last executing test programs:

4m6.048479219s ago: executing program 3 (id=113):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x68040200)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
syz_io_uring_setup(0x37, &(0x7f0000000480)={0x0, 0xe7b7, 0x40, 0x2}, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x2c, &(0x7f0000000300)={0x0, 0x1, 0x3})
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r1, &(0x7f0000000180)=""/204, 0xcc, 0x0, 0x0)

4m5.927444929s ago: executing program 3 (id=116):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000020603000000000000000000ffea000005000100070000000900020073797a300000000014000780080012401b0000000800084000000000050005000000001005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)

4m5.905516899s ago: executing program 3 (id=118):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_user(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000440)='&', 0x1, 0x0, 0x0, 0x0)
recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x62)

4m5.826664538s ago: executing program 3 (id=122):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
symlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
readlinkat(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0xb4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6)
recvmmsg(r1, &(0x7f0000001940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=""/65, 0x41}}], 0x1, 0x2160, 0x0)
readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000000)={'lo\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x204092, &(0x7f0000000180), 0x6, 0x517, &(0x7f0000000c00)="$eJzs3U1vI2cdAPD/OHY3aQNOWw6lEtvQF2URrJM0fYk4lEbi5VQJUe7ZkDhRFCdeJU67iVY0/QQgVAESFzhxQeIDIKF+BIRUCW4cOIEqyNIDF2Q09rhNHDt1dhPPbvL7SbPzzPPE/v8fv4znmZmdCeDKmoyINyNiJCJeiohyVl/IpjhoT+nf3Tu8u5xOSTSbb/8riSSr637OJ7KHpX7wvYgfJSfj7uztbyzVatXt49X7N9c3l9aqa9WtubnZ1+Zfn391fmbAniTF01qfjIg3vv3Jz3/y2+++8cdvvPv3xX/e+HGa1q2svVc/7lPzaHfb5VKMHlu+PNLPTbHVQwAAHgVPR8RTEfF8RHwtyjESp25GAwAAAI+g5rfGr3WKAAAAwOVUiIjxSAqV7Hzf8SgUKpX2ObxfiscLtfpO4+ur9d2tlbQtYiJKhdX1WnUmO1d4IkpJujzbKn+2/HLX8lx2Du4H5bF0udUGAAAADMdC1/j/k3J7/A8AAABcMr0Pxo8MPQ8AAADg4jgZHwAAAC4/438AAAC41L7/1lvp1Lx3eLd1H4CVd/Z2N+rv3Fyp7mxUNneXK8v17duVtXp9rVatDPA/Amr1+u1XYmv3znSjuNOY3tnbX9ys7241Flv39V6sPjWEPgEAAADHPfnch39NIuLgm2OtKfVY1lbKNTPgIZIUuypufTWnTIBzceaL/EzuXkwiwNB1/6YDV4cxPpB0V3RtGIz221T4U3fF9c+NZZsDAADyMfVlx//hqirknQCQm5/mnQCQm4H3xU9ebB7A8JXc5g+uvBPH/7uM9ms4cfy/n2bzTAkBAADnbrw9O4jsWOB4FAqVyqeHBZPV9Vp1JiK+GBF/KZeupcuzOeYLAAAAAAAAAAAAAAAAAAAAAAAAAI+iZjOJJgAAAHCpRRT+kWT3/5oqvzjevX/gseS/5dY8It791du/uLPUaGzPpvX//rS+8cus/uU89mAAAADAVVQ6tbUzTu+M4wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgPN07vLvcmYYZ9+OFGIuJXvGLMdqaj0YpIh7/TxLFI49LImLkHOIfvB8Rz/SKn6RpxUSWRXf8QkSM5Rz/iXOID1fZhwsR8Wav718hJlvz3t+/YjY9qI8XWl/ynvE767+RPuu/LwwY49mPfj/dN/77Ec8We69/OvGTPvFfGDD+rR/u7/dra/4mYqrn70/SnhWyP2xs3p7e2du/ub65tFZdq27Nzc2+Nv/6/KvzM9Or67Vq9m/PGD/7yh8OPujb/3aAo/E7/ZxoZ/hev/6/OGD///fRncOn28XSyfgRN17o/f4/05r3fv3Tz8RL2cuTtk91ygft8lHXf/fn6/1yS+Ov9Hn92+9/uflZ/OKx/t8YrPtH+/zrwR4CAFyknb39jaVarbo9hMLzr5zfEyatQroVNKTk8y50dnY8LPmM5hP9WuTb9+9khffifp+nszn8IGn87dz6lY4ZejfluFICAAAuRDoaaW/0550JAAAAAAAAAAAAAAAAAAAAXF2ta32NnPFCgM+d7Upj3TEP8ukqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCp/h8AAP//xTLAHQ==")
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
sendmsg$kcm(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000340)="392a5cf7209fdb587e6d52cec8cf0eb7df857a3bbd7aff3a46a81b873943b3dd2936661d405a777a7045b1e57e3194a32b42e7268f7212fa63f645631725299d20ffab6398e7d2c9f32aa2508850f8b281336ecd69afce896fc4a07580c015956b200c3eecd7027c0571df76a1d8b4", 0x6f}, {&(0x7f0000000400)="9588e7aef48c6862dc101f80d829751017ef83568a8aeabaa36d64d260c0701ebd836d5b56688e26f073a389a2c456f66e7aa49f5f3de9facd3099b16cd9f2c5853e81d60714a75a9a265dc3bf473b0ebae260af80075430de19a74fc4dd8a0d3aac025f9db5003cddad466a21f886aa3f1bcebae7dbe6eb02837d6f97b1ee0010f24e353b920418f66de41ebc6040e67ae88fdc057aee1a8d70cc6ae80823957f8b369dda3609ee31e111caca27", 0xae}], 0x2, &(0x7f00000004c0)}, 0x80)
quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f00000003c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000011c0))

4m5.682003938s ago: executing program 3 (id=123):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
fsetxattr$security_capability(r0, &(0x7f0000000000), 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002b00)=ANY=[@ANYBLOB="b702000007000000bfa300000000000007030000f0ffffff7a0af0ff0020000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26ffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000005b46001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a55b000000c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2d90addedc28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000801989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c1f860d050d694cc7806d294d3665016a7b29da0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d40887c58559b7dcb98a6273b8c651e57f727041c62cea5b7bd24d9f679e4fbe948dfb4cc4a389469608241630459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b83720eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb89872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df0104000099d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebed161980f2fde4f9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e4bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802c8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e661a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b7c4e93da3d51de647c10dd49944dc87c92332af0be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99e85b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5359dbdfbf31a562395020becaf3fd1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4b28288e78980c1184d8223edbc4bf9258b7374e79a8f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b5524642c248aa813edaa626f0000000000000000000000000000000003ba5bac34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c40bde6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89ad07963acbd4dd4dc5b4552591edde7a22ad06f7567e6fec2f65011b579bf609d61a3ff4d6f490824bb035995449fc34106ae6889f036d67b6aaee784f855ebc746ac871b5d2031ac0a252ac1f86e93e245f3793cea80b6de773899d49d11d3b1ed79163b111c976cf840a2ef6214a43338fba8c9edb6be26e68fcc5d47ed74a66ce8aba726ab955b9b32ab1890e84a5e2d7476252af25e5c95c5a8b2b1b5c8a2645b01b823c0f169d6ab529cc889bb07889d9e155114cf3e26a50c527ec6d4021cd2cacfea6d7e41e39e26b3967cad65c648b170f12ea9cc69dcee64be0c27b1f4f7f5ce3e62c35602c9d2921326891901661c85b988494f094abb91ed813b42828aa93105896e0aee851a8087e169a1d69e841257d9053d0cdc3a6ac4f12084cc6470abebe8b344b1f56690a2687b428686c854c21831da277e8b8a21b7b91a46d22ba083eca7b1f8268048cde7d6f237dca42035881b29ca9c8c2937971821b613894297ff6f7796053a4de1fd77e180cc22b205d43bb4a1b59962c1f605ea1b74585cf5e8d579f157cb45561c357f9976cec6a43388b3049a0d9c171ff6145266ba119d00000000001ef3794a930eb12f3a6215c510bf0bca70c127e9c70cc7bef921249a7f18a0034ce3264a9e96656b47233e2ed7c76520e649c3fd550bdafd77c5cd72b4446d3e157ddd97e7622a6891fb739acd3b2cdaf65ac78490f0641be6e8c6f55bf3d228786895ff5fd5970faacd8a5025aca0aa1931f477ba06aa60051298c8bf7f3b399194f98dc3f4e8513ad06da09dc393c1284515986b8c70ac69512f6c0c04f42edb3a097a11f2ab480e3e391abffae097752300576337c6dd24c4a98280684aa1fe8c7b43ee8bce05fe979b34da18cdb44dbb030b8009cd3b3b44fd8e7b534acd3f1839cb54817668ab446d3d47848429ea831a57f222c714870582a8832c2a326c5d1e406c8b05dedddceb24483f8f998b05c3ddf85c3799c9000000000000000000000000001e57cf839eb3150d6a076fb7b86fae98dbb46014f483aecb4ec4f0877371bcae8912c78aff857c669760f0e55041563c5c3e8ee4a0eef885fd43fe34a1febc82370d1d07fdfe705ada47288e41e7e6ee82d66b99ae4b0889fe949e7342ca97c1a64dcc7f6a0c0da07de8c808b4caec54820f856889fc5f1af3d675206e3257f974d6e45ff1e905c2f0fc0173ac6714acaaca2397bee23630ecaa2c1c6ddc3085689a033d6d41a1a7ac59baec299158faa52308856805f2130863f4668e27b8bbef4f4cd43a2fd294b5b0bf2b0e4afbe570c54aa214579ca0caf54231d00a94eda2be6f037e2befdd03bf152f696ca1d1ea86eb7ee1f021062ad71246dae1580c4f959a320912032ed468a8ed9f27a2258ddf465de77a51b4713bc6b789a0e8b203f0f592ddb27aa90989a9e0cb624bc34e7d6ebf156ea251e3a2f83ada9f0b70035e8ed200a52b00"/3910], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r1, 0xe0, &(0x7f0000000a00)={0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000200)={r2}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x2f000000, 0xe, 0x4c, &(0x7f0000000780)="5ceced9e46dc3f0adf33c9f7b986", 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000005efe2100850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kmem_cache_free\x00', r5, 0x0, 0x2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
inotify_init()
r6 = socket(0x1e, 0x4, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r7, 0x0, &(0x7f0000000380)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r10 = syz_open_procfs(r9, &(0x7f0000000000)='map_files\x00')
getdents64(r10, &(0x7f00000000c0)=""/44, 0x2c)
getdents(r10, &(0x7f0000000040)=""/44, 0x2c)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r10, 0x40605346, &(0x7f0000000300)={0x401, 0x1, {0x3, 0x5d51639c21944a8b, 0x8, 0x1}})
sendmsg$tipc(r6, &(0x7f00000000c0)={&(0x7f0000000200)=@id={0x1e, 0x3, 0x1, {0x4e24}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x4840)
fgetxattr(r4, &(0x7f0000000000)=ANY=[], 0x0, 0x0)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r11}, 0x10)
mbind(&(0x7f0000564000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000000)=0xffff, 0xc, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

4m5.369768726s ago: executing program 3 (id=129):
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0xfe, 0x0, 0x0, 0xfc, 0x0, 0x200, 0x88420, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0}, 0x9302ce0ecd0c302f, 0x0, 0x5, 0x3, 0x1d25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x578, 0xd0, 0x388, 0xd0, 0x2b8, 0x2b8, 0x4a8, 0x4a8, 0x4f8, 0x4a8, 0x4a8, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@empty, @ipv4=@loopback=0x7f000000, 0x0, 0xe}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], '\x00', 'bond_slave_0\x00', {}, {}, 0x0, 0x0, 0x7}, 0x0, 0xd0, 0xf8, 0x48000000, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@empty, @private2, [], [], 'veth1_to_bridge\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@eui64={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5d8)
socket$nl_generic(0x10, 0x3, 0x10)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x800)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
timerfd_create(0x8, 0x80800)
socket$nl_netfilter(0x10, 0x3, 0xc)
io_uring_setup(0x203c, &(0x7f00000000c0)={0x0, 0xd4b5, 0x2, 0x3})
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000940)={{}, &(0x7f00000008c0), &(0x7f0000000900)='%pS    \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000a00)={{}, &(0x7f0000000c00), &(0x7f00000009c0)='%pB    \x00'}, 0x20)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000640), 0x220280, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r1}, &(0x7f0000000600), &(0x7f0000000980)}, 0x20)
syz_io_uring_setup(0x239, &(0x7f0000000080), 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000000c0), 0x12)
readv(r3, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/153, 0x99}], 0x1)

4m5.369018027s ago: executing program 32 (id=129):
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0xfe, 0x0, 0x0, 0xfc, 0x0, 0x200, 0x88420, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, @perf_bp={0x0}, 0x9302ce0ecd0c302f, 0x0, 0x5, 0x3, 0x1d25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x2, 0x6, 0x578, 0xd0, 0x388, 0xd0, 0x2b8, 0x2b8, 0x4a8, 0x4a8, 0x4f8, 0x4a8, 0x4a8, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@empty, @ipv4=@loopback=0x7f000000, 0x0, 0xe}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], '\x00', 'bond_slave_0\x00', {}, {}, 0x0, 0x0, 0x7}, 0x0, 0xd0, 0xf8, 0x48000000, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@empty, @private2, [], [], 'veth1_to_bridge\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@eui64={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5d8)
socket$nl_generic(0x10, 0x3, 0x10)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x800)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
timerfd_create(0x8, 0x80800)
socket$nl_netfilter(0x10, 0x3, 0xc)
io_uring_setup(0x203c, &(0x7f00000000c0)={0x0, 0xd4b5, 0x2, 0x3})
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000940)={{}, &(0x7f00000008c0), &(0x7f0000000900)='%pS    \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000a00)={{}, &(0x7f0000000c00), &(0x7f00000009c0)='%pB    \x00'}, 0x20)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000640), 0x220280, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r1}, &(0x7f0000000600), &(0x7f0000000980)}, 0x20)
syz_io_uring_setup(0x239, &(0x7f0000000080), 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000000c0), 0x12)
readv(r3, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/153, 0x99}], 0x1)

1m24.974438317s ago: executing program 5 (id=2563):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r3, 0x5421, &(0x7f0000000100)=0x100000001)
setsockopt$inet_tcp_int(r3, 0x6, 0x1e, &(0x7f0000000380)=0x1, 0x4)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @private=0xa010102}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r4, 0x0, 0x14, 0x0, &(0x7f00000006c0)="f6f4e9a1d78ad62ceef1884366a578bb3fb7dbfc", 0x0, 0x0, 0x0, 0xc, 0x0, &(0x7f0000000700)="49723b3ab53a13274c56e00d", 0x0}, 0x50)
close(r3)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r6}, 0x38)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r7}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e00000000000000000018000380140003800c00018008000100"], 0x44}}, 0x0)

1m24.877371087s ago: executing program 5 (id=2564):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
syz_emit_ethernet(0x16, &(0x7f0000000040)={@multicast, @remote, @void, {@llc={0x4, {@snap={0x0, 0x0, "af", "1a0c65"}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
r3 = getpid()
socket$inet6_udp(0xa, 0x2, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@minixdf}, {@orlov}, {@abort}, {@delalloc}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

1m22.149052607s ago: executing program 5 (id=2594):
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='timerslack_ns\x00')
write$cgroup_int(r0, &(0x7f00000002c0)=0x4000000000000, 0x12)
syz_emit_ethernet(0x7e, &(0x7f0000000040)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "ecff80", 0x48, 0x11, 0x0, @remote, @mcast2, {[], {0x0, 0x4e22, 0x48, 0x0, @wg=@cookie={0x4, 0x0, "7d91b3ccaf4c63521df8f969a9a3ef8377d86e2c440fb055", "8fc99fa615e832d5f00ce4a5807ebb53fbfc8fbe4761a7cfe44dcf957dbdc946"}}}}}}}, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r1)
close(r1)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8100, &(0x7f0000001dc0)={0xf, 0x84, 0x20000}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x18)
timer_create(0x2, 0x0, &(0x7f0000000100))
timer_settime(0x0, 0x1, &(0x7f00000006c0)={{}, {0x0, 0x9}}, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000200)=0x40)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xff)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000180)=0x70)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)=0x7e)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x99, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10)
r8 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000280), &(0x7f00000002c0)=r4}, 0x20)
ioctl$AUTOFS_IOC_FAIL(r8, 0x4c80, 0xffffffffffffffb6)
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder1\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r6}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)

1m21.999094796s ago: executing program 5 (id=2600):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x6f, r2, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0xfd53}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000004c0)={'ip_vti0\x00', &(0x7f0000000340)={'syztnl1\x00', <r4=>0x0, 0x40, 0x700, 0xdc, 0x40, {{0x2e, 0x4, 0x1, 0x1f, 0xb8, 0x66, 0x0, 0x42, 0x2f, 0x0, @broadcast, @multicast1, {[@generic={0x88, 0x10, "7a5f6782ef3bb165739867f165d9"}, @generic={0x0, 0x6, "23df3a38"}, @timestamp_prespec={0x44, 0x24, 0x7a, 0x3, 0x4, [{@multicast1, 0x401}, {@remote, 0x101}, {@private=0xa010102, 0x7}, {@multicast1, 0x8}]}, @noop, @end, @noop, @timestamp_addr={0x44, 0x2c, 0x46, 0x1, 0x7, [{@multicast1, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@local, 0x7f19}, {@local, 0x933}, {@multicast1, 0x8}]}, @timestamp_prespec={0x44, 0x24, 0x53, 0x3, 0x9, [{@loopback, 0x10000}, {@multicast2, 0x2896}, {@multicast1, 0x7}, {@private=0xa010100, 0x1}]}, @cipso={0x86, 0x10, 0x0, [{0x0, 0xa, "a23af9db570304c6"}]}, @ra={0x94, 0x4, 0x1}]}}}}})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0xfffffffffffffff6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000ac0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_flower={{0xb}, {0x5c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x58, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x54, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x27}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xfffffc01}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1000}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}]}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40040}, 0x20000000)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000580)={'ip6gre0\x00', &(0x7f0000000680)={'ip6_vti0\x00', <r6=>0x0, 0x4, 0xe, 0x3, 0x3, 0xca5509cb31c4b5cb, @dev={0xfe, 0x80, '\x00', 0x3d}, @dev={0xfe, 0x80, '\x00', 0x18}, 0x80, 0x40, 0x3, 0x9}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'batadv0\x00', <r7=>0x0})
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f00000014c0)=ANY=[@ANYBLOB="c8140000", @ANYRES16=r3, @ANYBLOB="000228bd7000ffdbdf250a000000780001801400020067656e6576653000000000000000000008000100", @ANYRES32=r4, @ANYBLOB="14000200677265300000000000000000000000001400020073697430000000000000000000000000fb00030000000000140083426b9986ea358da6ff71417850af0200697036746e6c300000000000000000001400020067656e65766530100000b6b06e1b7256147101801400020076657468305f746f5f626f6e640000000800030002", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="1400020067656e6576653000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="080003000200000078000280040001006d0005006406fb49528d86f2ae55d0ed1b8e8df2fc362f1800cb40c8c3d13f2782146e58325b690d64370cc46ca4d74cede1845c24d7bce87d91b5c3714252866ffa5ae83ebce5e314979a3235cb8c1b3d9e062c222c6b310c6bf3050f5397ee49635b52bacc411a9d17fabac4000000681302806800038020000180080001000400000004000300080002002b5e3a00080001000200000010000180080001000100000004000300240001800c00020073797a746e6c31000800010004000000070002005e230000040003001000018008000100ffff000004000300a400038008000180040003002c000180090002007369743000000000040003000400030004000300050002000000000008000100000000003800018008000100008000000800010005000000040003000c00020067656e6576653000040003000400030004000300080001000d0d0000340001800e0002007379737667726f75707300000400030005000200000000001100020073636865645f737769746368000000000400010004000100041005003d449907667e6de4c22dc04515fbd4db1892bc70e82dbb1d49bbe6dd0b1b022394e10a72be76ca6b1204b403833197d8f956f703d29e471dd0b503d8e9b020bd1311b25b53f5de7f1b87a6f200188046e7c1a8b2751ef44aad99f391f12430586c10085d6ca73bdb136410298534b6c6fe810fe13a30b741d8515ce8ce086da9855c7f698f407e6b3b3a469c15b53fcc1a979bff62be91ffdb6236bd0606c0bb4a0027a4304b288b5030a8d4a277a3c1792cf5aae98aad86982dadb316049d7de80297c5df0f3f43a5fbfa656a6a68ceef722540f2c070e73b66a1c4d77f0cefec76602f67c37ed62b62e2e1a87a507beacd2d6a2ae4ebfce51342366507bcb59b3a44962cf97801b821afb7916788c5666e3b798043af6e509d4a2577bedb858babc563b8bfef8252eb76c8f3cf25e293b40594508f47a34ef4954ada12777c13ace4fd2423bcf6d6a478305302e4df7fe5a5f511d0cc277784736cdf3c82fa2d2e6db769f4510bd0a6b47dff2bdc015c52d3b5fdf916264591a604b79f4e93acfaa60da5bca7d0f08431a3a484203609532a829ab98c18f5a0ad6b20266ce87301cbf130db2b037058e502bb030ac45f70600a73678840ae9832806691ba3b53c9b162efe810787385a1cee203a415e8baf7a50e7ebe5d4ca20a83820a19ce5e84e1dec29e05e4d4951054cac688f27979acf1947d7e49ccac46ed445777032750c7645e917a2fd5b18177684b7efd70e201afbb555d63574ceb1885c5f7ab9c93b3fa1602b29e78f5caab3c523e13e057c4a58a8fdf11ab32018d64d25eefec9fcf7d6d12f3af0924530dd2cf133a598a817c3a7a33544e5c6c5c8b6f03222419ec0b737eb48e5538ca8868b3189b8dea9e56e525129bc6b683bf98014e71e367c5922bc864282bfa942a354e7747eaa3fd78abedd97885f45d1a54c5423448bcae7d777838a8a09b93ae83a16c54a91bb440102526d99d64e9d627eb5b77d568ceccb2ae439ca5bfc2b8b41c58b8bc63aaeb93a629e9c9d06d70d650ac2972682486e68ceafa97933f2039c2d63365fa83449d539ee1470b53175b8b81d3f2a01ddc3dbc08ce797480e965e819f12f1cfab0ee0b17125c8264977c05c867ff07a7e0bffa98025e52b15683ed94e71dc1d4a6bb86eaed0519b9a12b49412b8941862c6908660a738d13a907b54e49bc190af961580fd9c34c5bb9148f85ae749e20ae75b27bec75fd14fec414346a905f926d4f22ed052c9f5d42474339a347524d5716d4a764863d7f778fbde4e225e8fc1621736bb21dc0456f3cadca8bf3cfa1229b68e4af1cfe25b01d38a4c11aedb1bf4d44a0b02d130872eb069b9a8217d31e356130f67f51e1e80103edb8c9a91ecbc5c9d5892d4cc3795702b004b2627050a83b771a6dfa7412f4f787b57d9ceabe3f72a5df9a45fe5f46a6aa4a3531ecb420c8570f392c0e0e1a6550e14352ab9044c5fdb767acf5e67b1f236cbae07fe998ff838b98fe50479a201bb121f6acb55f7d57e5a568d634609cbbf26bffa09644c06bbe83156e8368b33bbaa435331aa9e75132b7ba7a58017fb87699847e688bdc88e48a44c3c404928cf591764ddb03d315d338611699c3bcbfd1fd4459a87001c165faf64b9a9486571afb0cf8d8e6f5e6539788cae44aeeacd082f4666929152375d770cd173e4fe72415754bdc9dcfbc320b895bb01f215bc8da07f9253e02d3f5e9f79c702603a22884216eb84348fdf7ac03117aea5074d0208f3c4a9329f20184c276f9c8cf4a9aa8b0db1b3e81b3fc0eca15c8d7362ccf722b196236781b457b2df38200b3fa5366e972fcd946a1f473230235f976dc264a121e5e3f8762a3762a65a903d3d7e0d065cc1290c1e84d5c056e2798464a8d1a457d93424978ef78e4880ff637cf20edef433deae3a1b2cad62cc90fea862e5bc11271d7b2b6cba637a4df401a70e89393346d74a3eee567efdc3fc9cdfa8bfc39560dd69cd57425e9b8998658a4dc92d1ea152f5aefc77fb39876e3d6b1e15c813862e14c005ae0aa32d29a983769ea8ceec7c238eee7c13329e1a6c3fe5cc23623c18e18bb32301f871fc5548beb276d7449482c07ff954639e3b45fa7e97bd278848debad84352c7aa037ce329ab91ca55dbeffdc0fc1c931b3a6925a3e694ad377832231cffa347b33017bf847bd24eb67a6d729485983a0de899c4d7d6b3908a75d0a3c2146550c0439e72ea6cf69dde42714118ff03aa4bcacb3d88a4340b6744d07db5647d018631f1ffcc7290403bd06e72912347743cfb5a0820551d9a3630642f2dbded8e5472f5fccca8107515637d56a1d789b1e1fff64872bc9127ccd6cf82e86e4b8377660e47f1b82a9eeb68b2d817adcfb1d1935414a0fdc33682fd59b1973dded37002a1f9155178f9ce24a327fb8145b023452520ed0ed68f579a44b1c792c84f72d7433b990d210122694a4ebf39446b94bdc8425892f8116e54a0a9201f6e0e1ce690b7aa3f574aa5f7a733e440c0010c48ee49eb58e1f86ce73e274b47f8fe16f038eb770b3b426704640553d5955e49a545c44d34eb7492a6979cc1240f5f4c6e22bc5d29ed9f24bf05b02e92458cff654aeb84f350bb3710e1915955167336c8cf64d803b1f5cf4f60104ea215d99ef9a4cef6ef343673a36212ca54027fa4483b0f4e8efc3d57da9a83666fee10edebd0c8516dd9f6590dd9979e047dd4522f3d744589095250d8f55458b8c52e0cfbdab719961003c3100031dfa5f650b1350056237ff1f715212774de34a09b746ebb14dec172900749400fe25efb93b434fc23ba16322d66a1c9230836908c4c0fb6ebeb6c9291de8c36a1811dd4cdf3fa38061b85b1a96453f3ad111b48e57c5a51becd6252ed78bac7bce1fee3fd2aa5dc64e89417ce7480662c935e7a971873302ea7aa7d676b5880272855de175a9efe0486b40c3009256717961597ad9a826891540a4175d7f379ddf37159ff807c48748716bdb697171ea29d75f821adaffe634b7cb0e96e01727d1ff1e9c909b6b9293ad92deaa0d115f698628e00583e0d02d5f21f76b3387e6ca7dbb0ae547c6ecb2557fbb848ca5ef28691bec9af2d6cb618898460a73156aab8d5ba4b500eeb9739b9d65bd421829155171a334c1b4d20ab411a283789404522cbc2f51e6a5b77ccef3697f3749fe1e76c10ed83aa7d6ed04b4e0ef43624b19143ca07f24a57a8a415fb7dfa81644e5f50dfb651481ee8f3decc3496ce059adaeffeb8f81e436710366c11021be2b33e27af17325fd6c963cf237f58b9422dcf6badfd6e6baed92bc8ab9fd0a5974f506cb162c512e156a78ed56a84b9ce8726f423a4843b3a02d0bb54f77d8f376e1ec37266487ec633cd690f2a9dd53e69fa86640f21e68b657e86cf17fdd206d642a540337e4f7af65e264dc081487de71aa7b1da7e8afa5a3cc3814425c8e8acfefd58b013af57e3be860332c92a6bb857ad04f5826e9234c9da7f43b00741955cdeaf494504cde2866de059ff36345ce56796be7b771a9baf978e61f2c21cb6a500dca0e0ef22bce596e59f95dd0c3df66540730cb11ec2f7e99d9ed7e98a7d6a5671c6f3ccf1713ec419be9dfac333f445a180fb51ae3268e5c5e165ce32e3cf7b8b6327b323123882d6736a521bd51239cb634c2e7380ef95ec8a1121ec4a645fe7e9fd25579a35be6a8a2c0757285d353aa55d0d18fcec592849ce8856efa27fe99ffed5ea07752398cda2353c195d02b0ad1c24d3bed7e53783ab0401d1c8751d8c825205331febee2a707df93f2c10bcaad26c5401ba6a6646e5f850040ca2455c5cd72c5e647e396937af96ec1e58ece92c5c13defa7c3caa49e7dcf92e4fdeb29580c1edb17ac3dd45327451874697a8fffe2e08bbb458912b152cdcbf7377fefc8889f08dcf1e41aa713eb49265bf312d4fba5804e14f2e69f4cf92cfb52eef906977374c7c5a34d02e94434314a1d1c5ef542b2b151ffde0109c284b0e78fd9c38825983731dfd6ab61355af9260a9cd832ae0017f2ac9f80a44034133174f0db99d53dc2d94e0b035d37d9e2e57da2454cdfbb0213c551b8055a6892ceb8bfd6bf61ccba88dbf17d41321df9138e1ae424d0a4de134aae994f86a410c19e2fce2ee477dfb54903cfd31c13d66628be8213b310bbb8bbed007cd59abed8381bdb3c2fb809fd4fb00b48f87083046d98796e9fd09c965a6e87f0db5af90bf3567f29fe1480996ca7f8841c78f924ef09920f640647092b1bf5c18c706d77a05f87ae48c2ef974d9e9a90c3784714de679f6e2c6b41f03340a931e2da1eb15c2d0853368de18141858c5ad173fc4aaa14e22ae3101bbc01a4c11c3e111f26df6d693c1ea991b6f1f24247d818fd1ccf474b6c431f101e500cf776cc8668c434188e0301076e70eb0a6f4384a6881b624002c8c853d79cc7cca4ab33dd41ff55b9725c60cbfc9efca5fdec449ec2abdd6edabae5f029189e38d5ab7e2ad5b045094d154759d1454af0cf57a1a940c6f66117073cddd6a7575b22947961115406fa13fcb60ef6645a7c627302a8ed692d09ed6b0af44a8d99373579431f6f1c045bf71ae6f10a29717ec24885ab8503dcb5a3ba167c67f9d41de715a0a4cad2ec152ae54062c429b033fa89b34e7c3724c725c7c9ef685406ad249bd08e9c9cdaacd96455734fd884ae3917f2c869ec4422ef4642dd50ab26df025cedb670e87303210005fabd599154cb0734b37b99b6de5049c7d9ee1ac9a2451013d0507c0b98d0eb752010f438f71fe2bff2e25cd7091433844f1b61568b57696f7ff8761469d7753c90187be9cab6e8e065285e1bb3afb50e111dfb7dfeafbf71f5865285a1f6ff521c2109ef49990b067850df4c1d3cfb165e4b7ee4ca940f8bb5dbb5b6d2faec44ffb724b35bb8596d5c478ff74b47f3b7b921bcb51381bcdb9577a62904c84f38c57d267f167967963d33fe37e87fc8bec40554d70bce48ed956d2433abe48831f532b0fca3f00329770af3906f28ddf5fb1b8017b1b0cf237226b55300035480d3ecb70411f51c0b54920935541a7834f10aaa470b9e1572ebd35d42c34bed5ac376bd521e641fd5e7da60f2061285074d03e87586155777a22a1bf93e8d990cb6703cb9633309885be42ee4ab07fc57b7114435e12902bddea43e89df5c4ac165d15ce6e3e528dd6cc9a38bf794ba86584c191fabe6f4faff8c07cc84efcd5e9fc80eeebf4687d86f115699d00e3a1e633b7216e6c065916f3d85f8db213e0284cf3788540d18b614d03df6b99ac33f1b9b7ff05706ec36af5c9c496aa7a7bfb4571e62b2ffc65b9e40541403bead3f61de1c5e54c2f8916ced780884fec72190094f44a66270f22d5c64854ab32066089d890c1f3769653acc10eda46cdeecec5f76fc7924b27811db54be406b0e49ca6086ef398b383c7b7097652d6e006a3e1b7c29095423c1f7efb012e67e6269c2bc4ada3a3404c39fb9c7751cec52e8cb77b31c6f0fc9a5f4d94fe31e065788740b76e9ddfe049725f8bfdabd0f5c70a68f95f26ff91bcb26cae86179259e281111f73ce83fd3df4e543da6acf89ab543b2dd6eeab21ba8759943e61cceb6a74cba91b133d0595728ec1dee69bc835a2f58736a36c9805873cb148e0c0fa68d1ee526c2dfbd7c98ae8ae5a7cd2ed75358978449a63fe6525f0e774ff81fb6b9dcb0d51c117271bbe2f0c5f50b0311ca616bcd66f85fc871e24c3a96457f14266c0eee19d9b6ee25cde312368036f71f1e2cca000500adcac35c359823970da815897e360047efb70558878fa3d4c7f0e09d69a121756f79a880e4f52dc46f93f288f75241b92e1c225cf76eb0589b73b9eeca3e5d7ccd924a369efae24d034b8e64cc3f333ccca92d4fe772862a752c0f88defa0a582a2e2d13f536434e7a51d6a190846b079f830dacac667f629fcf6316a00714bab9ae4643b831ffe7b92c276484422abed291928173b6da6d188874f5e43c58b43c56d0c8f565133b6c738d559339865efcb254f3ea57d10b5f7acb09a8089ae9615215dc3b880000ac0003800c00018007000200402800002c00018008000100424c00001100020073636865645f73776974636800000000080002006e6f626804000300100001800800010005000000040003002c000180040003000600020028000000040003000800010001000000080001000500000008000100e087000008000180040003002c0001800c000200657468746f6f6c0008000100800000000400030008000100000200000500020000000000d4000500421feaaa9e4aa5cbb474812463300a1acb5e6c4997744ee71e982174b088cb3e4f788f7252f3e8d37dacfc318dd752d5b9ca0165fc4faf04ad29e513cd188980e21d56b6b4497be7e83d9ff8c1d5d53ef8e27ce0a0e24c43af7f214cf7cbf56eca11139cd264bcf172ccea27f45287a051cd793eb87ea7b66502c2f551255e11a07e1b667600a4891b8ddab2a7faa896ceaa3fe7c4e7d2030e629a990c4dba963488c4491d3afa00748f4d3ad60c29ff31718049479428d315da9d7ec7ac93d183ccbdd8b04fd98d125228c923a40737"], 0x14c8}, 0x1, 0x0, 0x0, 0x4001}, 0x804)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x18, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16, @ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x400e, &(0x7f0000000180)={[{@sysvgroups}, {@nobh}, {@data_err_ignore}, {@nolazytime}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@nolazytime}]}, 0x1, 0x433, &(0x7f0000000d80)="$eJzs289rHFUcAPDvzGZb01+Jpf7oDzVaxVI1adJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1JdjebNEk32ep+PjDtezNvee87M2/3vXmZAHrWUPZPErEnIn6PiIF6trnAUP2/24vzE38vzk8kUa2+9VdSK3drcX6iKFp8bneR6YtIP0vicJt6Z69cvTBeqUxdzvMjcxffH5m9cvW56Yvj56fOT10aO3Pm1MnRF06PPd+ROLO4bh36aObIwdfeuf7GxNnr7/78bVLE3xJHhwytdfCparXD1XXX3oZ00tfFhrAhpXo3jXKt/w9EKZYv3kC8+mlXGwdsqWq1Wn1w9cMLVeB/LIlutwDojuKHPpv/Fts2DT3uCTdfqk+Asrhv51v9SF+keZlyy/y2k4Yi4uzCP19lW2zNcwgAgCbfZ+OfZ9uN/9JofC60L19DGYyI+yNif0ScjogDEfFARK3sQxHx8Abrb10kWTn+SW9sKrB1ysZ/L+ZrW83jv2L0F4OlPLe3Fn85OTddmTqRn5NjUd6Z5UfXqOOHV377YrVjjeO/bMvqL8aCeTtu9O1s/szk+Nz43cTc6OYnEYf62sWfLK0EJBFxMCKOlzdXx/Txb46sduzO8a+hA+tM1a8jnq5f/4Voib+QrL0+OXJfVKZOjBR3xUq//HrtzcZ842m8q/g7ILv+u9re/0vxDyaN67WzG6/j2h+frzqn2ez9vyN5u2nfh+Nzc5dHI3Ykr9cb3bh/rKXc2HL5LP5jR9v3//2xfCYOR0R2Ez8SEY9GxGN52x+PiCci4uga8f/08pPvbT7+rZXFP7mh67+c2BGte9onShd+/K6p0sGNxJ9d/1O1VP+++p71fP+tp12bu5sBAADgvyeNiD2RpMNL6TQdHq7/Df+B2JVWZmbnnjk388Glyfo7AoNRTosnXQMNz0NH82l9kR9ryZ/Mnxt/Weqv5YcnZiqT3Q4eetzuVfp/5s9St1sHbDnva0Hv0v+hd+n/0Lv0f+hdbfp/fzfaAWy/dr//H3ehHcD2a+n/lv2gh5j/Q+/S/6F36f/Qk2b7484vyUtIrEhEek80Q2KLEt3+ZgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiMfwMAAP//dr7m3g==")
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x82, 0x0)
r8 = openat(0xffffffffffffffff, &(0x7f0000004280)='./file0\x00', 0x0, 0x72)
getdents64(r8, 0xfffffffffffffffe, 0x29)
r9 = getpid()
r10 = io_uring_setup(0x6bae, &(0x7f00000008c0)={0x0, 0x0, 0x4000, 0x3, 0x13b})
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r10, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x1b, 0x20000038, r11)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
pread64(r12, &(0x7f0000000080)=""/237, 0xed, 0x5)
syz_pidfd_open(r9, 0x0)
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r14 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r13, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r14, 0x0, 0x2}, 0x18)
rename(&(0x7f0000000040)='./file1\x00', 0x0)

1m21.612794865s ago: executing program 5 (id=2604):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x3, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0x0, 0x0, 0x0, 0x9}) (fail_nth: 12)

1m20.606490111s ago: executing program 5 (id=2608):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001500)={0x2c, r1, 0x1, 0x0, 0x0, {0x22}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}]}]}, 0x2c}}, 0x0)

1m20.605840321s ago: executing program 33 (id=2608):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001500)={0x2c, r1, 0x1, 0x0, 0x0, {0x22}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}]}]}, 0x2c}}, 0x0)

2.860191961s ago: executing program 2 (id=3522):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00'}, 0x10)
r0 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB='b *:4\tmr'], 0xa)

2.79829435s ago: executing program 2 (id=3523):
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x40841, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
flistxattr(r1, &(0x7f0000000440)=""/246, 0xf6)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10)
sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000002e80)=ANY=[@ANYBLOB="380000002e000100000000000000000008000000", @ANYRES32, @ANYBLOB="0b000080976b6408686030"], 0x38}], 0x1, 0x0, 0x0, 0x2000000}, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
openat$tun(0xffffffffffffff9c, 0x0, 0x40841, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
flistxattr(r1, &(0x7f0000000440)=""/246, 0xf6) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10) (async)
sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000002e80)=ANY=[@ANYBLOB="380000002e000100000000000000000008000000", @ANYRES32, @ANYBLOB="0b000080976b6408686030"], 0x38}], 0x1, 0x0, 0x0, 0x2000000}, 0x0) (async)

2.7980672s ago: executing program 2 (id=3524):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0xfffff, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}}, 0x0, 0x42, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)

2.79657181s ago: executing program 2 (id=3525):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
syz_io_uring_complete(0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x5e, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cedd00", 0x28, 0x3a, 0xff, @remote={0xfe, 0xe0}, @mcast2, {[], @ndisc_ra={0x89, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x1f, 0x3, "de40450e3b49911453b2ee98b24fd9012b22652dc71f"}]}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = openat$selinux_validatetrans(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$selinux_validatetrans(r3, &(0x7f0000000080)={'system_u:object_r:apm_bios_t:s0', 0x20, '/sbin/dhclient', 0x20, 0x1, 0x20, '/usr/sbin/cupsd\x00'}, 0x54)
mknod(&(0x7f0000000140)='./file0\x00', 0x8001420, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r4}, 0x18)
mount$9p_tcp(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000000000,privpo'])

2.76023171s ago: executing program 2 (id=3526):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10)
r1 = memfd_create(&(0x7f00000005c0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'\b\x00\x00\x00\x00\x00\x00\x00\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6&\xd0\x9daA\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xe2\x05\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\xbd\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7\x8en\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xef\x03Ga\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcaf2\x02F1\xc6\x82\x00E\xae\x9d\x17\x871N:\xb4\xea \x8e\xdelP\x83\x1f\'\xe2\xd6\xc0\xc3\xfc\xc9677u\xf3RUP@o>\xee\xb8\xa3\t\x02\xb7\\,\xebK\xed\x1b\xc9e\xb3\x16\xce\x9bI\xdb\xfa\x82\x85\t\x9bg\xd0s\xe2\f{\x8cp~;\xf8\x96\xf2\x91\x06\x89\xa6D\xce\xac\x03\xc1\x83\xd1\xe6 |\xa75\xd7\x80t\xfc\xf8\xd2\x12N\x1cB7^\xfd4\xae\xb0VFw\b!\xae\x1baTv\xc0z\x19\xc5\xc8w\xba\x97N\x9a`\x8f\xfc\x9ee\xf9\x00\x1cQA\x14]\r\xd4\"\xc2\x12GD\xdb{\x88\xaa\x81\xc8\xa2\xdeI\xa2\xbel\x0e\xec\x17fNI\x05\xff\x8d\xf4_\x1a\vqA\xb7\x0ed<\x98\xee\xb8\x19\xec\x9f\xee\xe1_\xacG\x8b\xa3\xc3\x13\x80\x0f\xf4I\xdeAwG\xbdkno\xa2\b\x126\x97\x9b\xf9|P\xd94\v\x15\xcb\xc0\x9d\x11\xf3\x18\xae!2\x1b\x12\xa9\xc8~\xb7S\x94\xb5\xc7;\xa90D>s\xe9\xa4N\xf8\xdb\xab\xa0\x94~\xa1]b\xa4\xe5\xe2e\x1c\x8b\xd2\xc7Md\x93\x02\xd8\xb0,\xeb\x03\xaa\v\xed\x9bR\x8a\x80\xc2\x1f\x17ej\x973wv\x83a\xe06\x96\xde\xbc%Uh;H\xf8S\xf1\xa1g\x02\xc4\xc3\xa4\xa8\x96\t\xfex\xa2?\xcb\\Y\x1e\xfe\xca\xa0i\x80O\x11\xac\xb7$\xdb\xbc\xb0\xcb\xacqU\xb5*\x00\x00\x00\x00\x00\x00\x00\f\xda\xf8oV\x89\xd3\x1f\x99+\xe5T\x8eM4\x1c\xc6\x7f\xd4\xf2\xcc\xd3\x94\xca\xd4\x00\x00\x00\x00\x00\x00\x00\x00\x00~A9\xf6IBu2L\x9e\xa2\xd0\x92\xd1\xbc\xb8\tJ\xa1\aN\x87\x95\xbb\xa9s\xab\x90\x06\xc6!p\x9e?~\xf9\xe6\xae*\v\xa3\xd9gxKN\'z]*\x93\xf7\b\x91\xd0\xff\xd9\xc6a\xb5q\x9c\xa1Go\xd58\x93\xe0,\x9f\xe4\xa9\xd9A\x9e\x95e\x98\xd0V\x9d\xed\x97\xf1\xc5\xce\xf5\x90!d\x9a\xd8\x10\xbbx\r8\xff\x8bNUK\xebA\xe5\x92f\xc4\xd1\xa8\x15\xbf\xb5iW\xdb.kbf*\x89\xf0\xecq m-~\xbbf?\xec=\xd2\xe2\x1e\x8d/o\xcd\xc8x\xdb\xe6\xd0W\xca\xc5kz\x8e9\xfa\x86\x0f\x96p', 0x3)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000000})
fcntl$addseals(r1, 0x409, 0xb)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x18)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f00000003c0)={0x0, 0x0})
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r4 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup(r4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[], 0x48)

2.60180877s ago: executing program 2 (id=3528):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r2, 0x0, r1, 0x0, 0x6, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3ff)
fcntl$setstatus(r1, 0x4, 0x7c00)
dup3(r2, r1, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x0, 0x20040}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x18, 0x2, 0x0, 0x1, @val={0x14, 0x1, {{0x0, 0x0, 0x0, r3, 0x225, 0x68020}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

1.588456586s ago: executing program 1 (id=3551):
r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x12, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000300)='ext4_es_remove_extent\x00', r3}, 0x18)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x2000000, &(0x7f0000000cc0)={[{@user_xattr}, {@nogrpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x58}}, {@grpid}, {@noauto_da_alloc}, {@grpquota}, {@usrjquota}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")

1.518761266s ago: executing program 1 (id=3552):
add_key$keyring(&(0x7f0000000340), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "69dcaf20127e9a854529f45826cb35be51682e30944313e2ca73845d177d601880221daeccfda56b75cfe2bad94f000066b2ddab614fec2236da7d88ea07c9ee"}, 0x48, 0xfffffffffffffffe)
keyctl$search(0xa, r0, &(0x7f0000000180)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r4}, 0x18)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374000000006c000280080001400000000508000140000000090c00024000000000000078260c0002400005"], 0x140}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x503}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x44}}, 0x0)

1.324647595s ago: executing program 1 (id=3556):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x2d)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400)
ioctl$TUNSETOFFLOAD(r0, 0x8004745a, 0x2000000c)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x74)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r3, &(0x7f0000001000), 0xe09)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r3, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c559265406c09306003d8002000", [0x0, 0x2]}})

1.201637694s ago: executing program 0 (id=3561):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r4, @ANYBLOB="24002d80080002000300000005000100000000000500040009000000080003"], 0x40}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{0x0, 0x0, 0x9c}, {0x0, 0x0, 0x0, 0x0, 0x1}]}, [{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x1}, {0x0, 0x0, 0x80000000}, {}, {0x0, 0x1, 0x0, 0x2000}, {0x0, 0x0, 0x0, 0x0, 0x400}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {0x0, 0x2000000}, {0x0, 0x1, 0x0, 0x0, 0xfffffffe, 0x8001}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0xd5, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x10}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x800, 0x8}, {0x2}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x5, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {}, {}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x800000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {}, {}, {}, {0xa7}, {}, {}, {0x9120, 0x0, 0x52c0}, {}, {}, {0x0, 0x0, 0x1000}, {0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {0x0, 0xffffffff}, {}, {0x4, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x4, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x100000, 0x0, 0x0, 0x10000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {0x0, 0x1}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0x1}, {}, {}, {0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {0x2}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

1.197622134s ago: executing program 0 (id=3562):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000003a00000000000000009520000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r1, 0x400, 0x1)
truncate(&(0x7f0000000000)='./file1\x00', 0x1104)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fc0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r5}, 0x10)
pipe2$9p(0x0, 0x84880)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r3}, 0x10)

1.125717804s ago: executing program 0 (id=3563):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
syz_io_uring_complete(0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x5e, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cedd00", 0x28, 0x3a, 0xff, @remote={0xfe, 0xe0}, @mcast2, {[], @ndisc_ra={0x89, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x1f, 0x3, "de40450e3b49911453b2ee98b24fd9012b22652dc71f"}]}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = openat$selinux_validatetrans(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$selinux_validatetrans(r3, &(0x7f0000000080)={'system_u:object_r:apm_bios_t:s0', 0x20, '/sbin/dhclient', 0x20, 0x1, 0x20, '/usr/sbin/cupsd\x00'}, 0x54)
mknod(&(0x7f0000000140)='./file0\x00', 0x8001420, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r4}, 0x18)
mount$9p_tcp(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000000000,privpor'])

1.102134594s ago: executing program 0 (id=3564):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0600000004000000080000000a00000000000000", @ANYRES32, @ANYBLOB='\a\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x37e2f4aba9289b81, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2adf, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1018e58, &(0x7f0000000000), 0x1, 0x61d, &(0x7f0000001680)="$eJzs3c9rHGUfAPDv7CZp0uZ90768iA2KAQ8tSNOkFqtebOvBHgoW7EHEQ0OT1NDtD5oUbC20BQ8KCiJei/TiP+BdevcmgnrzLFSRioKWrMzsbLtJZps07e4mnc8Hdnfmmdl5nu8+fTrPs5NnJ4DSGkufKhE7IxZPJBEjLduGo7FxLN/vzu9XTqaPJOr1t35LIsnTmvsv5q/b0qckYjAivjsc8b/qynznL10+PVWrN1yN2Ltw5vze+UuX98ydmTo1c2rm7OS+l/cfmHhlcv/kY4lzW/565Oibz3z64XsvzX5f25PEwTje/8F0LItjHepJQeJYjMViHmJrel9EHEgXCj6XzWZNIWzpfDlYn2r+77E/Ip6Kkahmaw0jMfdJTwsHdFS9GlEHSirR/qGkmv2A5th+bePg4x3ulXTP7UONAdDK+Psa343EYDY22nonaRkZNb7b2P4Y8k/zuHtl9Eb6iCXfQ/x1r3b6HkM+7Vy7HhFPF8WfZGXbnkWaxl9ZMtZPImIiIgby8r2+jqxbj9X0iN/DPHwhHiL+1nqoRMTB/DVNP7zO/MeWrXc7fgDK6dah/ESenY3vn//Svkez/xMF/Z/hgnPXevT6/Ne+/9c83w9m/Z7Ksn5Y2mc5VnzI/uUJP3985PN2+bf2/+5eSbJyNPuC3XD7esTosvg/SoPN+z9p/ElB/ae7nDi4tjze+OHXI+22LY1/9Ea346/fjNhVOP653ytNlx5wfXLv7FxtZqLxXJjHN9+++1W7/Hsdf1r/W9vE31L/leXvSz+T82vM4+tjN88MtNk2vGr8lV8GksZ4s3mM96cWFi5MRgwkR/NdWtL3PbgszX2ax0jj3/18cftf8u//+tLjDLUOYFZx/u3Td9ptW0/9t1xMXqyvsQztpPFPr17/K9p/mvbZGvP4852Lz7bbVhB/RB7/0KMEBgAAAAAAACVUya7BJpXxe8uVyvh4Y77s/2NrpXZufuGF2XMXz05H7M7+HrK/0rzSPdJYT9L1yfzvYZvr+5atvxgROyLii+pQtj5+8lxtutfBAwAAAAAAAAAAAAAAAAAAwAaxLZ//37xP9R/Vxvx/oCQ6eYM5YGPT/qG8sva/4hZPQBk4/0N5af9QXto/lJf2D+Wl/UN5af9QXto/lJf2DwAAAABPpB3P3fopiYhrrw5lj9RAvq3a05IBndZfkFa/2oOCAF3nHA/lde/Sv+n/UDpF/f8V/s5/HLDzxQF6IClKzDoH9Qc3/luF7wQAAAAAAAAAAAAAOmDXzvbz/9c0NwDYtEz7g/J6hPn/fjoANjk//Q/lZYwPrDaLf7DdBvP/AQAAAAAAAAAAAKBrhrNHUhnP5wIPR6UyPh7xn4jYHv3J7FxtZiIi/hsRP1b7t6Trk70uNAAAAAAAAAAAAAAAAAAAADxh5i9dPj1Vq81caF34Z0XKk73QvAtqF/J6LR7yXZF0/2MZioieV0rHFvpaUpKIa2nNb4iCXZiPjVGMbKHH/zEBAAAAAAAAAAAAAAAAAEAJtcw9Ljb6ZZdLBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdd//+/51b6HWMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDm9G8AAAD//yhFQh8=")

796.022043ms ago: executing program 6 (id=3567):
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES64, @ANYRES16=0x0], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r1 = open(0x0, 0x14507e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
io_setup(0x5ff, &(0x7f0000000040)=<r2=>0x0)
io_submit(r2, 0x2, &(0x7f0000001d00)=[&(0x7f0000000080)={0x1f, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000)="96", 0xffffff20, 0x0, 0x0, 0x0, r1}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r0, 0x0, 0x0, 0xffffffffffffffff}])

570.080222ms ago: executing program 6 (id=3571):
r0 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000300)='./bus\x00', 0x1008002, &(0x7f00000003c0)={[{@grpquota}, {@delalloc}, {@noblock_validity}, {@usrquota}, {@dioread_nolock}, {@nobh}, {@usrquota}, {@grpjquota}, {@lazytime}]}, 0x1, 0x5eb, &(0x7f0000001740)="$eJzs3c9vVVUeAPDveX0tLWWmhUxmhlkMTSYTSGZoaYEJmbiArSEN/ogbN1ZaEHlAQ2u0aEJJcGNi3Bhj4sqF+F8okS0rXblw48qQEDUsTXzmvt5b+uO9lpa2t+F+Psmj997zLud7+/rtOe/0nPsCqKyh7J9axMGImE4RA2l+saweeeHQwvMe/fre+eyRotl86ecUKT9WPD/lX/vzk3sj4ttvUhzoWl3vzNyNyxONxtT1fH9k9sr0yMzcjaOXrkxcnLo4dXXsf2OnTp44eWr02Kau62abY2dvv/n2wAfjr37x2W9p9MsfxlOcjufzJy69jq0yFEOt70laXdR/aqsrK0lX/nOy9CVO9RIDYkOK1687Iv4WA9EVj1+8gXj/hVKDA7ZVM0U0gYpK8h8qqugHFO/tV74PrpXSKwF2wsMzCwMAq/O/vjA2GL2tsYG9j1IsHdZJEbG5kbnl9kXE/Xvjty/cG78d2zQOB7Q3fysi/t4u/1Mr/wejNwZb+V9blv9Zv+Bc/jU7/uIm6185VCz/Yecs5H/vmvkfHfL/tSX5//om6x96vPlG37L879vsJQEAAAAAAEBl3T0TEf9t9/f/2uL8n2gz/6c/Ik5vQf1DK/ZX//2/9mALqgHaeHgm4rm2839rxezfwa5860+t+QDd6cKlxtSxiPhzRByJ7j3Z/ugadRz98MCnncqG8vl/xSOr/34+FzCP40F9z/JzJidmJ572uoGIh7ci/tF2/m9abP9Tm/Y/+30w/YR1HPj3nXOdytbPf2C7ND+PONy2/X9814q09v05Rlr9gZGiV7DaP9/96KtO9W82/91iAp5e1v7vXTv/B9PS+/XMbLyO43P1Zqeyzfb/e9LLrVvO9OTH3pmYnb0+GtGTznZlR5cdH9t4zPAsKvKhyJcs/4/8a+3xvxRRX9n/74uI+RX/d/pl+Zriwl9/7/+xUzz6/1CeLP8nN9T+b3xj7M7g153qf7L2/0SrrT+SHzH+Bws+KdK0Z/nxNulYb1e00/ECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLOgFhH7ItWGF7drteHhiP6I+EvsrTWuzcz+58K1t65OZmWtz/+vFZ/0O7Cwn4rP/x9csj+2Yv94ROyPiI+7+lr7w+evNSbLvngAAAAAAAAAAAAAAAAAAADYJfo7rP/P/NRVdnTAtquXHQBQmjb5/10ZcQA7T/sP1SX/obrkP1SX/Ifqkv9QXfIfqkv+Q3XJfwAAAAAAeKbsP3T3+xQR8//vaz0yPXlZd6mRAdutVnYAQGnc4geqy9QfqC7v8YG0Tnlvx5PWO3Mt0+ef4mQAAAAAAAAAAAAAqJzDB63/h6qy/h+qy/p/qK5i/f+hkuMAdp73+ECss5K/7fr/dc8CAAAAAAAAAAAAALbSzNyNyxONxtR1G6/sjjB2cqPZbN7MfgpWF6VdEuEaG8XStd0ST2OqmAq/W+JZsVF8w57srHJ+HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKv9EQAA//+/kiDt")
r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x80044940, &(0x7f0000001b00)={<r2=>0x0, ""/256, 0x0, <r3=>0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, <r4=>0x0, 0x0, <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
pipe(&(0x7f0000000100)={<r7=>0xffffffffffffffff})
fcntl$setpipe(r7, 0x407, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r6}, &(0x7f0000000000), &(0x7f0000000940)}, 0x20)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x126a4b5, &(0x7f0000001ec0)=ANY=[@ANYRES16=r5, @ANYRES64=r4, @ANYRESHEX, @ANYRES16=r0, @ANYRESDEC=r2, @ANYRES16=r3, @ANYRES16, @ANYBLOB="9a7f40ad4c7145903a868b9020e1e8899ed5747db23004fc9d248900abcaa6b065cf0800930a71dcd8b8955d93c78b9d4e5e06d8d5c9ac9b75d177754d6eba23e6d2be546c0dfecdf61baf732950a5729c01fbdc11e36cb411be200a9135657acd97d21ee46aac313ebdddd9265af16558dd3e5ba4836659a6abfe08aad84276acf949bdaa34bdf7f7b2dfb2fe8b9d6d225dcecebeb6e15f649994728842bd99fc94897d24315ac2d17bf6c2acfbfa8464d80f36304f88b906b78ab359be3479db5b0e7555f04416807c2202d6551f2425440be741dbe053e0bfeb845623e722a9293843f1cf0a71119dcadf7e353af4da52aed3086d6e5a095774248be9a1b1418dec1c03a2cb0ece0840ebeaaf7b67867da45943b700e2d6dad775ae6f33e55aa86ca84c336c91e3b7d7224f7a9a10d5b45a6ce0769d875415bea136b5508e5e0a88290792da3b11b2284a3d757c301cec78b55d3fcfa073615ccb089f66c5b9a5c84f6c1bb78c3370c4687eab260711fa05525687c7709e15cddea061f70798cbf940ad929eb80f33ad8bb4fcd322dd0558f111d7d01351147976b425a27e573402490055054cf3d80bebde6a89f3086170633740f08780aac3a73f17eaeda8deb642c2887962596b4d78c0ffffb28d0e64073b0641f89cf83a69afaaea03ba6070838fdbdaccb81630a6fdaa77fc10146013b9fd79e965a320daf81c1a51f032a3f462f2740e579eb116cad80b4e233326bf94fea52184517accf608b1fbfb395942869841b9ca0f314beff6b2dc0a74d7599012274b24775f0382e72907c1f0c571b994f048c0266feb775d893fec84e5733cd66a96cd45b60f63743b17b05d99c427a2d00a27fef17cadf128059a2e227b80701755b0bc706f32255c8cd619fa995cc7649f28337361a62cff46669fa4cf095a2d148987a9fafa6e1fb9f59b5ac5ff10a4c62e0187a3c75a983f7f5211142c6c09170a13e29c2044e5568bda8055cee4722e445e83ea01307c42cbe63a5bc529e1200e5874f7500275abacd6cc0e3bf8fd38ab7bab39f54d180d60892e2e3a713a3e654c89b8e9ba4474909991844514c04b655c66ccd6f2a17e29ff69d343ebac7ac5e1510ad4ff52e6a932a97bb0d814259da6545022152dd63f06219a1d66ec2278b694876ed6195b0543b8c9289b8438e8ee57dd38bcdb045a6fc4cede28effaa0354afbd4190fcbccd9a0e91508e4399e0e30a0bfdedcc19454b6dd7c2785a6e4fe74a0ece1d683ad07d76eafec02fb0d88debfeacd3531413185da0ffa4fb9b5e6d5a916f7bb5d51efc8ab61e4953fc6b2d1e670769f3ca56d51b804ceb118278acc90422e1f51e448a27d2fe4f93c88cf7c6148474bf650902dd6dd96541044113d244cf938150ec426e7ed63e1f153bbe328f4232552b104c8dee60b0c4e4c25f2605e97cc6f4263d32e8340be2d167137682373ae4cd501fdc9c5359b40f52803a5e4c0e04a5de0412c5cbd4d05e6135a1209d4b2dff50d39e481f1d1b01ed71004fb0c18e736af8ab176f833a439a85c9132e6d2296f665771c6a284eadc08c94ffa520dcc37fd6426c152364699514b15d4df6732fff39834e8ba29688b19db27a970d9d7fbee973c76bee04fb6164963969ebde0f785606781d63726736d8b60a713d5f72207a23f6f00420fdf24d14c069f36a7e236620481cc7a63857cc1355bac8d4f9a3f32785ad4d9d81719077a816b33b98006c322ee473aa9f8f83fae86a4d421104b298a9e42357c44b773e3504b3f9eb5b29330411b776b78fdb6dd9713dd1aee0cc9c7ee8bd23a50d4c8babaf6d74bc25377009a8c57c941f80e58ac08c93a275656cbad3864df9e791305d66103ab30983b07553ede5b5d5b0aab157f805eb6c11c75dd7f297c2cc9110551131a797164dec422b13799f1c261464c765a62c201eb9c8686eee94642d59f429cd137cba0d1a8126dcdfc28ea5c201526c61164a86f480dfde0c60fdf6afd3cd64719de1d89b5a362e058054a9db73aaffac324b04e8903060e1f14ca4ac31c82183066e6d581685efbe3452a20a665166b03808220770d66051971b61d8114376e22a4511cae9fdf7bbed68bb9f45b57eee1c15775730ef1434731d7b82a7cbcd6155396263984edfcea62196189da0ba9908d7d5ef514d75a3e1d4ae42654365083873fc4ce969fa4fac51d640be8d948bb9464d1a7e494c8df98bd5a569ff7fe1aca542c34610148a8f1dc9d60ff0f761270577f286a362f32164184ffce3ad132637e9f0381e9ce76a11f296f9d1e835cdc44926104e1df4d0a282a84b9fbc23064bfcab0d221c6e3124ae8ba6022e62f170dcc2d655f73b40f83fd65f5c705bc1f9e8df13adeadff9e1fe4660a55be7dc969cfffaed607190162dcd09d0cd86a297b22142b88f0eb28dd1a45152a4f4f2dca0d96d39fa594349040f486cd486af619b7083236cf90324cddc6f1ed0f6a103c8d936d7f2f31d420ef50931838e66721bff7494617b6b4bc385f3e51b3f81cf5d6953ac7fddc0f3466682911b38bc7f082e0c18e3ae0badf7f3fd3e186ebc2bab71fa26f77bb14cd97e6761c93c8c25887c0ef1f3dc1d8d86ce0fb73190f66f4deca77977e8d6064bfeeac3fad2bc50488c144e2a1a82fcc1e1c12ac54bf3e2d468e8f53241e4a6ad9e466746a45b053452ded5caa20461881d78d8235e986ba8b77e83601655d2650bf1b64ce17c75314216b43bbd1101a2e12e57525bb7d3b136a70635bdac8af24367a24ce2fe2a72ef2b0e56ff8dc62a82946f86f9b6b1418a89b1971372dfe7d5ce2e6611befff721f04a19bce7f90b1551a4cdead136662c50513fdde6f9d4a199c3907ed8799f231f54dd8347c71d829ff8ddc5d96b5aac2fe58652c81ff7f54e2568119dff2763ef435aa420630dacc7e9414340ee8688f46c7a8ab96d860937641042b3cdf6857ff1d2d4e47cec1f23e65fe541f38cb96b132666f999002e89cd1896ca58c2e63b87382e1a6c1ee9afa56cf3ba923fa9c989e20bff313f37252632fdcff03fbdd2d334ee93baf75c1bdae30feaa81fb2ac1b63c42dda06f20ce8c9d003eb3efed7931def342fb874fce92763f6f477c7f589b75d2129419fc4cb7a8893a1d3f94533ed9fdf9f21fc254fd80aa74750833d390327a2107e761240928d35a36c5eaca61fd848116b8dd7ec8157928bc2dd87f7756aa517cf6a61d2009fd4ba0579ca3b3129cfd5403546f5ab6d0575799a008fc67da9658427636d8f806d9b8cad64aee438d0a9b45957f31a5afe3ed894add9acadfd347246099c6ff0b4ec6f19ac61557daf8739e528185ab1468ca72d6d72e4f026e371e540b774b6576df3014dcc9e91b2cd1f0403a4fcaa6627b22682bb54f92150c2917acaee1972b2b03bc2bd37fdb9e7352c654d94ef196b7229e4da5ee62b7d395ecdd5177f2563242ea49ff78151a4a816a94e89b03f41c7e6684f8be3e5802e9338e7cbd3b43f708c062f944a59f31b02ca9a177e6b681accee8785d2467d2d78636be4330febaa3f6907db07992a2de74e459f3ae8ee6adae20cbc75aabd2d5d3424de0ddcc3ddd981c3a4966c57f8fdb1c42db87395f0bc800ff8ddb4c228a7d793d8a997885494a8578f5433d3f82886ea573641bf16065efbc25718c88f7277ce04c94af560d8deb7968496f849d3fad78741272b08bf7aec3f3c777428d3b8b897333ae5afb6823af63cb7347601ee2e8d4e21b21a12e6d42f66a1aac26d296bc68a998d8ba179ed5f756c2efd8a7acc0e3f08093bb4a83d37f15b4fe07c90858058ad1ff0e21bb7bf4363079c5d452dba5972b21c8f41daf6f11a51d321d3c1d544190238036d907d965ff469ce4895eb7675f3e94a15f83b837b892a40390d87d76e9b15eda02366299d3dd93943466bceeb2f9e465adccc08e1a02c3ac01815931627ed327e0ffbe09563221a365b88c4f2449bd3634920d5bfbde7cdc92c4cb16a579f35f07dafc87ce6ce4de7bf9e8ff0e80b81cdab8f2164a25a0a6929679ce9ae0dc2ac7ed41a787446676f091597551dc2e8c054224bac6652bba5fb675c0b2c94d2faac160f11b7b96fc96415aca8a47fa03658b8afa24b6bd97f7dbeead9ae5f7ec1cb0d000055f41a5043c6c4c97212398b168b5cb9ee650726eabcc31b6712e815fdaae77885350884fb36d6d5444d5e5500a7d636d4eced14b9d411c765b36a4be06ca9be2965d6d6c06c3b6bcb38babeb2999ee71295d48926bf6e39363fabf74de5e57aa0b59f9dddeca142d0c50ab7ff198196c69c971e6ab591220f4e42d6525e2dbd99b6c57949c854e4ee0e4581f9e3e160b3f66b01f23f4d0472c0a1f307837ac8dac0a257d09ab82975148dcd764fe6359a5f21b9cbe2ae7b9b277489a8b3285b8289a84ff854508b4488ffcf68f47ec7a5c18a8c3d06e26b32f754ac74ea8e93a554147fd3b3daf1fbe924e2e389cac13a5f80f3a21dbd250d3917f7b5acfc739a63f2b3d6b3f099efb4be7a842215c89fc87bd8550d11ba2a4af0f111ab124503b26feeae3be3ee24168dd4553a226b9168edb11c3e61bc850adf995b4d6f1aace6db0b91f805c3d1789a3e6b470e5470968f429d5b05c8f76ca2981e37f5bde4ad00a09755c76774ead7d93f3f41255b1d56152e3699b133b2e0b277427c992323d1b4d8c438434e9e901ddd43788f80cb9a975e9dd1671ce16be5ff8033d5da824f00fd78b540edbcd69a2e9aff03e31af9afefb809434f52b4a1239fdd241ed3a268258addde19d1724155a1a4c877bd59b0659b7a786886f6ffcb5999d1f9c007d615020926f7165a9ddd4aaa3c7b631d30cc951e328131d99282ac06a18f88373092320ea5308f06c376e711aecda4cd1c2b639d9ea7a2613d4e9eaa9a0ef72774fdec622f7d131b45135d577897bf686b460a371083070139ea544bda15012251d6c8e7163c25412841faefba76765648ca7cd1b423403a654b6b5754588ae6c309621477db20f7c9236af1e422ebd3fb6d6a712e7a6d00d58416b7d65a53a2514bf51bedfe9207f16a4d79418600389b98ea8b9e06b8da708a86f191e567925af39a09ac9fd7902e8f8e77567baf1b75c05ba1eb7089b424801405afc982a8d79c80fada184a1ab3bab526a3b0a5e20d2dc6bcdd2c5cb7c49f735f3e8f4d36a388ca805876ae08f0e3acca5dd864c1fa1552068bf799095221480374fd2dcaeddb74be93470eff4fe278e190f0a131f32340ada9cca518af769f42943875f4c5707beee2179771da21cd66405b9973648bd047a516d1cf902fa1f0fcdcbc3f4c1f20fc22f9a7e9f4c3a52576399604c46f83ede44f542d06d54e6e8a1e693a2cfcbb16c178d1bace976133e72cc4533bd02b1c4ec2cc22097435aff5a682ca7227414895450831560fa682493f4814ce8fbdb190f8ce2b533ed9582638511bda93aeae5d0690f745b788db622864ba3fb60952f119427fbe66754c5c038c5fb2cb87c326d65862e353c14950bd1fa7c70e36323e9cf90c81f6275e59c7926acac1560a0b6bbc7a850817f2effa19d485315a219d49e293f871278294d02765cf72caa2f438de3337ed205bf68ff6ddaaa5e4b80de5fba022dfcf9cf074a319678df11eb77b3ef66e512b67ba5182265a60eaf457691e973d23cbaf6000537f886695074ebb616f9cdad9de7c6fe9ecfbd13d537d64c34a7c90ca56b50e60d6a7067e391e63561793edf6ed3c2eeb8555909a59ce73da1f096d41fb42de44494128324a9", @ANYRES32, @ANYRESOCT=0x0], 0x0, 0x0, &(0x7f0000000000))

515.352172ms ago: executing program 6 (id=3572):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c00)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x4, 0x9, 0x5, 0x5}]})
r2 = getpgrp(0x0)
syz_pidfd_open(r2, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x6, 0x0, &(0x7f0000048000)=0x2, 0x3000000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f00000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000001000"/28], 0x48)
io_submit(0x0, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
pipe2$9p(&(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r6 = dup(r5)
write$P9_RLERRORu(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000feffffff00000000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000050000000400"/25], 0x50)
write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
write$binfmt_elf64(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x18, 0x31, 0x53b, 0x0, 0x0, {0x9}, [{0x4}]}, 0x18}}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x18)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="0203000910000000000000000000000005000600000000000a00000000000000000000000000000000000000000000000000000000000000020001000000000000000702000000ff05000500000000000a00000000000000ff01000000000000000000000000000100000000000000000200080008"], 0x80}}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
stat(&(0x7f0000000000)='./file0\x00', &(0x7f00000006c0))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)

468.993641ms ago: executing program 6 (id=3573):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r4, @ANYBLOB="24002d80080002000300000005000100000000000500040009000000080003"], 0x40}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{0x0, 0x0, 0x9c}, {0x0, 0x0, 0x0, 0x0, 0x1}]}, [{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x1}, {0x0, 0x0, 0x80000000}, {}, {0x0, 0x1, 0x0, 0x2000}, {0x0, 0x0, 0x0, 0x0, 0x400}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {0x0, 0x2000000}, {0x0, 0x1, 0x0, 0x0, 0xfffffffe, 0x8001}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0xd5, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x10}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x800, 0x8}, {0x2}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x5, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {}, {}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x800000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {}, {}, {}, {0xa7}, {}, {}, {0x9120, 0x0, 0x52c0}, {}, {}, {0x0, 0x0, 0x1000}, {0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {0x0, 0xffffffff}, {}, {0x4, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x4, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x100000, 0x0, 0x0, 0x10000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {0x0, 0x1}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0x1}, {}, {}, {0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {0x2}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

409.145451ms ago: executing program 1 (id=3574):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
syz_io_uring_complete(0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x5e, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cedd00", 0x28, 0x3a, 0xff, @remote={0xfe, 0xe0}, @mcast2, {[], @ndisc_ra={0x89, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x1f, 0x3, "de40450e3b49911453b2ee98b24fd9012b22652dc71f"}]}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = openat$selinux_validatetrans(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$selinux_validatetrans(r3, &(0x7f0000000080)={'system_u:object_r:apm_bios_t:s0', 0x20, '/sbin/dhclient', 0x20, 0x1, 0x20, '/usr/sbin/cupsd\x00'}, 0x54)
mknod(&(0x7f0000000140)='./file0\x00', 0x8001420, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r4}, 0x18)
mount$9p_tcp(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000000000,privpor'])

408.268541ms ago: executing program 1 (id=3575):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x40302, 0x62aea2de5f4bc8c6)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
r3 = io_uring_setup(0x6743, &(0x7f0000000180)={0x0, 0x809826, 0x80, 0x0, 0xfffffffc})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095", @ANYRESOCT=r1, @ANYRESDEC=r1], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x800000, &(0x7f0000000380)=ANY=[@ANYRES8=0x0, @ANYRES8=r5, @ANYRESOCT, @ANYRES32, @ANYRESHEX, @ANYBLOB="a1fffd2e4c38a7b17fef1a78ad194301887b7711a1517cd8b4288a2fbb7d202d8c4a1809add074e6dde0703158125f2f114c49f5ee5f249d63ac0d851c212ccd8d82b7c694ead23c41f021e8bc78d646d07e3513568bb81d2179a012dcdcb845b0a58b6d5e46a177de56e3e77ed573967e4ebe299078019693ca486edbaa44e947802c7f46f1de18cf7f0e1af02964d04cc84d979855e8d3a3fda262f6a7d2b4b4849fd880c9b9af9be818ba05386754a3505e833ca0b95491ed", @ANYRES64=r4], 0x3, 0x7dc, &(0x7f0000000d80)="$eJzs3U9sHGcVAPC3rt0EF0VVqdIQpekkLVIqpe563bpYPbTb9diedr1r7a6RI0Bt1DiVFaetWipoDoRcWkBFiBPHwrU3LgiEBBIH4IRED1y4VeoJFQQSAiEko5nddfxnbSfN37a/nxXP55k3871vPJm3Y3tmAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIUm26XB4vRT1rLC4l2wxFRHJvL3Z+2+K1tbW1bqu/vd9smuzSb0Qp/xf798eh7qxD915efDD/dDyOdL86Evvzyf64cNfBu5/8wvBQf/3tCV+zY1cYV4r4Tp7UudOrq8uv3YBEbqLv/2q3pcODZv6n+L7Ppo2s3czmq7NpkrWbydTkZPnRuZl2MpPV0/apdiedT2qttNpptpITtYeT8ampiSQdO9VcbMxOV+tpf+YTj1TK5cnk2bGLEdFuNh59dqxdm8vq9awxW8RUyt+MPOaJpDbdei7rJJ20Op8kZ1dWlyf2Gl0eNL7L8iMP3f3hGx/8c2U5PyB3Cir1DszK+HilMj75+NTjT5TLw5VyZfOM8haxHhFDEXnEDTlouX0Up8zdXJ8TN1wHQ736H/XIohGLsRTJgI+RqMV0tKIZ8/nXfx7ZFtHTr/9fevRvf9yt3431v1/lD11efDiK+n+0+9XRner/wFyv58dQL5+dlr8eb8aFOBenYzVWYzleu+EZXePH0BVHHvv8FUTNRhqNyKIdzchiPqrFnKQ3J4mpmIzJKMfzMRcz0Y4kZiKLeqTRjlPRjk6kxRFVi1akUY1ONKMVSZyIWjwcSYzHVEzFRCSRxlicimYsRiNmYzqqxVbOxkqx3ye25HXw2y/88qU/ffhu3l4PGt9lIKX8xVwe9I9dgraV+yuv/2vRi1D/P+uu8xkcPr61fv0HAAAAPrVKxU/f8+v/kbi/aM1k9fSrtzotAAAA4DoqfvN/JJ+M5K37o5Rf/5cHRL5/03MDAAAAro9ScY9dKSJG44Fuq3+71KAfAgAAAACfQMXv/4/mk9GIi8UM1/8AAADwKfPdnZ6x/0H/GbvthX2lX/89Wq2R0qWFpYdK56t5XPX8Hd31epOvrG+xM3O4tD+6Gym2NTl84a5SRAzX0iOl/tMv/7evO/2o+Hx4eH31nZ71X9qSwPoad2wdUp7AgQtbEjhYdPxOHOvGHDvTnZ7pxfWeSDw6k9XTsVqz/mTxSMT8X+eNl1e+FcXwv9eYP1CKsyury2MvvrJ6psjlUr6VS+d7D1Dc9hzFwbkUPa719kDcP3jEI8WNGL1+R7v9ljd+A4aeLlYf2r3P0sY+34rj3Zjjo93p6Obx78/7HB97cjyq1QNDnXSp88bahtH3shi/xpG/FQ92Yx488WB3MiCLyqYsXt6eRWVjFr2dsMe+2DOLkd6B9e6xi0v/+l2zlE7slcXEliz2X2UWALfK2eKpP5er0OeKKvTfta68/l+uu0k3oKd3lrtvfVP5Wa5fBrac5c7G+pL++htq3XBsq+5bX17Ell52OKOf6Mac6L6eGD48oK6UB5zRX1159fe9M/pj7/34J18/+oefffzq9l483I3pTeKe3+5QY/Mx/6AxP9rf6NJTvcZPd+y3Xa+UYiTijm+cfzUOvv7mhUdWzp9+afml5ZcrlYnJ8mPl8uOVGCleKvQmag8AA+z9Hjt7RpQe2+Oq+p71PykYixfjlViNM3GyuNsgIh4YvNXRDX+GcDKOR3GxvMNV6+iGd3g5uce15eXYyvbY/uuKbbETG/bYfT8qJv++gd8UALjBju9Rh6+k/p/c47p7cy3fcnUcO9fyQb58Q/cGAHw2pK2PSqOdt0utVrbw/PjU1Hi1M5cmrWbtuaSVTc+mSdbopK3aXLUxmyYLrWanWev/4Hg6bSftxYWFZquTzDRbyUKznS0V7/ye9N76vZ3OVxudrNZeqKfVdprUmo1OtdZJprN2LVm485l61p5LW8XK7YW0ls1ktWonazaSdnOxVUvHkqSdpsnCYj8wm04bnWwmy5uNZKGVzVdblyKivjifJtNpu9bKFjrN1hfzDdaaUfSVNWaarflis2Pbh//Xm72/AeB28PqbF86dXl1dfm1z40BsnbOlMRxF4y+7xfQbt3qMAMBmqjQAAAAAAAAAAAAAANz+tt+ul8/d85a+QY19cfVr7Yur6uIaG/nQenPe+fnXXvzYI/1kNPLh3QZp3NrGC089dW6nmGcuHpq7su0M/p8y6FbXtw9E3PmLH3bnPH2zRvr+5QP7alZfK+0Sc2vPSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwyP8DAAD//82FVnI=")
close(r4)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r6, 0x0)
inotify_init1(0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r8 = accept(r6, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x80}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
mknod$loop(0x0, 0x100000000000600d, 0x1)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r9 = openat$cgroup_devices(r0, &(0x7f0000000100)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r9, &(0x7f00000000c0)=ANY=[@ANYBLOB='b *:4\tmr'], 0xa)

370.220711ms ago: executing program 6 (id=3576):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYRES16], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf2510000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x32a000, 0x800, 0x5, 0x2}, 0x20)
socket$kcm(0x2, 0x3, 0x2)

327.141671ms ago: executing program 6 (id=3578):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
memfd_create(&(0x7f0000000000)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262<k\xa8\x88\x01\x00fhD\xe7\xb6\x17\x80\x95\xa8\x1e\t\xb01KB\xcb\x00\x1e\x7fE\x7f\x02\x00\x00\x00y<nGR\x94\x99\xb8\x89\x9b\x8f\xd5\xe6\x02\xb5C\xad\"u\xf4>\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8f#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\xa6XI\xe5h\xaa\x15\x9a\xf7Z\xe3%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xe29\xc3}\xb9P\xd5F\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00'/1301, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r2, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="020023022301020905000000100000"])
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000580)=@ccm_128={{0x304}, "e87e87b433350dac", "4954b3eb8f18080b4ba767cac8ff6005", "d50988a9", "65baec6dd0f88ec7"}, 0x28)

326.775021ms ago: executing program 4 (id=3579):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001400070010000800130008000000080012"], 0x44}}, 0x0)

325.851581ms ago: executing program 4 (id=3580):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f88)
r1 = dup2(r0, r0)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x2000006, 0x4, 0x2, 0xfffffffffffffffc})
ioctl$BLKTRACESETUP(r1, 0x1276, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000dff700000400000025010000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32=r2, @ANYBLOB="000000e5ffffffffb6080000810000007b8af8ff00000000bfa200000020000007020000f8ffffffb7030000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r4, 0x0, 0xfffffffffffffe09, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000080)="dd383c2af782b3ebadbd1e76adac497c8af9d4677a8b6f1abd1e867bb269aa32881b67bac7df52f6c0efd1f8818aab2c1e0f9f86e3f4525e870caa621052f5c1a9a72900e9320b7500205b0b524de6b5acb423c33d2da2b34442b83a5365add3508dac02b57e9d91509ae886156e4c4bcc9c6a1e11e2bd947886e6", 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
r5 = creat(&(0x7f0000000000)='./file0\x00', 0xd4)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000003c0)={0x0, &(0x7f0000000280)})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="190000000400000008000000"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r6}, &(0x7f0000000800), &(0x7f0000000840)=r7}, 0x20)
write$binfmt_elf32(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="5402"], 0x69)
close(r5)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x8a, &(0x7f0000000000)={[{@jqfmt_vfsold}, {@usrjquota, 0x22}, {@oldalloc}, {@noload}, {@data_err_ignore}, {@grpjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@jqfmt_vfsv1}]}, 0xff, 0x464, &(0x7f00000004c0)="$eJzs3M1vVFUbAPBn7nTK99u+iB8gaBWNxI+Wlg9ZuMFo4kITE11gXNW2EGSghtZECFF0gUtD4t64NPEvcCNujLoycasrXRgTYtiIrsbcmXuHKZ2ZdphppzK/X3LhnDm3nPPMvYc+99w7E8DAGkv/KERsj4ifI2KkVl26w1jtr5s3Ls38fePSTCEqldf+LFT3++vGpZl81/znttUqlUqbfq+8GTFdLs+dz+oTi2ffmVi4cPGZ02enT82dmjs3dezY4UP7ho9OHek+vojYkY51z/vze3e/9MbVV2ZOXH3r+y/T8W7P2hvj6JWxeu/LPd7rzvpsR0O5MNTHgdCRYkSkh6tUnf8jUYwt9baRePGjvg4OWFOVSlLZ1Lr5cgW4i6WJOjCI8l/06fVvvq1T6rEhXD8e9XWMm9lWaxmKJNunlF0jrYWxiDhx+Z/P0i2WrkMka9QlADDgrh2PiKeb5X9J3New3/+ye0OjEfH/iNgZEfdExK6IuDeiuu/9EfFAh/3ffodkef5ZGbmjwFYpzf+ey+5tLc3/6unXaDGr7ajGXyqcPF2eO5i9JweitCmtT7bp45sXfvqkVVtj/pduaf95LpiN44+hJQt0jVl7965/GLFnqFn8hXrOm+bHuyNiT6t/5Nf2fZx+8ou9rdpWjr+NHiTllc8jnqgd/8txW/y5Qsv7k5PPHp06MrE5ynMHJ/KzYrkffrzyaqv+u4q/B65fq8TWpud/Pf7RwuaIhQsXz1Tv1y503seVXz5ueU3Z+fkfMTu9OD1ceL1aHs5ee296cfH8ZMRw4eXlr0/d+tm8nu+fnv8H9jef/zvj1jvxYESkJ/G+iHgoIh7Oxv5IRDwaEfvbxP/d84+93Xn8bVbleyiNf3al4x+Nx7/zQvHMt191Hn8uPf6Hq6UD2Svp8V8prtUOsJv3DgAAAP4rkuoz8IVkvF5OkvHx2jP8u2JrUp5fWHzq5Py752Zrz8qPRinJV7pGGtZDJ7O14bw+dVv9ULZu/GlxS7U+PjNfnu138DDgtrWY/6nfi/0eHbDmfF4LBpf5D4PL/IfBlc7/3471exRAH6ztE9bAhtYs//+gD+MA1t8K1/9b1mscwPqz/geDy/yHwWX+w0Bq+dn4pKuP/Cv0qfD1cHff1bD6QiQbJOS7plCKpk1Dq/4yizssbGra1O//mQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHrj3wAAAP//+/fooQ==")
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r8, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
readv(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='hugepage_set_pmd\x00', 0xffffffffffffffff, 0x0, 0x6f3b}, 0x18)
capget(&(0x7f0000000040)={0x19980330, 0xffffffffffffffff}, &(0x7f0000000080)={0x8, 0x2, 0x81, 0x1, 0x8, 0x1000})

282.994081ms ago: executing program 1 (id=3581):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007cccf7143af3ff00000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7054d140, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x4)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0x1, 0x58, &(0x7f0000000380)}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c0000000c0000000c0000000000000a05000000003030305f5f615f002f0000"], &(0x7f00000005c0)=""/99, 0x30, 0x63, 0x0, 0x0, 0x10000, @value}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000008c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000010000000900000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
timer_create(0x1, &(0x7f0000000240)={0x0, 0x41, 0x0, @thr={&(0x7f0000000140)="ed33c4b9e9ff24fc3c4aafee91407d8f0b867f99f42d0b00d425a5c1b9ee8e15888b105699fe76f57f7bac014ec12953fd73727fa91335495f426b8ffab0a963d3fa4abf9a9b592b330a5e128926e3560d1b5bcfac68ad306b319c99b85cff79b57e682f92419b9ab146cff0ff3de0dbe33d43fc0c8b96f6f9bb8641101990cd972393cecf4d4da29c9adb5c722beae730849aec75fd18f699c70208229e3ac9bd896b63933e47189c28286a0e4ce70cd7c9ea2b5c3744f43c84f8bdf8b17b8615f4555309c6d14f04c4ba8562fef50a5fb313ab6258cb56c1", &(0x7f0000000300)="8961e92501b8b8f2a032ba651ba05b2820c62f5b8e04479cd0340243c064686c21e36fc7087431aace7f69a16cfe4ef488941507cef550644ad8446e1483707e7c548e2874c22b1876e0cbec4033a09d4a68ea3385da2124793ea55483d71caa36b2f22a61ebc48087d70292bf01eef375ce0f1955a868e8576b42d7df2a7cc12d84e7ae63f530e1b88c611a46aa52"}}, &(0x7f0000000280)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f00000005c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, &(0x7f0000000680))
add_key(0x0, 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05dd5", 0x1c, 0xfffffffffffffffd)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$pokeuser(0x6, r5, 0x358, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000180)='kfree\x00', r4, 0x0, 0x2}, 0x18)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
chroot(&(0x7f0000000180)='./file0\x00')
syz_usbip_server_init(0x4)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000440)='percpu_create_chunk\x00'}, 0x18)
r6 = syz_open_dev$evdev(&(0x7f0000000180), 0x3, 0x88000)
ioctl$EVIOCGRAB(r6, 0x40044590, &(0x7f00000001c0))
ioctl$EVIOCGRAB(r6, 0x40044590, 0x0)

250.47246ms ago: executing program 0 (id=3582):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000095000000000000000400"/24], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000240)='host1x_channel_submit_complete\x00', r0}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="400000003900090000000000000000000200000004000000280001802400a4"], 0x40}, 0x1, 0x0, 0x10000000000}, 0x0)
r3 = getpid()
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000500)=""/46)
shmat(0x0, &(0x7f000029f000/0x4000)=nil, 0x6000)
r4 = syz_io_uring_setup(0xd8, &(0x7f0000000480)={0x0, 0x1d, 0x20011, 0x2, 0x1ee, 0x0, r0}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000540))
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{}, 0x0, 0x0}, 0x20)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a30000000000800410073697700140033006c6f00000000000000000000000000006da1cdb3d2"], 0x38}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r8, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="882f1242a03c3f98722780b605a7", 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, &(0x7f0000000180)=ANY=[@ANYRES8=r3], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x8000, 0x0)
io_uring_enter(r4, 0x4ac6, 0x0, 0x0, 0x0, 0x0)
r9 = syz_clone(0x21001180, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
socket$inet_dccp(0x2, 0x6, 0x0)
capget(0x0, 0x0)

114.398701ms ago: executing program 0 (id=3583):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r1 = socket$inet(0x2, 0x80001, 0x84)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000080)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sys_enter\x00', r2}, 0x10)
msgget$private(0x0, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
recvmsg(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x1f00)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r8, 0x0, 0x5}, 0x18)
sendmsg$tipc(r6, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000140)={r4, @in6={{0xa, 0x0, 0x0, @empty, 0x400}}}, &(0x7f0000000200)=0x90)

49.73436ms ago: executing program 4 (id=3584):
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_QUANTUM={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

34.57697ms ago: executing program 4 (id=3585):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB="ffff00000878b300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000008c0), 0x4000, 0x0) (async, rerun: 64)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) (rerun: 64)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{0xffffffffffffffff, <r4=>0xffffffffffffffff}, &(0x7f0000000900), &(0x7f0000000940)=r0}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a40)={{0x1, <r5=>0xffffffffffffffff}, &(0x7f00000009c0), &(0x7f0000000a00)=r0}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000b00)=@bpf_lsm={0x1d, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000ed000000000000001e530100000085100000000000000020000005000000"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x100001, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, r2, r3, r4, 0xffffffffffffffff, r5], &(0x7f0000000ac0), 0x10, 0x10000, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) (async)
listen(r6, 0x0) (async)
r7 = socket$tipc(0x1e, 0x5, 0x0) (async)
r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
io_setup(0x1, &(0x7f00000002c0)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000002340)=[&(0x7f0000000040)={0x0, 0x300, 0x0, 0x8, 0x0, r8, 0x0, 0x0, 0x20000000}]) (async)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0b00000005000000020000000400000005000000", @ANYRES32, @ANYBLOB="000000000000fd8448f5000000000000000000208a6392eff432a3f1a42956385b2933350cf8bb47cb1c3f5ca6bd2a421fe5c1c761d048af9f3938f7e6f7", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000bf080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500414300"/72], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r10}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) (async, rerun: 64)
r11 = memfd_secret(0x0) (rerun: 64)
r12 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r13=>0x0})
r14 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r14, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r13, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x23, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000002000000000000000200000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000184f00000100000000000000000000009bb004000400000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff000000bcbc97b2049f46b02340cf00bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r11, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0xfffffffd, 0x3e, &(0x7f00000001c0)=""/62, 0x41000, 0x21, '\x00', r13, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0x5, 0x9, 0xffff}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000440)=[{0x5, 0x4, 0xe, 0x2}, {0x1, 0x2, 0x7, 0x2}, {0x3, 0x5, 0x7, 0x7}, {0x5, 0x5, 0xf, 0x3}, {0x5, 0x1, 0x7, 0x8}, {0x2, 0x1, 0x4, 0x4}, {0x0, 0x4, 0xf, 0x7}], 0x10, 0x9, @void, @value}, 0x94)
sendmsg$tipc(r7, &(0x7f0000002300)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x4}}, 0x10, 0x0}, 0x0) (async, rerun: 32)
sendmsg$tipc(r7, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x3, {0x41}}, 0x10, 0x0}, 0x20000000) (rerun: 32)
openat(r8, &(0x7f0000000580)='./file0\x00', 0x2000, 0x28) (async)
accept4(r6, 0x0, 0x0, 0x0)

3.95755ms ago: executing program 4 (id=3586):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r4, @ANYBLOB="24002d80080002000300000005000100000000000500040009000000080003"], 0x40}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{0x0, 0x0, 0x9c}, {0x0, 0x0, 0x0, 0x0, 0x1}]}, [{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, {0x1}, {0x0, 0x0, 0x80000000}, {}, {0x0, 0x1, 0x0, 0x2000}, {0x0, 0x0, 0x0, 0x0, 0x400}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, {0x0, 0x2000000}, {0x0, 0x1, 0x0, 0x0, 0xfffffffe, 0x8001}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0xd5, 0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x10}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x800, 0x8}, {0x2}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x5, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, {}, {}, {0xffffffff}, {}, {0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {0x0, 0x800000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {}, {}, {}, {0xa7}, {}, {}, {0x9120, 0x0, 0x52c0}, {}, {}, {0x0, 0x0, 0x1000}, {0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {0x0, 0xffffffff}, {}, {0x4, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x9}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x4, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x100000, 0x0, 0x0, 0x10000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {0x0, 0x1}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0x1}, {}, {}, {0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {0x2}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

0s ago: executing program 4 (id=3587):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioprio_set$pid(0x2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x804, &(0x7f0000000040), 0x1, 0x4ef, &(0x7f0000000b00)="$eJzs3c9vI1cdAPDvTOJNmqZNCpX4IaBLKSxotXbibaOqp3IBoaoSouLEIQ2JN4pix1HslCasRPZ/QKISJ/gTOCBxQNoTd25w47IckBZYLdogcTAae/KDbBx7s0lM7c9HGs28eeP5vrfWvOf9JvELYGRdj4i9iLgWER9GxEx+Psm3eLezZdc9eXR3ef/R3eUkWq0P/pG067Nzcew1mRfze05GxA++G/Hj5Om4jZ3d9aVqtbKVl0vN2mapsbN7a622tFpZrWyUywvzC3Nv336r3F9H0t6XvFb7zcPvrL33w9//7ssP/rj3rZ9mzZrO64734yJ1ul44jJMZj4j3LiPYAIzl/bk26IZwLtlj85mIeL39/M/EWPvd7M8pjzUA8CnQas1Ea+Z4GQAYdmk7B5akxTwXMB1pWix2cnivxlRarTeaN+/UtzdWOrmy2Sikd9aqlbk8VzgbhSQrz7ePj8rlE+XbEfFKRPx84oV2ubjcf54BALhYL56Y//810Zn/AYAhN9nrgsWraQcAcHV6zv8AwNAx/wPA6DH/A8DoMf8DwOgx/wPA6Mnn/7FBtwMAuBLff//9bGvt599/vfLRzvZ6/aNbK5XGerG2vVxcrm9tFlfr9dVqpbhcr/W6X7Ve35x/M7Y/LjUrjWapsbO7WKtvbzQX29/rvVgpXEmvAICzvPLa/T8nEbH3zgvtLY6t5WCuhuHWx7I5wJCS84fR5Vu4YXT5Pz7Qay3Prr8i/Mk5grV+do4XARftxhfk/2FUyf/D6JL/h9El/w+jq9VKuq35nx5eAgAMFTl+4Ep//g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDYrq9JWkxXwt8OtK0WIx4KSJmo5DcWatW5iLi5Yj400RhIivPD7rRAMBzSv+W5Ot/3Zh5Y/pk7bXk3xPtfUT85Jcf/OLjpWZzaz47/8/D881P8vPlQbQfAOjlYJ4+mMcPPHl0d/lgu8r2PPx2Z3HRLO5+vnVqxmO8vZ+MQkRMPU7yckf2eWXsAuLvrUTE50/rf9LOjcx2Vj4tdFp0JIv90kXEv9dX/Jh6nP5P/LRd19ln/xaffYaYvdZ6hVFxPxt/3j3t+Uvjens/eerix5MnxoPzOhj/9p8a/9LD8W+sy/h3vd8Yb/7he13r7kV8cfy0+Mlh/KRL/Df6jP+XL33l9W51rV9F3IjT4x+PVWrWNkuNnd1ba7Wl1cpqZaNcXphfmHv79lvlUjtHXTrIVD/t7+/cfPms/k91iT/Zo/9fP7PXrYmDo1//58MfffWM+N/82unv/6tnxM8mpG+cGf/I0tRvuy7fncVf6fT/3rO+/zf7jP/gr7srfV4KAFyBxs7u+lK1Wtm60INCXPANjx0kl9RmB0N+kH0ef977fC5Pmf0fdOeyDwY9MgGX7eihH3RLAAAAAAAAAAAAAACAbi79z4nSQfcQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAYfbfAAAA//9vwMkV")
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$kcm(0x2b, 0x1, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000440)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffb}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x2f, 0x0, 0x0)
sendmsg$inet(r1, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r6=>0x0})
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r7, &(0x7f0000000080)={0x1d, r6}, 0x18)
sendmsg$can_j1939(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, r6, 0xfbfffffffffffffc, {0x0, 0x0, 0x1}, 0xff}, 0x18, &(0x7f0000000180)={0x0, 0xf0}, 0x1, 0x0, 0x0, 0x8000}, 0x200000ee)

0s ago: executing program 1 (id=3589):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000c605000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)

kernel console output (not intermixed with test programs):

34468][T16288] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3083'.
[  251.155301][T16290] loop2: detected capacity change from 0 to 2048
[  251.172109][T16294] syz.4.3086[16294] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  251.172191][T16294] syz.4.3086[16294] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  251.184073][T16294] syz.4.3086[16294] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  251.206658][T16294] loop4: detected capacity change from 0 to 2048
[  251.225614][T16290] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  251.238954][T16290] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  251.258673][T16290] FAULT_INJECTION: forcing a failure.
[  251.258673][T16290] name failslab, interval 1, probability 0, space 0, times 0
[  251.271420][T16290] CPU: 0 UID: 0 PID: 16290 Comm: syz.2.3084 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  251.278450][T16294] GPT:first_usable_lbas don't match.
[  251.282354][T16290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  251.287660][T16294] GPT:34 != 290
[  251.297690][T16290] Call Trace:
[  251.297705][T16290]  <TASK>
[  251.297713][T16290]  dump_stack_lvl+0xf2/0x150
[  251.301221][T16294] GPT: Use GNU Parted to correct GPT errors.
[  251.304509][T16290]  dump_stack+0x15/0x1a
[  251.307595][T16294]  loop4: p1 p2 p3
[  251.312012][T16290]  should_fail_ex+0x223/0x230
[  251.330676][T16290]  should_failslab+0x8f/0xb0
[  251.335299][T16290]  kmem_cache_alloc_noprof+0x52/0x320
[  251.340683][T16290]  ? getname_flags+0x81/0x3b0
[  251.345361][T16290]  getname_flags+0x81/0x3b0
[  251.349902][T16290]  __x64_sys_renameat2+0x6e/0xa0
[  251.354966][T16290]  x64_sys_call+0x1bf1/0x2dc0
[  251.359637][T16290]  do_syscall_64+0xc9/0x1c0
[  251.364134][T16290]  ? clear_bhb_loop+0x55/0xb0
[  251.368809][T16290]  ? clear_bhb_loop+0x55/0xb0
[  251.373483][T16290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.379408][T16290] RIP: 0033:0x7f79b5a15d29
[  251.383907][T16290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  251.404650][T16290] RSP: 002b:00007f79b4087038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  251.413075][T16290] RAX: ffffffffffffffda RBX: 00007f79b5c05fa0 RCX: 00007f79b5a15d29
[  251.421103][T16290] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004
[  251.429069][T16290] RBP: 00007f79b4087090 R08: 0000000000000000 R09: 0000000000000000
[  251.437103][T16290] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000001
[  251.445083][T16290] R13: 0000000000000000 R14: 00007f79b5c05fa0 R15: 00007ffe58657ab8
[  251.453097][T16290]  </TASK>
[  251.456711][T16298] syz.1.3085[16298] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  251.456921][T16298] syz.1.3085[16298] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  251.468417][T16298] syz.1.3085[16298] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  251.498521][T15905] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.537484][T16301] loop6: detected capacity change from 0 to 128
[  251.599976][T16307] syz.6.3091[16307] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  251.600590][T16309] vhci_hcd: invalid port number 157
[  251.617346][T16309] vhci_hcd: default hub control req: c1ef v21ba i009d l29779
[  251.797533][T16317] loop2: detected capacity change from 0 to 1024
[  251.820888][T16317] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  251.831880][T16317] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[  251.851860][T16319] loop6: detected capacity change from 0 to 512
[  251.858568][T16319] EXT4-fs: Ignoring removed orlov option
[  251.864818][T16319] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  251.873996][T16319] EXT4-fs (loop6): orphan cleanup on readonly fs
[  251.881392][T16317] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  251.886973][T16319] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.3091: bg 0: block 248: padding at end of block bitmap is not set
[  251.918306][T16321] loop4: detected capacity change from 0 to 512
[  251.925059][T16319] EXT4-fs error (device loop6): ext4_acquire_dquot:6938: comm syz.6.3091: Failed to acquire dquot type 1
[  251.953050][T16317] EXT4-fs (loop2): invalid journal inode
[  251.964368][T16317] EXT4-fs (loop2): can't get journal size
[  251.973852][T16321] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.989516][T16319] EXT4-fs (loop6): 1 truncate cleaned up
[  251.998825][T16317] EXT4-fs error (device loop2): ext4_protect_reserved_inode:182: inode #3: comm syz.2.3093: blocks 2-2 from inode overlap system zone
[  252.015255][T16321] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  252.033723][T16319] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  252.054224][T16317] EXT4-fs (loop2): failed to initialize system zone (-117)
[  252.072446][T16317] EXT4-fs (loop2): mount failed
[  252.088994][T14953] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.099059][T16319] EXT4-fs: Ignoring removed orlov option
[  252.126547][T16319] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  252.136404][T16319] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended
[  252.149169][T16327] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  252.164438][T16319] EXT4-fs error (device loop6): __ext4_remount:6749: comm syz.6.3091: Abort forced by user
[  252.168698][T16317] syzkaller0: entered promiscuous mode
[  252.180074][T16317] syzkaller0: entered allmulticast mode
[  252.186031][T16319] EXT4-fs (loop6): Remounting filesystem read-only
[  252.192657][T16319] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  252.221701][T16329] loop2: detected capacity change from 0 to 512
[  252.249771][T16329] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  252.272580][T16319] ext4 filesystem being remounted at /92/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  252.293263][T16329] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  252.483002][T15905] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  252.539005][T16336] loop0: detected capacity change from 0 to 764
[  252.546113][T16336] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  252.564741][T16338] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3096'.
[  252.587047][T16340] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3100'.
[  252.659024][T16343] bridge0: entered promiscuous mode
[  252.664381][T16343] macvlan2: entered promiscuous mode
[  252.692987][T16343] bridge0: port 3(macvlan2) entered blocking state
[  252.699662][T16343] bridge0: port 3(macvlan2) entered disabled state
[  252.728178][T16343] macvlan2: entered allmulticast mode
[  252.733616][T16343] bridge0: entered allmulticast mode
[  252.748043][T16343] macvlan2: left allmulticast mode
[  252.753201][T16343] bridge0: left allmulticast mode
[  252.770524][T16343] bridge0: left promiscuous mode
[  252.779609][T16342] validate_nla: 24 callbacks suppressed
[  252.779624][T16342] netlink: 'syz.0.3099': attribute type 4 has an invalid length.
[  252.888869][T16348] loop0: detected capacity change from 0 to 2048
[  253.030769][T16352] loop2: detected capacity change from 0 to 128
[  253.068203][T16348] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.092788][T16348] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  253.140329][T16358] SET target dimension over the limit!
[  253.191655][T16008] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.245503][T16363] FAULT_INJECTION: forcing a failure.
[  253.245503][T16363] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.258643][T16363] CPU: 0 UID: 0 PID: 16363 Comm: syz.4.3107 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  253.269419][T16363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  253.279537][T16363] Call Trace:
[  253.282818][T16363]  <TASK>
[  253.285797][T16363]  dump_stack_lvl+0xf2/0x150
[  253.290419][T16363]  dump_stack+0x15/0x1a
[  253.294592][T16363]  should_fail_ex+0x223/0x230
[  253.299360][T16363]  should_fail+0xb/0x10
[  253.303529][T16363]  should_fail_usercopy+0x1a/0x20
[  253.308644][T16363]  _copy_to_user+0x20/0xa0
[  253.313152][T16363]  simple_read_from_buffer+0xa0/0x110
[  253.318541][T16363]  proc_fail_nth_read+0xf9/0x140
[  253.323517][T16363]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  253.329207][T16363]  vfs_read+0x1a2/0x700
[  253.333462][T16363]  ? __rcu_read_unlock+0x4e/0x70
[  253.338418][T16363]  ? __fget_files+0x17c/0x1c0
[  253.343164][T16363]  ksys_read+0xe8/0x1b0
[  253.347340][T16363]  __x64_sys_read+0x42/0x50
[  253.351927][T16363]  x64_sys_call+0x2874/0x2dc0
[  253.356614][T16363]  do_syscall_64+0xc9/0x1c0
[  253.361207][T16363]  ? clear_bhb_loop+0x55/0xb0
[  253.365961][T16363]  ? clear_bhb_loop+0x55/0xb0
[  253.370658][T16363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.376613][T16363] RIP: 0033:0x7f73bc3a473c
[  253.381085][T16363] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  253.400771][T16363] RSP: 002b:00007f73baa17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  253.409194][T16363] RAX: ffffffffffffffda RBX: 00007f73bc595fa0 RCX: 00007f73bc3a473c
[  253.417199][T16363] RDX: 000000000000000f RSI: 00007f73baa170a0 RDI: 0000000000000004
[  253.425219][T16363] RBP: 00007f73baa17090 R08: 0000000000000000 R09: 0000000000000000
[  253.433195][T16363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.441206][T16363] R13: 0000000000000000 R14: 00007f73bc595fa0 R15: 00007ffd8f62bbf8
[  253.449401][T16363]  </TASK>
[  253.455797][T16365] FAULT_INJECTION: forcing a failure.
[  253.455797][T16365] name fail_futex, interval 1, probability 0, space 0, times 1
[  253.468844][T16365] CPU: 1 UID: 0 PID: 16365 Comm: syz.0.3106 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  253.479619][T16365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  253.489822][T16365] Call Trace:
[  253.493102][T16365]  <TASK>
[  253.496050][T16365]  dump_stack_lvl+0xf2/0x150
[  253.500658][T16365]  dump_stack+0x15/0x1a
[  253.504902][T16365]  should_fail_ex+0x223/0x230
[  253.509617][T16365]  should_fail+0xb/0x10
[  253.513784][T16365]  get_futex_key+0x135/0x740
[  253.518437][T16365]  futex_wait_requeue_pi+0x16d/0x6d0
[  253.523749][T16365]  ? __pfx_futex_wake_mark+0x10/0x10
[  253.529061][T16365]  do_futex+0x146/0x370
[  253.533237][T16365]  __se_sys_futex+0x25d/0x3a0
[  253.537995][T16365]  ? fput+0x1c4/0x200
[  253.542174][T16365]  __x64_sys_futex+0x78/0x90
[  253.546828][T16365]  x64_sys_call+0x2d6a/0x2dc0
[  253.551539][T16365]  do_syscall_64+0xc9/0x1c0
[  253.556061][T16365]  ? clear_bhb_loop+0x55/0xb0
[  253.560744][T16365]  ? clear_bhb_loop+0x55/0xb0
[  253.565423][T16365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.571328][T16365] RIP: 0033:0x7f02e3b55d29
[  253.575743][T16365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.595449][T16365] RSP: 002b:00007f02e21c1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  253.603992][T16365] RAX: ffffffffffffffda RBX: 00007f02e3d45fa0 RCX: 00007f02e3b55d29
[  253.611970][T16365] RDX: 0000000000000000 RSI: 000080000000000b RDI: 000000002000cffc
[  253.620229][T16365] RBP: 00007f02e21c1090 R08: 0000000020048000 R09: 0000000000000000
[  253.628298][T16365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.636458][T16365] R13: 0000000000000000 R14: 00007f02e3d45fa0 R15: 00007ffca1290898
[  253.644563][T16365]  </TASK>
[  253.768881][T16375] loop4: detected capacity change from 0 to 764
[  253.783434][T16375] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  253.853028][T16379] siw: device registration error -23
[  253.861929][T16379] loop1: detected capacity change from 0 to 164
[  253.871260][T16379] Unable to read rock-ridge attributes
[  254.018834][T16393] loop4: detected capacity change from 0 to 128
[  254.050828][T16395] netlink: 12 bytes leftover after parsing attributes in process `+}[@'.
[  254.189880][T13961] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.204832][T16404] siw: device registration error -23
[  254.215879][T16404] loop1: detected capacity change from 0 to 164
[  254.225714][T16404] Unable to read rock-ridge attributes
[  254.323205][T16424] loop2: detected capacity change from 0 to 512
[  254.332782][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  254.371932][T16425] loop6: detected capacity change from 0 to 128
[  254.389969][T16436] bpf_get_probe_write_proto: 2 callbacks suppressed
[  254.389985][T16436] syz.4.3133[16436] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  254.396709][T16436] syz.4.3133[16436] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  254.406583][T16425] syz.6.3130: attempt to access beyond end of device
[  254.406583][T16425] loop6: rw=0, sector=121, nr_sectors = 920 limit=128
[  254.408260][T16436] syz.4.3133[16436] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  254.470055][T16439] siw: device registration error -23
[  254.491728][T16439] loop0: detected capacity change from 0 to 164
[  254.499683][T16439] Unable to read rock-ridge attributes
[  254.543670][T16442] FAULT_INJECTION: forcing a failure.
[  254.543670][T16442] name failslab, interval 1, probability 0, space 0, times 0
[  254.557007][T16442] CPU: 1 UID: 0 PID: 16442 Comm: syz.2.3136 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  254.568537][T16442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  254.578617][T16442] Call Trace:
[  254.581911][T16442]  <TASK>
[  254.584841][T16442]  dump_stack_lvl+0xf2/0x150
[  254.589429][T16442]  dump_stack+0x15/0x1a
[  254.593755][T16442]  should_fail_ex+0x223/0x230
[  254.598477][T16442]  ? sctp_add_bind_addr+0x6f/0x1e0
[  254.603601][T16442]  should_failslab+0x8f/0xb0
[  254.608276][T16442]  __kmalloc_cache_noprof+0x4e/0x320
[  254.613657][T16442]  ? sctp_get_port_local+0x79c/0xa90
[  254.619297][T16442]  sctp_add_bind_addr+0x6f/0x1e0
[  254.624414][T16442]  sctp_do_bind+0x434/0x4c0
[  254.629000][T16442]  sctp_connect_new_asoc+0x15b/0x3b0
[  254.634776][T16442]  sctp_sendmsg+0xf05/0x1920
[  254.639420][T16442]  ? __pfx_sctp_sendmsg+0x10/0x10
[  254.644453][T16442]  inet_sendmsg+0xc5/0xd0
[  254.648815][T16442]  __sock_sendmsg+0x102/0x180
[  254.653494][T16442]  ____sys_sendmsg+0x312/0x410
[  254.658308][T16442]  __sys_sendmsg+0x19d/0x230
[  254.662920][T16442]  __x64_sys_sendmsg+0x46/0x50
[  254.667743][T16442]  x64_sys_call+0x2734/0x2dc0
[  254.672449][T16442]  do_syscall_64+0xc9/0x1c0
[  254.676938][T16442]  ? clear_bhb_loop+0x55/0xb0
[  254.681616][T16442]  ? clear_bhb_loop+0x55/0xb0
[  254.686287][T16442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.692378][T16442] RIP: 0033:0x7f79b5a15d29
[  254.696894][T16442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.716648][T16442] RSP: 002b:00007f79b4087038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  254.725101][T16442] RAX: ffffffffffffffda RBX: 00007f79b5c05fa0 RCX: 00007f79b5a15d29
[  254.733128][T16442] RDX: 0000000000000060 RSI: 0000000020000380 RDI: 0000000000000006
[  254.741151][T16442] RBP: 00007f79b4087090 R08: 0000000000000000 R09: 0000000000000000
[  254.749118][T16442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  254.757111][T16442] R13: 0000000000000000 R14: 00007f79b5c05fa0 R15: 00007ffe58657ab8
[  254.765126][T16442]  </TASK>
[  254.824907][T16449] loop4: detected capacity change from 0 to 512
[  254.865796][T16450] lo speed is unknown, defaulting to 1000
[  254.871969][T16449] EXT4-fs: Ignoring removed orlov option
[  254.898822][T16449] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  254.931249][T16455] loop0: detected capacity change from 0 to 1024
[  254.956496][T16449] EXT4-fs (loop4): orphan cleanup on readonly fs
[  254.970481][T16455] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  255.005221][T16449] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3133: bg 0: block 248: padding at end of block bitmap is not set
[  255.029717][   T29] kauditd_printk_skb: 421 callbacks suppressed
[  255.029766][   T29] audit: type=1400 audit(1736454124.348:104271): avc:  denied  { write } for  pid=16467 comm="syz.6.3142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  255.029975][T16469] netlink: 133492 bytes leftover after parsing attributes in process `syz.6.3142'.
[  255.076475][T16455] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  255.095900][T16449] Quota error (device loop4): write_blk: dquota write failed
[  255.103622][T16449] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  255.113776][T16449] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3133: Failed to acquire dquot type 1
[  255.144005][T16455] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  255.153823][T16455] EXT4-fs (loop0): orphan cleanup on readonly fs
[  255.161075][T16455] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5837: Corrupt filesystem
[  255.188998][T16455] EXT4-fs (loop0): Remounting filesystem read-only
[  255.189595][T16449] EXT4-fs (loop4): 1 truncate cleaned up
[  255.202377][   T29] audit: type=1400 audit(1736454124.518:104272): avc:  denied  { create } for  pid=16473 comm="syz.6.3143" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  255.202569][T16449] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  255.235420][T16455] Quota error (device loop0): write_blk: dquota write failed
[  255.243805][T16455] Quota error (device loop0): write_blk: dquota write failed
[  255.244103][T16449] EXT4-fs: Ignoring removed orlov option
[  255.251268][T16455] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  255.256999][T16449] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  255.266973][T16455] Quota error (device loop0): v2_write_file_info: Can't write info structure
[  255.278068][T16475] loop6: detected capacity change from 0 to 764
[  255.284358][T16455] EXT4-fs (loop0): 1 orphan inode deleted
[  255.294059][   T29] audit: type=1400 audit(1736454124.548:104273): avc:  denied  { mount } for  pid=16435 comm="syz.4.3133" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  255.304470][T16455] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  255.318228][   T29] audit: type=1400 audit(1736454124.568:104274): avc:  denied  { remount } for  pid=16435 comm="syz.4.3133" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  255.350531][T16449] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  255.358048][T16475] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  255.360276][T16455] SELinux: (dev loop0, type ext4) getxattr errno 5
[  255.381120][T16449] EXT4-fs error (device loop4): __ext4_remount:6749: comm syz.4.3133: Abort forced by user
[  255.393662][T16449] EXT4-fs (loop4): Remounting filesystem read-only
[  255.400271][T16449] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  255.411244][T16455] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.428649][T16449] ext4 filesystem being remounted at /77/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  255.654285][T16505] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3146'.
[  255.774173][T16552] bridge0: entered promiscuous mode
[  255.792166][T16507] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3147'.
[  255.821791][T16552] macvlan2: entered promiscuous mode
[  255.834264][T16552] bridge0: port 3(macvlan2) entered blocking state
[  255.841252][T16552] bridge0: port 3(macvlan2) entered disabled state
[  255.850451][T16552] macvlan2: entered allmulticast mode
[  255.855870][T16552] bridge0: entered allmulticast mode
[  255.863549][T16552] macvlan2: left allmulticast mode
[  255.868799][T16552] bridge0: left allmulticast mode
[  255.878512][T16552] bridge0: left promiscuous mode
[  256.070529][T16565] Invalid ELF header magic: != ELF
[  256.080516][T16567] bridge0: entered promiscuous mode
[  256.088357][T16567] macvlan2: entered promiscuous mode
[  256.095462][T16567] bridge0: port 1(macvlan2) entered blocking state
[  256.102077][T16567] bridge0: port 1(macvlan2) entered disabled state
[  256.109066][T16567] macvlan2: entered allmulticast mode
[  256.114484][T16567] bridge0: entered allmulticast mode
[  256.152235][T16571] loop2: detected capacity change from 0 to 512
[  256.159252][T16571] EXT4-fs: Ignoring removed orlov option
[  256.196433][T16569] loop0: detected capacity change from 0 to 764
[  256.210377][T16571] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  256.236051][T16569] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  256.246781][T16571] EXT4-fs (loop2): orphan cleanup on readonly fs
[  256.254289][T16571] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3150: bg 0: block 248: padding at end of block bitmap is not set
[  256.269531][T16571] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.3150: Failed to acquire dquot type 1
[  256.281764][T16571] EXT4-fs (loop2): 1 truncate cleaned up
[  256.295358][T16567] macvlan2: left allmulticast mode
[  256.300575][T16567] bridge0: left allmulticast mode
[  256.307003][T16567] bridge0: left promiscuous mode
[  256.314979][T16574] loop1: detected capacity change from 0 to 128
[  256.643382][T16581] loop0: detected capacity change from 0 to 1024
[  256.701885][T16581] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  256.712899][T16581] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[  256.810357][T16581] EXT4-fs (loop0): stripe (8) is not aligned with cluster size (16), stripe is disabled
[  256.872990][T16581] EXT4-fs (loop0): invalid journal inode
[  257.048258][T16571] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  257.074204][T16571] EXT4-fs: Ignoring removed orlov option
[  257.079971][T16571] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  257.106897][T16571] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  257.129546][T16571] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.3150: Abort forced by user
[  257.141040][T16571] EXT4-fs (loop2): Remounting filesystem read-only
[  257.147584][T16571] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  257.158034][T16571] ext4 filesystem being remounted at /42/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  257.505292][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  257.824920][T16605] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3166'.
[  257.840823][T16605] netlink: 'syz.0.3166': attribute type 7 has an invalid length.
[  257.841342][T16607] IPVS: set_ctl: invalid protocol: 135 172.20.20.66:20004
[  257.857688][T15905] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.081996][T16625] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3172'.
[  258.130286][T16625] bridge0: entered promiscuous mode
[  258.141421][T16625] macvlan2: entered promiscuous mode
[  258.160251][T16625] bridge0: port 3(macvlan2) entered blocking state
[  258.166812][T16625] bridge0: port 3(macvlan2) entered disabled state
[  258.183756][T16625] macvlan2: entered allmulticast mode
[  258.189210][T16625] bridge0: entered allmulticast mode
[  258.205236][T16625] macvlan2: left allmulticast mode
[  258.210415][T16625] bridge0: left allmulticast mode
[  258.237391][T16625] bridge0: left promiscuous mode
[  258.372587][T16630] siw: device registration error -23
[  258.387100][T16630] loop0: detected capacity change from 0 to 164
[  258.419750][T16630] Unable to read rock-ridge attributes
[  258.596334][T16586] syz.6.3159 (16586) used greatest stack depth: 7088 bytes left
[  258.711497][T16639] loop0: detected capacity change from 0 to 2048
[  258.730887][T16639] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  258.754942][T16639] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  258.862094][T16008] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.898307][T16643] loop2: detected capacity change from 0 to 2048
[  258.941828][T16643] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  259.028824][T16643] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  259.130690][T16658] FAULT_INJECTION: forcing a failure.
[  259.130690][T16658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.144240][T16658] CPU: 0 UID: 0 PID: 16658 Comm: syz.0.3183 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  259.155117][T16658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  259.165196][T16658] Call Trace:
[  259.168518][T16658]  <TASK>
[  259.171456][T16658]  dump_stack_lvl+0xf2/0x150
[  259.176098][T16658]  dump_stack+0x15/0x1a
[  259.180427][T16658]  should_fail_ex+0x223/0x230
[  259.185200][T16658]  should_fail+0xb/0x10
[  259.189373][T16658]  should_fail_usercopy+0x1a/0x20
[  259.194415][T16658]  strncpy_from_user+0x25/0x210
[  259.199276][T16658]  ? kmem_cache_alloc_noprof+0x18e/0x320
[  259.204945][T16658]  ? getname_flags+0x81/0x3b0
[  259.210106][T16658]  getname_flags+0xb0/0x3b0
[  259.214694][T16658]  __x64_sys_renameat2+0x61/0xa0
[  259.219658][T16658]  x64_sys_call+0x1bf1/0x2dc0
[  259.224569][T16658]  do_syscall_64+0xc9/0x1c0
[  259.229225][T16658]  ? clear_bhb_loop+0x55/0xb0
[  259.233973][T16658]  ? clear_bhb_loop+0x55/0xb0
[  259.238928][T16658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.244922][T16658] RIP: 0033:0x7f02e3b55d29
[  259.249412][T16658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.269312][T16658] RSP: 002b:00007f02e21a0038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  259.277746][T16658] RAX: ffffffffffffffda RBX: 00007f02e3d46080 RCX: 00007f02e3b55d29
[  259.285821][T16658] RDX: 0000000000000007 RSI: 0000000020000380 RDI: 0000000000000007
[  259.293852][T16658] RBP: 00007f02e21a0090 R08: 0000000000000000 R09: 0000000000000000
[  259.301845][T16658] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000001
[  259.309908][T16658] R13: 0000000000000000 R14: 00007f02e3d46080 R15: 00007ffca1290898
[  259.317958][T16658]  </TASK>
[  259.346735][T16657] loop1: detected capacity change from 0 to 764
[  259.438460][T16657] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  259.447804][T14953] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.457797][T15905] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.487025][T16664] loop4: detected capacity change from 0 to 128
[  259.511695][T16663] loop6: detected capacity change from 0 to 128
[  259.533070][T16664] syz.4.3185: attempt to access beyond end of device
[  259.533070][T16664] loop4: rw=0, sector=121, nr_sectors = 920 limit=128
[  259.555175][T16668] siw: device registration error -23
[  259.572974][T16663] program syz.6.3187 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  259.601582][T16668] loop2: detected capacity change from 0 to 164
[  259.621548][T16668] Unable to read rock-ridge attributes
[  259.814057][T16683] loop4: detected capacity change from 0 to 2048
[  259.845733][T16683] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  259.864422][T16683] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  259.918752][T14953] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.963553][T16690] syz.1.3196[16690] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  259.963617][T16690] syz.1.3196[16690] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  259.975278][T16690] syz.1.3196[16690] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  260.073057][   T29] kauditd_printk_skb: 286 callbacks suppressed
[  260.073074][   T29] audit: type=1400 audit(1736454129.306:104559): avc:  denied  { execmem } for  pid=16689 comm="syz.1.3196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  260.232504][T16692] loop1: detected capacity change from 0 to 512
[  260.263066][T16692] EXT4-fs: Ignoring removed orlov option
[  260.294455][T16692] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  260.336832][T16692] EXT4-fs (loop1): orphan cleanup on readonly fs
[  260.372275][T16692] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3196: bg 0: block 248: padding at end of block bitmap is not set
[  260.387112][T16692] Quota error (device loop1): write_blk: dquota write failed
[  260.394603][T16692] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  260.404559][T16692] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.3196: Failed to acquire dquot type 1
[  260.450197][   T29] audit: type=1326 audit(1736454129.746:104560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16694 comm="syz.4.3195" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f73bc3a5d29 code=0x0
[  260.453772][T16692] EXT4-fs (loop1): 1 truncate cleaned up
[  260.499373][T16692] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  260.511954][   T29] audit: type=1400 audit(1736454129.796:104561): avc:  denied  { read } for  pid=16694 comm="syz.4.3195" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  260.533329][T16692] EXT4-fs: Ignoring removed orlov option
[  260.534964][   T29] audit: type=1400 audit(1736454129.796:104562): avc:  denied  { open } for  pid=16694 comm="syz.4.3195" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  260.547564][T16697] loop0: detected capacity change from 0 to 1024
[  260.564052][   T29] audit: type=1400 audit(1736454129.796:104563): avc:  denied  { ioctl } for  pid=16694 comm="syz.4.3195" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  260.570462][   T29] audit: type=1400 audit(1736454129.846:104564): avc:  denied  { remount } for  pid=16689 comm="syz.1.3196" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  260.640963][T16698] loop6: detected capacity change from 0 to 7
[  260.647164][T16698] Buffer I/O error on dev loop6, logical block 0, async page read
[  260.655173][T16698] Buffer I/O error on dev loop6, logical block 0, async page read
[  260.656234][T16692] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  260.663136][T16698]  loop6: unable to read partition table
[  260.663179][T16698] loop_reread_partitions: partition scan of loop6 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  260.663179][T16698] 
) failed (rc=-5)
[  260.696636][   T29] audit: type=1400 audit(1736454130.005:104565): avc:  denied  { create } for  pid=16701 comm="syz.2.3197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  260.712310][T16702] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3197'.
[  260.717791][   T29] audit: type=1400 audit(1736454130.025:104566): avc:  denied  { write } for  pid=16701 comm="syz.2.3197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  260.748563][T16692] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  260.789083][T16692] EXT4-fs error (device loop1): __ext4_remount:6749: comm syz.1.3196: Abort forced by user
[  260.817532][T16697] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  260.829842][T16692] EXT4-fs (loop1): Remounting filesystem read-only
[  260.837027][T16692] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  260.852122][T16692] ext4 filesystem being remounted at /590/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  260.852422][T16697] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  260.890230][T16697] EXT4-fs (loop0): orphan cleanup on readonly fs
[  260.898867][T16702] bridge0: entered promiscuous mode
[  260.900993][T16697] EXT4-fs error (device loop0): ext4_map_blocks:705: inode #3: block 3: comm syz.0.3194: lblock 3 mapped to illegal pblock 3 (length 1)
[  260.920684][T16702] macvlan2: entered promiscuous mode
[  260.922315][T16697] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3194: Failed to acquire dquot type 0
[  260.941985][T16702] bridge0: port 3(macvlan2) entered blocking state
[  260.948624][T16702] bridge0: port 3(macvlan2) entered disabled state
[  260.949832][T16697] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #3: block 3: comm syz.0.3194: lblock 3 mapped to illegal pblock 3 (length 1)
[  260.977518][T16697] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3194: Failed to acquire dquot type 0
[  260.989112][T16697] EXT4-fs error (device loop0): ext4_free_blocks:6589: comm syz.0.3194: Freeing blocks not in datazone - block = 0, count = 4096
[  260.999116][T16702] macvlan2: entered allmulticast mode
[  261.008094][T16702] bridge0: entered allmulticast mode
[  261.014106][T16702] macvlan2: left allmulticast mode
[  261.019233][T16702] bridge0: left allmulticast mode
[  261.020172][T16697] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #3: block 3: comm syz.0.3194: lblock 3 mapped to illegal pblock 3 (length 1)
[  261.038476][T16702] bridge0: left promiscuous mode
[  261.045044][T16697] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3194: Failed to acquire dquot type 0
[  261.075978][T16697] EXT4-fs (loop0): 1 orphan inode deleted
[  261.082609][T16697] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  261.170337][T16720] IPv6: NLM_F_CREATE should be specified when creating new route
[  261.223582][T16008] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  261.425047][T16740] netlink: 64 bytes leftover after parsing attributes in process `syz.6.3211'.
[  261.438710][T16740] bridge0: entered promiscuous mode
[  261.444027][T16740] macvlan2: entered promiscuous mode
[  261.451313][T16740] bridge0: port 3(macvlan2) entered blocking state
[  261.457923][T16740] bridge0: port 3(macvlan2) entered disabled state
[  261.465163][T16740] macvlan2: entered allmulticast mode
[  261.470627][T16740] bridge0: entered allmulticast mode
[  261.476547][T16740] macvlan2: left allmulticast mode
[  261.481702][T16740] bridge0: left allmulticast mode
[  261.487389][T16740] bridge0: left promiscuous mode
[  261.496289][T16741] syz.2.3207[16741] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  261.496367][T16741] syz.2.3207[16741] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  261.508111][T16741] syz.2.3207[16741] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  261.523650][T16730] loop2: detected capacity change from 0 to 512
[  261.542068][T16730] ext4: Unknown parameter 'min_'
[  261.709147][T16758] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3215'.
[  261.854750][T16772] team_slave_1: entered promiscuous mode
[  261.860459][T16772] team_slave_1: entered allmulticast mode
[  262.053699][T16787] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3218'.
[  262.188568][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.190414][T16795] loop6: detected capacity change from 0 to 7
[  262.203900][T16795] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.211925][T16795] Buffer I/O error on dev loop6, logical block 0, async page read
[  262.219836][T16795]  loop6: unable to read partition table
[  262.225630][T16795] loop_reread_partitions: partition scan of loop6 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  262.225630][T16795] 
) failed (rc=-5)
[  262.260667][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  262.264791][T16810] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3220'.
[  262.367418][T16810] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  262.380026][ T8025] IPVS: starting estimator thread 0...
[  262.471123][T16826] IPVS: using max 2784 ests per chain, 139200 per kthread
[  262.593097][T16871] loop1: detected capacity change from 0 to 764
[  262.600990][T16871] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  262.659118][T16881] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3226'.
[  262.761355][T16897] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3233'.
[  262.770394][T16897] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3233'.
[  262.780740][T16897] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3233'.
[  262.811178][T16904] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3235'.
[  262.824565][T16904] bridge0: entered promiscuous mode
[  262.830010][T16904] macvlan2: entered promiscuous mode
[  262.838017][T16904] bridge0: port 3(macvlan2) entered blocking state
[  262.842542][T16906] loop2: detected capacity change from 0 to 764
[  262.844643][T16904] bridge0: port 3(macvlan2) entered disabled state
[  262.858731][T16904] macvlan2: entered allmulticast mode
[  262.862372][T16906] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  262.864229][T16904] bridge0: entered allmulticast mode
[  262.878454][T16904] macvlan2: left allmulticast mode
[  262.878742][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  262.883650][T16904] bridge0: left allmulticast mode
[  262.899611][T16904] bridge0: left promiscuous mode
[  262.988691][T16914] loop6: detected capacity change from 0 to 7
[  262.999749][T16914] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.034887][T16919] bond1: entered promiscuous mode
[  263.039999][T16919] bond1: entered allmulticast mode
[  263.049339][T16914] Buffer I/O error on dev loop6, logical block 0, async page read
[  263.057286][T16914]  loop6: unable to read partition table
[  263.068755][T16919] 8021q: adding VLAN 0 to HW filter on device bond1
[  263.084013][T16919] bond1 (unregistering): Released all slaves
[  263.095647][T16914] loop_reread_partitions: partition scan of loop6 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  263.095647][T16914] 
) failed (rc=-5)
[  263.097080][T16924] FAULT_INJECTION: forcing a failure.
[  263.097080][T16924] name failslab, interval 1, probability 0, space 0, times 0
[  263.121964][T16924] CPU: 0 UID: 0 PID: 16924 Comm: syz.0.3243 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  263.132773][T16924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  263.142893][T16924] Call Trace:
[  263.146232][T16924]  <TASK>
[  263.149160][T16924]  dump_stack_lvl+0xf2/0x150
[  263.153822][T16924]  dump_stack+0x15/0x1a
[  263.158038][T16924]  should_fail_ex+0x223/0x230
[  263.162715][T16924]  should_failslab+0x8f/0xb0
[  263.167365][T16924]  __kmalloc_node_noprof+0xad/0x410
[  263.172581][T16924]  ? __kvmalloc_node_noprof+0x72/0x170
[  263.178086][T16924]  __kvmalloc_node_noprof+0x72/0x170
[  263.183415][T16924]  alloc_fdtable+0xa5/0x1b0
[  263.187921][T16924]  dup_fd+0x60d/0x6a0
[  263.192401][T16924]  copy_files+0x98/0xe0
[  263.196757][T16924]  copy_process+0xcbf/0x1f90
[  263.201427][T16924]  kernel_clone+0x167/0x5e0
[  263.205984][T16924]  __se_sys_clone3+0x1ba/0x200
[  263.210823][T16924]  __x64_sys_clone3+0x31/0x40
[  263.215504][T16924]  x64_sys_call+0x2d56/0x2dc0
[  263.220176][T16924]  do_syscall_64+0xc9/0x1c0
[  263.224717][T16924]  ? clear_bhb_loop+0x55/0xb0
[  263.229392][T16924]  ? clear_bhb_loop+0x55/0xb0
[  263.234176][T16924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.240111][T16924] RIP: 0033:0x7f02e3b55d29
[  263.244597][T16924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.264283][T16924] RSP: 002b:00007f02e21c0f08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  263.272707][T16924] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f02e3b55d29
[  263.280692][T16924] RDX: 00007f02e21c0f20 RSI: 0000000000000058 RDI: 00007f02e21c0f20
[  263.288708][T16924] RBP: 00007f02e21c1090 R08: 0000000000000000 R09: 0000000000000058
[  263.297128][T16924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  263.305097][T16924] R13: 0000000000000000 R14: 00007f02e3d45fa0 R15: 00007ffca1290898
[  263.313075][T16924]  </TASK>
[  263.414656][T16921] lo speed is unknown, defaulting to 1000
[  263.433435][T16941] loop4: detected capacity change from 0 to 2048
[  263.473845][T16941] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  263.500501][T16941] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  263.523452][T16947] loop0: detected capacity change from 0 to 764
[  263.541399][T16947] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  263.542690][T14953] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.562551][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  263.599000][T12300] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.627172][T16954] bridge0: entered promiscuous mode
[  263.633860][T16954] macvlan2: entered promiscuous mode
[  263.640642][T16954] bridge0: port 3(macvlan2) entered blocking state
[  263.647308][T16954] bridge0: port 3(macvlan2) entered disabled state
[  263.661006][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  263.678604][T16954] macvlan2: entered allmulticast mode
[  263.684558][T16954] bridge0: entered allmulticast mode
[  263.693787][T16954] macvlan2: left allmulticast mode
[  263.698971][T16954] bridge0: left allmulticast mode
[  263.704960][T16954] bridge0: left promiscuous mode
[  263.717185][T16921] chnl_net:caif_netlink_parms(): no params data found
[  263.745158][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  263.757758][T12300] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.849350][T16979] loop0: detected capacity change from 0 to 512
[  263.856046][T16979] EXT4-fs: Ignoring removed orlov option
[  263.862701][T16979] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  263.972617][T16979] EXT4-fs (loop0): orphan cleanup on readonly fs
[  263.980148][T16979] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3252: bg 0: block 248: padding at end of block bitmap is not set
[  263.996232][T16979] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3252: Failed to acquire dquot type 1
[  264.012746][T16979] EXT4-fs (loop0): 1 truncate cleaned up
[  264.019811][T16979] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  264.042390][T16979] EXT4-fs: Ignoring removed orlov option
[  264.048312][T16979] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  264.062320][T16979] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  264.082636][T12300] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.108016][T16979] EXT4-fs error (device loop0): __ext4_remount:6749: comm syz.0.3252: Abort forced by user
[  264.121750][T16979] EXT4-fs (loop0): Remounting filesystem read-only
[  264.128339][T16979] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  264.140189][T16979] ext4 filesystem being remounted at /56/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  264.196396][T16990] loop6: detected capacity change from 0 to 7
[  264.238139][T16921] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.245349][T16921] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.263570][T16990] Buffer I/O error on dev loop6, logical block 0, async page read
[  264.277282][T16921] bridge_slave_0: entered allmulticast mode
[  264.283431][T16990] Buffer I/O error on dev loop6, logical block 0, async page read
[  264.291347][T16990]  loop6: unable to read partition table
[  264.299414][T16921] bridge_slave_0: entered promiscuous mode
[  264.308492][T12300] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  264.321573][T16990] loop_reread_partitions: partition scan of loop6 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  264.321573][T16990] 
) failed (rc=-5)
[  264.341517][T16921] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.348698][T16921] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.437399][T16921] bridge_slave_1: entered allmulticast mode
[  264.638408][T16921] bridge_slave_1: entered promiscuous mode
[  264.648734][T16996] loop2: detected capacity change from 0 to 764
[  264.696951][T16996] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  264.721205][T17000] loop4: detected capacity change from 0 to 764
[  264.736677][T16921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  264.779636][T17000] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  264.970775][T17013] x_tables: duplicate underflow at hook 1
[  264.983598][T12300] bond0 (unregistering): Released all slaves
[  264.994469][T16921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  265.003753][T17007] sch_tbf: peakrate 4294967295 is lower than or equals to rate 5342242241328896056 !
[  265.035526][T12300] tipc: Disabling bearer <udp:syz1>
[  265.040884][T12300] tipc: Left network mode
[  265.047460][T16921] team0: Port device team_slave_0 added
[  265.065492][T16921] team0: Port device team_slave_1 added
[  265.118053][T16921] batman_adv: batadv0: Adding interface: batadv_slave_0
[  265.125186][T16921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  265.151367][T16921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  265.195552][T17015] loop2: detected capacity change from 0 to 8192
[  265.196440][T16008] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.203957][   T29] kauditd_printk_skb: 319 callbacks suppressed
[  265.203972][   T29] audit: type=1400 audit(1736454134.514:104879): avc:  denied  { mount } for  pid=17014 comm="syz.2.3269" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  265.211887][T12300] hsr_slave_0: left promiscuous mode
[  265.245100][T12300] hsr_slave_1: left promiscuous mode
[  265.252637][T12300] veth1_macvtap: left promiscuous mode
[  265.258358][T12300] veth0_macvtap: left promiscuous mode
[  265.264208][T12300] veth1_vlan: left promiscuous mode
[  265.269751][T12300] veth0_vlan: left promiscuous mode
[  265.330960][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  265.396548][T16921] batman_adv: batadv0: Adding interface: batadv_slave_1
[  265.403707][T16921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  265.430093][T16921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  265.465452][T16921] hsr_slave_0: entered promiscuous mode
[  265.472765][T16921] hsr_slave_1: entered promiscuous mode
[  265.534579][   T29] audit: type=1400 audit(1736454134.853:104880): avc:  denied  { append } for  pid=17026 comm="syz.0.3273" name="001" dev="devtmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  265.604472][T12300] IPVS: stop unused estimator thread 0...
[  265.754843][T17032] loop4: detected capacity change from 0 to 128
[  265.764888][   T29] audit: type=1326 audit(1736454135.083:104881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17031 comm="syz.4.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73bc3a5d29 code=0x7ffc0000
[  265.790374][   T29] audit: type=1326 audit(1736454135.103:104882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17031 comm="syz.4.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73bc3a5d29 code=0x7ffc0000
[  265.815366][   T29] audit: type=1326 audit(1736454135.103:104883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17031 comm="syz.4.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7f73bc3a5d29 code=0x7ffc0000
[  265.858527][T17033] lo speed is unknown, defaulting to 1000
[  265.958742][T17033] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  266.051579][T17037] syz.4.3276[17037] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  266.051682][T17037] syz.4.3276[17037] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  266.099835][   T29] audit: type=1326 audit(1736454135.303:104884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17031 comm="syz.4.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73bc3a5d29 code=0x7ffc0000
[  266.132089][T17037] syz.4.3276[17037] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  266.135265][   T29] audit: type=1326 audit(1736454135.303:104885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17031 comm="syz.4.3275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73bc3a5d29 code=0x7ffc0000
[  266.170427][   T29] audit: type=1400 audit(1736454135.323:104886): avc:  denied  { unmount } for  pid=14953 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  266.241000][   T29] audit: type=1400 audit(1736454135.553:104887): avc:  denied  { read } for  pid=17040 comm="syz.4.3278" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  266.280438][   T29] audit: type=1400 audit(1736454135.553:104888): avc:  denied  { open } for  pid=17040 comm="syz.4.3278" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  266.295452][T16921] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  266.314029][T16921] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  266.323317][T16921] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  266.344000][T16921] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  266.390102][T17046] __nla_validate_parse: 5 callbacks suppressed
[  266.390120][T17046] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3280'.
[  266.468018][T16921] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.480026][T16921] 8021q: adding VLAN 0 to HW filter on device team0
[  266.499030][T16921] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  266.509614][T16921] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  266.525865][ T2842] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.533033][ T2842] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.562416][T17060] sg_write: data in/out 14238/8 bytes for SCSI command 0xd0-- guessing data in;
[  266.562416][T17060]    program gtp not setting count and/or reply_len properly
[  266.572461][ T2842] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.585633][T17063] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3287'.
[  266.585999][ T2842] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.594857][T17063] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3287'.
[  266.621455][T17065] loop6: detected capacity change from 0 to 512
[  266.630602][T17063] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3287'.
[  266.645688][T17065] EXT4-fs (loop6): failed to initialize system zone (-117)
[  266.652991][T17065] EXT4-fs (loop6): mount failed
[  266.687729][T17070] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3289'.
[  266.697116][T17070] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3289'.
[  266.712650][T16921] 8021q: adding VLAN 0 to HW filter on device batadv0
[  266.730217][T17074] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3290'.
[  266.776402][T17070] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  266.783755][T17070] IPv6: NLM_F_CREATE should be set when creating new route
[  266.793729][T17070] netlink: 'syz.4.3289': attribute type 27 has an invalid length.
[  266.799899][T17082] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3292'.
[  266.860855][T17070] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.868543][T17070] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.871568][T17086] netlink: 'syz.6.3293': attribute type 10 has an invalid length.
[  266.926591][T17070] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  266.937969][T17070] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  266.976115][T17070] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  266.985465][T17070] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  266.994502][T17070] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  267.004157][T17070] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  267.036640][T17086] syz_tun: entered promiscuous mode
[  267.044224][T17086] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  267.059527][T16921] veth0_vlan: entered promiscuous mode
[  267.067674][T16921] veth1_vlan: entered promiscuous mode
[  267.085006][T16921] veth0_macvtap: entered promiscuous mode
[  267.092664][T16921] veth1_macvtap: entered promiscuous mode
[  267.109029][T16921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  267.119743][T16921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.129650][T16921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  267.140541][T16921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.150551][T16921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  267.161180][T16921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.177955][T17095] loop2: detected capacity change from 0 to 512
[  267.184718][T17095] EXT4-fs: Ignoring removed orlov option
[  267.194926][T17095] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  267.210442][T17097] loop4: detected capacity change from 0 to 512
[  267.218392][T17095] EXT4-fs (loop2): orphan cleanup on readonly fs
[  267.226947][T17095] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3294: bg 0: block 248: padding at end of block bitmap is not set
[  267.245162][T17095] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.3294: Failed to acquire dquot type 1
[  267.258156][T17095] EXT4-fs (loop2): 1 truncate cleaned up
[  267.266146][T16921] batman_adv: batadv0: Interface activated: batadv_slave_0
[  267.278820][T17097] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.3295: corrupted in-inode xattr: invalid ea_ino
[  267.318359][T17097] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.3295: couldn't read orphan inode 15 (err -117)
[  267.349327][T16921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  267.359935][T16921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.369877][T16921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  267.380395][T16921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.390296][T16921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  267.400727][T16921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.461536][T17097] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  267.558099][T17107] loop0: detected capacity change from 0 to 128
[  267.689954][T17107] syz.0.3298: attempt to access beyond end of device
[  267.689954][T17107] loop0: rw=0, sector=121, nr_sectors = 920 limit=128
[  267.747041][T16921] batman_adv: batadv0: Interface activated: batadv_slave_1
[  267.767914][T17111] netlink: 'syz.6.3299': attribute type 1 has an invalid length.
[  267.781107][T16921] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  267.790194][T16921] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  267.799157][T16921] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  267.807963][T16921] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  267.899729][T17116] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3301'.
[  267.967301][T17118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3302'.
[  268.055275][T17095] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  268.078438][T17095] EXT4-fs: Ignoring removed orlov option
[  268.084205][T17095] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  268.093008][T17095] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  268.114045][T17095] EXT4-fs error (device loop2): __ext4_remount:6749: comm syz.2.3294: Abort forced by user
[  268.125958][T17095] EXT4-fs (loop2): Remounting filesystem read-only
[  268.132509][T17095] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  268.143067][T17095] ext4 filesystem being remounted at /72/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  268.160669][T14953] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.195664][T17123] ªªªªªª: renamed from syzkaller0
[  268.215134][T17127] FAULT_INJECTION: forcing a failure.
[  268.215134][T17127] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  268.228446][T17127] CPU: 1 UID: 0 PID: 17127 Comm: syz.4.3300 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  268.239218][T17127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  268.249323][T17127] Call Trace:
[  268.252616][T17127]  <TASK>
[  268.255547][T17127]  dump_stack_lvl+0xf2/0x150
[  268.260245][T17127]  dump_stack+0x15/0x1a
[  268.264479][T17127]  should_fail_ex+0x223/0x230
[  268.269180][T17127]  should_fail+0xb/0x10
[  268.273349][T17127]  should_fail_usercopy+0x1a/0x20
[  268.278385][T17127]  _copy_from_iter+0xd5/0xd00
[  268.283106][T17127]  ? alloc_pages_mpol_noprof+0xd5/0x1e0
[  268.288754][T17127]  copy_page_from_iter+0x14f/0x280
[  268.293967][T17127]  tun_get_user+0x68b/0x25c0
[  268.298705][T17127]  ? avc_has_perm+0xd4/0x160
[  268.303309][T17127]  ? ref_tracker_alloc+0x1f5/0x2f0
[  268.308478][T17127]  tun_chr_write_iter+0x188/0x240
[  268.313545][T17127]  vfs_write+0x77f/0x920
[  268.317934][T17127]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  268.323524][T17127]  ksys_write+0xe8/0x1b0
[  268.327893][T17127]  __x64_sys_write+0x42/0x50
[  268.332555][T17127]  x64_sys_call+0x287e/0x2dc0
[  268.337225][T17127]  do_syscall_64+0xc9/0x1c0
[  268.341739][T17127]  ? clear_bhb_loop+0x55/0xb0
[  268.346449][T17127]  ? clear_bhb_loop+0x55/0xb0
[  268.351235][T17127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.357146][T17127] RIP: 0033:0x7f73bc3a47df
[  268.361645][T17127] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  268.381266][T17127] RSP: 002b:00007f73baa17000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  268.389676][T17127] RAX: ffffffffffffffda RBX: 00007f73bc595fa0 RCX: 00007f73bc3a47df
[  268.397719][T17127] RDX: 00000000000008b9 RSI: 0000000020000300 RDI: 00000000000000c8
[  268.405682][T17127] RBP: 00007f73baa17090 R08: 0000000000000000 R09: 0000000000000000
[  268.413682][T17127] R10: 00000000000008b9 R11: 0000000000000293 R12: 0000000000000001
[  268.421656][T17127] R13: 0000000000000000 R14: 00007f73bc595fa0 R15: 00007ffd8f62bbf8
[  268.429630][T17127]  </TASK>
[  268.672257][T17136] IPv6: NLM_F_CREATE should be specified when creating new route
[  268.703837][T17133] loop1: detected capacity change from 0 to 1024
[  268.746796][T17133] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  268.767621][T17133] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  268.793912][T17142] macvlan2: entered promiscuous mode
[  268.799265][T17142] bridge0: entered promiscuous mode
[  268.805402][T17142] bridge0: port 3(macvlan2) entered blocking state
[  268.808625][T15905] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.812046][T17142] bridge0: port 3(macvlan2) entered disabled state
[  268.827577][T17142] macvlan2: entered allmulticast mode
[  268.832978][T17142] bridge0: entered allmulticast mode
[  268.841188][T17142] macvlan2: left allmulticast mode
[  268.846560][T17142] bridge0: left allmulticast mode
[  268.854956][T17142] bridge0: left promiscuous mode
[  268.860847][T16921] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.873341][T17148] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  268.880672][T17148] IPv6: NLM_F_CREATE should be set when creating new route
[  268.891609][T17148] netlink: 'syz.2.3312': attribute type 27 has an invalid length.
[  268.910203][T17150] loop1: detected capacity change from 0 to 164
[  268.919446][T17150] syz.1.3313: attempt to access beyond end of device
[  268.919446][T17150] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  268.933544][T17150] syz.1.3313: attempt to access beyond end of device
[  268.933544][T17150] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164
[  268.979903][T17148] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.987111][T17148] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.069363][T17148] team_slave_1: left promiscuous mode
[  269.075086][T17148] team_slave_1: left allmulticast mode
[  269.086778][T17148] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  269.097465][T17148] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  269.129542][T17148] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  269.138628][T17148] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  269.147672][T17148] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  269.157326][T17148] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  269.228542][T17162] loop0: detected capacity change from 0 to 8192
[  269.256411][T17170] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125
[  269.276053][T17169] loop2: detected capacity change from 0 to 2048
[  269.325599][T17169] Alternate GPT is invalid, using primary GPT.
[  269.331928][T17169]  loop2: p1 p2 p3
[  269.356266][T17177] FAULT_INJECTION: forcing a failure.
[  269.356266][T17177] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  269.369413][T17177] CPU: 1 UID: 0 PID: 17177 Comm: syz.2.3323 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  269.380249][T17177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  269.390314][T17177] Call Trace:
[  269.393586][T17177]  <TASK>
[  269.396510][T17177]  dump_stack_lvl+0xf2/0x150
[  269.401123][T17177]  dump_stack+0x15/0x1a
[  269.405435][T17177]  should_fail_ex+0x223/0x230
[  269.410107][T17177]  should_fail+0xb/0x10
[  269.414256][T17177]  should_fail_usercopy+0x1a/0x20
[  269.419342][T17177]  _copy_to_user+0x20/0xa0
[  269.423804][T17177]  __x64_sys_rt_sigpending+0x128/0x170
[  269.429318][T17177]  x64_sys_call+0x277a/0x2dc0
[  269.433995][T17177]  do_syscall_64+0xc9/0x1c0
[  269.438550][T17177]  ? clear_bhb_loop+0x55/0xb0
[  269.443229][T17177]  ? clear_bhb_loop+0x55/0xb0
[  269.447976][T17177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.453924][T17177] RIP: 0033:0x7f79b5a15d29
[  269.458387][T17177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.478064][T17177] RSP: 002b:00007f79b4087038 EFLAGS: 00000246 ORIG_RAX: 000000000000007f
[  269.486491][T17177] RAX: ffffffffffffffda RBX: 00007f79b5c05fa0 RCX: 00007f79b5a15d29
[  269.494531][T17177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  269.502570][T17177] RBP: 00007f79b4087090 R08: 0000000000000000 R09: 0000000000000000
[  269.511207][T17177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  269.519165][T17177] R13: 0000000000000000 R14: 00007f79b5c05fa0 R15: 00007ffe58657ab8
[  269.527128][T17177]  </TASK>
[  269.548483][T17179] loop2: detected capacity change from 0 to 512
[  269.556638][T17179] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.3324: corrupted in-inode xattr: invalid ea_ino
[  269.570369][T17179] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.3324: couldn't read orphan inode 15 (err -117)
[  269.585070][T17179] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.600915][T17185] bridge0: entered promiscuous mode
[  269.606212][T17185] macvlan2: entered promiscuous mode
[  269.610180][T17179] 9pnet: Could not find request transport: f0xffffffffffffffff
[  269.612826][T17185] bridge0: port 3(macvlan2) entered blocking state
[  269.625763][T17185] bridge0: port 3(macvlan2) entered disabled state
[  269.632587][T17185] macvlan2: entered allmulticast mode
[  269.638246][T17185] bridge0: entered allmulticast mode
[  269.644427][T17185] macvlan2: left allmulticast mode
[  269.649587][T17185] bridge0: left allmulticast mode
[  269.655302][T15905] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.669839][T17185] bridge0: left promiscuous mode
[  269.702597][T17188] loop2: detected capacity change from 0 to 2048
[  269.716936][T17188] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  269.736821][T17188] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  269.756084][T17194] loop4: detected capacity change from 0 to 128
[  269.778683][T17196] veth4: entered promiscuous mode
[  269.783794][T17196] veth4: entered allmulticast mode
[  269.789773][T17194] syz.4.3329: attempt to access beyond end of device
[  269.789773][T17194] loop4: rw=0, sector=121, nr_sectors = 920 limit=128
[  269.812295][T15905] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.834885][T17202] loop2: detected capacity change from 0 to 128
[  269.972738][T17219] loop4: detected capacity change from 0 to 764
[  269.980979][T17219] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  270.035348][T17227] loop1: detected capacity change from 0 to 2048
[  270.063149][T17229] loop6: detected capacity change from 0 to 2048
[  270.064362][T17227] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.090264][T17227] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  270.120216][T17229] syz.6.3344[17229] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  270.120279][T17229] syz.6.3344[17229] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  270.147519][T17241] loop4: detected capacity change from 0 to 128
[  270.149652][T17229] syz.6.3344[17229] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  270.167642][T16921] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.205976][T17243] loop2: detected capacity change from 0 to 128
[  270.206574][   T29] kauditd_printk_skb: 518 callbacks suppressed
[  270.206662][   T29] audit: type=1326 audit(1736454139.522:105403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17228 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f9406c9498a code=0x7ffc0000
[  270.234900][T17243] syz.2.3349: attempt to access beyond end of device
[  270.234900][T17243] loop2: rw=0, sector=121, nr_sectors = 920 limit=128
[  270.260568][   T29] audit: type=1326 audit(1736454139.562:105404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17228 comm="syz.6.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9406c95d29 code=0x7ffc0000
[  270.284554][T17245] loop1: detected capacity change from 0 to 1024
[  270.291451][   T29] audit: type=1400 audit(1736454139.602:105405): avc:  denied  { unmount } for  pid=14953 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  270.325495][   T29] audit: type=1400 audit(1736454139.642:105406): avc:  denied  { sqpoll } for  pid=17252 comm="syz.6.3353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  270.345782][   T29] audit: type=1400 audit(1736454139.642:105407): avc:  denied  { create } for  pid=17252 comm="syz.6.3353" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  270.368797][   T29] audit: type=1400 audit(1736454139.642:105408): avc:  denied  { read write } for  pid=14953 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  270.393991][   T29] audit: type=1400 audit(1736454139.642:105409): avc:  denied  { open } for  pid=14953 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  270.401533][T17256] syz.4.3354[17256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  270.418663][T17256] syz.4.3354[17256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  270.419152][   T29] audit: type=1400 audit(1736454139.642:105410): avc:  denied  { ioctl } for  pid=14953 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=104 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  270.430164][T17256] syz.4.3354[17256] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  270.441466][   T29] audit: type=1400 audit(1736454139.642:105411): avc:  denied  { create } for  pid=17252 comm="syz.6.3353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  270.499787][   T29] audit: type=1400 audit(1736454139.642:105412): avc:  denied  { open } for  pid=17252 comm="syz.6.3353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  270.529568][T17245] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.666621][T17269] loop4: detected capacity change from 0 to 512
[  270.673308][T17269] EXT4-fs: Ignoring removed orlov option
[  270.688742][T17269] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  270.698408][T16921] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.715623][T17269] EXT4-fs (loop4): orphan cleanup on readonly fs
[  270.722640][T17269] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3354: bg 0: block 248: padding at end of block bitmap is not set
[  270.748733][T17269] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3354: Failed to acquire dquot type 1
[  270.761563][T17269] EXT4-fs (loop4): 1 truncate cleaned up
[  270.810989][T17269] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  270.924165][T17269] EXT4-fs: Ignoring removed orlov option
[  270.930567][T17269] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  270.949175][T17269] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  271.028304][T17269] EXT4-fs error (device loop4): __ext4_remount:6749: comm syz.4.3354: Abort forced by user
[  271.053464][T17269] EXT4-fs (loop4): Remounting filesystem read-only
[  271.060077][T17269] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  271.076506][T17298] FAULT_INJECTION: forcing a failure.
[  271.076506][T17298] name failslab, interval 1, probability 0, space 0, times 0
[  271.089190][T17298] CPU: 1 UID: 0 PID: 17298 Comm: syz.6.3368 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  271.092855][T17269] ext4 filesystem being remounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  271.099943][T17298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  271.100032][T17298] Call Trace:
[  271.100038][T17298]  <TASK>
[  271.100101][T17298]  dump_stack_lvl+0xf2/0x150
[  271.100137][T17298]  dump_stack+0x15/0x1a
[  271.100166][T17298]  should_fail_ex+0x223/0x230
[  271.100191][T17298]  ? audit_log_d_path+0x96/0x250
[  271.100251][T17298]  should_failslab+0x8f/0xb0
[  271.100282][T17298]  __kmalloc_cache_noprof+0x4e/0x320
[  271.100358][T17298]  audit_log_d_path+0x96/0x250
[  271.100379][T17298]  ? __rcu_read_unlock+0x4e/0x70
[  271.100486][T17298]  audit_log_d_path_exe+0x42/0x70
[  271.100526][T17298]  audit_log_task+0x192/0x1c0
[  271.100549][T17298]  audit_seccomp+0x68/0x130
[  271.100568][T17298]  __seccomp_filter+0x6fa/0x1180
[  271.100609][T17298]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  271.190120][T17298]  ? vfs_write+0x596/0x920
[  271.194583][T17298]  ? __schedule+0x6fa/0x930
[  271.199123][T17298]  __secure_computing+0x9f/0x1c0
[  271.204071][T17298]  syscall_trace_enter+0xd1/0x1f0
[  271.209164][T17298]  do_syscall_64+0xaa/0x1c0
[  271.213774][T17298]  ? clear_bhb_loop+0x55/0xb0
[  271.218542][T17298]  ? clear_bhb_loop+0x55/0xb0
[  271.223250][T17298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  271.229249][T17298] RIP: 0033:0x7f9406c95d29
[  271.233681][T17298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  271.253311][T17298] RSP: 002b:00007f9405307038 EFLAGS: 00000246 ORIG_RAX: 000000000000007f
[  271.261759][T17298] RAX: ffffffffffffffda RBX: 00007f9406e85fa0 RCX: 00007f9406c95d29
[  271.269814][T17298] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  271.277850][T17298] RBP: 00007f9405307090 R08: 0000000000000000 R09: 0000000000000000
[  271.285844][T17298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  271.293810][T17298] R13: 0000000000000000 R14: 00007f9406e85fa0 R15: 00007fffe2586678
[  271.301855][T17298]  </TASK>
[  271.506350][T17320] netlink: 'syz.0.3376': attribute type 1 has an invalid length.
[  271.542635][T17322] loop0: detected capacity change from 0 to 128
[  271.606810][T17324] syz.0.3378[17324] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  271.606920][T17324] syz.0.3378[17324] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  271.623040][T17324] syz.0.3378[17324] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  271.671559][T17324] veth1_macvtap: left promiscuous mode
[  271.813461][T17330] loop0: detected capacity change from 0 to 764
[  271.821085][T17330] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  271.832748][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  271.894329][T17333] xt_TPROXY: Can be used only with -p tcp or -p udp
[  271.967590][T17341] FAULT_INJECTION: forcing a failure.
[  271.967590][T17341] name failslab, interval 1, probability 0, space 0, times 0
[  271.980302][T17341] CPU: 0 UID: 0 PID: 17341 Comm: syz.1.3384 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  271.991064][T17341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  272.001123][T17341] Call Trace:
[  272.004397][T17341]  <TASK>
[  272.007400][T17341]  dump_stack_lvl+0xf2/0x150
[  272.012006][T17341]  dump_stack+0x15/0x1a
[  272.016177][T17341]  should_fail_ex+0x223/0x230
[  272.020904][T17341]  should_failslab+0x8f/0xb0
[  272.025943][T17341]  kmem_cache_alloc_noprof+0x52/0x320
[  272.031350][T17341]  ? __anon_vma_prepare+0x73/0x310
[  272.036549][T17341]  ? __alloc_pages_noprof+0x1bc/0x340
[  272.042013][T17341]  __anon_vma_prepare+0x73/0x310
[  272.047024][T17341]  ? do_wp_page+0x100e/0x2340
[  272.051726][T17341]  do_wp_page+0x1016/0x2340
[  272.056363][T17341]  ? __rcu_read_lock+0x36/0x50
[  272.061184][T17341]  handle_mm_fault+0xc63/0x2ac0
[  272.066072][T17341]  exc_page_fault+0x3b9/0x650
[  272.070848][T17341]  asm_exc_page_fault+0x26/0x30
[  272.075701][T17341] RIP: 0033:0x7fd23b4d8ba3
[  272.080141][T17341] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  272.099784][T17341] RSP: 002b:00007fd239c864a0 EFLAGS: 00010202
[  272.105887][T17341] RAX: 0000000000000400 RBX: 00007fd239c86540 RCX: 00007fd231867000
[  272.113859][T17341] RDX: 00007fd239c866e0 RSI: 0000000000000001 RDI: 00007fd239c865e0
[  272.121857][T17341] RBP: 00000000000000f9 R08: 0000000000000008 R09: 00000000000000a5
[  272.129833][T17341] R10: 00000000000000c6 R11: 00007fd239c86540 R12: 0000000000000001
[  272.137837][T17341] R13: 00007fd23b6a9040 R14: 0000000000000020 R15: 00007fd239c865e0
[  272.145822][T17341]  </TASK>
[  272.149843][T17341] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  272.210090][T17347] netlink: 'syz.0.3387': attribute type 4 has an invalid length.
[  272.231496][T17341] loop1: detected capacity change from 0 to 512
[  272.257291][T17341] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  272.288628][T17341] EXT4-fs error (device loop1): ext4_orphan_get:1389: inode #17: comm syz.1.3384: iget: bad i_size value: -6917529027641081756
[  272.325582][T17341] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.3384: couldn't read orphan inode 17 (err -117)
[  272.349500][T17341] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.557751][T17345] Restarting kernel threads ... done.
[  272.632330][T17345] __nla_validate_parse: 8 callbacks suppressed
[  272.632361][T17345] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3386'.
[  272.648284][T17345] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3386'.
[  272.678353][T17345] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3386'.
[  272.694122][T17368] loop0: detected capacity change from 0 to 128
[  272.778483][T17368] syz.0.3393: attempt to access beyond end of device
[  272.778483][T17368] loop0: rw=0, sector=121, nr_sectors = 920 limit=128
[  272.804562][T17370] loop4: detected capacity change from 0 to 128
[  272.828657][T17372] loop2: detected capacity change from 0 to 764
[  272.843546][T17372] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  272.862513][T17370] syz.4.3394: attempt to access beyond end of device
[  272.862513][T17370] loop4: rw=0, sector=121, nr_sectors = 920 limit=128
[  272.983314][T17379] loop0: detected capacity change from 0 to 1024
[  272.997427][T17379] EXT4-fs: Ignoring removed orlov option
[  273.003853][T17379] EXT4-fs (loop0): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  273.137763][T17397] loop2: detected capacity change from 0 to 128
[  273.192555][T17399] loop2: detected capacity change from 0 to 764
[  273.207264][T17399] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  273.299094][T17408] loop0: detected capacity change from 0 to 764
[  273.306131][T17408] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  273.352104][T17412] loop6: detected capacity change from 0 to 764
[  273.361397][T17412] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  273.469616][T17419] loop1: detected capacity change from 0 to 764
[  273.471197][T17420] loop0: detected capacity change from 0 to 4096
[  273.485584][T17419] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  273.497116][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  273.518345][T17414] EXT4-fs error (device loop0): ext4_empty_dir:3112: inode #12: block 80: comm syz.0.3408: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  273.537930][T17414] EXT4-fs warning (device loop0): ext4_empty_dir:3114: inode #12: comm syz.0.3408: directory missing '..'
[  273.584128][T17427] 9pnet_fd: Insufficient options for proto=fd
[  273.615031][T17434] FAULT_INJECTION: forcing a failure.
[  273.615031][T17434] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  273.628184][T17434] CPU: 1 UID: 0 PID: 17434 Comm: syz.0.3411 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  273.639073][T17434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  273.649131][T17434] Call Trace:
[  273.652422][T17434]  <TASK>
[  273.655353][T17434]  dump_stack_lvl+0xf2/0x150
[  273.660060][T17434]  dump_stack+0x15/0x1a
[  273.664214][T17434]  should_fail_ex+0x223/0x230
[  273.668945][T17434]  should_fail+0xb/0x10
[  273.673169][T17434]  should_fail_usercopy+0x1a/0x20
[  273.678193][T17434]  _copy_from_user+0x1e/0xb0
[  273.682802][T17434]  ucma_write+0xd4/0x240
[  273.687097][T17434]  vfs_writev+0x3fb/0x880
[  273.691466][T17434]  ? __pfx_ucma_write+0x10/0x10
[  273.696356][T17434]  do_writev+0xf4/0x220
[  273.700553][T17434]  __x64_sys_writev+0x45/0x50
[  273.705259][T17434]  x64_sys_call+0x1fab/0x2dc0
[  273.709931][T17434]  do_syscall_64+0xc9/0x1c0
[  273.714477][T17434]  ? clear_bhb_loop+0x55/0xb0
[  273.719299][T17434]  ? clear_bhb_loop+0x55/0xb0
[  273.723971][T17434]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.729871][T17434] RIP: 0033:0x7f02e3b55d29
[  273.734280][T17434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.754102][T17434] RSP: 002b:00007f02e21c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  273.762544][T17434] RAX: ffffffffffffffda RBX: 00007f02e3d45fa0 RCX: 00007f02e3b55d29
[  273.771173][T17434] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000004
[  273.779148][T17434] RBP: 00007f02e21c1090 R08: 0000000000000000 R09: 0000000000000000
[  273.787120][T17434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  273.795084][T17434] R13: 0000000000000000 R14: 00007f02e3d45fa0 R15: 00007ffca1290898
[  273.803055][T17434]  </TASK>
[  273.831259][ T3376] IPVS: starting estimator thread 0...
[  273.837944][T17439] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3415'.
[  273.853549][T17439] loop0: detected capacity change from 0 to 1024
[  273.862955][T17436] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3414'.
[  273.872052][T17436] netlink: 'syz.1.3414': attribute type 7 has an invalid length.
[  273.880822][T17439] EXT4-fs: Ignoring removed nobh option
[  273.886862][T17439] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  273.945516][T17440] IPVS: using max 2832 ests per chain, 141600 per kthread
[  273.966345][T17449] loop4: detected capacity change from 0 to 764
[  273.974083][T17449] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  274.127024][T17475] 9pnet_fd: Insufficient options for proto=fd
[  274.143548][T17480] loop0: detected capacity change from 0 to 512
[  274.152477][T17480] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  274.180505][T17480] EXT4-fs (loop0): 1 truncate cleaned up
[  274.205403][T17480] loop0: detected capacity change from 0 to 256
[  274.207294][T17490] loop6: detected capacity change from 0 to 512
[  274.237727][T17480] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000001)
[  274.295079][T17503] loop0: detected capacity change from 0 to 128
[  274.305076][T17509] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3428'.
[  274.342604][T17503] syz.0.3427: attempt to access beyond end of device
[  274.342604][T17503] loop0: rw=0, sector=121, nr_sectors = 920 limit=128
[  274.480349][T17538] loop0: detected capacity change from 0 to 764
[  274.487921][T17538] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  274.499327][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  274.646787][T17570] loop0: detected capacity change from 0 to 1024
[  274.653647][T17570] EXT4-fs: Ignoring removed orlov option
[  274.660357][T17570] EXT4-fs (loop0): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  274.741603][T17587] loop4: detected capacity change from 0 to 1024
[  274.749852][T17587] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  274.769394][T17587] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  274.786464][T17587] EXT4-fs (loop4): orphan cleanup on readonly fs
[  274.787454][T17593] loop0: detected capacity change from 0 to 764
[  274.793909][T17587] EXT4-fs error (device loop4): ext4_map_blocks:705: inode #3: block 3: comm syz.4.3424: lblock 3 mapped to illegal pblock 3 (length 1)
[  274.813882][T17587] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3424: Failed to acquire dquot type 0
[  274.817410][T17593] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  274.834622][T17587] EXT4-fs error (device loop4): ext4_map_blocks:671: inode #3: block 3: comm syz.4.3424: lblock 3 mapped to illegal pblock 3 (length 1)
[  274.874196][T17587] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3424: Failed to acquire dquot type 0
[  274.922568][T17622] loop2: detected capacity change from 0 to 128
[  274.940130][T17587] EXT4-fs error (device loop4): ext4_free_blocks:6589: comm syz.4.3424: Freeing blocks not in datazone - block = 0, count = 4096
[  274.958633][T17587] EXT4-fs error (device loop4): ext4_map_blocks:671: inode #3: block 3: comm syz.4.3424: lblock 3 mapped to illegal pblock 3 (length 1)
[  274.979116][T17624] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3436'.
[  274.990610][T17587] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3424: Failed to acquire dquot type 0
[  275.010900][T17587] EXT4-fs (loop4): 1 orphan inode deleted
[  275.011799][T17624] bridge_slave_0: left allmulticast mode
[  275.022541][T17624] bridge_slave_0: left promiscuous mode
[  275.028333][T17624] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.044883][T17624] bridge_slave_1: left allmulticast mode
[  275.050637][T17624] bridge_slave_1: left promiscuous mode
[  275.056576][T17624] bridge0: port 2(bridge_slave_1) entered disabled state
[  275.069118][T17635] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=17635 comm=syz.1.3436
[  275.075195][T17624] bond0: (slave bond_slave_0): Releasing backup interface
[  275.093367][T17624] bond0: (slave bond_slave_1): Releasing backup interface
[  275.106891][T17624] team0: Port device team_slave_0 removed
[  275.114281][T17640] syz.0.3439[17640] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  275.114470][T17640] syz.0.3439[17640] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  275.116448][T17624] team0: Port device team_slave_1 removed
[  275.127709][T17640] syz.0.3439[17640] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  275.139200][T17624] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  275.163503][T17624] batman_adv: batadv0: Removing interface: batadv_slave_0
[  275.174488][T17624] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  275.182047][T17624] batman_adv: batadv0: Removing interface: batadv_slave_1
[  275.209784][T17642] ebtables: ebtables: counters copy to user failed while replacing table
[  275.219369][   T29] kauditd_printk_skb: 512 callbacks suppressed
[  275.219382][   T29] audit: type=1400 audit(1736454144.530:105914): avc:  denied  { read } for  pid=17645 comm="syz.4.3441" dev="nsfs" ino=4026532376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  275.224522][T17642] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3440'.
[  275.233606][   T29] audit: type=1400 audit(1736454144.530:105915): avc:  denied  { open } for  pid=17645 comm="syz.4.3441" path="net:[4026532376]" dev="nsfs" ino=4026532376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  275.253122][T17642] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  275.264850][T17634] loop2: detected capacity change from 0 to 256
[  275.293825][   T29] audit: type=1400 audit(1736454144.560:105916): avc:  denied  { create } for  pid=17641 comm="syz.0.3440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  275.314390][   T29] audit: type=1400 audit(1736454144.560:105917): avc:  denied  { write } for  pid=17641 comm="syz.0.3440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  275.334812][   T29] audit: type=1326 audit(1736454144.570:105918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17633 comm="syz.2.3437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79b5a15d29 code=0x7ffc0000
[  275.358791][   T29] audit: type=1326 audit(1736454144.570:105919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17633 comm="syz.2.3437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f79b5a15d29 code=0x7ffc0000
[  275.361383][T17634] FAT-fs (loop2): Directory bread(block 64) failed
[  275.382808][   T29] audit: type=1400 audit(1736454144.570:105920): avc:  denied  { create } for  pid=17633 comm="syz.2.3437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  275.393672][T17634] FAT-fs (loop2): Directory bread(block 65) failed
[  275.409695][   T29] audit: type=1326 audit(1736454144.570:105921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17633 comm="syz.2.3437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79b5a15d29 code=0x7ffc0000
[  275.409724][   T29] audit: type=1326 audit(1736454144.570:105922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17633 comm="syz.2.3437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f79b5a15d29 code=0x7ffc0000
[  275.409748][   T29] audit: type=1400 audit(1736454144.570:105923): avc:  denied  { write } for  pid=17633 comm="syz.2.3437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  275.452147][T17650] loop1: detected capacity change from 0 to 8192
[  275.473268][T17634] FAT-fs (loop2): Directory bread(block 66) failed
[  275.499079][T17634] FAT-fs (loop2): Directory bread(block 67) failed
[  275.505683][T17634] FAT-fs (loop2): Directory bread(block 68) failed
[  275.512514][T17634] FAT-fs (loop2): Directory bread(block 69) failed
[  275.519131][T17634] FAT-fs (loop2): Directory bread(block 70) failed
[  275.525739][T17634] FAT-fs (loop2): Directory bread(block 71) failed
[  275.533062][T17634] FAT-fs (loop2): Directory bread(block 72) failed
[  275.539736][T17634] FAT-fs (loop2): Directory bread(block 73) failed
[  275.609108][T17661] loop6: detected capacity change from 0 to 128
[  275.670079][T17661] syz.6.3446: attempt to access beyond end of device
[  275.670079][T17661] loop6: rw=0, sector=121, nr_sectors = 920 limit=128
[  275.814978][T17688] loop6: detected capacity change from 0 to 128
[  275.924336][T17708] loop6: detected capacity change from 0 to 764
[  275.932444][T17708] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  276.199543][T17750] loop0: detected capacity change from 0 to 1024
[  276.206725][T17750] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  276.218569][T17750] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  276.227326][T17750] EXT4-fs (loop0): orphan cleanup on readonly fs
[  276.237425][T17757] loop1: detected capacity change from 0 to 128
[  276.241120][T17750] EXT4-fs error (device loop0): ext4_map_blocks:705: inode #3: block 3: comm syz.0.3444: lblock 3 mapped to illegal pblock 3 (length 1)
[  276.257959][T17750] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3444: Failed to acquire dquot type 0
[  276.269802][T17750] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #3: block 3: comm syz.0.3444: lblock 3 mapped to illegal pblock 3 (length 1)
[  276.284659][T17750] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3444: Failed to acquire dquot type 0
[  276.297020][T17750] EXT4-fs error (device loop0): ext4_free_blocks:6589: comm syz.0.3444: Freeing blocks not in datazone - block = 0, count = 4096
[  276.311591][T17750] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #3: block 3: comm syz.0.3444: lblock 3 mapped to illegal pblock 3 (length 1)
[  276.326058][T17750] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3444: Failed to acquire dquot type 0
[  276.337496][T17750] EXT4-fs (loop0): 1 orphan inode deleted
[  276.594858][T17816] loop0: detected capacity change from 0 to 128
[  276.604185][T17812] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3452'.
[  276.621817][T17819] loop1: detected capacity change from 0 to 1024
[  276.628751][T17819] EXT4-fs: Ignoring removed nobh option
[  276.630872][T17816] syz.0.3457: attempt to access beyond end of device
[  276.630872][T17816] loop0: rw=0, sector=121, nr_sectors = 920 limit=128
[  276.634885][T17819] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  276.658368][T17819] EXT4-fs mount: 16 callbacks suppressed
[  276.658383][T17819] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.703027][T17819] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  276.767053][T17819] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  276.793651][T17827] loop6: detected capacity change from 0 to 764
[  276.801932][T17827] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  276.894228][T17830] lo speed is unknown, defaulting to 1000
[  276.987928][T17830] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD
[  277.056853][T16921] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.367305][T17840] loop0: detected capacity change from 0 to 1024
[  277.374979][T17840] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  277.398427][T17840] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  277.406949][T17840] EXT4-fs (loop0): orphan cleanup on readonly fs
[  277.414177][T17840] EXT4-fs error (device loop0): ext4_map_blocks:705: inode #3: block 3: comm syz.0.3460: lblock 3 mapped to illegal pblock 3 (length 1)
[  277.432309][T17840] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3460: Failed to acquire dquot type 0
[  277.443905][T17840] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #3: block 3: comm syz.0.3460: lblock 3 mapped to illegal pblock 3 (length 1)
[  277.459554][T17840] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3460: Failed to acquire dquot type 0
[  277.471186][T17840] EXT4-fs error (device loop0): ext4_free_blocks:6589: comm syz.0.3460: Freeing blocks not in datazone - block = 0, count = 4096
[  277.484884][T17840] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #3: block 3: comm syz.0.3460: lblock 3 mapped to illegal pblock 3 (length 1)
[  277.499441][T17840] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3460: Failed to acquire dquot type 0
[  277.511000][T17840] EXT4-fs (loop0): 1 orphan inode deleted
[  277.517196][T17840] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  277.585450][T17843] loop4: detected capacity change from 0 to 512
[  277.592982][T17843] EXT4-fs: Ignoring removed orlov option
[  277.630837][T17843] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  277.683738][T17845] program syz.2.3465 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  277.727161][T17843] EXT4-fs (loop4): orphan cleanup on readonly fs
[  277.734427][T17843] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3464: bg 0: block 248: padding at end of block bitmap is not set
[  277.751437][T17843] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3464: Failed to acquire dquot type 1
[  277.763542][T17843] EXT4-fs (loop4): 1 truncate cleaned up
[  277.771638][T17843] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  277.787845][T17843] EXT4-fs: Ignoring removed orlov option
[  277.793603][T17843] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  277.803695][T16008] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.816913][T17843] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  277.844486][T17845] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  277.867506][T17843] EXT4-fs error (device loop4): __ext4_remount:6749: comm syz.4.3464: Abort forced by user
[  277.878779][T17843] EXT4-fs (loop4): Remounting filesystem read-only
[  277.885357][T17843] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  277.895833][T17843] ext4 filesystem being remounted at /126/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  277.974641][T17856] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3467'.
[  278.264373][T17865] loop0: detected capacity change from 0 to 764
[  278.301814][T17865] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  278.400502][T17878] loop2: detected capacity change from 0 to 2048
[  278.444964][T17878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.506036][T17878] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  278.569471][T17890] loop6: detected capacity change from 0 to 8192
[  278.579689][T15905] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.024941][T17904] loop1: detected capacity change from 0 to 1024
[  279.035728][T14953] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.054274][T17904] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  279.112305][T17904] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  279.119249][T17909] loop4: detected capacity change from 0 to 2048
[  279.121716][T17904] EXT4-fs (loop1): orphan cleanup on readonly fs
[  279.140608][T17909] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  279.153786][T17904] EXT4-fs error (device loop1): ext4_map_blocks:705: inode #3: block 3: comm syz.1.3478: lblock 3 mapped to illegal pblock 3 (length 1)
[  279.179261][T17904] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.3478: Failed to acquire dquot type 0
[  279.197226][T17904] EXT4-fs error (device loop1): ext4_map_blocks:671: inode #3: block 3: comm syz.1.3478: lblock 3 mapped to illegal pblock 3 (length 1)
[  279.217420][T17904] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.3478: Failed to acquire dquot type 0
[  279.238654][T17904] EXT4-fs error (device loop1): ext4_free_blocks:6589: comm syz.1.3478: Freeing blocks not in datazone - block = 0, count = 4096
[  279.264743][T17904] EXT4-fs error (device loop1): ext4_map_blocks:671: inode #3: block 3: comm syz.1.3478: lblock 3 mapped to illegal pblock 3 (length 1)
[  279.283420][T17904] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.3478: Failed to acquire dquot type 0
[  279.297392][T14953] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.320804][T17904] EXT4-fs (loop1): 1 orphan inode deleted
[  279.346726][T17904] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  279.493691][T17928] siw: device registration error -23
[  279.511859][T16921] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.516793][T17928] loop6: detected capacity change from 0 to 164
[  279.532340][T17928] Unable to read rock-ridge attributes
[  279.615659][T17932] loop4: detected capacity change from 0 to 8192
[  279.749444][T17942] loop4: detected capacity change from 0 to 128
[  279.771487][T17945] FAULT_INJECTION: forcing a failure.
[  279.771487][T17945] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.780426][T17943] loop1: detected capacity change from 0 to 764
[  279.784740][T17945] CPU: 0 UID: 0 PID: 17945 Comm: syz.6.3501 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  279.801928][T17945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  279.812290][T17945] Call Trace:
[  279.815574][T17945]  <TASK>
[  279.818500][T17945]  dump_stack_lvl+0xf2/0x150
[  279.823134][T17945]  dump_stack+0x15/0x1a
[  279.827917][T17945]  should_fail_ex+0x223/0x230
[  279.832611][T17945]  should_fail+0xb/0x10
[  279.837420][T17945]  should_fail_usercopy+0x1a/0x20
[  279.843703][T17945]  copy_page_from_iter_atomic+0x228/0xf80
[  279.849710][T17945]  ? shmem_write_begin+0xa2/0x180
[  279.854844][T17945]  ? shmem_write_begin+0xda/0x180
[  279.860233][T17945]  generic_perform_write+0x2f1/0x4a0
[  279.865815][T17945]  shmem_file_write_iter+0xc2/0xe0
[  279.871297][T17945]  vfs_write+0x77f/0x920
[  279.875653][T17945]  ? __pfx_shmem_file_write_iter+0x10/0x10
[  279.881464][T17945]  ksys_write+0xe8/0x1b0
[  279.885814][T17945]  __x64_sys_write+0x42/0x50
[  279.890456][T17945]  x64_sys_call+0x287e/0x2dc0
[  279.895138][T17945]  do_syscall_64+0xc9/0x1c0
[  279.899638][T17945]  ? clear_bhb_loop+0x55/0xb0
[  279.904444][T17945]  ? clear_bhb_loop+0x55/0xb0
[  279.909649][T17945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.915553][T17945] RIP: 0033:0x7f9406c947df
[  279.920050][T17945] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  279.939680][T17945] RSP: 002b:00007f9405306df0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  279.948128][T17945] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007f9406c947df
[  279.956161][T17945] RDX: 0000000000010000 RSI: 00007f93fcee7000 RDI: 0000000000000008
[  279.964248][T17945] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000371
[  279.972231][T17945] R10: 00000000000001ce R11: 0000000000000293 R12: 0000000000000008
[  279.980226][T17945] R13: 00007f9405306ef0 R14: 00007f9405306eb0 R15: 00007f93fcee7000
[  279.989549][T17945]  </TASK>
[  279.998024][T17945] loop6: detected capacity change from 0 to 128
[  280.011138][T17943] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  280.025237][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  280.112911][T17952] rdma_op ffff8881048cfd80 conn xmit_rdma 0000000000000000
[  280.133361][T17942] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  280.146298][T17942] ext4 filesystem being mounted at /136/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  280.228901][   T29] kauditd_printk_skb: 662 callbacks suppressed
[  280.228917][   T29] audit: type=1400 audit(1736454149.538:106569): avc:  denied  { append } for  pid=17960 comm="syz.2.3507" name="001" dev="devtmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  280.263971][   T29] audit: type=1400 audit(1736454149.568:106570): avc:  denied  { prog_load } for  pid=17960 comm="syz.2.3507" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  280.283427][   T29] audit: type=1400 audit(1736454149.568:106571): avc:  denied  { bpf } for  pid=17960 comm="syz.2.3507" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  280.304424][   T29] audit: type=1400 audit(1736454149.568:106572): avc:  denied  { perfmon } for  pid=17960 comm="syz.2.3507" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  280.325691][   T29] audit: type=1400 audit(1736454149.568:106573): avc:  denied  { prog_run } for  pid=17960 comm="syz.2.3507" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  280.426040][   T29] audit: type=1400 audit(1736454149.648:106574): avc:  denied  { map_create } for  pid=17957 comm="syz.0.3506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  280.445650][   T29] audit: type=1400 audit(1736454149.658:106575): avc:  denied  { module_request } for  pid=17941 comm="syz.4.3500" kmod="tcp-ulp-" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  280.467463][   T29] audit: type=1400 audit(1736454149.658:106576): avc:  denied  { create } for  pid=17957 comm="syz.0.3506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  280.489113][   T29] audit: type=1400 audit(1736454149.658:106577): avc:  denied  { write } for  pid=17957 comm="syz.0.3506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  280.510162][   T29] audit: type=1400 audit(1736454149.658:106578): avc:  denied  { read } for  pid=17957 comm="syz.0.3506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  280.569256][T17968] tipc: Started in network mode
[  280.574185][T17968] tipc: Node identity 7, cluster identity 5
[  280.580132][T17968] tipc: Node number set to 7
[  280.619497][T17973] loop6: detected capacity change from 0 to 2048
[  280.665959][T17976] FAULT_INJECTION: forcing a failure.
[  280.665959][T17976] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.679149][T17976] CPU: 1 UID: 0 PID: 17976 Comm: syz.1.3509 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  280.690119][T17976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  280.700406][T17976] Call Trace:
[  280.703750][T17976]  <TASK>
[  280.706683][T17976]  dump_stack_lvl+0xf2/0x150
[  280.711385][T17976]  dump_stack+0x15/0x1a
[  280.715555][T17976]  should_fail_ex+0x223/0x230
[  280.720248][T17976]  should_fail+0xb/0x10
[  280.724481][T17976]  should_fail_usercopy+0x1a/0x20
[  280.729505][T17976]  _copy_from_user+0x1e/0xb0
[  280.734152][T17976]  move_addr_to_kernel+0x82/0x120
[  280.739196][T17976]  copy_msghdr_from_user+0x271/0x2a0
[  280.744537][T17976]  __sys_sendmsg+0x13e/0x230
[  280.749276][T17976]  __x64_sys_sendmsg+0x46/0x50
[  280.754061][T17976]  x64_sys_call+0x2734/0x2dc0
[  280.758819][T17976]  do_syscall_64+0xc9/0x1c0
[  280.763376][T17976]  ? clear_bhb_loop+0x55/0xb0
[  280.768051][T17976]  ? clear_bhb_loop+0x55/0xb0
[  280.772733][T17976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.778723][T17976] RIP: 0033:0x7fd23b615d29
[  280.783221][T17976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.802829][T17976] RSP: 002b:00007fd239c87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  280.811248][T17976] RAX: ffffffffffffffda RBX: 00007fd23b805fa0 RCX: 00007fd23b615d29
[  280.819300][T17976] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  280.827266][T17976] RBP: 00007fd239c87090 R08: 0000000000000000 R09: 0000000000000000
[  280.835313][T17976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.843279][T17976] R13: 0000000000000000 R14: 00007fd23b805fa0 R15: 00007ffcd7057558
[  280.851282][T17976]  </TASK>
[  280.881010][T17973] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  280.901151][T17984] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3511'.
[  280.910149][T17984] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3511'.
[  280.921486][T14953] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  280.937106][T17973] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  281.003888][T13961] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.021860][T17991] siw: device registration error -23
[  281.034770][T17993] loop6: detected capacity change from 0 to 512
[  281.043261][T17993] EXT4-fs: quotafile must be on filesystem root
[  281.051856][T17991] loop4: detected capacity change from 0 to 164
[  281.073997][T17991] Unable to read rock-ridge attributes
[  281.092368][T17998] loop2: detected capacity change from 0 to 512
[  281.102485][T17998] EXT4-fs: Ignoring removed oldalloc option
[  281.111226][T17998] EXT4-fs error (device loop2): ext4_xattr_inode_iget:436: comm syz.2.3517: Parent and EA inode have the same ino 15
[  281.126442][T17998] EXT4-fs (loop2): Remounting filesystem read-only
[  281.133214][T17998] EXT4-fs warning (device loop2): ext4_evict_inode:276: xattr delete (err -5)
[  281.143925][T17998] EXT4-fs (loop2): 1 orphan inode deleted
[  281.154552][T17998] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  281.167448][T17998] SELinux: (dev loop2, type ext4) getxattr errno 5
[  281.175931][T17998] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.194852][T17999] loop1: detected capacity change from 0 to 1024
[  281.204070][T17999] EXT4-fs: Ignoring removed orlov option
[  281.211726][T17999] EXT4-fs (loop1): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  281.225767][T17993] rdma_op ffff8881041cb180 conn xmit_rdma 0000000000000000
[  281.246482][T17999] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.368479][T16921] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.389920][T18011] loop2: detected capacity change from 0 to 128
[  281.552485][T18019] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3523'.
[  281.790962][T18032] loop0: detected capacity change from 0 to 2048
[  281.820310][T18032] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  281.841298][T18032] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  281.899727][T18041] loop6: detected capacity change from 0 to 764
[  281.906824][T18041] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  281.919626][T16008] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  282.026520][T18058] loop0: detected capacity change from 0 to 512
[  282.035430][T18058] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[  282.076730][T18063] lo speed is unknown, defaulting to 1000
[  282.116768][T18067] loop0: detected capacity change from 0 to 8192
[  282.179940][T18071] loop4: detected capacity change from 0 to 1024
[  282.192261][T18071] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  282.223421][T18074] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3540'.
[  282.224757][T18071] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  282.241766][T18071] EXT4-fs (loop4): orphan cleanup on readonly fs
[  282.251113][T18074] netlink: 'syz.1.3540': attribute type 1 has an invalid length.
[  282.251934][T18071] EXT4-fs error (device loop4): ext4_map_blocks:705: inode #3: block 3: comm syz.4.3537: lblock 3 mapped to illegal pblock 3 (length 1)
[  282.279066][T18071] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3537: Failed to acquire dquot type 0
[  282.300601][T18071] EXT4-fs error (device loop4): ext4_map_blocks:671: inode #3: block 3: comm syz.4.3537: lblock 3 mapped to illegal pblock 3 (length 1)
[  282.315833][T18071] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3537: Failed to acquire dquot type 0
[  282.320310][T18077] loop1: detected capacity change from 0 to 2048
[  282.334962][T18071] EXT4-fs error (device loop4): ext4_free_blocks:6589: comm syz.4.3537: Freeing blocks not in datazone - block = 0, count = 4096
[  282.350609][T18071] EXT4-fs error (device loop4): ext4_map_blocks:671: inode #3: block 3: comm syz.4.3537: lblock 3 mapped to illegal pblock 3 (length 1)
[  282.365291][T18071] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3537: Failed to acquire dquot type 0
[  282.377633][T18071] EXT4-fs (loop4): 1 orphan inode deleted
[  282.384568][T18071] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  282.403601][T18077] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  282.421289][T18077] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  282.448795][T16921] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  282.811949][T18107] loop1: detected capacity change from 0 to 512
[  282.821236][T18107] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.3551: corrupted in-inode xattr: invalid ea_ino
[  282.835030][T18107] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.3551: couldn't read orphan inode 15 (err -117)
[  282.847528][T18107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  282.871475][T16921] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  282.892513][T18110] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3552'.
[  282.918417][T14953] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  282.930212][T18110] bridge0: entered promiscuous mode
[  282.935562][T18110] macvlan2: entered promiscuous mode
[  282.942024][T18110] bridge0: port 1(macvlan2) entered blocking state
[  282.949310][T18110] bridge0: port 1(macvlan2) entered disabled state
[  282.957699][T18110] macvlan2: entered allmulticast mode
[  282.963154][T18110] bridge0: entered allmulticast mode
[  282.970170][T18110] macvlan2: left allmulticast mode
[  282.975530][T18110] bridge0: left allmulticast mode
[  282.978461][T18116] loop0: detected capacity change from 0 to 128
[  282.985309][T18115] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3555'.
[  282.996277][T18110] bridge0: left promiscuous mode
[  283.006039][T18115] macvlan2: entered promiscuous mode
[  283.011552][T18115] bridge0: entered promiscuous mode
[  283.017182][T18115] bridge0: port 3(macvlan2) entered blocking state
[  283.023869][T18115] bridge0: port 3(macvlan2) entered disabled state
[  283.030941][T18115] macvlan2: entered allmulticast mode
[  283.036446][T18115] bridge0: entered allmulticast mode
[  283.042827][T18115] macvlan2: left allmulticast mode
[  283.048033][T18115] bridge0: left allmulticast mode
[  283.058932][T18115] bridge0: left promiscuous mode
[  283.076527][T18120] ipt_REJECT: TCP_RESET invalid for non-tcp
[  283.125198][T18122] loop4: detected capacity change from 0 to 164
[  283.158237][T18126] loop4: detected capacity change from 0 to 512
[  283.165027][T18126] journal_path: Non-blockdev passed as './bus'
[  283.171269][T18126] EXT4-fs: error: could not find journal device path
[  283.180898][T18126] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3559'.
[  283.190599][T18126] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3559'.
[  283.199678][T18126] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3559'.
[  283.317878][T18139] loop4: detected capacity change from 0 to 2048
[  283.340350][T18139] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  283.359586][T18139] msdos: Unknown parameter '18446744073709551615ÿÿÿÿÿÿÿÿ01777777777777777777777ÿ0xffffffffffffffff18446744073709551615ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  283.388279][T14953] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.408691][T18142] loop0: detected capacity change from 0 to 1024
[  283.415694][T18142] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  283.426594][T18142] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  283.435400][T18142] EXT4-fs (loop0): orphan cleanup on readonly fs
[  283.442961][T18142] EXT4-fs error (device loop0): ext4_map_blocks:705: inode #3: block 3: comm syz.0.3564: lblock 3 mapped to illegal pblock 3 (length 1)
[  283.457266][T18142] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3564: Failed to acquire dquot type 0
[  283.460731][T18146] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.3566'.
[  283.469272][T18142] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #3: block 3: comm syz.0.3564: lblock 3 mapped to illegal pblock 3 (length 1)
[  283.478087][T18144] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.3566'.
[  283.502468][T18142] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3564: Failed to acquire dquot type 0
[  283.514088][T18142] EXT4-fs error (device loop0): ext4_free_blocks:6589: comm syz.0.3564: Freeing blocks not in datazone - block = 0, count = 4096
[  283.529658][T18142] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #3: block 3: comm syz.0.3564: lblock 3 mapped to illegal pblock 3 (length 1)
[  283.543997][T18144] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3566'.
[  283.544213][T18142] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.3564: Failed to acquire dquot type 0
[  283.564911][T18142] EXT4-fs (loop0): 1 orphan inode deleted
[  283.571416][T18142] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  283.613428][T18148] loop6: detected capacity change from 0 to 128
[  283.626412][T18150] 9pnet_fd: Insufficient options for proto=fd
[  283.636683][T18150] loop4: detected capacity change from 0 to 512
[  283.659646][T18150] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  283.668130][T18150] System zones: 0-2, 18-18, 34-34
[  283.674399][T18150] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3568: bg 0: block 248: padding at end of block bitmap is not set
[  283.689108][T18150] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.3568: Failed to acquire dquot type 1
[  283.701337][T18150] EXT4-fs (loop4): 1 truncate cleaned up
[  283.707293][T18150] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  283.720108][T18150] ext4 filesystem being mounted at /syzcgroup/cpu/syz4/cgroup.procs supports timestamps until 2038-01-19 (0x7fffffff)
[  283.733748][T18150] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.792831][T18158] loop6: detected capacity change from 0 to 1024
[  283.799582][T18158] EXT4-fs: Ignoring removed nobh option
[  283.805577][T18158] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  283.816160][T18158] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  283.830438][T18160] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.3570'.
[  283.840455][T18156] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.3570'.
[  283.842096][T18158] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  283.874581][T13961] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.900345][T18156] loop4: detected capacity change from 0 to 8192
[  283.941550][T18156]  loop4: p1 < > p2 < p5 > p3 p4 < >
[  283.949468][T18156] loop4: p3 size 131072 extends beyond EOD, truncated
[  283.957207][T18156] loop4: p5 size 131072 extends beyond EOD, truncated
[  283.967726][T18156] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3570'.
[  283.999159][T18169] loop1: detected capacity change from 0 to 764
[  284.006329][T18169] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  284.030979][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  284.138872][T16008] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.180141][T18188] siw: device registration error -23
[  284.185921][T18189] loop4: detected capacity change from 0 to 512
[  284.199892][T18189] EXT4-fs error (device loop4): ext4_get_journal_inode:5809: inode #32: comm syz.4.3580: iget: special inode unallocated
[  284.233075][T18189] EXT4-fs (loop4): Remounting filesystem read-only
[  284.239688][T18189] EXT4-fs (loop4): no journal found
[  284.245113][T18189] EXT4-fs (loop4): can't get journal size
[  284.261257][T18189] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  284.272870][T18189] EXT4-fs (loop4): failed to initialize system zone (-117)
[  284.281432][T18189] EXT4-fs (loop4): mount failed
[  284.393513][T18206] loop4: detected capacity change from 0 to 512
[  284.410007][T18206] EXT4-fs warning (device loop4): ext4_enable_quotas:7156: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix.
[  284.424724][T18206] EXT4-fs (loop4): mount failed
[  284.652064][T18213] ==================================================================
[  284.660172][T18213] BUG: KCSAN: data-race in rxrpc_input_call_event / rxrpc_send_data
[  284.668154][T18213] 
[  284.670465][T18213] write to 0xffff888125d4c274 of 4 bytes by task 18214 on cpu 0:
[  284.678859][T18213]  rxrpc_input_call_event+0x8ef/0x12e0
[  284.686581][T18213]  rxrpc_io_thread+0x30e/0x1fb0
[  284.691426][T18213]  kthread+0x1d1/0x210
[  284.695534][T18213]  ret_from_fork+0x4b/0x60
[  284.699945][T18213]  ret_from_fork_asm+0x1a/0x30
[  284.704727][T18213] 
[  284.707038][T18213] read to 0xffff888125d4c274 of 4 bytes by task 18213 on cpu 1:
[  284.714660][T18213]  rxrpc_send_data+0x889/0x1820
[  284.720035][T18213]  rxrpc_do_sendmsg+0xb92/0xc30
[  284.724897][T18213]  rxrpc_sendmsg+0x417/0x520
[  284.729483][T18213]  __sock_sendmsg+0x140/0x180
[  284.734172][T18213]  ____sys_sendmsg+0x312/0x410
[  284.738929][T18213]  __sys_sendmsg+0x19d/0x230
[  284.743535][T18213]  __x64_sys_sendmsg+0x46/0x50
[  284.748301][T18213]  x64_sys_call+0x2734/0x2dc0
[  284.752969][T18213]  do_syscall_64+0xc9/0x1c0
[  284.757465][T18213]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.763391][T18213] 
[  284.765701][T18213] value changed: 0x00000001 -> 0x00000004
[  284.771402][T18213] 
[  284.773713][T18213] Reported by Kernel Concurrency Sanitizer on:
[  284.779852][T18213] CPU: 1 UID: 0 PID: 18213 Comm: syz.1.3589 Not tainted 6.13.0-rc6-syzkaller-00051-geea6e4b4dfb8 #0
[  284.790606][T18213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  284.800653][T18213] ==================================================================