95.177662][ T5970] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000006
[   95.177678][ T5970] RBP: 00007f74cd1f7090 R08: 0000000000000000 R09: 0000000000000000
[   95.177696][ T5970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.177712][ T5970] R13: 0000000000000000 R14: 00007f74cedb5fa0 R15: 00007ffe90c5ab78
[   95.177738][ T5970]  </TASK>
[   95.189428][ T5968] lo speed is unknown, defaulting to 1000
[   95.409891][ T5972] loop3: detected capacity change from 0 to 1764
[   95.431814][ T5974] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   95.471235][ T5973] tipc: Disabling bearer <eth:syzkaller0>
[   95.530957][   T29] audit: type=1326 audit(1748891213.243:3249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5981 comm="syz.3.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[   95.562878][   T29] audit: type=1326 audit(1748891213.273:3250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5981 comm="syz.3.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[   95.586482][   T29] audit: type=1326 audit(1748891213.273:3251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5981 comm="syz.3.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[   95.609958][   T29] audit: type=1326 audit(1748891213.273:3252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5981 comm="syz.3.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[   95.633340][   T29] audit: type=1326 audit(1748891213.273:3253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5981 comm="syz.3.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[   95.657142][   T29] audit: type=1326 audit(1748891213.273:3254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5981 comm="syz.3.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[   95.680681][   T29] audit: type=1326 audit(1748891213.273:3255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5981 comm="syz.3.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[   95.704210][   T29] audit: type=1326 audit(1748891213.273:3256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5981 comm="syz.3.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[   95.727527][   T29] audit: type=1326 audit(1748891213.273:3257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5981 comm="syz.3.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[   95.796302][ T5997] loop3: detected capacity change from 0 to 128
[   95.834691][ T6002] loop2: detected capacity change from 0 to 512
[   95.842500][ T6002] ext4: Unknown parameter 'permit_directio'
[   95.853802][ T5997] ext4 filesystem being mounted at /182/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   95.976307][ T6009] syz.0.778 (6009): /proc/6007/oom_adj is deprecated, please use /proc/6007/oom_score_adj instead.
[   96.210641][ T6022] rdma_rxe: rxe_newlink: failed to add lo
[   96.238878][ T6024] syzkaller0: entered allmulticast mode
[   96.246264][ T6024] syzkaller0 (unregistering): left allmulticast mode
[   96.304092][ T6011] loop1: detected capacity change from 0 to 2048
[   96.488958][ T6034] loop1: detected capacity change from 0 to 2048
[   96.647498][ T6042] netlink: 28 bytes leftover after parsing attributes in process `syz.1.791'.
[   96.656682][ T6042] netlink: 28 bytes leftover after parsing attributes in process `syz.1.791'.
[   96.719403][ T6042] loop1: detected capacity change from 0 to 128
[   96.737284][ T6042] bio_check_eod: 214 callbacks suppressed
[   96.737301][ T6042] syz.1.791: attempt to access beyond end of device
[   96.737301][ T6042] loop1: rw=0, sector=2065, nr_sectors = 1 limit=128
[   96.772232][ T6042] syz.1.791: attempt to access beyond end of device
[   96.772232][ T6042] loop1: rw=0, sector=2066, nr_sectors = 1 limit=128
[   96.797237][ T6042] syz.1.791: attempt to access beyond end of device
[   96.797237][ T6042] loop1: rw=0, sector=2067, nr_sectors = 1 limit=128
[   96.838770][ T6042] syz.1.791: attempt to access beyond end of device
[   96.838770][ T6042] loop1: rw=0, sector=2068, nr_sectors = 1 limit=128
[   96.852706][ T4908] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   96.856740][ T6054] loop2: detected capacity change from 0 to 512
[   96.875275][ T6042] syz.1.791: attempt to access beyond end of device
[   96.875275][ T6042] loop1: rw=0, sector=2069, nr_sectors = 1 limit=128
[   96.898390][ T6042] syz.1.791: attempt to access beyond end of device
[   96.898390][ T6042] loop1: rw=0, sector=2070, nr_sectors = 1 limit=128
[   96.923827][ T6054] ext4 filesystem being mounted at /143/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   96.963550][ T6042] syz.1.791: attempt to access beyond end of device
[   96.963550][ T6042] loop1: rw=0, sector=2071, nr_sectors = 1 limit=128
[   97.007092][ T6042] syz.1.791: attempt to access beyond end of device
[   97.007092][ T6042] loop1: rw=0, sector=2072, nr_sectors = 1 limit=128
[   97.027690][ T6051] syz.1.791: attempt to access beyond end of device
[   97.027690][ T6051] loop1: rw=0, sector=2065, nr_sectors = 1 limit=128
[   97.045279][ T6051] syz.1.791: attempt to access beyond end of device
[   97.045279][ T6051] loop1: rw=0, sector=2066, nr_sectors = 1 limit=128
[   97.068810][ T6063] netlink: 'syz.2.798': attribute type 4 has an invalid length.
[   97.134968][ T6068] loop1: detected capacity change from 0 to 2048
[   97.135655][ T6069] No such timeout policy "syz0"
[   97.205056][ T6068] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[   97.268867][ T3315] Trying to write to read-only block-device loop1
[   97.313718][ T6089] sch_tbf: burst 0 is lower than device lo mtu (18) !
[   97.404255][ T6098] loop2: detected capacity change from 0 to 128
[   97.419232][ T6097] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   97.480261][ T6095] tipc: Disabling bearer <eth:syzkaller0>
[   97.480547][ T6098] ext4 filesystem being mounted at /147/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   97.677454][ T6105] netlink: 1212 bytes leftover after parsing attributes in process `syz.4.813'.
[   97.711686][ T6108] lo speed is unknown, defaulting to 1000
[   97.856569][ T6115] loop4: detected capacity change from 0 to 512
[   97.863411][ T6115] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   97.883227][ T6114] syzkaller0: entered allmulticast mode
[   97.900706][ T6114] syzkaller0 (unregistering): left allmulticast mode
[   97.907549][ T6115] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec028, mo2=0102]
[   97.915701][ T6115] System zones: 1-12
[   97.922112][ T6115] EXT4-fs (loop4): 1 truncate cleaned up
[   97.934440][ T6115] EXT4-fs warning (device loop4): ext4_group_extend:1862: can't shrink FS - resize aborted
[   98.235626][ T6133] loop3: detected capacity change from 0 to 2048
[   98.499414][ T6144] loop2: detected capacity change from 0 to 764
[   98.517717][ T3322] EXT4-fs unmount: 27 callbacks suppressed
[   98.517738][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.621499][ T6150] netlink: 28 bytes leftover after parsing attributes in process `syz.4.829'.
[   98.805315][ T6174] loop2: detected capacity change from 0 to 8192
[   98.824309][ T6183] syzkaller0: entered allmulticast mode
[   98.839611][ T6183] syzkaller0 (unregistering): left allmulticast mode
[   98.886980][ T6174] vfat: Unknown parameter 'vfat'
[   99.177882][ T6224] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[   99.198109][ T6228] hub 1-0:1.0: USB hub found
[   99.201520][ T6229] netlink: 'syz.4.846': attribute type 1 has an invalid length.
[   99.202922][ T6228] hub 1-0:1.0: 8 ports detected
[   99.272376][ T6234] syzkaller0: entered allmulticast mode
[   99.297053][ T6234] syzkaller0 (unregistering): left allmulticast mode
[   99.349442][ T6258] loop2: detected capacity change from 0 to 128
[   99.392838][ T6258] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[   99.408299][ T6258] ext4 filesystem being mounted at /162/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   99.440703][ T6271] netlink: 4 bytes leftover after parsing attributes in process `syz.4.852'.
[   99.965531][ T3316] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   99.989941][ T6313] loop4: detected capacity change from 0 to 512
[  100.114603][ T6313] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  100.148208][ T6313] ext4 filesystem being mounted at /125/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  100.284714][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.288457][   T29] kauditd_printk_skb: 258 callbacks suppressed
[  100.288476][   T29] audit: type=1400 audit(1748891218.025:3516): avc:  denied  { ioctl } for  pid=6311 comm="syz.4.862" path="/125/file1/file1" dev="loop4" ino=15 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  100.389565][ T6320] loop2: detected capacity change from 0 to 512
[  100.425349][ T6320] Quota error (device loop2): v2_read_file_info: Free block number 1 out of range (1, 6).
[  100.451255][ T6320] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  100.482795][ T6320] EXT4-fs (loop2): mount failed
[  100.519112][ T6335] netlink: 12 bytes leftover after parsing attributes in process `syz.2.865'.
[  100.535693][   T29] audit: type=1400 audit(1748891218.343:3517): avc:  denied  { create } for  pid=6334 comm="syz.2.865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  100.555336][   T29] audit: type=1400 audit(1748891218.343:3518): avc:  denied  { listen } for  pid=6334 comm="syz.2.865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  100.574722][   T29] audit: type=1400 audit(1748891218.343:3519): avc:  denied  { accept } for  pid=6334 comm="syz.2.865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  100.614759][ T6340] lo speed is unknown, defaulting to 1000
[  100.653007][   T29] audit: type=1326 audit(1748891218.466:3520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6344 comm="syz.4.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  100.676477][   T29] audit: type=1326 audit(1748891218.466:3521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6344 comm="syz.4.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  100.700014][   T29] audit: type=1326 audit(1748891218.466:3522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6344 comm="syz.4.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  100.723438][   T29] audit: type=1326 audit(1748891218.466:3523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6344 comm="syz.4.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  100.746831][   T29] audit: type=1326 audit(1748891218.466:3524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6344 comm="syz.4.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  100.796480][ T6350] loop4: detected capacity change from 0 to 2048
[  100.919069][ T6367] netlink: 'syz.1.872': attribute type 1 has an invalid length.
[  100.940314][ T6372] netlink: 209820 bytes leftover after parsing attributes in process `syz.4.874'.
[  100.950119][ T6372] netlink: zone id is out of range
[  101.096848][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  101.168948][ T6412] FAULT_INJECTION: forcing a failure.
[  101.168948][ T6412] name failslab, interval 1, probability 0, space 0, times 0
[  101.182142][ T6412] CPU: 1 UID: 0 PID: 6412 Comm: syz.4.882 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[  101.182254][ T6412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  101.182267][ T6412] Call Trace:
[  101.182276][ T6412]  <TASK>
[  101.182287][ T6412]  __dump_stack+0x1d/0x30
[  101.182317][ T6412]  dump_stack_lvl+0xe8/0x140
[  101.182400][ T6412]  dump_stack+0x15/0x1b
[  101.182436][ T6412]  should_fail_ex+0x265/0x280
[  101.182466][ T6412]  should_failslab+0x8c/0xb0
[  101.182501][ T6412]  kmem_cache_alloc_noprof+0x50/0x310
[  101.182542][ T6412]  ? getname_flags+0x80/0x3b0
[  101.182578][ T6412]  ? fput+0x8f/0xc0
[  101.182618][ T6412]  getname_flags+0x80/0x3b0
[  101.182656][ T6412]  __x64_sys_execve+0x42/0x70
[  101.182740][ T6412]  x64_sys_call+0x13ab/0x2fb0
[  101.182784][ T6412]  do_syscall_64+0xd2/0x200
[  101.182833][ T6412]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  101.182872][ T6412]  ? clear_bhb_loop+0x40/0x90
[  101.182963][ T6412]  ? clear_bhb_loop+0x40/0x90
[  101.182994][ T6412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.183024][ T6412] RIP: 0033:0x7f7ce19ee969
[  101.183045][ T6412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.183071][ T6412] RSP: 002b:00007f7ce0057038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  101.183098][ T6412] RAX: ffffffffffffffda RBX: 00007f7ce1c15fa0 RCX: 00007f7ce19ee969
[  101.183199][ T6412] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[  101.183216][ T6412] RBP: 00007f7ce0057090 R08: 0000000000000000 R09: 0000000000000000
[  101.183245][ T6412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  101.183261][ T6412] R13: 0000000000000000 R14: 00007f7ce1c15fa0 R15: 00007ffcd554ecb8
[  101.183287][ T6412]  </TASK>
[  101.421147][ T6424] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.886' sets config #0
[  101.421386][ T6424] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.886' sets config #1
[  101.626663][ T6440] netlink: 20 bytes leftover after parsing attributes in process `syz.4.891'.
[  101.635936][ T6440] netlink: 4 bytes leftover after parsing attributes in process `syz.4.891'.
[  101.895803][ T6466] hub 1-0:1.0: USB hub found
[  101.895908][ T6466] hub 1-0:1.0: 8 ports detected
[  101.961420][ T6468] loop4: detected capacity change from 0 to 2048
[  102.265941][ T6497] netlink: 'syz.4.909': attribute type 10 has an invalid length.
[  102.268317][ T6497] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  102.387055][ T6505] hub 1-0:1.0: USB hub found
[  102.391916][ T6505] hub 1-0:1.0: 8 ports detected
[  102.412806][ T6507] syzkaller0: entered allmulticast mode
[  102.435966][ T6511] loop2: detected capacity change from 0 to 2048
[  102.453637][ T6507] syzkaller0 (unregistering): left allmulticast mode
[  102.620085][ T6514] loop4: detected capacity change from 0 to 8192
[  102.705496][ T6524] veth0: entered promiscuous mode
[  102.719073][ T6524] netlink: 4 bytes leftover after parsing attributes in process `syz.2.918'.
[  102.742079][ T6524] veth0 (unregistering): left promiscuous mode
[  102.775689][ T6525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.915'.
[  103.393328][ T6544] FAULT_INJECTION: forcing a failure.
[  103.393328][ T6544] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  103.406891][ T6544] CPU: 0 UID: 0 PID: 6544 Comm: syz.3.926 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[  103.406992][ T6544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  103.407014][ T6544] Call Trace:
[  103.407023][ T6544]  <TASK>
[  103.407034][ T6544]  __dump_stack+0x1d/0x30
[  103.407058][ T6544]  dump_stack_lvl+0xe8/0x140
[  103.407152][ T6544]  dump_stack+0x15/0x1b
[  103.407168][ T6544]  should_fail_ex+0x265/0x280
[  103.407227][ T6544]  should_fail_alloc_page+0xf2/0x100
[  103.407255][ T6544]  __alloc_frozen_pages_noprof+0xff/0x360
[  103.407279][ T6544]  alloc_pages_mpol+0xb3/0x250
[  103.407400][ T6544]  alloc_pages_noprof+0x90/0x130
[  103.407438][ T6544]  __pmd_alloc+0x47/0x470
[  103.407462][ T6544]  handle_mm_fault+0x19d1/0x2be0
[  103.407485][ T6544]  ? __rcu_read_unlock+0x4f/0x70
[  103.407572][ T6544]  do_user_addr_fault+0x3fe/0x1090
[  103.407623][ T6544]  exc_page_fault+0x62/0xa0
[  103.407649][ T6544]  asm_exc_page_fault+0x26/0x30
[  103.407737][ T6544] RIP: 0010:rep_movs_alternative+0x33/0x90
[  103.407766][ T6544] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d eb 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  103.407847][ T6544] RSP: 0018:ffffc900012e7de0 EFLAGS: 00050216
[  103.407863][ T6544] RAX: 0000000000000003 RBX: 0000000000000020 RCX: 0000000000000020
[  103.407876][ T6544] RDX: 0000000000000000 RSI: ffffc900012e7e18 RDI: 0000200000000e00
[  103.407888][ T6544] RBP: 0000000000000002 R08: 0000000000000599 R09: 0000000000000000
[  103.407908][ T6544] R10: 0001c900012e7e18 R11: 0001c900012e7e37 R12: 0000200000000e20
[  103.407933][ T6544] R13: 00007ffffffff000 R14: 0000200000000e00 R15: ffffc900012e7e18
[  103.407982][ T6544]  _copy_to_user+0x7c/0xa0
[  103.408056][ T6544]  __se_sys_msgctl+0x1e7/0x290
[  103.408196][ T6544]  __x64_sys_msgctl+0x43/0x50
[  103.408229][ T6544]  x64_sys_call+0x28e9/0x2fb0
[  103.408286][ T6544]  do_syscall_64+0xd2/0x200
[  103.408325][ T6544]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  103.408359][ T6544]  ? clear_bhb_loop+0x40/0x90
[  103.408380][ T6544]  ? clear_bhb_loop+0x40/0x90
[  103.408441][ T6544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.408469][ T6544] RIP: 0033:0x7f4a70a7e969
[  103.408494][ T6544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.408519][ T6544] RSP: 002b:00007f4a6f0e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000047
[  103.408595][ T6544] RAX: ffffffffffffffda RBX: 00007f4a70ca5fa0 RCX: 00007f4a70a7e969
[  103.408608][ T6544] RDX: 0000200000000e00 RSI: 000000000000000c RDI: 0000000000000000
[  103.408622][ T6544] RBP: 00007f4a6f0e7090 R08: 0000000000000000 R09: 0000000000000000
[  103.408637][ T6544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  103.408652][ T6544] R13: 0000000000000001 R14: 00007f4a70ca5fa0 R15: 00007ffddca996e8
[  103.408732][ T6544]  </TASK>
[  103.799700][ T6554] netlink: 28 bytes leftover after parsing attributes in process `syz.4.930'.
[  103.799741][ T6554] netlink: 28 bytes leftover after parsing attributes in process `syz.4.930'.
[  103.823682][ T6554] loop4: detected capacity change from 0 to 128
[  103.826185][ T6554] bio_check_eod: 190 callbacks suppressed
[  103.826207][ T6554] syz.4.930: attempt to access beyond end of device
[  103.826207][ T6554] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128
[  103.826232][ T6554] buffer_io_error: 392 callbacks suppressed
[  103.826244][ T6554] Buffer I/O error on dev loop4, logical block 2065, async page read
[  103.826266][ T6554] syz.4.930: attempt to access beyond end of device
[  103.826266][ T6554] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128
[  103.826290][ T6554] Buffer I/O error on dev loop4, logical block 2066, async page read
[  103.826306][ T6554] syz.4.930: attempt to access beyond end of device
[  103.826306][ T6554] loop4: rw=0, sector=2067, nr_sectors = 1 limit=128
[  103.826349][ T6554] Buffer I/O error on dev loop4, logical block 2067, async page read
[  103.826368][ T6554] syz.4.930: attempt to access beyond end of device
[  103.826368][ T6554] loop4: rw=0, sector=2068, nr_sectors = 1 limit=128
[  103.826391][ T6554] Buffer I/O error on dev loop4, logical block 2068, async page read
[  103.826406][ T6554] syz.4.930: attempt to access beyond end of device
[  103.826406][ T6554] loop4: rw=0, sector=2069, nr_sectors = 1 limit=128
[  103.826426][ T6554] Buffer I/O error on dev loop4, logical block 2069, async page read
[  103.826497][ T6554] syz.4.930: attempt to access beyond end of device
[  103.826497][ T6554] loop4: rw=0, sector=2070, nr_sectors = 1 limit=128
[  103.826590][ T6554] Buffer I/O error on dev loop4, logical block 2070, async page read
[  103.826638][ T6554] syz.4.930: attempt to access beyond end of device
[  103.826638][ T6554] loop4: rw=0, sector=2071, nr_sectors = 1 limit=128
[  103.826658][ T6554] Buffer I/O error on dev loop4, logical block 2071, async page read
[  103.826674][ T6554] syz.4.930: attempt to access beyond end of device
[  103.826674][ T6554] loop4: rw=0, sector=2072, nr_sectors = 1 limit=128
[  103.826700][ T6554] Buffer I/O error on dev loop4, logical block 2072, async page read
[  103.826762][ T6554] syz.4.930: attempt to access beyond end of device
[  103.826762][ T6554] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128
[  103.826790][ T6554] Buffer I/O error on dev loop4, logical block 2065, async page read
[  103.826807][ T6554] syz.4.930: attempt to access beyond end of device
[  103.826807][ T6554] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128
[  103.826826][ T6554] Buffer I/O error on dev loop4, logical block 2066, async page read
[  104.017106][ T6568] siw: device registration error -23
[  104.157312][ T6572] loop4: detected capacity change from 0 to 8192
[  104.384582][ T6580] loop3: detected capacity change from 0 to 8192
[  105.026308][ T6604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.939'.
[  105.041422][ T6605] netlink: 'syz.0.943': attribute type 298 has an invalid length.
[  105.411326][   T29] kauditd_printk_skb: 260 callbacks suppressed
[  105.411341][   T29] audit: type=1326 audit(1748891223.321:3785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6615 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  105.412764][   T29] audit: type=1326 audit(1748891223.321:3786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6615 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  105.412803][   T29] audit: type=1326 audit(1748891223.321:3787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6615 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  105.412943][   T29] audit: type=1326 audit(1748891223.321:3788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6615 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  105.412979][   T29] audit: type=1326 audit(1748891223.321:3789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6615 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  105.413014][   T29] audit: type=1326 audit(1748891223.321:3790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6615 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  105.413044][   T29] audit: type=1326 audit(1748891223.321:3791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6615 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  105.413121][   T29] audit: type=1326 audit(1748891223.321:3792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6615 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  105.413150][   T29] audit: type=1326 audit(1748891223.321:3793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6615 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  105.413241][   T29] audit: type=1326 audit(1748891223.321:3794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6615 comm="syz.1.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  105.478698][ T6626] loop3: detected capacity change from 0 to 2048
[  105.669231][ T6640] loop2: detected capacity change from 0 to 2048
[  105.734887][ T6647] futex_wake_op: syz.3.960 tries to shift op by -1; fix this program
[  105.757225][ T6640] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.789466][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.795272][ T6647] loop3: detected capacity change from 0 to 2048
[  105.818899][ T6647] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.114719][ T6682] netlink: 'syz.0.972': attribute type 27 has an invalid length.
[  106.115086][ T6682] netlink: 4 bytes leftover after parsing attributes in process `syz.0.972'.
[  106.139723][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.155338][ T6682] netlink: 12 bytes leftover after parsing attributes in process `syz.0.972'.
[  106.167280][ T6682] netlink: 4 bytes leftover after parsing attributes in process `syz.0.972'.
[  106.167324][ T6682] netlink: 4 bytes leftover after parsing attributes in process `syz.0.972'.
[  106.167375][ T6682] netlink: 4 bytes leftover after parsing attributes in process `syz.0.972'.
[  106.310730][ T6699] netlink: 'syz.1.977': attribute type 1 has an invalid length.
[  106.338748][ T6701] loop4: detected capacity change from 0 to 512
[  106.388549][ T6701] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.401359][ T6701] ext4 filesystem being mounted at /162/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  106.460258][ T6712] loop2: detected capacity change from 0 to 512
[  106.511699][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.524791][ T6712] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.524911][ T6712] ext4 filesystem being mounted at /182/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  106.527013][ T6712] FAULT_INJECTION: forcing a failure.
[  106.527013][ T6712] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  106.562293][ T6712] CPU: 0 UID: 0 PID: 6712 Comm: syz.2.981 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[  106.562327][ T6712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  106.562343][ T6712] Call Trace:
[  106.562351][ T6712]  <TASK>
[  106.562362][ T6712]  __dump_stack+0x1d/0x30
[  106.562389][ T6712]  dump_stack_lvl+0xe8/0x140
[  106.562416][ T6712]  dump_stack+0x15/0x1b
[  106.562447][ T6712]  should_fail_ex+0x265/0x280
[  106.562552][ T6712]  should_fail+0xb/0x20
[  106.562570][ T6712]  should_fail_usercopy+0x1a/0x20
[  106.562592][ T6712]  _copy_from_user+0x1c/0xb0
[  106.562623][ T6712]  file_ioctl+0xbe/0x530
[  106.562672][ T6712]  do_vfs_ioctl+0x943/0x11d0
[  106.562697][ T6712]  ? selinux_file_ioctl+0x2e3/0x370
[  106.562759][ T6712]  ? __fget_files+0x184/0x1c0
[  106.562791][ T6712]  __se_sys_ioctl+0x82/0x140
[  106.562827][ T6712]  __x64_sys_ioctl+0x43/0x50
[  106.562938][ T6712]  x64_sys_call+0x19a8/0x2fb0
[  106.562960][ T6712]  do_syscall_64+0xd2/0x200
[  106.562991][ T6712]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  106.563086][ T6712]  ? clear_bhb_loop+0x40/0x90
[  106.563113][ T6712]  ? clear_bhb_loop+0x40/0x90
[  106.563139][ T6712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.563160][ T6712] RIP: 0033:0x7faca45be969
[  106.563228][ T6712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.563273][ T6712] RSP: 002b:00007faca2c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  106.563313][ T6712] RAX: ffffffffffffffda RBX: 00007faca47e5fa0 RCX: 00007faca45be969
[  106.563397][ T6712] RDX: 00002000000003c0 RSI: 0000000040305829 RDI: 0000000000000004
[  106.563409][ T6712] RBP: 00007faca2c27090 R08: 0000000000000000 R09: 0000000000000000
[  106.563424][ T6712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.563445][ T6712] R13: 0000000000000000 R14: 00007faca47e5fa0 R15: 00007ffce62d4e28
[  106.563480][ T6712]  </TASK>
[  106.596443][ T6720] loop3: detected capacity change from 0 to 512
[  106.607569][ T6720] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  106.613334][ T6720] EXT4-fs (loop3): 1 truncate cleaned up
[  106.613807][ T6720] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.620760][ T6723] loop4: detected capacity change from 0 to 764
[  106.634082][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.718091][ T6732] netlink: 'syz.4.989': attribute type 1 has an invalid length.
[  106.720452][ T6730] loop2: detected capacity change from 0 to 2048
[  106.820786][ T6744] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  106.820900][ T6744] SELinux: failed to load policy
[  106.823915][ T6744] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  106.999194][ T6755] loop4: detected capacity change from 0 to 512
[  107.040137][ T6755] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  107.041704][ T6755] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.996: invalid block
[  107.061385][ T6755] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.996: invalid indirect mapped block 4294967295 (level 1)
[  107.061551][ T6755] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.996: invalid indirect mapped block 4294967295 (level 1)
[  107.061998][ T6755] EXT4-fs (loop4): 2 truncates cleaned up
[  107.104219][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.111600][ T6755] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.166171][ T6764] loop3: detected capacity change from 0 to 2048
[  107.166616][ T6764] EXT4-fs: Ignoring removed mblk_io_submit option
[  107.169856][ T6755] EXT4-fs (loop4): shut down requested (2)
[  107.192836][ T6764] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.196396][ T6764] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  107.204401][ T6755] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.236142][ T6769] loop2: detected capacity change from 0 to 128
[  107.245301][ T6769] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  107.245502][ T6769] ext4 filesystem being mounted at /187/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  107.258900][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.302803][ T6772] loop3: detected capacity change from 0 to 512
[  107.305594][ T6772] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  107.313989][ T6772] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.1000: invalid block
[  107.314140][ T6772] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1000: invalid indirect mapped block 4294967295 (level 1)
[  107.314328][ T6772] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1000: invalid indirect mapped block 4294967295 (level 1)
[  107.314604][ T6772] EXT4-fs (loop3): 2 truncates cleaned up
[  107.315061][ T6772] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.332138][ T6772] EXT4-fs (loop3): shut down requested (2)
[  107.335816][ T6772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.361922][ T6775] netlink: 'syz.4.1001': attribute type 1 has an invalid length.
[  107.559882][ T3316] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  107.576930][ T6787] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=6787 comm=syz.0.1007
[  107.589601][ T6787] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=6787 comm=syz.0.1007
[  107.634414][ T6787] IPv6: Can't replace route, no match found
[  107.634696][ T6787] __nla_validate_parse: 6 callbacks suppressed
[  107.634709][ T6787] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1007'.
[  107.696309][ T6801] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  107.697352][ T6800] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1012'.
[  107.697373][ T6800] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1012'.
[  108.336031][ T6825] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1022'.
[  108.381184][ T6830] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1024'.
[  108.390330][ T6830] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1024'.
[  108.843178][ T6854] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=6854 comm=syz.1.1030
[  108.908200][ T6857] loop2: detected capacity change from 0 to 1024
[  108.964169][ T6857] ext4: Unknown parameter 'uid<00000000000000004480'
[  109.042744][ T6853] Process accounting resumed
[  109.227569][ T6872] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1036'.
[  109.227590][ T6872] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1036'.
[  109.264577][ T6872] loop2: detected capacity change from 0 to 128
[  109.383189][ T6872] bio_check_eod: 190 callbacks suppressed
[  109.383231][ T6872] syz.2.1036: attempt to access beyond end of device
[  109.383231][ T6872] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[  109.383261][ T6872] buffer_io_error: 190 callbacks suppressed
[  109.383313][ T6872] Buffer I/O error on dev loop2, logical block 2065, async page read
[  109.383336][ T6872] syz.2.1036: attempt to access beyond end of device
[  109.383336][ T6872] loop2: rw=0, sector=2066, nr_sectors = 1 limit=128
[  109.383364][ T6872] Buffer I/O error on dev loop2, logical block 2066, async page read
[  109.383384][ T6872] syz.2.1036: attempt to access beyond end of device
[  109.383384][ T6872] loop2: rw=0, sector=2067, nr_sectors = 1 limit=128
[  109.383431][ T6872] Buffer I/O error on dev loop2, logical block 2067, async page read
[  109.383452][ T6872] syz.2.1036: attempt to access beyond end of device
[  109.383452][ T6872] loop2: rw=0, sector=2068, nr_sectors = 1 limit=128
[  109.383478][ T6872] Buffer I/O error on dev loop2, logical block 2068, async page read
[  109.383499][ T6872] syz.2.1036: attempt to access beyond end of device
[  109.383499][ T6872] loop2: rw=0, sector=2069, nr_sectors = 1 limit=128
[  109.383593][ T6872] Buffer I/O error on dev loop2, logical block 2069, async page read
[  109.383614][ T6872] syz.2.1036: attempt to access beyond end of device
[  109.383614][ T6872] loop2: rw=0, sector=2070, nr_sectors = 1 limit=128
[  109.383641][ T6872] Buffer I/O error on dev loop2, logical block 2070, async page read
[  109.383661][ T6872] syz.2.1036: attempt to access beyond end of device
[  109.383661][ T6872] loop2: rw=0, sector=2071, nr_sectors = 1 limit=128
[  109.383688][ T6872] Buffer I/O error on dev loop2, logical block 2071, async page read
[  109.383705][ T6872] syz.2.1036: attempt to access beyond end of device
[  109.383705][ T6872] loop2: rw=0, sector=2072, nr_sectors = 1 limit=128
[  109.383887][ T6872] Buffer I/O error on dev loop2, logical block 2072, async page read
[  109.383919][ T6872] syz.2.1036: attempt to access beyond end of device
[  109.383919][ T6872] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[  109.383947][ T6872] Buffer I/O error on dev loop2, logical block 2065, async page read
[  109.383968][ T6872] syz.2.1036: attempt to access beyond end of device
[  109.383968][ T6872] loop2: rw=0, sector=2066, nr_sectors = 1 limit=128
[  109.384057][ T6872] Buffer I/O error on dev loop2, logical block 2066, async page read
[  109.474091][ T6889] loop2: detected capacity change from 0 to 128
[  109.560794][ T6893] loop2: detected capacity change from 0 to 512
[  109.715591][ T6893] ext4: Unknown parameter 'permit_directio'
[  109.885292][ T6911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1048'.
[  109.915408][ T6913] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1049'.
[  110.018717][ T6898] rdma_rxe: rxe_newlink: failed to add lo
[  110.207724][ T6949] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125
[  110.208446][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  110.628390][   T29] kauditd_printk_skb: 554 callbacks suppressed
[  110.628409][   T29] audit: type=1326 audit(1748891228.625:4349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  110.628499][   T29] audit: type=1326 audit(1748891228.625:4350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  110.628609][   T29] audit: type=1326 audit(1748891228.625:4351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  110.653813][   T29] audit: type=1326 audit(1748891228.625:4352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  110.733815][   T29] audit: type=1326 audit(1748891228.625:4353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  110.733852][   T29] audit: type=1326 audit(1748891228.625:4354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  110.733953][   T29] audit: type=1326 audit(1748891228.625:4355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  110.733988][   T29] audit: type=1326 audit(1748891228.625:4356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  110.827789][   T29] audit: type=1326 audit(1748891228.625:4357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  110.851352][   T29] audit: type=1326 audit(1748891228.625:4358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6983 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  111.231056][ T7033] loop2: detected capacity change from 0 to 512
[  111.292970][ T7033] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  111.362456][ T7033] EXT4-fs (loop2): mount failed
[  111.816924][ T7074] SELinux: syz.2.1084 (7074) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  112.323868][ T7102] netlink: 'syz.2.1088': attribute type 10 has an invalid length.
[  112.348127][ T7102] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.356429][ T7102] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.364807][ T7102] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.373137][ T7102] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.452997][ T7100] rdma_rxe: rxe_newlink: failed to add lo
[  112.467468][ T7102] team0: Port device geneve1 added
[  112.490233][ T7104] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.546749][ T7109] netlink: 'syz.2.1097': attribute type 1 has an invalid length.
[  112.567443][ T7104] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.632747][ T7104] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.658001][ T7119] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  112.696644][ T7104] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.734842][ T7121] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(15)
[  112.741638][ T7121] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  112.749094][ T7121] vhci_hcd vhci_hcd.0: Device attached
[  112.757216][ T7125] vhci_hcd: connection closed
[  112.763579][ T4904] vhci_hcd: stop threads
[  112.772602][ T4904] vhci_hcd: release socket
[  112.777396][ T4904] vhci_hcd: disconnect device
[  112.790561][ T7104] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.835038][ T7104] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.874860][ T7104] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.905237][ T7104] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.009596][ T7132] 9pnet_fd: Insufficient options for proto=fd
[  113.142126][ T7143] netlink: 'syz.1.1110': attribute type 1 has an invalid length.
[  113.168527][ T7145] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=7145 comm=syz.0.1111
[  113.246660][ T7157] __nla_validate_parse: 6 callbacks suppressed
[  113.246680][ T7157] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1117'.
[  113.290334][ T7159] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  113.363160][ T7163] loop2: detected capacity change from 0 to 2048
[  113.390212][ T7163] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.424393][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.435647][ T7171] veth0: entered promiscuous mode
[  113.505157][ T7174] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1122'.
[  113.732584][ T7183] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=7183 comm=syz.2.1127
[  113.847375][ T7187] loop2: detected capacity change from 0 to 8192
[  114.877553][ T7215] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  114.885124][ T7215] IPv6: NLM_F_CREATE should be set when creating new route
[  114.892618][ T7215] IPv6: NLM_F_CREATE should be set when creating new route
[  115.023926][ T7225] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1142'.
[  115.033315][ T7225] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1142'.
[  115.091199][ T7225] loop2: detected capacity change from 0 to 128
[  115.103991][ T7225] bio_check_eod: 202 callbacks suppressed
[  115.104011][ T7225] syz.2.1142: attempt to access beyond end of device
[  115.104011][ T7225] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[  115.123293][ T7225] buffer_io_error: 190 callbacks suppressed
[  115.123310][ T7225] Buffer I/O error on dev loop2, logical block 2065, async page read
[  115.137690][ T7225] syz.2.1142: attempt to access beyond end of device
[  115.137690][ T7225] loop2: rw=0, sector=2066, nr_sectors = 1 limit=128
[  115.151036][ T7225] Buffer I/O error on dev loop2, logical block 2066, async page read
[  115.164680][ T7225] syz.2.1142: attempt to access beyond end of device
[  115.164680][ T7225] loop2: rw=0, sector=2067, nr_sectors = 1 limit=128
[  115.178046][ T7225] Buffer I/O error on dev loop2, logical block 2067, async page read
[  115.187619][ T7225] syz.2.1142: attempt to access beyond end of device
[  115.187619][ T7225] loop2: rw=0, sector=2068, nr_sectors = 1 limit=128
[  115.201450][ T7225] Buffer I/O error on dev loop2, logical block 2068, async page read
[  115.211795][ T7225] syz.2.1142: attempt to access beyond end of device
[  115.211795][ T7225] loop2: rw=0, sector=2069, nr_sectors = 1 limit=128
[  115.225100][ T7225] Buffer I/O error on dev loop2, logical block 2069, async page read
[  115.234450][ T7225] syz.2.1142: attempt to access beyond end of device
[  115.234450][ T7225] loop2: rw=0, sector=2070, nr_sectors = 1 limit=128
[  115.248000][ T7225] Buffer I/O error on dev loop2, logical block 2070, async page read
[  115.256429][ T7225] syz.2.1142: attempt to access beyond end of device
[  115.256429][ T7225] loop2: rw=0, sector=2071, nr_sectors = 1 limit=128
[  115.259519][ T7236] capability: warning: `syz.3.1146' uses 32-bit capabilities (legacy support in use)
[  115.270010][ T7225] Buffer I/O error on dev loop2, logical block 2071, async page read
[  115.288515][ T7225] syz.2.1142: attempt to access beyond end of device
[  115.288515][ T7225] loop2: rw=0, sector=2072, nr_sectors = 1 limit=128
[  115.301828][ T7225] Buffer I/O error on dev loop2, logical block 2072, async page read
[  115.317100][ T7235] syz.2.1142: attempt to access beyond end of device
[  115.317100][ T7235] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[  115.330507][ T7235] Buffer I/O error on dev loop2, logical block 2065, async page read
[  115.338972][ T7235] syz.2.1142: attempt to access beyond end of device
[  115.338972][ T7235] loop2: rw=0, sector=2066, nr_sectors = 1 limit=128
[  115.352323][ T7235] Buffer I/O error on dev loop2, logical block 2066, async page read
[  116.480279][ T7263] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1154'.
[  116.493825][ T7264] loop2: detected capacity change from 0 to 128
[  116.535545][ T7263] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7263 comm=syz.4.1154
[  116.608256][ T7268] loop2: detected capacity change from 0 to 1024
[  116.621278][ T7269] SELinux:  policydb magic number 0x6dda6955 does not match expected magic number 0xf97cff8c
[  116.625741][   T29] kauditd_printk_skb: 217 callbacks suppressed
[  116.625787][   T29] audit: type=1400 audit(1748891234.691:4576): avc:  denied  { remount } for  pid=7267 comm="syz.2.1157" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  116.675070][ T7269] SELinux: failed to load policy
[  116.752837][ T7268] netlink: 'syz.2.1157': attribute type 1 has an invalid length.
[  116.839111][ T7268] 8021q: adding VLAN 0 to HW filter on device bond2
[  116.890920][ T7268] loop2: detected capacity change from 0 to 512
[  116.904273][ T7275] bond2: (slave veth1): Enslaving as an active interface with a down link
[  116.954732][ T7268] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  116.964125][ T7268] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  117.033730][ T7268] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  117.066072][ T7268] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  117.078039][ T7268] System zones: 0-2, 18-18, 34-35
[  117.083243][   T29] audit: type=1400 audit(1748891235.156:4577): avc:  denied  { connect } for  pid=7293 comm="syz.3.1159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  117.103724][ T7268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.173459][   T29] audit: type=1400 audit(1748891235.216:4578): avc:  denied  { ioctl } for  pid=7293 comm="syz.3.1159" path="socket:[14935]" dev="sockfs" ino=14935 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  117.198291][   T29] audit: type=1400 audit(1748891235.226:4579): avc:  denied  { mount } for  pid=7301 comm="syz.0.1166" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  117.221104][ T7268] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  117.237633][ T7268] bond2: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  117.299849][   T29] audit: type=1400 audit(1748891235.367:4580): avc:  denied  { unmount } for  pid=3314 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  117.323015][ T7268] ext2: Unknown parameter 'à'
[  117.365601][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.443865][   T29] audit: type=1400 audit(1748891235.519:4581): avc:  denied  { ioctl } for  pid=7316 comm="syz.3.1172" path="socket:[14988]" dev="sockfs" ino=14988 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  117.499918][ T7329] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1168'.
[  117.833926][   T29] audit: type=1400 audit(1748891235.892:4582): avc:  denied  { mount } for  pid=7346 comm="syz.2.1177" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  118.062598][ T7347] lo speed is unknown, defaulting to 1000
[  118.192824][   T29] audit: type=1326 audit(1748891236.275:4583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7356 comm="syz.1.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  118.269797][   T29] audit: type=1326 audit(1748891236.275:4584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7356 comm="syz.1.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  118.293308][   T29] audit: type=1326 audit(1748891236.275:4585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7356 comm="syz.1.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  118.388374][ T7359] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=7359 comm=syz.3.1183
[  118.424345][ T7358] Process accounting resumed
[  118.769426][ T7420] loop2: detected capacity change from 0 to 8192
[  118.885471][ T7438] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1191'.
[  119.630546][ T7502] sctp: [Deprecated]: syz.4.1197 (pid 7502) Use of int in maxseg socket option.
[  119.630546][ T7502] Use struct sctp_assoc_value instead
[  119.918737][ T7549] siw: device registration error -23
[  120.736954][ T7594] syzkaller0: entered allmulticast mode
[  120.738085][ T7594] syzkaller0 (unregistering): left allmulticast mode
[  121.410872][ T7621] FAULT_INJECTION: forcing a failure.
[  121.410872][ T7621] name failslab, interval 1, probability 0, space 0, times 0
[  121.410920][ T7621] CPU: 1 UID: 0 PID: 7621 Comm: syz.2.1230 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[  121.411002][ T7621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  121.411030][ T7621] Call Trace:
[  121.411038][ T7621]  <TASK>
[  121.411047][ T7621]  __dump_stack+0x1d/0x30
[  121.411110][ T7621]  dump_stack_lvl+0xe8/0x140
[  121.411134][ T7621]  dump_stack+0x15/0x1b
[  121.411155][ T7621]  should_fail_ex+0x265/0x280
[  121.411182][ T7621]  should_failslab+0x8c/0xb0
[  121.411221][ T7621]  kmem_cache_alloc_noprof+0x50/0x310
[  121.411251][ T7621]  ? security_file_alloc+0x32/0x100
[  121.411281][ T7621]  security_file_alloc+0x32/0x100
[  121.411312][ T7621]  init_file+0x5c/0x1d0
[  121.411391][ T7621]  alloc_empty_file+0x8b/0x200
[  121.411429][ T7621]  alloc_file_pseudo+0xc6/0x160
[  121.411519][ T7621]  __shmem_file_setup+0x1b9/0x1f0
[  121.411554][ T7621]  shmem_file_setup+0x3b/0x50
[  121.411586][ T7621]  __se_sys_memfd_create+0x2c3/0x590
[  121.411678][ T7621]  __x64_sys_memfd_create+0x31/0x40
[  121.411698][ T7621]  x64_sys_call+0x122f/0x2fb0
[  121.411780][ T7621]  do_syscall_64+0xd2/0x200
[  121.411816][ T7621]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  121.411912][ T7621]  ? clear_bhb_loop+0x40/0x90
[  121.411939][ T7621]  ? clear_bhb_loop+0x40/0x90
[  121.411971][ T7621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.412005][ T7621] RIP: 0033:0x7faca45be969
[  121.412027][ T7621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.412089][ T7621] RSP: 002b:00007faca2c26e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  121.412114][ T7621] RAX: ffffffffffffffda RBX: 000000000000045c RCX: 00007faca45be969
[  121.412131][ T7621] RDX: 00007faca2c26ef0 RSI: 0000000000000000 RDI: 00007faca4641444
[  121.412148][ T7621] RBP: 0000200000002400 R08: 00007faca2c26bb7 R09: 00007faca2c26e40
[  121.412192][ T7621] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  121.412209][ T7621] R13: 00007faca2c26ef0 R14: 00007faca2c26eb0 R15: 0000200000000680
[  121.412235][ T7621]  </TASK>
[  121.649816][   T29] kauditd_printk_skb: 214 callbacks suppressed
[  121.649836][   T29] audit: type=1400 audit(1748891239.750:4800): avc:  denied  { associate } for  pid=7626 comm="syz.2.1234" name="0" dev="devpts" ino=3 scontext=system_u:object_r:mouse_device_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  121.821748][ T7641] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1237'.
[  122.235646][ T7653] 9pnet_fd: Insufficient options for proto=fd
[  122.318605][   T29] audit: type=1326 audit(1748891240.425:4801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7655 comm="syz.1.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  122.428988][   T29] audit: type=1326 audit(1748891240.455:4802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7655 comm="syz.1.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  122.452691][   T29] audit: type=1326 audit(1748891240.455:4803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7655 comm="syz.1.1243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb438ce969 code=0x7ffc0000
[  122.860436][ T7678] block device autoloading is deprecated and will be removed.
[  122.867551][   T29] audit: type=1400 audit(1748891240.988:4804): avc:  denied  { setopt } for  pid=7679 comm="syz.4.1253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  122.894257][   T29] audit: type=1400 audit(1748891241.008:4805): avc:  denied  { read write } for  pid=3314 comm="syz-executor" name="loop0" dev="devtmpfs" ino=586 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  122.894309][   T29] audit: type=1400 audit(1748891241.008:4806): avc:  denied  { open } for  pid=3314 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=586 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  122.895635][   T29] audit: type=1400 audit(1748891241.008:4807): avc:  denied  { ioctl } for  pid=3314 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=586 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  122.962584][   T29] audit: type=1400 audit(1748891241.079:4808): avc:  denied  { ioctl } for  pid=7691 comm="syz.4.1258" path="socket:[16421]" dev="sockfs" ino=16421 ioctlcmd=0x941c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  123.108028][ T7694] netdevsim netdevsim3: Direct firmware load for  failed with error -2
[  123.170766][ T7698] loop2: detected capacity change from 0 to 512
[  123.171428][ T7698] ext4: Unknown parameter 'permit_directio'
[  123.172026][   T29] audit: type=1326 audit(1748891241.280:4809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7693 comm="syz.3.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  123.299284][ T7700] rdma_rxe: rxe_newlink: failed to add lo
[  123.367488][ T7701] rdma_rxe: rxe_newlink: failed to add lo
[  123.760261][ T7714] loop0: detected capacity change from 0 to 2048
[  123.832087][ T7720] loop0: detected capacity change from 0 to 1024
[  123.854630][ T7720] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  123.867400][ T7720] ext4 filesystem being mounted at /286/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  124.158192][ T7749] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1276'.
[  124.331435][ T7749] loop2: detected capacity change from 0 to 512
[  124.372766][ T7757] netlink: 'syz.3.1281': attribute type 2 has an invalid length.
[  124.380601][ T7757] netlink: 'syz.3.1281': attribute type 3 has an invalid length.
[  124.388436][ T7757] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1281'.
[  124.408303][ T7749] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  124.473431][ T7749] EXT4-fs (loop2): invalid journal inode
[  124.496098][ T7749] EXT4-fs (loop2): can't get journal size
[  124.589159][ T7749] EXT4-fs (loop2): 1 truncate cleaned up
[  124.614197][ T7749] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.640487][ T7749] netlink: 'syz.2.1276': attribute type 13 has an invalid length.
[  124.659335][ T7763] ALSA: seq fatal error: cannot create timer (-19)
[  124.669643][ T7749] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.678640][ T7749] 8021q: adding VLAN 0 to HW filter on device team0
[  124.686364][ T7749] dummy0: left promiscuous mode
[  124.694174][ T7749] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  124.741424][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.806596][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.940681][ T7789] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1288'.
[  125.042611][ T7793] loop2: detected capacity change from 0 to 2048
[  125.058023][ T7793] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  125.090102][ T7793] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  125.145448][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  125.275649][ T7803] loop2: detected capacity change from 0 to 1024
[  125.301848][ T7803] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  125.301969][ T7803] ext4 filesystem being mounted at /244/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  126.767588][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.797343][ T7818] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1303'.
[  126.890542][ T7825] loop0: detected capacity change from 0 to 2048
[  126.936255][ T7829] loop2: detected capacity change from 0 to 764
[  126.954883][ T7825] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.984149][   T29] kauditd_printk_skb: 126 callbacks suppressed
[  126.984204][   T29] audit: type=1326 audit(1748891245.110:4936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7840 comm="syz.4.1311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  127.022693][   T29] audit: type=1326 audit(1748891245.150:4937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7840 comm="syz.4.1311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  127.046408][   T29] audit: type=1326 audit(1748891245.150:4938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7840 comm="syz.4.1311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  127.070038][   T29] audit: type=1326 audit(1748891245.150:4939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7840 comm="syz.4.1311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  127.093674][   T29] audit: type=1326 audit(1748891245.150:4940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7840 comm="syz.4.1311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  127.117174][   T29] audit: type=1326 audit(1748891245.150:4941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7840 comm="syz.4.1311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  127.119383][ T7825] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, 
[  127.140622][   T29] audit: type=1326 audit(1748891245.150:4942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7840 comm="syz.4.1311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  127.140674][   T29] audit: type=1326 audit(1748891245.150:4943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7840 comm="syz.4.1311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  127.140708][   T29] audit: type=1326 audit(1748891245.150:4944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7840 comm="syz.4.1311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  127.148974][ T7825] block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  127.176254][   T29] audit: type=1326 audit(1748891245.210:4945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7840 comm="syz.4.1311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ce19ee969 code=0x7ffc0000
[  127.199112][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1313'.
[  127.247873][ T7850] SELinux:  Context Ü is not valid (left unmapped).
[  127.298918][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.305632][ T7856] loop2: detected capacity change from 0 to 1024
[  127.344749][ T7856] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  127.348827][ T7859] lo speed is unknown, defaulting to 1000
[  127.374244][ T7856] ext4 filesystem being mounted at /248/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  127.475550][ T7862] lo speed is unknown, defaulting to 1000
[  127.555369][ T7864] loop0: detected capacity change from 0 to 8192
[  127.886376][ T7876] dvmrp1: entered allmulticast mode
[  127.953756][ T7876] dvmrp1: left allmulticast mode
[  128.298341][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.443549][ T7907] siw: device registration error -23
[  128.617515][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  128.690795][ T7931] siw: device registration error -23
[  128.696351][ T7934] veth0: entered promiscuous mode
[  128.765833][ T7939] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1345'.
[  129.169423][ T7956] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  129.360295][ T7968] loop0: detected capacity change from 0 to 1024
[  129.368627][ T7968] ext4: Unknown parameter 'uid<00000000000000000000'
[  129.453682][ T7973] loop0: detected capacity change from 0 to 1024
[  129.467553][ T7973] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.481250][ T7973] ext4 filesystem being mounted at /295/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  129.493710][ T7973] netlink: 'syz.0.1359': attribute type 10 has an invalid length.
[  129.519113][ T7973] team0 (unregistering): Port device team_slave_0 removed
[  129.530005][ T7973] team0 (unregistering): Port device team_slave_1 removed
[  129.547968][ T7977] netlink: 'syz.0.1359': attribute type 27 has an invalid length.
[  129.611634][ T7977] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.622266][ T7977] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.645528][ T7977] veth0_vlan: left allmulticast mode
[  129.662299][ T7977] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.671637][ T7977] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.680631][ T7977] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.689542][ T7977] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  129.702537][ T7977] dummy0: left allmulticast mode
[  129.707943][ T7977] macsec1: left allmulticast mode
[  129.741366][ T7973] 8021q: adding VLAN 0 to HW filter on device bond0
[  129.749207][ T7973] dummy0: left promiscuous mode
[  129.756540][ T7973] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  129.789083][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.817939][ T7979] loop0: detected capacity change from 0 to 128
[  129.833850][ T7979] bio_check_eod: 202 callbacks suppressed
[  129.833865][ T7979] syz.0.1360: attempt to access beyond end of device
[  129.833865][ T7979] loop0: rw=2049, sector=145, nr_sectors = 8 limit=128
[  129.854388][ T7979] syz.0.1360: attempt to access beyond end of device
[  129.854388][ T7979] loop0: rw=2049, sector=161, nr_sectors = 8 limit=128
[  129.868061][ T7979] syz.0.1360: attempt to access beyond end of device
[  129.868061][ T7979] loop0: rw=2049, sector=177, nr_sectors = 8 limit=128
[  129.883415][ T7979] syz.0.1360: attempt to access beyond end of device
[  129.883415][ T7979] loop0: rw=2049, sector=193, nr_sectors = 8 limit=128
[  129.897246][ T7979] syz.0.1360: attempt to access beyond end of device
[  129.897246][ T7979] loop0: rw=2049, sector=209, nr_sectors = 8 limit=128
[  129.911303][ T7979] syz.0.1360: attempt to access beyond end of device
[  129.911303][ T7979] loop0: rw=2049, sector=225, nr_sectors = 8 limit=128
[  129.939763][ T7979] syz.0.1360: attempt to access beyond end of device
[  129.939763][ T7979] loop0: rw=2049, sector=241, nr_sectors = 8 limit=128
[  129.953790][ T7979] syz.0.1360: attempt to access beyond end of device
[  129.953790][ T7979] loop0: rw=2049, sector=257, nr_sectors = 8 limit=128
[  129.967646][ T7979] syz.0.1360: attempt to access beyond end of device
[  129.967646][ T7979] loop0: rw=2049, sector=273, nr_sectors = 8 limit=128
[  130.011401][ T7979] syz.0.1360: attempt to access beyond end of device
[  130.011401][ T7979] loop0: rw=2049, sector=289, nr_sectors = 8 limit=128
[  130.037275][ T7981] loop2: detected capacity change from 0 to 8192
[  130.599265][ T8006] loop0: detected capacity change from 0 to 2048
[  130.621212][ T8006] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  130.800811][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.963269][ T8015] loop2: detected capacity change from 0 to 512
[  130.970099][ T8015] ext4: Unknown parameter 'permit_directio'
[  131.129335][ T8016] rdma_rxe: rxe_newlink: failed to add lo
[  131.178057][ T8026] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  131.259046][ T8034] 9pnet_fd: Insufficient options for proto=fd
[  131.448899][ T8041] loop0: detected capacity change from 0 to 2048
[  131.481890][ T8043] loop0: detected capacity change from 0 to 764
[  131.975280][ T8065] loop2: detected capacity change from 0 to 2048
[  132.188600][   T29] kauditd_printk_skb: 201 callbacks suppressed
[  132.188618][   T29] audit: type=1326 audit(1748891250.340:5147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz.2.1400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  132.256987][ T8086] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1402'.
[  132.266001][ T8086] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1402'.
[  132.303857][   T29] audit: type=1326 audit(1748891250.370:5148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz.2.1400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  132.327442][   T29] audit: type=1326 audit(1748891250.370:5149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz.2.1400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  132.351036][   T29] audit: type=1326 audit(1748891250.370:5150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz.2.1400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca45be969 code=0x7ffc0000
[  132.379990][ T8089] loop2: detected capacity change from 0 to 128
[  132.389297][ T8086] buffer_io_error: 190 callbacks suppressed
[  132.389317][ T8086] Buffer I/O error on dev loop2, logical block 2065, async page read
[  132.405718][ T8086] Buffer I/O error on dev loop2, logical block 2066, async page read
[  132.414077][ T8086] Buffer I/O error on dev loop2, logical block 2067, async page read
[  132.422307][ T8086] Buffer I/O error on dev loop2, logical block 2068, async page read
[  132.431451][ T8086] Buffer I/O error on dev loop2, logical block 2069, async page read
[  132.439954][ T8086] Buffer I/O error on dev loop2, logical block 2070, async page read
[  132.449634][ T8086] Buffer I/O error on dev loop2, logical block 2071, async page read
[  132.457819][ T8086] Buffer I/O error on dev loop2, logical block 2072, async page read
[  132.468828][ T8089] Buffer I/O error on dev loop2, logical block 2065, async page read
[  132.484801][ T8089] Buffer I/O error on dev loop2, logical block 2066, async page read
[  132.590424][ T8101] loop2: detected capacity change from 0 to 1024
[  132.618660][ T8101] EXT4-fs: Ignoring removed i_version option
[  132.642796][ T8101] EXT4-fs: Ignoring removed mblk_io_submit option
[  132.666016][ T8101] EXT4-fs: Ignoring removed nobh option
[  132.671665][ T8101] EXT4-fs: Ignoring removed bh option
[  132.701421][   T29] audit: type=1326 audit(1748891250.852:5151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8109 comm="syz.0.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74ceb8e969 code=0x7ffc0000
[  132.752771][ T8101] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.792357][   T29] audit: type=1326 audit(1748891250.882:5152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8109 comm="syz.0.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74ceb8e969 code=0x7ffc0000
[  132.815938][   T29] audit: type=1326 audit(1748891250.882:5153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8109 comm="syz.0.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f74ceb8e969 code=0x7ffc0000
[  132.839312][   T29] audit: type=1326 audit(1748891250.882:5154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8109 comm="syz.0.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74ceb8e969 code=0x7ffc0000
[  132.862810][   T29] audit: type=1326 audit(1748891250.882:5155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8109 comm="syz.0.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74ceb8e969 code=0x7ffc0000
[  132.899535][   T29] audit: type=1400 audit(1748891251.053:5156): avc:  denied  { append } for  pid=8100 comm="syz.2.1407" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  132.953257][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.312631][ T8149] netlink: 'syz.3.1426': attribute type 1 has an invalid length.
[  133.318785][ T8149] bond1: entered promiscuous mode
[  133.327672][ T8149] 8021q: adding VLAN 0 to HW filter on device bond1
[  133.891436][ T8167] rdma_rxe: rxe_newlink: failed to add lo
[  133.903206][ T8171] 9pnet_fd: Insufficient options for proto=fd
[  134.168618][ T8183] siw: device registration error -23
[  134.307533][ T8191] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.344818][ T8196] loop0: detected capacity change from 0 to 2048
[  134.361265][ T8191] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.372705][ T8196] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  134.398663][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.431248][ T8191] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.438013][ T8201] loop0: detected capacity change from 0 to 2048
[  134.461405][ T8201] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  134.522045][ T8191] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.551400][ T8205] EXT4-fs error (device loop0): ext4_find_extent:939: inode #2: comm syz.0.1443: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  134.594943][ T8191] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  134.608193][ T8191] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  134.621259][ T8191] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  134.634565][ T8191] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  134.688461][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.741476][ T8209] lo speed is unknown, defaulting to 1000
[  135.062301][ T8214] lo speed is unknown, defaulting to 1000
[  135.253306][ T8239] rdma_rxe: rxe_newlink: failed to add lo
[  135.385704][ T8246] loop2: detected capacity change from 0 to 128
[  135.655324][ T8255] ieee802154 phy1 wpan1: encryption failed: -90
[  136.150806][ T8240] syz.1.1457 (8240) used greatest stack depth: 6040 bytes left
[  136.159599][ T8270] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1470'.
[  136.159624][ T8270] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1470'.
[  136.231897][ T8282] loop2: detected capacity change from 0 to 128
[  136.236140][ T8270] bio_check_eod: 202 callbacks suppressed
[  136.236159][ T8270] syz.2.1470: attempt to access beyond end of device
[  136.236159][ T8270] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[  136.258484][ T8270] syz.2.1470: attempt to access beyond end of device
[  136.258484][ T8270] loop2: rw=0, sector=2066, nr_sectors = 1 limit=128
[  136.302575][ T8270] syz.2.1470: attempt to access beyond end of device
[  136.302575][ T8270] loop2: rw=0, sector=2067, nr_sectors = 1 limit=128
[  136.302607][ T8270] syz.2.1470: attempt to access beyond end of device
[  136.302607][ T8270] loop2: rw=0, sector=2068, nr_sectors = 1 limit=128
[  136.302633][ T8270] syz.2.1470: attempt to access beyond end of device
[  136.302633][ T8270] loop2: rw=0, sector=2069, nr_sectors = 1 limit=128
[  136.302711][ T8270] syz.2.1470: attempt to access beyond end of device
[  136.302711][ T8270] loop2: rw=0, sector=2070, nr_sectors = 1 limit=128
[  136.302735][ T8270] syz.2.1470: attempt to access beyond end of device
[  136.302735][ T8270] loop2: rw=0, sector=2071, nr_sectors = 1 limit=128
[  136.302843][ T8270] syz.2.1470: attempt to access beyond end of device
[  136.302843][ T8270] loop2: rw=0, sector=2072, nr_sectors = 1 limit=128
[  136.303232][ T8282] syz.2.1470: attempt to access beyond end of device
[  136.303232][ T8282] loop2: rw=0, sector=2065, nr_sectors = 1 limit=128
[  136.303268][ T8282] syz.2.1470: attempt to access beyond end of device
[  136.303268][ T8282] loop2: rw=0, sector=2066, nr_sectors = 1 limit=128
[  136.316925][ T8286] bridge1: the hash_elasticity option has been deprecated and is always 16
[  136.575043][ T8298] loop2: detected capacity change from 0 to 512
[  136.592482][ T8298] ext4: Unknown parameter 'permit_directio'
[  136.789951][ T8303] rdma_rxe: rxe_newlink: failed to add lo
[  136.871019][ T8318] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1487'.
[  136.880043][ T8318] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1487'.
[  136.889186][ T8316] loop0: detected capacity change from 0 to 2048
[  136.920622][ T8316] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.943255][ T8316] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  137.099174][ T3314] Trying to write to read-only block-device loop0
[  137.182800][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.246367][   T29] kauditd_printk_skb: 133 callbacks suppressed
[  137.246392][   T29] audit: type=1326 audit(1748891255.414:5290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8335 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  137.441922][   T29] audit: type=1326 audit(1748891255.414:5291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8335 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  137.465573][   T29] audit: type=1326 audit(1748891255.414:5292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8335 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  137.489045][   T29] audit: type=1326 audit(1748891255.414:5293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8335 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  137.512671][   T29] audit: type=1326 audit(1748891255.414:5294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8335 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  137.537849][   T29] audit: type=1326 audit(1748891255.414:5295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8335 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  137.561261][   T29] audit: type=1326 audit(1748891255.414:5296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8335 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  137.584814][   T29] audit: type=1326 audit(1748891255.414:5297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8335 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  137.608437][   T29] audit: type=1326 audit(1748891255.414:5298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8335 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  137.631816][   T29] audit: type=1326 audit(1748891255.414:5299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8335 comm="syz.3.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a70a7e969 code=0x7ffc0000
[  138.269224][ T8345] loop0: detected capacity change from 0 to 2048
[  138.525305][ T8357] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1499'.
[  138.525328][ T8357] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1499'.
[  138.562750][ T8357] loop2: detected capacity change from 0 to 128
[  138.566018][ T8357] buffer_io_error: 390 callbacks suppressed
[  138.566033][ T8357] Buffer I/O error on dev loop2, logical block 2065, async page read
[  138.566052][ T8357] Buffer I/O error on dev loop2, logical block 2066, async page read
[  138.566082][ T8357] Buffer I/O error on dev loop2, logical block 2067, async page read
[  138.566104][ T8357] Buffer I/O error on dev loop2, logical block 2068, async page read
[  138.566125][ T8357] Buffer I/O error on dev loop2, logical block 2069, async page read
[  138.566143][ T8357] Buffer I/O error on dev loop2, logical block 2070, async page read
[  138.566162][ T8357] Buffer I/O error on dev loop2, logical block 2071, async page read
[  138.566185][ T8357] Buffer I/O error on dev loop2, logical block 2072, async page read
[  138.566230][ T8357] Buffer I/O error on dev loop2, logical block 2065, async page read
[  138.566252][ T8357] Buffer I/O error on dev loop2, logical block 2066, async page read
[  138.666102][ T8374] loop2: detected capacity change from 0 to 764
[  138.763771][ T8380] loop2: detected capacity change from 0 to 2048
[  138.793131][ T8380] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  138.817131][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.911416][ T8389] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1509'.
[  138.933585][ T8391] loop2: detected capacity change from 0 to 2048
[  138.962501][ T8392] netlink: 'syz.4.1509': attribute type 21 has an invalid length.
[  139.144349][ T8401] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1513'.
[  139.144376][ T8401] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1513'.
[  139.192891][ T8401] loop2: detected capacity change from 0 to 128
[  139.462032][ T8411] loop2: detected capacity change from 0 to 1024
[  139.545939][ T8411] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.616925][ T8411] ext4 filesystem being mounted at /293/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  140.229108][ T8431] loop0: detected capacity change from 0 to 764
[  140.505016][ T8435] siw: device registration error -23
[  140.516308][ T8437] loop0: detected capacity change from 0 to 128
[  140.614162][ T8429] SELinux: failed to load policy
[  140.901779][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.932686][ T8457] netlink: 1022 bytes leftover after parsing attributes in process `syz.1.1532'.
[  141.255990][ T8476] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1538'.
[  141.603352][ T8505] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1551'.
[  141.774974][ T8520] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1559'.
[  141.784169][ T8520] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1559'.
[  141.914930][ T8540] 8021q: VLANs not supported on gre0
[  141.949972][ T8550] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  142.187262][ T8588] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  142.241665][   T29] kauditd_printk_skb: 719 callbacks suppressed
[  142.241681][   T29] audit: type=1400 audit(1748891260.425:6019): avc:  denied  { read write } for  pid=3316 comm="syz-executor" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  142.288789][   T29] audit: type=1400 audit(1748891260.455:6020): avc:  denied  { map_create } for  pid=8596 comm="syz.2.1595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  142.308268][   T29] audit: type=1400 audit(1748891260.465:6021): avc:  denied  { prog_load } for  pid=8596 comm="syz.2.1595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  142.327412][   T29] audit: type=1400 audit(1748891260.465:6022): avc:  denied  { create } for  pid=8596 comm="syz.2.1595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=0
[  142.346988][   T29] audit: type=1400 audit(1748891260.465:6023): avc:  denied  { map_create } for  pid=8596 comm="syz.2.1595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  142.366195][   T29] audit: type=1400 audit(1748891260.465:6024): avc:  denied  { kexec_image_load } for  pid=8596 comm="syz.2.1595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=0
[  142.386359][   T29] audit: type=1400 audit(1748891260.465:6025): avc:  denied  { map_create } for  pid=8596 comm="syz.2.1595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  142.405597][   T29] audit: type=1400 audit(1748891260.465:6026): avc:  denied  { prog_load } for  pid=8596 comm="syz.2.1595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  142.425072][   T29] audit: type=1400 audit(1748891260.465:6027): avc:  denied  { prog_load } for  pid=8596 comm="syz.2.1595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  142.444394][   T29] audit: type=1400 audit(1748891260.465:6028): avc:  denied  { prog_load } for  pid=8596 comm="syz.2.1595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  142.497805][ T8618] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  142.555271][ T8628] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  142.728266][ T8663] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  142.756207][ T8666] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  142.973379][ T8693] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  143.066920][ T8701] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  143.167967][ T8717] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  143.324838][ T8737] netlink: 'syz.4.1659': attribute type 1 has an invalid length.
[  143.342243][ T8737] 8021q: adding VLAN 0 to HW filter on device bond1
[  143.663803][ T8773] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  143.785885][ T8796] __nla_validate_parse: 13 callbacks suppressed
[  143.785916][ T8796] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1686'.
[  143.801312][ T8796] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1686'.
[  143.860895][ T8806] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  144.032230][ T8830] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1702'.
[  144.041332][ T8830] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1702'.
[  144.113528][ T8847] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  144.203210][ T8862] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1716'.
[  144.212341][ T8862] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1716'.
[  144.298169][ T8876] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  144.340105][ T8881] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  144.395434][ T8890] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1730'.
[  144.472731][ T8906] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  144.498978][ T8912] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  144.582129][ T8924] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1744'.
[  144.674335][ T8939] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  144.770636][ T8954] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1759'.
[  144.779972][ T8954] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1759'.
[  144.859659][ T8968] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  145.110458][ T9005] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  145.395332][ T9040] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  145.629709][ T9067] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  145.819075][ T9094] netlink: 'syz.0.1826': attribute type 6 has an invalid length.
[  145.854817][ T9099] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  146.071053][ T9130] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  146.773960][ T9160] netlink: 'syz.0.1855': attribute type 4 has an invalid length.
[  147.094263][ T9188] netlink: 'syz.2.1868': attribute type 4 has an invalid length.
[  147.177101][ T9200] tbf_change: 7 callbacks suppressed
[  147.177120][ T9200] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  147.245632][   T29] kauditd_printk_skb: 2134 callbacks suppressed
[  147.245649][   T29] audit: type=1400 audit(1748891265.412:8163): avc:  denied  { create } for  pid=9205 comm="syz.0.1877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=0
[  147.271946][   T29] audit: type=1400 audit(1748891265.412:8164): avc:  denied  { open } for  pid=9205 comm="syz.0.1877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=0
[  147.291572][   T29] audit: type=1400 audit(1748891265.412:8165): avc:  denied  { open } for  pid=9205 comm="syz.0.1877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=0
[  147.310918][   T29] audit: type=1400 audit(1748891265.412:8166): avc:  denied  { read write } for  pid=9205 comm="syz.0.1877" name="loop0" dev="devtmpfs" ino=586 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=0
[  147.334111][   T29] audit: type=1400 audit(1748891265.412:8167): avc:  denied  { map_create } for  pid=9208 comm="syz.2.1878" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  147.353546][   T29] audit: type=1400 audit(1748891265.422:8168): avc:  denied  { prog_load } for  pid=9208 comm="syz.2.1878" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  147.373097][   T29] audit: type=1400 audit(1748891265.422:8169): avc:  denied  { create } for  pid=9205 comm="syz.0.1877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=0
[  147.392640][   T29] audit: type=1400 audit(1748891265.422:8170): avc:  denied  { read write } for  pid=9208 comm="syz.2.1878" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  147.430725][   T29] audit: type=1400 audit(1748891265.432:8171): avc:  denied  { read write } for  pid=3314 comm="syz-executor" name="loop0" dev="devtmpfs" ino=586 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=0
[  147.444451][ T9222] audit: audit_backlog=65 > audit_backlog_limit=64
[  147.502700][ T9226] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  147.554952][ T9232] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  147.783926][ T9261] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  147.834800][ T9265] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  148.053115][ T9288] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  148.087555][ T9287] netlink: 'syz.0.1914': attribute type 4 has an invalid length.
[  148.486021][ T9314] netlink: 'syz.3.1927': attribute type 4 has an invalid length.
[  148.665285][ T9326] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  149.044409][ T9353] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  149.108538][ T9358] netlink: 'syz.1.1949': attribute type 4 has an invalid length.
[  149.161126][ T9363] __nla_validate_parse: 17 callbacks suppressed
[  149.161144][ T9363] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1951'.
[  149.332250][ T9388] netlink: 'syz.0.1962': attribute type 4 has an invalid length.
[  149.380412][ T9394] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1965'.
[  149.595799][ T9420] netlink: 'syz.2.1975': attribute type 4 has an invalid length.
[  149.716838][ T9429] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  149.732991][ T9427] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1976'.
[  149.937948][ T9455] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1993'.
[  150.087042][ T9478] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  150.149284][ T9475] Falling back ldisc for ttyS3.
[  150.244717][ T9497] netlink: 'syz.2.2009': attribute type 4 has an invalid length.
[  150.379319][ T9516] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  150.500987][ T9528] netlink: 'syz.0.2023': attribute type 4 has an invalid length.
[  150.640532][ T9548] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  150.659852][ T9549] tc_dump_action: action bad kind
[  150.751211][ T9561] FAULT_INJECTION: forcing a failure.
[  150.751211][ T9561] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  150.764432][ T9561] CPU: 1 UID: 0 PID: 9561 Comm: syz.0.2039 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[  150.764467][ T9561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  150.764483][ T9561] Call Trace:
[  150.764492][ T9561]  <TASK>
[  150.764501][ T9561]  __dump_stack+0x1d/0x30
[  150.764529][ T9561]  dump_stack_lvl+0xe8/0x140
[  150.764554][ T9561]  dump_stack+0x15/0x1b
[  150.764611][ T9561]  should_fail_ex+0x265/0x280
[  150.764661][ T9561]  should_fail+0xb/0x20
[  150.764680][ T9561]  should_fail_usercopy+0x1a/0x20
[  150.764769][ T9561]  _copy_to_user+0x20/0xa0
[  150.764797][ T9561]  simple_read_from_buffer+0xb5/0x130
[  150.764820][ T9561]  proc_fail_nth_read+0x100/0x140
[  150.764846][ T9561]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  150.764892][ T9561]  vfs_read+0x1a0/0x6f0
[  150.764918][ T9561]  ? __rcu_read_unlock+0x4f/0x70
[  150.764946][ T9561]  ? __rcu_read_unlock+0x4f/0x70
[  150.764975][ T9561]  ? __fget_files+0x184/0x1c0
[  150.765083][ T9561]  ksys_read+0xda/0x1a0
[  150.765105][ T9561]  __x64_sys_read+0x40/0x50
[  150.765127][ T9561]  x64_sys_call+0x2d77/0x2fb0
[  150.765190][ T9561]  do_syscall_64+0xd2/0x200
[  150.765223][ T9561]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  150.765250][ T9561]  ? clear_bhb_loop+0x40/0x90
[  150.765277][ T9561]  ? clear_bhb_loop+0x40/0x90
[  150.765345][ T9561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.765368][ T9561] RIP: 0033:0x7f74ceb8d37c
[  150.765383][ T9561] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  150.765402][ T9561] RSP: 002b:00007f74cd1f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  150.765442][ T9561] RAX: ffffffffffffffda RBX: 00007f74cedb5fa0 RCX: 00007f74ceb8d37c
[  150.765458][ T9561] RDX: 000000000000000f RSI: 00007f74cd1f70a0 RDI: 0000000000000003
[  150.765512][ T9561] RBP: 00007f74cd1f7090 R08: 0000000000000000 R09: 0000000000000000
[  150.765538][ T9561] R10: 0000200000fcb000 R11: 0000000000000246 R12: 0000000000000001
[  150.765550][ T9561] R13: 0000000000000000 R14: 00007f74cedb5fa0 R15: 00007ffe90c5ab78
[  150.765568][ T9561]  </TASK>
[  151.070828][ T9583] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  151.189647][ T9600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2057'.
[  151.201262][ T9598] netlink: 'syz.2.2056': attribute type 4 has an invalid length.
[  151.246359][ T9600] bond1: entered promiscuous mode
[  151.251589][ T9600] bond1: entered allmulticast mode
[  151.257132][ T9600] 8021q: adding VLAN 0 to HW filter on device bond1
[  151.391423][ T9616] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  151.458810][ T9629] netlink: 'syz.2.2069': attribute type 4 has an invalid length.
[  151.632188][ T9647] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  151.744990][ T9661] netlink: 'syz.3.2084': attribute type 4 has an invalid length.
[  151.757119][ T9660] wireguard0: entered promiscuous mode
[  151.762662][ T9660] wireguard0: entered allmulticast mode
[  151.816594][ T9664] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2085'.
[  152.063331][ T9687] netlink: 'syz.0.2095': attribute type 4 has an invalid length.
[  152.096550][ T9691] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  152.232156][ T9708] tbf_change: 1 callbacks suppressed
[  152.232172][ T9708] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  152.258782][   T29] kauditd_printk_skb: 2055 callbacks suppressed
[  152.258812][   T29] audit: type=1400 audit(1748891270.457:10123): avc:  denied  { prog_load } for  pid=9707 comm="syz.2.2104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  152.305228][ T9712] FAULT_INJECTION: forcing a failure.
[  152.305228][ T9712] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  152.318394][ T9712] CPU: 0 UID: 0 PID: 9712 Comm: syz.0.2105 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[  152.318529][ T9712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  152.318544][ T9712] Call Trace:
[  152.318551][ T9712]  <TASK>
[  152.318559][ T9712]  __dump_stack+0x1d/0x30
[  152.318580][ T9712]  dump_stack_lvl+0xe8/0x140
[  152.318604][ T9712]  dump_stack+0x15/0x1b
[  152.318626][ T9712]  should_fail_ex+0x265/0x280
[  152.318653][ T9712]  should_fail+0xb/0x20
[  152.318755][ T9712]  should_fail_usercopy+0x1a/0x20
[  152.318791][ T9712]  _copy_from_user+0x1c/0xb0
[  152.318854][ T9712]  ___sys_sendmsg+0xc1/0x1d0
[  152.318901][ T9712]  __x64_sys_sendmsg+0xd4/0x160
[  152.318946][ T9712]  x64_sys_call+0x2999/0x2fb0
[  152.319026][ T9712]  do_syscall_64+0xd2/0x200
[  152.319061][ T9712]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  152.319094][ T9712]  ? clear_bhb_loop+0x40/0x90
[  152.319130][ T9712]  ? clear_bhb_loop+0x40/0x90
[  152.319151][ T9712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.319175][ T9712] RIP: 0033:0x7f74ceb8e969
[  152.319193][ T9712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.319217][ T9712] RSP: 002b:00007f74cd1f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  152.319288][ T9712] RAX: ffffffffffffffda RBX: 00007f74cedb5fa0 RCX: 00007f74ceb8e969
[  152.319300][ T9712] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  152.319313][ T9712] RBP: 00007f74cd1f7090 R08: 0000000000000000 R09: 0000000000000000
[  152.319327][ T9712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  152.319395][ T9712] R13: 0000000000000000 R14: 00007f74cedb5fa0 R15: 00007ffe90c5ab78
[  152.319414][ T9712]  </TASK>
[  152.320597][   T29] audit: type=1400 audit(1748891270.477:10124): avc:  denied  { map_create } for  pid=9709 comm="syz.1.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  152.353403][ T9716] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2099'.
[  152.353811][   T29] audit: type=1400 audit(1748891270.477:10125): avc:  denied  { prog_load } for  pid=9709 comm="syz.1.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  152.497718][ T9718] netlink: 'syz.4.2108': attribute type 4 has an invalid length.
[  152.497807][   T29] audit: type=1400 audit(1748891270.477:10126): avc:  denied  { create } for  pid=9709 comm="syz.1.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=0
[  152.572738][   T29] audit: type=1400 audit(1748891270.477:10127): avc:  denied  { map_create } for  pid=9709 comm="syz.1.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  152.583205][ T9725] IPv6: Can't replace route, no match found
[  152.592221][   T29] audit: type=1400 audit(1748891270.477:10128): avc:  denied  { kexec_image_load } for  pid=9709 comm="syz.1.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=0
[  152.618099][   T29] audit: type=1400 audit(1748891270.477:10129): avc:  denied  { open } for  pid=9709 comm="syz.1.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=0
[  152.638048][   T29] audit: type=1400 audit(1748891270.477:10130): avc:  denied  { map_create } for  pid=9709 comm="syz.1.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  152.657374][   T29] audit: type=1400 audit(1748891270.477:10131): avc:  denied  { prog_load } for  pid=9709 comm="syz.1.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  152.676776][   T29] audit: type=1400 audit(1748891270.477:10132): avc:  denied  { prog_load } for  pid=9709 comm="syz.1.2106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  152.702229][ T9730] IPv6: Can't replace route, no match found
[  152.823164][ T9744] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2118'.
[  152.856672][ T9747] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  152.944064][ T9737] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2116'.
[  154.022984][ T9799] netlink: 'syz.4.2139': attribute type 4 has an invalid length.
[  154.352008][ T9821] netlink: 'syz.1.2150': attribute type 4 has an invalid length.
[  154.392691][ T9824] lo speed is unknown, defaulting to 1000
[  154.629081][ T9851] netlink: 'syz.1.2164': attribute type 4 has an invalid length.
[  154.706818][ T9859] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  154.741626][ T9863] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  154.937807][ T9885] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  155.747609][ T9921] netlink: 'syz.4.2196': attribute type 4 has an invalid length.
[  155.821519][ T9925] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2195'.
[  156.010379][ T9942] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  156.459426][ T9973] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  157.264528][   T29] kauditd_printk_skb: 1175 callbacks suppressed
[  157.264545][   T29] audit: type=1400 audit(1748891275.461:11263): avc:  denied  { map_create } for  pid=9982 comm="syz.0.2222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  157.424140][ T9987] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2222'.
[  157.457556][   T29] audit: type=1400 audit(1748891275.491:11264): avc:  denied  { prog_load } for  pid=9982 comm="syz.0.2222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  157.494250][   T29] audit: type=1400 audit(1748891275.691:11265): avc:  denied  { create } for  pid=9982 comm="syz.0.2222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=0
[  157.697113][   T29] audit: type=1400 audit(1748891275.891:11266): avc:  denied  { map_create } for  pid=9999 comm="syz.1.2226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  157.743422][   T29] audit: type=1400 audit(1748891275.891:11267): avc:  denied  { prog_load } for  pid=9999 comm="syz.1.2226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  157.762690][   T29] audit: type=1400 audit(1748891275.891:11268): avc:  denied  { map_create } for  pid=9999 comm="syz.1.2226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  157.782198][   T29] audit: type=1400 audit(1748891275.891:11269): avc:  denied  { map_create } for  pid=9999 comm="syz.1.2226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  157.801608][   T29] audit: type=1400 audit(1748891275.891:11270): avc:  denied  { prog_load } for  pid=9999 comm="syz.1.2226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  157.821029][   T29] audit: type=1400 audit(1748891275.891:11271): avc:  denied  { open } for  pid=9999 comm="syz.1.2226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=0
[  157.852696][T10002] netlink: 'syz.1.2228': attribute type 4 has an invalid length.
[  157.892862][   T29] audit: type=1400 audit(1748891275.941:11272): avc:  denied  { create } for  pid=9999 comm="syz.1.2226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=0
[  157.916391][T10004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2229'.
[  157.968942][T10010] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  158.063726][T10018] netlink: 1022 bytes leftover after parsing attributes in process `syz.0.2234'.
[  158.195002][T10031] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2240'.
[  158.396656][T10038] netlink: 'syz.2.2243': attribute type 10 has an invalid length.
[  158.431260][T10038] team0 (unregistering): Port device team_slave_0 removed
[  158.446086][T10038] team0 (unregistering): Port device team_slave_1 removed
[  158.463277][T10038] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  158.471759][T10038] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  158.480202][T10038] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  158.488659][T10038] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  158.522004][T10038] team0 (unregistering): Port device geneve1 removed
[  158.547761][T10041] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  158.820863][T10056] FAULT_INJECTION: forcing a failure.
[  158.820863][T10056] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.834067][T10056] CPU: 1 UID: 0 PID: 10056 Comm: syz.2.2251 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[  158.834173][T10056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.834190][T10056] Call Trace:
[  158.834199][T10056]  <TASK>
[  158.834208][T10056]  __dump_stack+0x1d/0x30
[  158.834236][T10056]  dump_stack_lvl+0xe8/0x140
[  158.834274][T10056]  dump_stack+0x15/0x1b
[  158.834290][T10056]  should_fail_ex+0x265/0x280
[  158.834311][T10056]  should_fail+0xb/0x20
[  158.834328][T10056]  should_fail_usercopy+0x1a/0x20
[  158.834407][T10056]  _copy_from_user+0x1c/0xb0
[  158.834433][T10056]  __sys_bpf+0x178/0x790
[  158.834465][T10056]  __x64_sys_bpf+0x41/0x50
[  158.834540][T10056]  x64_sys_call+0x2478/0x2fb0
[  158.834563][T10056]  do_syscall_64+0xd2/0x200
[  158.834594][T10056]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  158.834629][T10056]  ? clear_bhb_loop+0x40/0x90
[  158.834723][T10056]  ? clear_bhb_loop+0x40/0x90
[  158.834824][T10056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.834882][T10056] RIP: 0033:0x7faca45be969
[  158.834917][T10056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.834983][T10056] RSP: 002b:00007faca2c27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  158.835007][T10056] RAX: ffffffffffffffda RBX: 00007faca47e5fa0 RCX: 00007faca45be969
[  158.835056][T10056] RDX: 0000000000000048 RSI: 000020000000e000 RDI: 0000000000000005
[  158.835072][T10056] RBP: 00007faca2c27090 R08: 0000000000000000 R09: 0000000000000000
[  158.835088][T10056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.835112][T10056] R13: 0000000000000001 R14: 00007faca47e5fa0 R15: 00007ffce62d4e28
[  158.835142][T10056]  </TASK>
[  159.082979][T10061] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  159.189111][T10067] sch_tbf: burst 0 is lower than device lo mtu (81) !
[  160.117517][T10107] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  160.364380][T10125] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2281'.
[  160.395377][T10125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2281'.
[  160.461372][T10137] sch_tbf: burst 0 is lower than device lo mtu (81) !
[  160.543705][T10147] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2291'.
[  160.554397][T10149] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  160.791121][T10169] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  160.977197][T10181] netlink: 766 bytes leftover after parsing attributes in process `syz.3.2307'.
[  161.009764][T10185] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  161.137027][T10202] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  161.451308][T10221] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  161.603028][T10228] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  161.981910][T10262] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  162.076835][T10276] FAULT_INJECTION: forcing a failure.
[  162.076835][T10276] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  162.089996][T10276] CPU: 1 UID: 0 PID: 10276 Comm: syz.0.2350 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[  162.090030][T10276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  162.090043][T10276] Call Trace:
[  162.090049][T10276]  <TASK>
[  162.090081][T10276]  __dump_stack+0x1d/0x30
[  162.090107][T10276]  dump_stack_lvl+0xe8/0x140
[  162.090132][T10276]  dump_stack+0x15/0x1b
[  162.090148][T10276]  should_fail_ex+0x265/0x280
[  162.090169][T10276]  should_fail+0xb/0x20
[  162.090191][T10276]  should_fail_usercopy+0x1a/0x20
[  162.090262][T10276]  _copy_to_user+0x20/0xa0
[  162.090357][T10276]  simple_read_from_buffer+0xb5/0x130
[  162.090452][T10276]  proc_fail_nth_read+0x100/0x140
[  162.090485][T10276]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  162.090519][T10276]  vfs_read+0x1a0/0x6f0
[  162.090545][T10276]  ? __rcu_read_unlock+0x4f/0x70
[  162.090579][T10276]  ? __fget_files+0x184/0x1c0
[  162.090652][T10276]  ksys_read+0xda/0x1a0
[  162.090679][T10276]  __x64_sys_read+0x40/0x50
[  162.090706][T10276]  x64_sys_call+0x2d77/0x2fb0
[  162.090733][T10276]  do_syscall_64+0xd2/0x200
[  162.090828][T10276]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  162.090862][T10276]  ? clear_bhb_loop+0x40/0x90
[  162.090948][T10276]  ? clear_bhb_loop+0x40/0x90
[  162.090978][T10276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.091006][T10276] RIP: 0033:0x7f74ceb8d37c
[  162.091026][T10276] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  162.091063][T10276] RSP: 002b:00007f74cd1f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  162.091088][T10276] RAX: ffffffffffffffda RBX: 00007f74cedb5fa0 RCX: 00007f74ceb8d37c
[  162.091123][T10276] RDX: 000000000000000f RSI: 00007f74cd1f70a0 RDI: 0000000000000003
[  162.091139][T10276] RBP: 00007f74cd1f7090 R08: 0000000000000000 R09: 0000000000000000
[  162.091155][T10276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.091170][T10276] R13: 0000000000000000 R14: 00007f74cedb5fa0 R15: 00007ffe90c5ab78
[  162.091251][T10276]  </TASK>
[  162.298445][   T29] kauditd_printk_skb: 863 callbacks suppressed
[  162.298464][   T29] audit: type=1400 audit(1748891280.494:12136): avc:  denied  { create } for  pid=10283 comm="syz.4.2351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=0
[  162.334970][   T29] audit: type=1400 audit(1748891280.524:12137): avc:  denied  { map_create } for  pid=10283 comm="syz.4.2351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  162.354417][   T29] audit: type=1400 audit(1748891280.524:12138): avc:  denied  { prog_load } for  pid=10283 comm="syz.4.2351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  162.373712][   T29] audit: type=1400 audit(1748891280.524:12139): avc:  denied  { create } for  pid=10283 comm="syz.4.2351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=0
[  162.405822][   T29] audit: type=1400 audit(1748891280.604:12140): avc:  denied  { prog_load } for  pid=10285 comm="syz.4.2352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  162.425174][   T29] audit: type=1400 audit(1748891280.604:12141): avc:  denied  { map_create } for  pid=10285 comm="syz.4.2352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  162.444578][   T29] audit: type=1400 audit(1748891280.604:12142): avc:  denied  { prog_load } for  pid=10285 comm="syz.4.2352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  162.465627][   T29] audit: type=1400 audit(1748891280.624:12143): avc:  denied  { create } for  pid=10277 comm="syz.2.2348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=0
[  162.485346][   T29] audit: type=1400 audit(1748891280.624:12144): avc:  denied  { prog_load } for  pid=10287 comm="syz.1.2353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  162.504686][   T29] audit: type=1400 audit(1748891280.624:12145): avc:  denied  { create } for  pid=10287 comm="syz.1.2353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=0
[  162.608484][T10295] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10295 comm=syz.0.2354
[  162.676648][T10290] Process accounting resumed
[  162.948318][T10332] netlink: 17279 bytes leftover after parsing attributes in process `syz.0.2372'.
[  163.180468][T10345] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2378'.
[  163.186890][T10340] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10340 comm=syz.0.2376
[  163.215579][T10340] Process accounting resumed
[  163.467599][T10376] sch_tbf: burst 0 is lower than device lo mtu (18) !
[  163.592240][T10374] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10374 comm=syz.2.2390
[  163.637018][T10374] Process accounting resumed
[  163.764218][T10397] ==================================================================
[  163.772374][T10397] BUG: KCSAN: data-race in mas_state_walk / mas_wr_store_entry
[  163.779971][T10397] 
[  163.782307][T10397] write to 0xffff888109992960 of 8 bytes by task 10394 on cpu 1:
[  163.790055][T10397]  mas_wr_store_entry+0x1581/0x2b50
[  163.795286][T10397]  mas_store_prealloc+0x74d/0x9e0
[  163.800345][T10397]  commit_merge+0x66e/0x6f0
[  163.804879][T10397]  vma_expand+0x1d0/0x370
[  163.809234][T10397]  vma_merge_new_range+0x296/0x310
[  163.814379][T10397]  mmap_region+0x9f1/0x1560
[  163.818924][T10397]  do_mmap+0x9b3/0xbe0
[  163.823010][T10397]  vm_mmap_pgoff+0x17a/0x2e0
[  163.827635][T10397]  ksys_mmap_pgoff+0xc2/0x310
[  163.832329][T10397]  x64_sys_call+0x1602/0x2fb0
[  163.837045][T10397]  do_syscall_64+0xd2/0x200
[  163.841587][T10397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.847597][T10397] 
[  163.849934][T10397] read to 0xffff888109992960 of 8 bytes by task 10397 on cpu 0:
[  163.857579][T10397]  mas_state_walk+0x2f5/0x650
[  163.862294][T10397]  mas_walk+0x30/0x120
[  163.866407][T10397]  lock_vma_under_rcu+0xa2/0x2f0
[  163.871386][T10397]  do_user_addr_fault+0x233/0x1090
[  163.876533][T10397]  exc_page_fault+0x62/0xa0
[  163.881067][T10397]  asm_exc_page_fault+0x26/0x30
[  163.885932][T10397] 
[  163.888266][T10397] value changed: 0x00007faca2bc4fff -> 0x00007faca2ba3fff
[  163.895391][T10397] 
[  163.897725][T10397] Reported by Kernel Concurrency Sanitizer on:
[  163.903878][T10397] CPU: 0 UID: 0 PID: 10397 Comm: syz.2.2399 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(voluntary) 
[  163.916040][T10397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.926101][T10397] ==================================================================
[  163.950661][T10402] IPVS: set_ctl: invalid protocol: 8 172.20.20.170:20002
[  165.679132][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!