last executing test programs:

1m49.914582254s ago: executing program 0 (id=1345):
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_pidfd_open(r0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00"/13], 0x48)
syz_extract_tcp_res(&(0x7f0000000000), 0xffffffff, 0xd)
syz_emit_ethernet(0x1162, &(0x7f0000001b00)=ANY=[], 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB="140000", @ANYRES16=r5, @ANYBLOB="01dfffffff9a2600000021"], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000ffffffff000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./control\x00', 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x9, &(0x7f0000000000)=[{0x4000, 0x0, 0xf, 0x8}, {0x8, 0x8, 0x9, 0x8}, {0x0, 0x1, 0xf, 0x6}, {0x0, 0x9, 0x31, 0x3ff}, {0x6, 0x5, 0x2e, 0x8}, {0x5, 0x2, 0x7f, 0xa}, {0xffff, 0x7, 0xa, 0x7}, {0x8, 0x3, 0x3, 0x80}, {0x4, 0x4, 0x7f, 0x7}]})

1m48.214144478s ago: executing program 0 (id=1356):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0xc8d6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x800000000003}, 0x1100, 0x2, 0x0, 0x3, 0x0, 0xa, 0xfffb, 0x0, 0x4, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, &(0x7f0000000000)=""/64, &(0x7f0000000080)=0x40)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f00000002c0)={[{@nobarrier}, {@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xc}}, {@block_validity}]}, 0x0, 0x488, &(0x7f0000001340)="$eJzs3M1vFOUfAPDvTLuF/oBfq+ILL2oVjQ1qSwGVgwc1mnjAxEQPGk9NWwhSqKE1EUIUjMGTMSbejUf/BU96MUYvJl71bkiI6QXw4prZnWl3l90tLbtdYD+fZOB55qXP99uZZ/eZeXYbQN8ay/5JIrZHxB8RMVKt1u8wVv3v2vL5mevL52eSKJff+jup7Hd1+fxMsWtx3La8Mp5GpJ8lsadJu4tnz52cnp+fO5PXJ5dOfTC5ePbcsydOTR+fOz53+uCRI4cPTb3w/MHnmgc+tL48s5iu7v54Ye+u19/96o2jX9Tl35BHh4y12/hkudzh5nprR005GexhIKzLQERkp6tU6f8jMRCrJ28kXvu0p8EBXVUul8vbWm++UG6QNq4A7mBJ1Ndv6PLAXap4o8/uf4ulcRDwUveGHz135eXqDVCW97V8qW4ZjDTfp9Rwf9tJYxHxzoV/vsmW6M5zCACAOj9k459nmo3/0nigZr//53NDoxFxT0TcGxH3RcTOiLg/orLvgxHxUOXIWBk7raVxkuTG8U96+ZYSXEM2/nsxn9sazsZ/pZV2i8LoQF7bUcm/lBw7MT93IP+djEdpS1afatPGj6/+/mWrbbXjv2zJ4ijGgnkclwe31B8zO700vfGM6125GLF7sMi1dvybrMwEJBGxKyJ2b7CNE/u/29tq29r5t9GBeabytxFPVc//hViuz7+QtJ+fnNwa83MHJour4ka//HbpzVbtV/Lfv8H8OyA7///Lr/9rzfMfTWrnaxfX38alPz9veU+z0et/KHm7Ui6mgT+aXlo6MxUxlBytBl27/uDqsUW92D/Lf3xfs/zTymtc8ZvYExHZRfxwRDwSEY/msT8WEY9HxL42+f/8yhPvN92Q3uL13wFZ/rPrOv+rhaFoXNO8MHDyp+/rGh1dLeb5X29//g9XSuP5mpt5/buZuDZ2NQMAAMCdJ42I7ZGkEyvlNJ2YqH5efmdEOr+wuPT0sYUPT89WvyMwGqW0eNI1UvM8dCq/ra/WL0ZE9aMFxfZD+XPjrweGK/WJmYX52V4nD31uW4v+n/lroNfRAV3n+1rQv/R/6F/N+v/WHsQBbD7v/9C/mvT/4V7EAWy+Zu//n7Q/5N9uxQJsrob+b9oP+sj67/9/fa8rgQCbrmX/v5v/8g9Q4fk/9KXF4Vj7S/JtC8VP2uDht0shiYiO/sAo3RZ53XqhnDQ9uZFmhdLtEKFCFwq9fV0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADolP8CAAD//3fv18M=")
unshare(0x2000080)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000100))
connect$tipc(0xffffffffffffffff, &(0x7f0000000340)=@name={0x1e, 0x2, 0x0, {{0x41}, 0x800}}, 0x10)
rename(&(0x7f0000001980)='./file1\x00', &(0x7f00000001c0)='./file0/file1\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = getegid()
getresuid(&(0x7f00000004c0), &(0x7f0000000140), &(0x7f0000000f80))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000580), &(0x7f00000005c0)=0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa397, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r5, 0x400, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0), &(0x7f00000006c0)=ANY=[], 0x841, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10)
mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x9)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001d080003400000000714000000020a0101001500000000000000000001140000001000010000000000000000000000000a"], 0xa0}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073727a3100000000080041007369770014003300626f6e643000000000"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000e80)={&(0x7f0000000300)=ANY=[@ANYRES16=r1, @ANYRESHEX=r1], &(0x7f0000000ac0)=""/211, 0x34, 0xd3, 0x1, 0x722, 0x0, @void, @value}, 0x28)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0xfffffd9d)

1m47.735873595s ago: executing program 0 (id=1359):
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f00000002c0)='./file0\x00', 0xc80, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b26209f1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc563b62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x1, 0x266, &(0x7f0000000340)="$eJzs281OE1EYxvGHDwVBmCqKgjG+0Y1uJlCvoCGQGJtokBo/EpNBptp0aEmnwdQYYefW6yAu3ZkYb4CNV+DCHRuXLIxjmKnQlhrDQiba/29zXnJ4mnP6njZn0dl58Ha1XAzdoldXf59pUNrUrpRRvwaU6GuO/XF9Uq02dWMi/+XyvYePbufy+flFs4Xc0s2smY1f+fji1burn+qj99+PfxjSdubJzrfs1+3J7amdH0vPS6GVQqtU6+bZcrVa95YD31ZKYdk1uxv4XuhbqRL6tbb5YlBdW2uYV1kZG1mr+WFoXqVhZb9h9arVaw3znnmlirmua2Mjwp8UthYXvVzaq8DfVavlvDlJ04dmClupLAgAAKSK+38v4/7fC/bu/4+bn9923P8BAAAAAAAAAAAAAAAAAAAAAPgX7EaRE0WR82s8IcVP+ETNv09JGpE0Kum0pDFJ45IcSRlJZySdlTQh6Zyk85ImJV2QdFHSVMtrpb1XHEb/exv97230v7e1PLg7LK2+WS+sF5Ixmc8VVVIgXzNy9D3uZVNSL9zKz89YLKNLqxvN/MZ6YaA9Pytn78B0y88meWvPD8Xnbj+flbN3wLrls13zw7p+rSXvytHnp6oq0Ep8Jg/yr2fN5u7kO/LT8f/971zb17V/rvu7+SR/hPPR8f4Oanow3b1DChsvy14Q+DUKCgqK/SLtbyYch4Omp70SAAAAAAAAAAAAAAAAAMBRHMfPCdPeIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnX4GAAD//5KSYE0=")
chdir(&(0x7f0000000240)='./file0\x00')
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x141) (fail_nth: 2)

1m47.319803471s ago: executing program 0 (id=1362):
r0 = syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f00000002c0)='./file0\x00', 0xc80, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b26209f1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc563b62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x1, 0x266, &(0x7f0000000340)="$eJzs281OE1EYxvGHDwVBmCqKgjG+0Y1uJlCvoCGQGJtokBo/EpNBptp0aEmnwdQYYefW6yAu3ZkYb4CNV+DCHRuXLIxjmKnQlhrDQiba/29zXnJ4mnP6njZn0dl58Ha1XAzdoldXf59pUNrUrpRRvwaU6GuO/XF9Uq02dWMi/+XyvYePbufy+flFs4Xc0s2smY1f+fji1burn+qj99+PfxjSdubJzrfs1+3J7amdH0vPS6GVQqtU6+bZcrVa95YD31ZKYdk1uxv4XuhbqRL6tbb5YlBdW2uYV1kZG1mr+WFoXqVhZb9h9arVaw3znnmlirmua2Mjwp8UthYXvVzaq8DfVavlvDlJ04dmClupLAgAAKSK+38v4/7fC/bu/4+bn9923P8BAAAAAAAAAAAAAAAAAAAAAPgX7EaRE0WR82s8IcVP+ETNv09JGpE0Kum0pDFJ45IcSRlJZySdlTQh6Zyk85ImJV2QdFHSVMtrpb1XHEb/exv97230v7e1PLg7LK2+WS+sF5Ixmc8VVVIgXzNy9D3uZVNSL9zKz89YLKNLqxvN/MZ6YaA9Pytn78B0y88meWvPD8Xnbj+flbN3wLrls13zw7p+rSXvytHnp6oq0Ep8Jg/yr2fN5u7kO/LT8f/971zb17V/rvu7+SR/hPPR8f4Oanow3b1DChsvy14Q+DUKCgqK/SLtbyYch4Omp70SAAAAAAAAAAAAAAAAAMBRHMfPCdPeIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnX4GAAD//5KSYE0=")
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0)
write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0x6000)
chdir(&(0x7f0000000240)='./file0\x00')
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)={0x28, 0x3, 0x8, 0x201, 0x0, 0x0, {0x5, 0x0, 0xa}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_SHUTDOWN_SENT={0x8, 0x5, 0x1, 0x0, 0x9}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x8080)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYBLOB="0000000000000936e8efb1da2cd1d919e700789be5"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x34)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, @exit], {0x95, 0x0, 0xff85}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
quotactl_fd$Q_SYNC(r0, 0xffffffff80000100, 0x0, 0x0)
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
get_robust_list(r7, 0x0, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x141)

1m47.104686503s ago: executing program 0 (id=1366):
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_extract_tcp_res(&(0x7f0000000000), 0xffffffff, 0xd)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB="140000", @ANYRES16=r3, @ANYBLOB="01dfffffff9a2600000021"], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000ffffffff000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./control\x00', 0x0)

1m46.733548319s ago: executing program 0 (id=1369):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x75}], 0x1}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x80)
r4 = openat$zero(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
listxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000b00)=""/4096, 0x1000)
ioctl$FS_IOC_GETVERSION(r5, 0x80087601, &(0x7f0000000100))
io_uring_setup(0x1ec1, &(0x7f0000000040)={0x0, 0xcba1, 0x8, 0x3, 0x2c0})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000002c0), 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")
mq_timedreceive(r4, &(0x7f0000000080)=""/108, 0x6c, 0x4, 0x0)

1m46.675407859s ago: executing program 32 (id=1369):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x75}], 0x1}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x80)
r4 = openat$zero(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
listxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000b00)=""/4096, 0x1000)
ioctl$FS_IOC_GETVERSION(r5, 0x80087601, &(0x7f0000000100))
io_uring_setup(0x1ec1, &(0x7f0000000040)={0x0, 0xcba1, 0x8, 0x3, 0x2c0})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000002c0), 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")
mq_timedreceive(r4, &(0x7f0000000080)=""/108, 0x6c, 0x4, 0x0)

8.047461588s ago: executing program 3 (id=2377):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
msgget$private(0x0, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000240)={'veth0_to_team\x00', 0x1000})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x5, &(0x7f0000000300)=[{0x3, 0x0, 0x0, 0x4}, {0x1000, 0xd, 0x3, 0xf}, {0x6, 0xc6, 0x7, 0x81}, {0x7, 0x0, 0x1, 0x3a5d}, {0xb, 0xc2, 0xd, 0x8}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x2, &(0x7f0000000000)=[{0x74}, {0x6, 0x0, 0x0, 0x7ffffff7}]})
timerfd_gettime(0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='selinuxfs\x00', 0x200411, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x13, 0xd, &(0x7f0000001040)=ANY=[@ANYBLOB="18000000000039d173b63f", @ANYBLOB="56747e88a56aa5e7157c1afdd0259751a468b1d6526523ec3e75906496be17b3cc1e676ae2fabf638a1da4e141483862a31f02f8389de645e8dce26453ee65dc823116d6969ff1452f58d5625c5ba6dfa79c9739e9ec3360a4af3e7fc85e1bb9597ea16df371d12ae7401216c9d3e5b1b66e32c4cf9de8ecf047032eb2d87c2494027dc404d1be81e71bfa1bc601c30f4de9a2a39b5434cdc60c9deab68e86771c342775ebee18cd003008f796e864b897f3", @ANYRES64=r1], &(0x7f0000000640)='syzkaller\x00', 0x7fffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0xfc0, 0x0, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', <r4=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r4})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
io_setup(0x7, &(0x7f0000000280))

7.851865181s ago: executing program 3 (id=2379):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_pidfd_open(r0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_extract_tcp_res(&(0x7f0000000000), 0xffffffff, 0xd)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB="140000", @ANYRES16=r3, @ANYBLOB="01dfffffff9a2600000021"], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000ffffffff000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
mkdirat(0xffffffffffffffff, &(0x7f0000000100)='./control\x00', 0x0)

7.344448568s ago: executing program 5 (id=2383):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000200)=ANY=[@ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x75}], 0x1}, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x80)
r4 = openat$zero(0xffffffffffffff9c, 0x0, 0x2002, 0x0)
io_uring_register$IORING_UNREGISTER_RING_FDS(0xffffffffffffffff, 0x15, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f00000002c0), 0x1, 0x4f2, &(0x7f0000000600)="$eJzs3U1vG1sZAODXzpeTm97kXu4CENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYTTjSeomdpOSNI7i55FGM+eMM+85ieec+nXtE0DfuhQRWxExHBEPI2Iiq89lW9xtbcnjXm0/nd/Zfjqfi2bz/j9z6fmkLtp+JvFRds1CRPzoexE/zR2MW9/YXJ6rVMprWXmqUV2dqm9sXl+qzi2WF8srpdLszOz07Ru3SifW14vV4ezoyy//sPWtnyfNGs9q2vtxklpdH9qLE9nv/AcfIlgPDETEYPb8yVzoZXt4P/mI+DQiLqf3/0QMpH9NAOA8azYnojnRXgYAzrt8mgPL5YtZLmA88vlisZXD+yzG8pVavXHtUW19ZaGVK5uMofyjpUp5OssVTsZQLinPpMdvyqV95RsR8UlE/GJkNC0X52uVhV7+wwcA+thH++b//4y05n8A4Jwr9LoBAMCpM/8DQP8x/wNA/zH/A0D/Mf8DQP8x/wNA/zH/A0Bf+eG9e8nW3Mm+/3rh8cb6cu3x9YVyfblYXZ8vztfWVouLtdpi+p091cOuV6nVVmduxvqTyW+v1htT9Y3NB9Xa+krjQfq93g/KQ6fSKwDgXT65+OLPuYjYujOabtG2loO5Gs63fK8bAPTMQK8bAPSM1b6gfx3jNb70AJwTHZbofUshIkb3VzabzeaHaxLwgV39gvw/9Ku2/L//BQx9Rv4f+lfX/P+BF/vAedNs5o665n8c9YEAwNkmxw90ef//02z/2+zNgZ8s7H/E8/0VPlEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/9hd/7eYrdwxHvl8sRhxISImYyj3aKlSno6IjyPiTyNDI0l5psdtBgCOK/+3XLb+19WJK+P7zw7nXo+k+4j42a/u//LJXKOx9sek/l979Y3nWX2pF+0HAA6zO0+n+7YX8q+2n87vbqfZnr9/NyIKrfg728Oxsxd/MAbTfSGGImLs37ms3JJry10cx9aziPh8p/7nYjzNgbRWPt0fP4l94VTj59+Kn0/PtfbJ7+JzJ9AW6DcvkvHnbqf7Lx+X0n3n+7+QjlDHl41/yaXmd9Ix8E383fFvoMv4d+moMW7+/vuto9GD555FfHEwYjf2Ttv4sxs/1yX+lYOX6+gvX/rK5W7nmr+OuBqd47fHmmpUV6fqG5vXl6pzi+XF8kqpNDszO337xq3SVJqjnuo+G/zjzrWPu51L+j/WJX7hkP5//Wjdj9/89+GPv/qO+N/8Wqf4+fjsHfGTOfEbR4w/N/a7QrdzSfyFLv0/7O9/7YjxX/5188Cy4QBA79Q3NpfnKpXymgMHZ/8gecqegWZ0PPjOacUajvf6qWbz/4rVbcQ4iawbcBbs3fQR8brXjQEAAAAAAAAAAAAAADo6jU8s9bqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA//8wuNJ1")
mq_timedreceive(r4, &(0x7f0000000080)=""/108, 0x6c, 0x4, 0x0)

6.775215826s ago: executing program 5 (id=2386):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe70, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r2}, 0x18)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r3)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, 0x0)
sendmsg$inet_sctp(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}], 0x1, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b}}], 0x20, 0x2400e044}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r0, &(0x7f0000000580), &(0x7f0000000200)=""/59}, 0x20)
socket(0x2a, 0x2, 0x5)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8000009, 0x5, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/vlan/vlan0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r7, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'})

6.609299298s ago: executing program 5 (id=2388):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="fcff0100000000000000000000009500000eb5920d1afed02f6f64ea02318ba1db10178d71f3818a9acd516b029b2ed34342"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd63"], 0xfdef)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010100000000000000002b00000008000300", @ANYRES32=0x0, @ANYBLOB="f2d26acad12de082e8133bd0878f9fb6dd59e729595246d45517491796d0945d5b6c7cb9500f02d3e048ce2fa866203f38a414eb56d25a420a9c5903d80368a810c7795407182f63c0393ef00f69391b931e9048b679db480d"], 0x1c}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0x1, 0x0, &(0x7f0000000000)='\x00', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f00001c9000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x40010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r7)
write$binfmt_aout(r0, &(0x7f0000000b80)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "df3f0400000000000000000000000609000040"})
r8 = epoll_create1(0x0)
dup3(0xffffffffffffffff, r0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r0, &(0x7f00000000c0))

5.834040619s ago: executing program 4 (id=2400):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{r0}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x8000000000000}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="3183000000010000000019000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x50}, 0x4886)

5.775903989s ago: executing program 4 (id=2401):
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_pidfd_open(r0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
syz_extract_tcp_res(&(0x7f0000000000), 0xffffffff, 0xd)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB="140000", @ANYRES16=r5, @ANYBLOB="01dfffffff9a2600000021"], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000ffffffff000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)

5.670456121s ago: executing program 5 (id=2402):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
r3 = perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0xfe, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x4}, 0x40db, 0x0, 0x4, 0x8, 0xa, 0x100, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000000)='cpu<=0||!')
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1}, 0x0)

2.687887382s ago: executing program 5 (id=2404):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
close(0xffffffffffffffff)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x32)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000e6ffffffffffffff"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='sys_enter\x00'}, 0x10)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x1a}, @dev={0xfe, 0x80, '\x00', 0x28}, [0xffffff00, 0xffffff00, 0x0, 0xff000000], [0xff, 0x0, 0x9f19fd7a5e924fa7, 0xff], 'macvtap0\x00', 'bridge0\x00', {0xff}, {0xff}, 0x2b, 0x7, 0x5, 0x10}, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@tcpmss={{0x28}, {0x39d3, 0x9, 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)

2.584098844s ago: executing program 5 (id=2406):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ff"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100001f00702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
inotify_init()
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_BULK(r1, 0xc0185502, &(0x7f00000000c0)={{{0xc}}, 0x0, 0x9, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000007"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000340)={0x3f, 0xc, 0x8a6, 0x101, 0x1, 0x1, &(0x7f0000000300)='>'})

2.479960975s ago: executing program 3 (id=2407):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000400)='.\x00', 0xa4000021)
read(r4, 0x0, 0x0)
close(r4)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6000000000000000, 0x3, 0x0, &(0x7f0000000800)="920955", &(0x7f0000000540)}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r5}, 0x10)
ustat(0x5, &(0x7f0000000100))
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket(0x10, 0xa, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r6}, 0x10)
inotify_rm_watch(0xffffffffffffffff, 0x0)

2.14333855s ago: executing program 3 (id=2409):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x36, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000202300800000000025ad9835850000007b00000095"], &(0x7f0000000680)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket(0x28, 0x5, 0x0)
r7 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r7, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r7, 0x0)
connect$vsock_stream(r6, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
sendmmsg(r6, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000280)}}], 0x1, 0x4048004)
r8 = accept4$unix(r7, 0x0, 0x0, 0x0)
recvfrom$unix(r8, &(0x7f0000000140)=""/129, 0x81, 0x10120, 0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
setgroups(0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000580)={'wlan0\x00'})
sendmsg$NL80211_CMD_GET_INTERFACE(r2, 0x0, 0xc000)

2.14297313s ago: executing program 4 (id=2410):
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000400000000000000000000008510000500ffff01000000000000000395000000"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x91, &(0x7f0000000100)=""/145, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x88)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES64=r1, @ANYRESHEX=r0, @ANYRESHEX=r4, @ANYRES32=0x0], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r7, 0x0)
r8 = syz_clone(0x40200, 0x0, 0x49, 0x0, 0x0, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f00000004c0)={'#! ', './file0'}, 0xb)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x9f, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffe, 0x0, 0x0, 0x0, 0xffff}, r8, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fffffff, 0x0, 0x0, 0x40, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_udp_int(r5, 0x11, 0xa, &(0x7f0000000080)=0x6, 0x4)
sendmmsg$inet(r5, &(0x7f00000001c0)=[{{&(0x7f0000000100)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x0)
ioctl$sock_SIOCINQ(r5, 0x541b, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, 0x0, 0x0)

1.271913062s ago: executing program 3 (id=2418):
r0 = syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000001c0), 0x2, 0x51a, &(0x7f0000001200)="$eJzs3U9sI1cZAPBvJsnam6ZNCj0AKnQphQWt1k68bVT1QjlVCFVC9MhhGxInimLHUeyUJuwhe+SORCVOcOLMAYkDUk/ckTjAjUs5IBVYgRokJFx5bGedP06sbGJv499PGvnNvLG/93Y071mfN/MCGFu3ImI/Im5ExLsRMds5nnS2eLO9tc775NGD5YNHD5aTaDbf+WeS1beORc97Wp7pfGY+In7wVsSPkmNB/xRR393bWKpUytudQ8VGdatY3927u15dWiuvlTdLpcWFxfnX771WurS+vlT9zcc3I+L3v/vyR3/c/9ZPWs2a6dT19uMytbs+dRinZTIivncVwUZgotOfGxd584XexGVKI+JzEfFydv/PxkR2NY86epm+PcTWAQBXodmcjeZs7z4AcN2lWQ4sSQudXMBMpGmh0M7hvRDTaaVWb9xZre1srrRzZXMxla6uV8rznVzhXEwlq+uT5YWs3N2vlEvH9u9FxPMR8bPczWy/sFyrrIzyiw8AjLFnjs3//8m1538A4JrLPy7mRtkOAGB48qNuAAAwdOZ/ABg/5n8AGD/mfwAYP+Z/ABg/5n8AGCvff/vt1tY86Dz/euW93Z2N2nt3V8r1jUJ1Z7mwXNveKqzVamvZM3uq531epVbbWng1dt4vNsr1RrG+u3e/WtvZbNzPnut9vzw1lF4BAGd5/qUP/5JExP4bN7Mtep73f+5c/eJVtw64SumoGwCMzMSoGwCMzMnVvoBxIR8P4+v/zWYzetbujYiHh6Weh4H2/S9CHwwUJrVuKDx9bn/xCfL/wGea/D+Mr4vl/32Xh+tA/h/GV7OZWPMfAMaMHD+QnFPf+/v/fLNnZ7Df/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBamsm2JC101gKfiTQtFCKejYi5mEpW1yvl+Yh4LiL+nJvKtfYXIsK6QQDwWZb+Pems/3V79pWZ47U3cv/NZa8R8eNfvPPz95caje2FiBvJvw6PNz7oHC+Nov0AwHm683R3Hu/65NGD5e42zPZ8/J324qKtuAedrV0zGZPZaz7LNUz/O+nst7W+r0xcQvz9hxHxhdP6n2S5kbnOyqfH47diPzvU+OmR+GlW135t/Vt8/hLaAuPmw9b48+Zp918at7LX0+//fDZCPbnu+HdwYvxLD8e/iT7j361BY7z6h++eONicbdc9jPjSZMRB98N7xp9u/KRP/FcGjP/XF7/ycr+65i8jbsdp/U+OxCo2qlvF+u7e3fXq0lp5rbxZKi0uLM6/fu+1UjHLURe7meqT/vHGnef6xW/1f7pP/Pw5/f/6gP3/1f/e/eFXz4j/za+dfv1fOCN+a078xoDxl6Z/m+9X14q/0qf/513/OwPG/+hveysDngoADEF9d29jqVIpbz95IX/mOellhBigkETsX3GIx4Xcr3/61vkn54bWngsWol/VxNPSwmtTyD0dzRigMOqRCbhqj2/6UbcEAAAAAAAAAAAAAADoZxh/TjTqPgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9fRoAAP//j4/W2A==")
r1 = syz_io_uring_setup(0x24fe, &(0x7f0000000300)={0x0, 0xf36e, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x20}}, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/122, 0x7a}], 0x1)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<'], 0x38}}, 0x80)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfff, 0x0, 0x6, 0x0, 0x1})
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0)
io_uring_enter(r1, 0x2d3e, 0x2936, 0x0, 0x0, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000010000000000f400040000000000000020"], 0x1c, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r5)
fchdir(r0)
syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[], 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2000003, 0x13, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000003200)='./file0\x00', 0x0)
pipe(0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
creat(&(0x7f0000000100)='./file1/file0\x00', 0x0)
r6 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x4, 0x1d}, 0x0, &(0x7f0000000600)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(0x0, r7, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r8, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}})
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)

1.217736443s ago: executing program 4 (id=2419):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="2f34bba00fbac999dfaf58e6dd799410196306cba2d7"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb8b1, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=""/29, 0x1d}, {&(0x7f0000000180)=""/208, 0xd0}], 0x2}, 0x60010023)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[], &(0x7f0000001b80)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8002, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0, 0x0, 0x40003}, 0x18)
r1 = mq_open(0x0, 0x42, 0x0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x80000000000b52, 0x0)
mq_timedreceive(r1, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
socket$kcm(0x29, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$kcm(0x2d, 0x2, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
preadv2(r6, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1)

1.031250196s ago: executing program 1 (id=2422):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40), 0x24, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000600)="67d62fd114ea37955f0f82321be9dcbb20f0aa01219877d804dbc4c151c849bcb7cd5e010772e3feb3049f6b28fa413513bef5484e9a5f4edca30e1516e97aa37af2e4265c0c6ab5757110150821f2a1ec103d6d", &(0x7f0000000680)="b4ffc8863edd37698cd802000787373da337233d7bb0870344cf5a0853880000da9c82f3e7796ef8f55f374aeb9b2096ec0f245312ac39213604c054f4372a3b9c7c0e7d2fa3d5eef58ca2cc1d", 0x0, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = socket(0xa, 0x3, 0x3a)
sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, 0x0, 0x4000800)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f00000000c0)={0x0, 0x1, 0x3, 0x0, 0x1}, 0xc)
setsockopt$MRT6_DEL_MIF(r3, 0x29, 0xcb, &(0x7f0000000540), 0xc)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000c00)=ANY=[@ANYBLOB="20000000170a0102060000000000000002"], 0x20}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000004000000b705020008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0xbff8cba661cffca7, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0xfff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r6, 0x0, 0x4ab}, 0x18)
r7 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r7, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000)
write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x101}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r9, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r10, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)

891.903527ms ago: executing program 1 (id=2424):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="7a0b00ff00000000711087000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000004c0)='kfree\x00', r5}, 0x18)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x7, 0xa, 0xfffffff3}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@newtfilter={0x38, 0x2c, 0xd2b, 0x803, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x6}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2404c044}, 0x24044094)

830.650108ms ago: executing program 1 (id=2425):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0900000004000000080000000c"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000004b704000000000000850000000300000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e985fe4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000180)='kfree\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0b000000050000000400000032a9000009"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r4)
socket$inet(0x2, 0x2, 0x8000)
pipe2(&(0x7f00000001c0), 0x80800)
syz_genetlink_get_family_id$fou(&(0x7f0000000380), 0xffffffffffffffff)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000006c0), &(0x7f00000007c0)=0xc)
sendmsg$IEEE802154_ADD_IFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x34, r5, 0x1, 0x7ffffc, 0x25dfdbfd, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x10)
io_cancel(0x0, 0x0, 0x0)
mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00000ad000/0x3000)=nil)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00'}, 0x10)

729.39745ms ago: executing program 1 (id=2426):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x4, 0x1af}, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)='d', 0x1}], 0x1, &(0x7f0000000500)=ANY=[@ANYBLOB="060000000088b1e93a5a790505c98d6fd1a80000a105f30dd2"], 0x28}, 0x0, 0x4800, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r1, 0x47f8, 0x0, 0x0, 0x0, 0x0)

679.14203ms ago: executing program 1 (id=2427):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000da56263a1ced6f50c90e4eed7a218ca40000000000000080000000000000a162b0484a354097581dbb6d53e08a5fe88410342d", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xfc3, &(0x7f0000001180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfb5, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0xfa1, 0x0, @wg=@data={0x4, 0x3ff, 0x7, "73cd054f56d7f4e568c1d7051706aad7b00c89e72b10eb64e922200e4d248b93d1c4c3d0a0176840c0cd6df137625fc64fba883d56ee1b258e0b0bd82676783216fb7c04ef3b80ab1f5bed4ce705557acccf779056d8c51542ffe421483c5fe5746250987dba3363c9be9df5b0bff440591b5d5206662969ca168884d791b03c1f3651f63e8c7d817f47d229c2742b5e1a06b155cc6e02864a85e6b6faf214714727d499990c43a22f556c32966fcac9ac31f9d5986fe7935c974fc578cf2693ecceb3b60e4b591571035a988db7e66469e3ff7b562ea7220bf739160579d40f67e20fda2a3ab4b45004d9da5bc051b17058b4bbde10ab8e3ef6790da7846704bc5e5cea732deec86a24a9b844f2cbe387d164c6369b526b5a21c4f1abd5d6fd0a628edc2a291f139e331a7c4dca4dc89ac33f23a31a5341ab63e51397d8634b0e49dc896a027a0dfe40a379b4194748f82909cf72d8155662d66dc72f888d234f2a94f6b3053a3c2b4b8fc8a5382e36fbdc5d3445191fa83cecea9dd306ea23c24173c1356ecd014df8c39ab641b5776294a3a0edf600b47b857965aec0ecf9df6144e5b4b96daeca7f68baa5cc51db85a3ce1679091dcb14f909d5606cc38d1333a3f2a6d629ef5cc2c54c37e19e2b8466aaf06c70e0456b16403d106007add3f3536860094d28e959e46724589a9624b2c1e5017fcc6f64822fc9743265bad3a79cce688cecbf5cca87a041024330eb918b246ef2fff4d51e310e0103d53df0136e55c34cb8b27950762829de1dec3a0f647024a39e30493474e3d53858ee61672262bc03d2e49143a1e601997dc83e5a99feae83112885da630ee4bc10bb15fe785fa767bd7d1739db85ceda603e30d912bf079f6a245e4c59ddec31cb00fbbeadfe4cae59df75a9de220033cc39dd4a7ec9af50935b0c58d0e9112e73cc72df9893dc6ea21f1068d1616a033ab8c857f19abe79ceafadafa1b0f705b1c63dd53c4cd1ad6de78ab1efba9554ac1ca97186a959d03ff405e5469cdee71dbd61d55de87ceaf15f8c3d4003b23bbf22b3854920d7639097add00fde5a38cae2bdf94b5bf14522fcc4d1b4c5393ffc11eccd7d343e4f1f4957ac90ff70679530fe9f489a70c70770f82fb6bfc5e7673e21ef8fc4846a6ec3aab2677ba2feee84cf4ae98faad957ef35230fcfa426e9c84616230073679111db0b50496a689e39269a450c2c9c4c7b4c2f92a801b0a0988d7ac4affbf9d3179fdc2b865aa4d76aa1beb53ce826b3085779c8a6a739f965c43be250189fef04435bbd75fa637eda82bad4e9cb2a5e929cafd1850259766cf57bae0b6bf1c404f57e3000e9f72689e35d4da5a0f8b6fafa3c7746e9253caca39b0a8265f055a9d4744ec2c07f786f5e1c33bb1826d18cecc87ffddd945f805104764bdf7c9f6de405a2eec39e349e83f76bfdd944115a17158ab5aaac144f858c0fc5640f1036f6cea71532fdcd0f448fc0230a673e7c0b1df8c7e10e931a97a88fb50a500c7287386dc71fcd943b317458efced193581c8e1a8bd43d941336912fea0f7748bc7164ec840209e1bd70e2e48b8c5f27eddb62ab914bae9989cbb2beb3fe2b91229a7d3d94abd6ed90abfbd087fbb3ac4c67150455657891127a052fdae08757fc3dcb5d9ddeff275bcde69e9e53eb838147e441bf0f772bbd351bb9836ddc53e36c00beb64213148c6a6edb5572286fdc3ed103ffda49365763f51c54440a1c154753196377b525386b509a5630becfcb53b2974ff68cb956badce5e20cab82dde5bcb2912b5160d15fea9752b9819cafd6b5660cf2fd57fdf675922977a8f3be09b8c681bb5b725225c1d8e172d2f79ae7e5883c6ade197681cb3919f3495b446152b9d7afffcbf4eff4910c9ffcaf99afc73c1f02deef48c07b952f525e6940282c6c75c49e1f510c82ec212f31740d8d262a26c3fe1acd8aee1622dbaca87e996c621bf9e1df9729134d2f7b069b8951513c037b13140e803abf54f26a7656ffcf90a75354fc615c6395dab438778d1f4c9b01c4c8c86d71f0e61105e4fc5e8c982eac27adb152577b28e520b9589f12ffa8bf66e2aba1062f1ed64f46400eb869585ea3b2b4d7151932057bf713748e0ffac19c701be9734da0b3f520c21326102891b374673b108ec6b10d6a3e1e8db742b5eaa1be564d0df503447e86922d06b6500419873b5a431a32212da2edfa81ffb0a7f70816ed30443dd1c87bcb0f36a849bce24e7893b487513fc5d6470de150976b0e7f1cf8663f71893e6a949e51b6ffbe377d72402b786e7363b88156b2e21721d8eea5dd1c48513040686bdb343b5c23910e5f5d4a1121891a28b49b923343298cfb7640b8c85780887823c2bf185cd00f4e4683d82a8e2685c293e41a5a65e4e76733f28c4ea452fcf4e8f20cd09d0ba5853950557c73712cd1d8c1382a795ac1377c05162e2710b1dbf21d509454955472579dd6b71a8afb93a823bdbebed635c42edd44f3128dd3f35040ebadd8c1c3cce9d011ebf39f79a20af767d03709de319d57c912338e604dab1f4b6d84c8fe2d28c52962682bb35bc4643106909a3a70eb3077985e3c3e43e94114e47665cd2f7366888674fca193cf7ea6869ed675390954799793fdc1a3bc04c0727be9cce0de0690b8f9f325ee4049055ea8fd163573e7d255ef166721c23a1d349d73942a1467b6fdba2327db50506471a53b3d088f2a9663056ae45f8a075569e342f581ea6bd2c56854302128eafedf1a3bbf580fc118087cec90c6eabf518f1e04043973b6dfad7ed6c60a820f1c32949c26730f276777581f19ab6b452353245b3a5860905245aa2dac3a2d435a530f67aa63f3915d2ba98400529277b4651212d3962192721fa74a0460139cdbed71a189313dd9b623f1d89cd82fa32514f8e4bb31891880ae32ece70060abc70ad46773a03458e300b1ae6bc1142dbc90a9434e128504637d135550b2d2f93bd581e781b7a3c1073b7c95beb4bae0a63839133db149971b2ba4fd3be0307347755c1da7222eebfc93fc7779b81c47ff5562c2855190b70104761db9541c4439cddc947baa1844abf3ce829ff2ea86f8ad2e888ab59b44b1e8a3cb412c6c6b57edd5f2c1117a51ab434ea7bec4c079a1fe9d52b932983b39877cdfa5111d9da168b0f7f2a9178ffe31ddbf3e31e5b74a795525aa86d15a3988017347ce47fd78677db056b1991959aac532a6cffdec5cb7231fb5f0e6ccbceb512f479437add1194afa7a0689aee11771a43fed521f6d79f91726c382935629941daa759967cd9f6fb91c38369f47a7bfe3c8da1eb03f1b9f28dacb3d0b0ffd8aad4114e5d1ec7a66df087cefcaf8750ae649a0f3bea6149645b46a87b5adfadaf537c9ac22b0dd421845da0913aa4eb9054be7ff7be1cb3d5b4bd0e8584e64bfb0d33d1c4e4d90f09c327082074f6041b561a3963128b033a9c4ef10a1cb1fef6f166e71910c9783a4c1930a14db45e6646efd312dded2d6a2d2a0180a09a4367495fe0dc5d74afcb3872c1a6a90299de301684c3ad23fdc45210710cd8cb854059a8f824a28f0b4922d3ab168be3ff3e5d2d2d59c675caa7231411c6bdec1fef654cebafccb76f3e277c5b2ffd438d7e1f63253883cf01d4e33edbc695b5fee37aec1fc6f5201151f8b36ebe90aaf48aec915babdbbf1faa9127cc888e5f1d56b1ef51d79044e824a8bcd5d9a36b8828bffd48b9a37fe8d3a76290f62e99fc00e475c3dceac18b52077f1443ed89ed377ce666cd236a8c2fd49cef28ac2dc3aa006ac92c786b533b1fc7f28cb5800122b71e76bd8def7d43faeb874e58463b59168339cd106aa98b56068b018dc48b4ae24d14e17c946aac1550b2a253f804322449f7078a23bf07ec5018c149e061cb02cb1450d1b390c810517e31c6e074757371eac8608aed457ef3a4cbbc15b3bf4f785157bf757783e48c97e6350610a34123f3e2d8a3c4e6c84ac92c7af2d68bdba14475bfa69c9ac150f00ec8650187df313d0f5f1ede710f74a7dba9a391f2d69947846e9a827c0a65c9024710c22907c1012332538a2515aab952232ab247b3a1be27a30276e383a7299198588e8c91f36815cb481f8074000d7f07a5b44fffb9a7caa48a530dbe4f9849a676dbc7dec68cd3a71a561de36806e393181bf037a245dd1e226de0d7c398b37c9e3ae543f57b9575345d6dcbb9e836d5a8e49fe325bf242e59def4c1fe71d5e12b73eec77d0f3fef40c5eef9c5f1fd573f9858f09441a5244df963b4ead59db795eb6efed49ff939e0cd63ff2871f337cb0bca8facd4fd5373c58984700db18dbb0cb5262681622127bfb3ad152de5aa837c57932446c1c0060de210c9db69b6ce6a2febbc8da1fa5f61d50d82f79901524331ae5404ea234cd32091808180973ef3ebabcebdea1369d3b54fb57c44e6364f1f46352ad798fcfabd492771774e431a17849f418aef1240ae5fded716d515d6adefb73bfbd4dd2cf2cf5fd6933506993f2c0f709ceab5dc5bb12cfe28f49b01b8593a625892c6c4f735bff08532b07eddef8989e612065706adad9d4c2f04b6fae28caf1f056e17f4c06cb016d0d1a9c915b6f2a9e5b9bbe663e6325f6fce62e0c52e4a32aa6b70aa8be8ee9e1b1ae9a8c3b9c0ba108779192ba7678b2db8c8928d65822de8a724b85f8676ca496314225dc969f567fcff1b901f818b860905fef23b180e069bd3c5045fc771edaeb590a18a2bc0e57f0dea32298b255a28996cfaf01d6f659b2782268bc4be8975d7b6b3891c657510825214364c3d964afe3363fd267d6f8afdc831e79ba15b06e980434a17f37b6dd3b3080243fc7a24dee5b8d91501218bad020f5fed9f8be6ada5ef2cb68b0ab34e2c77772b8036d6f96fc86393df277d21e6b18a3f3539b6c419895a6d94bc1cfbda91ff0213bfe4f8328fadb12cf898e9eabdc74f25a4ad8158fe5a927a6714fe8bf4cdebb7cc8511a982bd81972438b76a25fc3fe8d64b9641a74201e15cf089540282cc81b6371b115b1986deec7e6850ecc46ad41968ae0c97f8fb07623604e07247bd4c732df307480ced985f36f1c11a11f562b6f9e7cd7c016af75ecc7acd8b064d1eb17607a624f32f501eeee2b2c517b732bb358788418af94740230f16aa987efc799540575398867fd94aaa16c221f7c9e8a2f01459f55f57951f3e9aed6fcd4624c76e7ca48a0bd7f9795fe48ce37c0abad444baa2467b1f609350ba84f6f8fef1cf184c09e416e9d7edd3dfbd08f7c2bf3ab2953e865db7490b22719c2dcf257b88d60a4ea431f691a6da450213665056c9fc8cc1d128a03f394749c984ee244b8b5b71003a4677578417bdebdb6110be55b44db8f35a7c5d0094689714253483e7f3ff7c19aa94b811e7bf03f317ff323504faaad4ffa8e5437515fe8a0089d8d0538099371800757a2ad55d226e8e1e2cf718ce4ab6c3420b1d55a75c71553119eaacfbc6340562cf6706b6799468399b1ecb6fe5ad3fd788080e6a3c92e4fb83d804fdd3a8d1ee74db5ead1162c85f9db7ae10bd8dee6cc8563a2643ad7dc2fea1f24f61f365e368e442eab4e1aae4ea581ff6d05af15"}}}}}}, 0x0)
recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}, 0x81}], 0x1, 0x10041, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000540)=ANY=[@ANYRES8, @ANYRESOCT=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008230000b7040000000000008500000001000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000060ff850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800"/14], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, @void, @value}, 0x94)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0xffffffff}, 0x1c)
listen(0xffffffffffffffff, 0x80080400)
r4 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r4, 0x10d, 0xbd, &(0x7f0000000000), &(0x7f0000000280)=0x4)

660.757201ms ago: executing program 1 (id=2428):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)=[{0x0}], 0x1}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r1 = socket(0x10, 0x3, 0x9)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1900000004000000040000000500"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$AUDIT_GET_FEATURE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x3fb, 0x200, 0x70fd26, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x20000041)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a88000000060a09040000000004000000020000060900020073797a32000000000900010073797a30000000005c0004805800018007000100637400004c0002800800014000000013080002400000000c"], 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x884)
socket$kcm(0x2, 0x1, 0x84)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000002c0)=0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0x2)

531.740172ms ago: executing program 2 (id=2429):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x0, &(0x7f0000000580), 0xfe, 0x507, &(0x7f0000001780)="$eJzs3c9vI1cdAPDvOL+cNG3S0gMgoEspLGi1TuJto6oHWE4IoUqIHkHahsQbRbHjKHZKE/aQ/g9IVOIER/4Azj1x54LgxqUckChEoM1KHIxmPMk6WXtjSGJH8ecjjea9N46/78Wa9+Kvd/0CGFm3IuIgIiYj4v2ImMvbk/yI++0jfdzjw0erR4ePVpNotd77R5JdT9ui42dSL+TPWYyIH30v4qfJs3Ebe/ubK9VqZaddnV5o1rYXGnv7dzdqK+uV9cpWuby8tLz49r23ypc21tdqk3npy5/+4eBbP0+7NZu3dI7jMrWHPnESJzUeET+4imBDMJaPZ3LYHeH/UoiIVyLi9ez+n4ux7NUEAG6yVmsuWnOddQDgpitkObCkUMpzAbNRKJRK7RzeqzFTqNYbzTsP67tba+1c2XxMFB5uVCuLea5wPiaStL6UlZ/Wy2fq9yLi5Yj4xdR0Vi+t1qtrw/zDBwBG2Atn1v9/T7XXfwDghisOuwMAwMBZ/wFg9Fj/AWD0WP8BYPQ8Xf/vD7UfAMDgeP8PAKPH+g8AI+WH776bHq2j/Puv1z7Y292sf3B3rdLYLNV2V0ur9Z3t0nq9vp59Z0/tvOer1uvbS2/G7ofz395uNBcae/sPavXdreaD7Hu9H1QmBjIqAOB5Xn7tkz8nEXHwznR2RMdeDtZquNkKw+4AMDRjw+4AMDR2+4LRdYH3+NIDcEN02aL3lGJETJ9tbLVaravrEnDFbn9B/h9GVUf+378ChhEj/w+jS/4fRlerlfS753/0+0AA4HqT4wd6fP7/Sn7+bf7hwE/Wzj7i46vsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFxvx/v/lvK9wGejUCiVIl6MiPmYSB5uVCuLEfFSRPxpamIqrS8Nuc8AwEUV/pbk+3/dnntj9uzVyeTJVHaOiJ/96r1ffrjSbO78MW3/50l78+O8vTyM/gMA5zlep7Nzxxv5x4ePVo+PQfbn79+NiGI7/tHhZBydxB+P8excjImImPlXktfbko7cxUUcfBQRn+82/iRmsxxIe+fTs/HT2C8ONH7hVPxCdq19Tn8Xn7uEvsCo+SSdf+53u/8KcSs7d7//i9kMdXH5/Jc+1epRNgc+jX88/431mP9u9Rvjzd9/v12afvbaRxFfHI84jn3UMf8cx096xH+jz/h/+dJXXu91rfXriNvRPX5nrIVmbXuhsbd/d6O2sl5Zr2yVy8tLy4tv33urvJDlqBd6rwafvXPnpazQ5SHp+Gd6xC+eM/6v9zn+3/zn/R9/tce1NP43v9YtfiFefU78dE38Rp/xV2Z+V+x1LY2/1mP8573+d/qM/+lf95/ZNhwAGJ7G3v7mSrVa2Rlk4fgPiYEGVeivMJW/ONelP6cK17ZjmyvV7wwq1mT8Tz/Vap1u+Wy8r99hrxnjMrJuwHVwctNHxJNhdwYAAAAAAAAAAAAAAOjqSv+jUtIuDHuMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3Fz/DQAA//+sasqI")
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010067656e657665300000000000000000001400010076657468315f746f5f7465616d"], 0x110}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newtaction={0x78, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x64, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @multicast1}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @remote}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)
setxattr$incfs_id(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000240)={'0000000000000000000000000000000', 0x30}, 0x7c8, 0x1)

530.260332ms ago: executing program 3 (id=2430):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="fcff0100000000000000000000009500000eb5920d1afed02f6f64ea02318ba1db10178d71f3818a9acd516b029b2ed34342966ea252254227ef7ff91cf497c56f0e14e37d2d133e7a0106"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd63"], 0xfdef)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010100000000000000002b00000008000300", @ANYRES32=0x0, @ANYBLOB="f2d26acad12de082e8133bd0878f9fb6dd59e729595246d45517491796d0945d5b6c7cb9500f02d3e048ce2fa866203f38a414eb56d25a420a9c5903d80368a810c7795407182f63c0393ef00f69391b931e9048b679db480d"], 0x1c}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0x1, 0x0, &(0x7f0000000000)='\x00', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f00001c9000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x40010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r7)
write$binfmt_aout(r0, &(0x7f0000000b80)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "df3f0400000000000000000000000609000040"})
r8 = epoll_create1(0x0)
dup3(0xffffffffffffffff, r0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r0, &(0x7f00000000c0))

478.299663ms ago: executing program 2 (id=2431):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0900000004000000080000000c"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000004b704000000000000850000000300000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e985fe4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000180)='kfree\x00', r1}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0b000000050000000400000032a9000009"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r4)
socket$inet(0x2, 0x2, 0x8000)
pipe2(&(0x7f00000001c0), 0x80800)
syz_genetlink_get_family_id$fou(&(0x7f0000000380), 0xffffffffffffffff)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000006c0), &(0x7f00000007c0)=0xc)
sendmsg$IEEE802154_ADD_IFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x34, r5, 0x1, 0x7ffffc, 0x25dfdbfd, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x10)
io_cancel(0x0, 0x0, 0x0)
mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00000ad000/0x3000)=nil)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00'}, 0x10)

449.591864ms ago: executing program 2 (id=2432):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000600)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r3, 0x9c3fa077fa966179, 0x4, 0x0, {{0x7e}, {@void, @void}}}, 0x1c}}, 0x0)

400.435174ms ago: executing program 2 (id=2433):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x1e}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x200080, 0x0)

339.587125ms ago: executing program 2 (id=2434):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40), 0x24, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000600)="67d62fd114ea37955f0f82321be9dcbb20f0aa01219877d804dbc4c151c849bcb7cd5e010772e3feb3049f6b28fa413513bef5484e9a5f4edca30e1516e97aa37af2e4265c0c6ab5757110150821f2a1ec103d6d", &(0x7f0000000680)="b4ffc8863edd37698cd802000787373da337233d7bb0870344cf5a0853880000da9c82f3e7796ef8f55f374aeb9b2096ec0f245312ac39213604c054f4372a3b9c7c0e7d2fa3d5eef58ca2cc1d", 0x0, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = socket(0xa, 0x3, 0x3a)
sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, 0x0, 0x4000800)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f00000000c0)={0x0, 0x1, 0x3, 0x0, 0x1}, 0xc)
setsockopt$MRT6_DEL_MIF(r3, 0x29, 0xcb, &(0x7f0000000540), 0xc)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000c00)=ANY=[@ANYBLOB="20000000170a0102060000000000000002"], 0x20}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000004000000b705020008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0xbff8cba661cffca7, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0xfff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r6, 0x0, 0x4ab}, 0x18)
r7 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r7, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2000)
write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x101}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r9, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r10, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)

169.873327ms ago: executing program 4 (id=2435):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
msgget$private(0x0, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000240)={'veth0_to_team\x00', 0x1000})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x5, &(0x7f0000000300)=[{0x3, 0x0, 0x0, 0x4}, {0x1000, 0xd, 0x3, 0xf}, {0x6, 0xc6, 0x7, 0x81}, {0x7, 0x0, 0x1, 0x3a5d}, {0xb, 0xc2, 0xd, 0x8}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x2, &(0x7f0000000000)=[{0x74}, {0x6, 0x0, 0x0, 0x7ffffff7}]})
timerfd_gettime(0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='selinuxfs\x00', 0x200411, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x13, 0xd, &(0x7f0000001040)=ANY=[@ANYBLOB="18000000000039d173b63f", @ANYBLOB="56747e88a56aa5e7157c1afdd0259751a468b1d6526523ec3e75906496be17b3cc1e676ae2fabf638a1da4e141483862a31f02f8389de645e8dce26453ee65dc823116d6969ff1452f58d5625c5ba6dfa79c9739e9ec3360a4af3e7fc85e1bb9597ea16df371d12ae7401216c9d3e5b1b66e32c4cf9de8ecf047032eb2d87c2494027dc404d1be81e71bfa1bc601c30f4de9a2a39b5434cdc60c9deab68e86771c342775ebee18cd003008f796e864b897f3", @ANYRES64=r1], &(0x7f0000000640)='syzkaller\x00', 0x7fffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0xfc0, 0x0, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', <r4=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r4})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
io_setup(0x7, &(0x7f0000000280))

129.174828ms ago: executing program 2 (id=2436):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000038000000380000000300000001000000000000010000000000000000000000000000000105000000100000000000000000000003"], 0x0, 0x53, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000340)=ANY=[@ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r6, 0x0, r7, 0x0, 0x1, 0x0)
vmsplice(r7, &(0x7f00000005c0)=[{&(0x7f0000000180)="04", 0x1}], 0x1, 0x6)
ioctl$sock_inet_udp_SIOCINQ(r7, 0x541b, 0x0)
write(r5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000001010000fc7f0000cc00000000000000", @ANYRES32, @ANYBLOB="000000000000926b46103dfcb994000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="4400000002060500000000000000dc0f0000000000000300686173683a69700305000400000000000900020073797a310000000005000500020000000500010006000000"], 0x44}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r10, 0x0, 0x9135}, 0x18)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
request_key(&(0x7f0000000040)='trusted\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f00000000c0)='kmem_cache_free\x00', 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
recvmsg$unix(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000009c0)=""/181, 0xb5}], 0x1, 0x0, 0x0, 0x1000000}, 0x0)

0s ago: executing program 4 (id=2437):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x200, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x2}, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x10)
socket$netlink(0x10, 0x3, 0x8000000004)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
accept(r1, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x802c, @mcast2, 0x5}, 0x1c)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r6, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r2], 0x4}}, 0x0)
sendfile(r5, r3, 0x0, 0x100000000)

kernel console output (not intermixed with test programs):

t mode
[  257.159783][ T9956] team0: left promiscuous mode
[  257.164586][ T9956] C: left promiscuous mode
[  257.169073][ T9956] team_slave_1: left promiscuous mode
[  257.174573][ T9956] geneve1: left promiscuous mode
[  257.179697][ T9956] bridge0: port 3(team0) entered disabled state
[  257.180496][ T9959] netlink: 'syz.3.2030': attribute type 10 has an invalid length.
[  257.195156][ T9956] batman_adv: batadv0: Adding interface: team0
[  257.195255][ T9960] netlink: 'syz.1.2031': attribute type 10 has an invalid length.
[  257.201506][ T9956] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.234341][ T9956] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  257.246387][ T9958] bridge0: port 3(team0) entered disabled state
[  257.253007][ T9961] loop3: detected capacity change from 0 to 512
[  257.253356][ T9958] team0: left allmulticast mode
[  257.264235][ T9958] team_slave_0: left allmulticast mode
[  257.269748][ T9958] team_slave_1: left allmulticast mode
[  257.275325][ T9958] geneve1: left allmulticast mode
[  257.280394][ T9958] team0: left promiscuous mode
[  257.285176][ T9958] team_slave_0: left promiscuous mode
[  257.290697][ T9958] team_slave_1: left promiscuous mode
[  257.296296][ T9958] geneve1: left promiscuous mode
[  257.296630][ T9962] loop1: detected capacity change from 0 to 512
[  257.301453][ T9958] bridge0: port 3(team0) entered disabled state
[  257.314583][ T9958] batman_adv: batadv0: Adding interface: team0
[  257.320820][ T9958] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.322075][ T9961] EXT4-fs (loop3): too many log groups per flexible block group
[  257.346190][ T9958] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  257.353905][ T9961] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  257.365631][ T9959] team0: entered promiscuous mode
[  257.370503][ T9961] EXT4-fs (loop3): mount failed
[  257.375406][ T9959] C: entered promiscuous mode
[  257.382201][ T9962] EXT4-fs (loop1): too many log groups per flexible block group
[  257.385014][ T9959] team_slave_1: entered promiscuous mode
[  257.392630][ T9962] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  257.394130][ T9962] EXT4-fs (loop1): mount failed
[  257.398410][ T9959] geneve1: entered promiscuous mode
[  257.416675][ T9959] 8021q: adding VLAN 0 to HW filter on device team0
[  257.423690][ T9959] batman_adv: batadv0: Interface activated: team0
[  257.430180][ T9959] batman_adv: batadv0: Interface deactivated: team0
[  257.436827][ T9959] batman_adv: batadv0: Removing interface: team0
[  257.443727][ T9959] bridge0: port 3(team0) entered blocking state
[  257.450032][ T9959] bridge0: port 3(team0) entered disabled state
[  257.456502][ T9959] team0: entered allmulticast mode
[  257.461671][ T9959] C: entered allmulticast mode
[  257.466484][ T9959] team_slave_1: entered allmulticast mode
[  257.472304][ T9959] geneve1: entered allmulticast mode
[  257.478331][ T9959] bridge0: port 3(team0) entered blocking state
[  257.484667][ T9959] bridge0: port 3(team0) entered forwarding state
[  257.491313][ T9960] team0: entered promiscuous mode
[  257.496363][ T9960] team_slave_0: entered promiscuous mode
[  257.502165][ T9960] team_slave_1: entered promiscuous mode
[  257.507894][ T9960] geneve1: entered promiscuous mode
[  257.514748][ T9960] 8021q: adding VLAN 0 to HW filter on device team0
[  257.521948][ T9960] batman_adv: batadv0: Interface activated: team0
[  257.528422][ T9960] batman_adv: batadv0: Interface deactivated: team0
[  257.535080][ T9960] batman_adv: batadv0: Removing interface: team0
[  257.542911][ T9960] bridge0: port 3(team0) entered blocking state
[  257.546179][ T9968] netlink: 'syz.3.2032': attribute type 10 has an invalid length.
[  257.549186][ T9960] bridge0: port 3(team0) entered disabled state
[  257.563581][ T9960] team0: entered allmulticast mode
[  257.568713][ T9960] team_slave_0: entered allmulticast mode
[  257.574536][ T9960] team_slave_1: entered allmulticast mode
[  257.580374][ T9960] geneve1: entered allmulticast mode
[  257.586311][ T9960] bridge0: port 3(team0) entered blocking state
[  257.592592][ T9960] bridge0: port 3(team0) entered forwarding state
[  257.601849][ T9969] loop3: detected capacity change from 0 to 512
[  257.618222][ T9969] EXT4-fs (loop3): too many log groups per flexible block group
[  257.625993][ T9969] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  257.645640][ T9969] EXT4-fs (loop3): mount failed
[  257.655518][ T9978] pim6reg1: entered promiscuous mode
[  257.661001][ T9978] pim6reg1: entered allmulticast mode
[  257.688409][ T9981] loop3: detected capacity change from 0 to 512
[  257.702245][ T9981] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  257.714804][ T9981] ext4 filesystem being mounted at /389/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  257.825575][ T9991] ip6tnl1: entered promiscuous mode
[  257.864957][ T9993] FAULT_INJECTION: forcing a failure.
[  257.864957][ T9993] name failslab, interval 1, probability 0, space 0, times 0
[  257.877717][ T9993] CPU: 0 UID: 0 PID: 9993 Comm: syz.1.2039 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(voluntary) 
[  257.877751][ T9993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  257.877787][ T9993] Call Trace:
[  257.877793][ T9993]  <TASK>
[  257.877802][ T9993]  __dump_stack+0x1d/0x30
[  257.877827][ T9993]  dump_stack_lvl+0xe8/0x140
[  257.877862][ T9993]  dump_stack+0x15/0x1b
[  257.877876][ T9993]  should_fail_ex+0x265/0x280
[  257.877917][ T9993]  should_failslab+0x8c/0xb0
[  257.877943][ T9993]  kmem_cache_alloc_noprof+0x50/0x310
[  257.877976][ T9993]  ? skb_clone+0x151/0x1f0
[  257.877993][ T9993]  skb_clone+0x151/0x1f0
[  257.878011][ T9993]  __netlink_deliver_tap+0x2c9/0x500
[  257.878069][ T9993]  netlink_unicast+0x64c/0x670
[  257.878095][ T9993]  netlink_sendmsg+0x58b/0x6b0
[  257.878208][ T9993]  ? __pfx_netlink_sendmsg+0x10/0x10
[  257.878236][ T9993]  __sock_sendmsg+0x142/0x180
[  257.878259][ T9993]  ____sys_sendmsg+0x31e/0x4e0
[  257.878321][ T9993]  ___sys_sendmsg+0x17b/0x1d0
[  257.878360][ T9993]  __x64_sys_sendmsg+0xd4/0x160
[  257.878379][ T9993]  x64_sys_call+0x2999/0x2fb0
[  257.878396][ T9993]  do_syscall_64+0xd0/0x1a0
[  257.878463][ T9993]  ? clear_bhb_loop+0x25/0x80
[  257.878480][ T9993]  ? clear_bhb_loop+0x25/0x80
[  257.878497][ T9993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.878594][ T9993] RIP: 0033:0x7fdf77c3e969
[  257.878608][ T9993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.878628][ T9993] RSP: 002b:00007fdf762a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  257.878707][ T9993] RAX: ffffffffffffffda RBX: 00007fdf77e65fa0 RCX: 00007fdf77c3e969
[  257.878717][ T9993] RDX: 0000000000040000 RSI: 0000200000000100 RDI: 0000000000000003
[  257.878726][ T9993] RBP: 00007fdf762a7090 R08: 0000000000000000 R09: 0000000000000000
[  257.878757][ T9993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.878787][ T9993] R13: 0000000000000000 R14: 00007fdf77e65fa0 R15: 00007ffd7ddff468
[  257.878809][ T9993]  </TASK>
[  258.116047][   T29] kauditd_printk_skb: 244 callbacks suppressed
[  258.116064][   T29] audit: type=1326 audit(1746827638.583:8629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9996 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  258.127122][ T9997] loop1: detected capacity change from 0 to 2048
[  258.152683][   T29] audit: type=1326 audit(1746827638.583:8630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9996 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  258.176268][   T29] audit: type=1326 audit(1746827638.583:8631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9996 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  258.199722][   T29] audit: type=1326 audit(1746827638.583:8632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9996 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  258.223289][   T29] audit: type=1326 audit(1746827638.583:8633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9996 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  258.246854][   T29] audit: type=1326 audit(1746827638.583:8634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9996 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  258.270348][   T29] audit: type=1326 audit(1746827638.583:8635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9996 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  258.293917][   T29] audit: type=1326 audit(1746827638.583:8636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9996 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  258.317347][   T29] audit: type=1326 audit(1746827638.583:8637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9996 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  258.340829][   T29] audit: type=1326 audit(1746827638.583:8638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9996 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  258.386154][ T9997] Alternate GPT is invalid, using primary GPT.
[  258.392557][ T9997]  loop1: p1 p2 p3
[  258.497121][T10006] loop2: detected capacity change from 0 to 512
[  258.503861][T10006] EXT4-fs: Ignoring removed nobh option
[  258.512359][T10006] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.2045: invalid indirect mapped block 256 (level 2)
[  258.526074][T10006] EXT4-fs (loop2): 2 truncates cleaned up
[  258.533854][T10006] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.558231][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.613852][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  258.635424][T10014] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  258.679783][T10017] loop2: detected capacity change from 0 to 512
[  258.695080][T10026] netlink: 'syz.4.2053': attribute type 10 has an invalid length.
[  258.704607][T10017] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.719938][T10026] loop4: detected capacity change from 0 to 512
[  258.726737][T10017] ext4 filesystem being mounted at /409/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  258.751702][T10026] EXT4-fs (loop4): too many log groups per flexible block group
[  258.759407][T10026] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  258.766385][T10026] EXT4-fs (loop4): mount failed
[  258.842909][T10040] loop1: detected capacity change from 0 to 512
[  258.849555][T10040] EXT4-fs: Ignoring removed nobh option
[  258.858114][T10040] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.2057: invalid indirect mapped block 256 (level 2)
[  258.872305][T10040] EXT4-fs (loop1): 2 truncates cleaned up
[  258.878511][T10040] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.901242][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.924582][T10045] FAULT_INJECTION: forcing a failure.
[  258.924582][T10045] name failslab, interval 1, probability 0, space 0, times 0
[  258.937266][T10045] CPU: 1 UID: 0 PID: 10045 Comm: syz.1.2058 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(voluntary) 
[  258.937300][T10045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  258.937324][T10045] Call Trace:
[  258.937329][T10045]  <TASK>
[  258.937336][T10045]  __dump_stack+0x1d/0x30
[  258.937354][T10045]  dump_stack_lvl+0xe8/0x140
[  258.937371][T10045]  dump_stack+0x15/0x1b
[  258.937428][T10045]  should_fail_ex+0x265/0x280
[  258.937568][T10045]  ? audit_log_d_path+0x8d/0x150
[  258.937606][T10045]  should_failslab+0x8c/0xb0
[  258.937641][T10045]  __kmalloc_cache_noprof+0x4c/0x320
[  258.937661][T10045]  audit_log_d_path+0x8d/0x150
[  258.937738][T10045]  audit_log_d_path_exe+0x42/0x70
[  258.937829][T10045]  audit_log_task+0x1e9/0x250
[  258.937868][T10045]  audit_seccomp+0x61/0x100
[  258.937889][T10045]  ? __seccomp_filter+0x68c/0x10d0
[  258.937907][T10045]  __seccomp_filter+0x69d/0x10d0
[  258.937955][T10045]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  258.938037][T10045]  ? vfs_write+0x75e/0x8d0
[  258.938117][T10045]  ? __rcu_read_unlock+0x4f/0x70
[  258.938135][T10045]  ? __fget_files+0x184/0x1c0
[  258.938178][T10045]  __secure_computing+0x82/0x150
[  258.938196][T10045]  syscall_trace_enter+0xcf/0x1e0
[  258.938289][T10045]  do_syscall_64+0xaa/0x1a0
[  258.938308][T10045]  ? clear_bhb_loop+0x25/0x80
[  258.938327][T10045]  ? clear_bhb_loop+0x25/0x80
[  258.938345][T10045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.938402][T10045] RIP: 0033:0x7fdf77c3e969
[  258.938522][T10045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  258.938537][T10045] RSP: 002b:00007fdf762a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[  258.938552][T10045] RAX: ffffffffffffffda RBX: 00007fdf77e65fa0 RCX: 00007fdf77c3e969
[  258.938593][T10045] RDX: 0000000000000358 RSI: 0000000000000487 RDI: 0000000000000006
[  258.938603][T10045] RBP: 00007fdf762a7090 R08: 0000000000000000 R09: 0000000000000000
[  258.938613][T10045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  258.938623][T10045] R13: 0000000000000000 R14: 00007fdf77e65fa0 R15: 00007ffd7ddff468
[  258.938718][T10045]  </TASK>
[  259.155380][   T23] usb usb8-port1: unable to enumerate USB device
[  259.214585][T10056] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  259.244205][T10058] loop5: detected capacity change from 0 to 512
[  259.250852][T10058] EXT4-fs: Ignoring removed mblk_io_submit option
[  259.257310][T10058] EXT4-fs: Invalid want_extra_isize 2
[  259.300586][T10062] loop1: detected capacity change from 0 to 8192
[  259.847952][T10074] hub 2-0:1.0: USB hub found
[  259.852864][T10074] hub 2-0:1.0: 8 ports detected
[  260.316970][T10078] loop5: detected capacity change from 0 to 2048
[  260.389805][T10078] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  260.482061][T10078] ext4 filesystem being mounted at /130/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  260.501955][T10087] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  260.536418][T10078] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.634099][T10078] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.683816][T10078] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.763837][T10078] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.830795][T10078] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  260.842782][T10078] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  260.856557][T10078] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  260.868744][T10078] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  260.899876][ T7882] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.939873][T10100] netlink: 'syz.5.2081': attribute type 10 has an invalid length.
[  260.950877][T10100] bridge0: port 3(team0) entered disabled state
[  260.957745][T10100] team0: left allmulticast mode
[  260.962738][T10100] team_slave_0: left allmulticast mode
[  260.968245][T10100] team_slave_1: left allmulticast mode
[  260.973855][T10100] team0: left promiscuous mode
[  260.978635][T10100] team_slave_0: left promiscuous mode
[  260.984212][T10100] team_slave_1: left promiscuous mode
[  260.989817][T10100] bridge0: port 3(team0) entered disabled state
[  260.998991][T10100] batman_adv: batadv0: Adding interface: team0
[  261.005398][T10100] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.030843][T10100] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  261.049855][T10100] netlink: 'syz.5.2081': attribute type 10 has an invalid length.
[  261.057748][T10100] __nla_validate_parse: 9 callbacks suppressed
[  261.057763][T10100] netlink: 2 bytes leftover after parsing attributes in process `syz.5.2081'.
[  261.074185][T10100] team0: entered promiscuous mode
[  261.079281][T10100] team_slave_0: entered promiscuous mode
[  261.085080][T10100] team_slave_1: entered promiscuous mode
[  261.093474][T10100] 8021q: adding VLAN 0 to HW filter on device team0
[  261.100771][T10100] batman_adv: batadv0: Interface activated: team0
[  261.107342][T10100] batman_adv: batadv0: Interface deactivated: team0
[  261.114067][T10100] batman_adv: batadv0: Removing interface: team0
[  261.122275][T10100] bridge0: port 3(team0) entered blocking state
[  261.128647][T10100] bridge0: port 3(team0) entered disabled state
[  261.138956][T10101] loop5: detected capacity change from 0 to 512
[  261.147698][T10100] team0: entered allmulticast mode
[  261.152864][T10100] team_slave_0: entered allmulticast mode
[  261.158619][T10100] team_slave_1: entered allmulticast mode
[  261.166527][T10101] EXT4-fs (loop5): too many log groups per flexible block group
[  261.174303][T10101] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  261.183166][T10100] bridge0: port 3(team0) entered blocking state
[  261.189541][T10100] bridge0: port 3(team0) entered forwarding state
[  261.196542][T10101] EXT4-fs (loop5): mount failed
[  261.358868][T10113] FAULT_INJECTION: forcing a failure.
[  261.358868][T10113] name failslab, interval 1, probability 0, space 0, times 0
[  261.371824][T10113] CPU: 1 UID: 0 PID: 10113 Comm: syz.5.2085 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(voluntary) 
[  261.371859][T10113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  261.371879][T10113] Call Trace:
[  261.371887][T10113]  <TASK>
[  261.371896][T10113]  __dump_stack+0x1d/0x30
[  261.371922][T10113]  dump_stack_lvl+0xe8/0x140
[  261.372005][T10113]  dump_stack+0x15/0x1b
[  261.372022][T10113]  should_fail_ex+0x265/0x280
[  261.372053][T10113]  ? audit_log_d_path+0x8d/0x150
[  261.372086][T10113]  should_failslab+0x8c/0xb0
[  261.372122][T10113]  __kmalloc_cache_noprof+0x4c/0x320
[  261.372192][T10113]  audit_log_d_path+0x8d/0x150
[  261.372225][T10113]  audit_log_d_path_exe+0x42/0x70
[  261.372269][T10113]  audit_log_task+0x1e9/0x250
[  261.372341][T10113]  audit_seccomp+0x61/0x100
[  261.372364][T10113]  ? __seccomp_filter+0x68c/0x10d0
[  261.372384][T10113]  __seccomp_filter+0x69d/0x10d0
[  261.372410][T10113]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  261.372492][T10113]  ? vfs_write+0x75e/0x8d0
[  261.372523][T10113]  ? __rcu_read_unlock+0x4f/0x70
[  261.372550][T10113]  ? __fget_files+0x184/0x1c0
[  261.372585][T10113]  __secure_computing+0x82/0x150
[  261.372683][T10113]  syscall_trace_enter+0xcf/0x1e0
[  261.372713][T10113]  do_syscall_64+0xaa/0x1a0
[  261.372741][T10113]  ? clear_bhb_loop+0x25/0x80
[  261.372764][T10113]  ? clear_bhb_loop+0x25/0x80
[  261.372863][T10113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.372893][T10113] RIP: 0033:0x7fa4ab4be969
[  261.372911][T10113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.372943][T10113] RSP: 002b:00007fa4a9b27038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a0
[  261.372960][T10113] RAX: ffffffffffffffda RBX: 00007fa4ab6e5fa0 RCX: 00007fa4ab4be969
[  261.373030][T10113] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009
[  261.373096][T10113] RBP: 00007fa4a9b27090 R08: 0000000000000000 R09: 0000000000000000
[  261.373107][T10113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.373120][T10113] R13: 0000000000000000 R14: 00007fa4ab6e5fa0 R15: 00007ffc01264ea8
[  261.373144][T10113]  </TASK>
[  261.652665][T10121] xt_hashlimit: size too large, truncated to 1048576
[  261.868595][T10136] IPv6: NLM_F_CREATE should be specified when creating new route
[  261.929882][T10140] loop3: detected capacity change from 0 to 512
[  261.944301][T10140] EXT4-fs: Ignoring removed nobh option
[  261.953228][T10138] loop4: detected capacity change from 0 to 8192
[  261.955523][T10140] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2095: invalid indirect mapped block 256 (level 2)
[  261.974383][T10140] EXT4-fs (loop3): 2 truncates cleaned up
[  261.980856][T10140] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  261.991305][T10143] loop5: detected capacity change from 0 to 164
[  262.003149][T10143] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  262.030442][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.075661][T10145] loop4: detected capacity change from 0 to 2048
[  262.098318][T10151] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  262.112571][T10145] Alternate GPT is invalid, using primary GPT.
[  262.118908][T10145]  loop4: p1 p2 p3
[  262.519806][T10163] netlink: 'syz.4.2103': attribute type 10 has an invalid length.
[  262.531660][T10163] bridge0: port 3(team0) entered disabled state
[  262.538251][T10163] team0: left allmulticast mode
[  262.543204][T10163] team_slave_0: left allmulticast mode
[  262.548667][T10163] team_slave_1: left allmulticast mode
[  262.554196][T10163] geneve1: left allmulticast mode
[  262.559274][T10163] team0: left promiscuous mode
[  262.564090][T10163] team_slave_0: left promiscuous mode
[  262.569700][T10163] team_slave_1: left promiscuous mode
[  262.571000][T10164] netlink: 'syz.4.2103': attribute type 10 has an invalid length.
[  262.575168][T10163] geneve1: left promiscuous mode
[  262.582926][T10164] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2103'.
[  262.587961][T10163] bridge0: port 3(team0) entered disabled state
[  262.614706][T10163] batman_adv: batadv0: Adding interface: team0
[  262.620933][T10163] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.646194][T10163] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  262.656585][T10164] team0: entered promiscuous mode
[  262.661682][T10164] team_slave_0: entered promiscuous mode
[  262.667466][T10164] team_slave_1: entered promiscuous mode
[  262.673302][T10164] geneve1: entered promiscuous mode
[  262.682247][T10164] 8021q: adding VLAN 0 to HW filter on device team0
[  262.691488][T10163] loop4: detected capacity change from 0 to 512
[  262.699171][T10164] batman_adv: batadv0: Interface activated: team0
[  262.705670][T10164] batman_adv: batadv0: Interface deactivated: team0
[  262.712543][T10164] batman_adv: batadv0: Removing interface: team0
[  262.721794][T10163] EXT4-fs (loop4): too many log groups per flexible block group
[  262.729573][T10163] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  262.737474][T10164] bridge0: port 3(team0) entered blocking state
[  262.743892][T10164] bridge0: port 3(team0) entered disabled state
[  262.750209][T10163] EXT4-fs (loop4): mount failed
[  262.755355][T10164] team0: entered allmulticast mode
[  262.760631][T10164] team_slave_0: entered allmulticast mode
[  262.766367][T10164] team_slave_1: entered allmulticast mode
[  262.772158][T10164] geneve1: entered allmulticast mode
[  262.779156][T10164] bridge0: port 3(team0) entered blocking state
[  262.785538][T10164] bridge0: port 3(team0) entered forwarding state
[  262.834062][T10173] FAULT_INJECTION: forcing a failure.
[  262.834062][T10173] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  262.847230][T10173] CPU: 0 UID: 0 PID: 10173 Comm: syz.4.2106 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(voluntary) 
[  262.847273][T10173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  262.847314][T10173] Call Trace:
[  262.847320][T10173]  <TASK>
[  262.847328][T10173]  __dump_stack+0x1d/0x30
[  262.847353][T10173]  dump_stack_lvl+0xe8/0x140
[  262.847376][T10173]  dump_stack+0x15/0x1b
[  262.847397][T10173]  should_fail_ex+0x265/0x280
[  262.847453][T10173]  should_fail+0xb/0x20
[  262.847486][T10173]  should_fail_usercopy+0x1a/0x20
[  262.847564][T10173]  _copy_to_user+0x20/0xa0
[  262.847590][T10173]  simple_read_from_buffer+0xb5/0x130
[  262.847613][T10173]  proc_fail_nth_read+0x100/0x140
[  262.847645][T10173]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  262.847722][T10173]  vfs_read+0x19d/0x6f0
[  262.847748][T10173]  ? __rcu_read_unlock+0x4f/0x70
[  262.847766][T10173]  ? __rcu_read_unlock+0x4f/0x70
[  262.847783][T10173]  ? __fget_files+0x184/0x1c0
[  262.847809][T10173]  ksys_read+0xda/0x1a0
[  262.847855][T10173]  __x64_sys_read+0x40/0x50
[  262.847944][T10173]  x64_sys_call+0x2d77/0x2fb0
[  262.847962][T10173]  do_syscall_64+0xd0/0x1a0
[  262.847983][T10173]  ? clear_bhb_loop+0x25/0x80
[  262.848005][T10173]  ? clear_bhb_loop+0x25/0x80
[  262.848037][T10173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.848055][T10173] RIP: 0033:0x7f99a011d37c
[  262.848067][T10173] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  262.848087][T10173] RSP: 002b:00007f999e787030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  262.848108][T10173] RAX: ffffffffffffffda RBX: 00007f99a0345fa0 RCX: 00007f99a011d37c
[  262.848180][T10173] RDX: 000000000000000f RSI: 00007f999e7870a0 RDI: 0000000000000008
[  262.848191][T10173] RBP: 00007f999e787090 R08: 0000000000000000 R09: 0000000000000000
[  262.848201][T10173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  262.848212][T10173] R13: 0000000000000000 R14: 00007f99a0345fa0 R15: 00007ffe30dbc4d8
[  262.848229][T10173]  </TASK>
[  262.860398][T10171] loop1: detected capacity change from 0 to 1024
[  263.063325][T10171] EXT4-fs: inline encryption not supported
[  263.069165][T10171] EXT4-fs: Ignoring removed i_version option
[  263.076425][T10171] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  263.089902][T10176] loop4: detected capacity change from 0 to 512
[  263.106494][T10171] EXT4-fs error (device loop1): ext4_map_blocks:709: inode #3: block 1: comm syz.1.2105: lblock 1 mapped to illegal pblock 1 (length 1)
[  263.129969][T10176] EXT4-fs: Ignoring removed nobh option
[  263.139694][T10171] __quota_error: 199 callbacks suppressed
[  263.139711][T10171] Quota error (device loop1): write_blk: dquota write failed
[  263.152908][T10171] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  263.165864][T10171] EXT4-fs error (device loop1): ext4_acquire_dquot:6935: comm syz.1.2105: Failed to acquire dquot type 0
[  263.179471][   T29] audit: type=1326 audit(1746827643.643:8838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.5.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  263.203019][   T29] audit: type=1326 audit(1746827643.643:8839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.5.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  263.205146][T10184] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  263.226638][   T29] audit: type=1326 audit(1746827643.643:8840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.5.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  263.238894][T10171] EXT4-fs error (device loop1): ext4_free_blocks:6587: comm syz.1.2105: Freeing blocks not in datazone - block = 0, count = 4096
[  263.264673][T10187] IPVS: stopping master sync thread 10184 ...
[  263.274438][T10171] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.2105: Invalid inode bitmap blk 0 in block_group 0
[  263.294084][T10176] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2107: invalid indirect mapped block 256 (level 2)
[  263.307436][  T144] EXT4-fs error (device loop1): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1)
[  263.307923][   T29] audit: type=1326 audit(1746827643.643:8841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.5.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  263.325182][  T144] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  263.345294][   T29] audit: type=1326 audit(1746827643.643:8842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.5.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  263.353766][  T144] EXT4-fs error (device loop1): ext4_release_dquot:6971: comm kworker/u8:4: Failed to release dquot type 0
[  263.382338][T10171] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[  263.392234][   T29] audit: type=1326 audit(1746827643.643:8843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.5.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  263.405267][T10176] EXT4-fs (loop4): 2 truncates cleaned up
[  263.424279][   T29] audit: type=1326 audit(1746827643.643:8844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10180 comm="syz.5.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  263.431818][T10176] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.469736][T10171] EXT4-fs (loop1): 1 orphan inode deleted
[  263.473035][T10195] xt_hashlimit: size too large, truncated to 1048576
[  263.475981][T10171] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.546693][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.557792][T10171] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  263.579238][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.899883][T10226] loop5: detected capacity change from 0 to 512
[  263.906444][T10226] EXT4-fs: Ignoring removed nobh option
[  263.924029][T10226] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2125: invalid indirect mapped block 256 (level 2)
[  263.954053][T10226] EXT4-fs (loop5): 2 truncates cleaned up
[  263.967362][T10226] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  264.015114][T10233] hub 2-0:1.0: USB hub found
[  264.019966][T10233] hub 2-0:1.0: 8 ports detected
[  264.065856][ T7882] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.436463][T10249] hub 2-0:1.0: USB hub found
[  264.441446][T10249] hub 2-0:1.0: 8 ports detected
[  265.101653][T10263] hub 2-0:1.0: USB hub found
[  265.123358][T10263] hub 2-0:1.0: 8 ports detected
[  265.266485][T10267] hub 2-0:1.0: USB hub found
[  265.271487][T10267] hub 2-0:1.0: 8 ports detected
[  265.432675][T10270] loop5: detected capacity change from 0 to 512
[  265.468833][T10270] EXT4-fs: Ignoring removed nobh option
[  266.138984][T10270] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2139: invalid indirect mapped block 256 (level 2)
[  266.183020][T10270] EXT4-fs (loop5): 2 truncates cleaned up
[  266.189326][T10270] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.263240][ T7882] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.322703][T10275] netlink: 'syz.5.2140': attribute type 10 has an invalid length.
[  266.351294][T10275] bridge0: port 3(team0) entered disabled state
[  266.371583][T10275] team0: left allmulticast mode
[  266.376477][T10275] team_slave_0: left allmulticast mode
[  266.382043][T10275] team_slave_1: left allmulticast mode
[  266.387513][T10275] team0: left promiscuous mode
[  266.392324][T10275] team_slave_0: left promiscuous mode
[  266.397752][T10275] team_slave_1: left promiscuous mode
[  266.403433][T10275] bridge0: port 3(team0) entered disabled state
[  266.482073][T10276] netlink: 'syz.5.2140': attribute type 10 has an invalid length.
[  266.489926][T10276] netlink: 2 bytes leftover after parsing attributes in process `syz.5.2140'.
[  266.542542][T10277] loop5: detected capacity change from 0 to 512
[  266.571588][T10275] batman_adv: batadv0: Adding interface: team0
[  266.577783][T10275] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.602958][T10275] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  266.702048][T10276] team0: entered promiscuous mode
[  266.707158][T10276] team_slave_0: entered promiscuous mode
[  266.712965][T10276] team_slave_1: entered promiscuous mode
[  266.747235][T10276] 8021q: adding VLAN 0 to HW filter on device team0
[  266.764967][T10277] EXT4-fs (loop5): too many log groups per flexible block group
[  266.772839][T10277] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  266.820266][T10277] EXT4-fs (loop5): mount failed
[  266.831789][T10276] batman_adv: batadv0: Interface activated: team0
[  266.838311][T10276] batman_adv: batadv0: Interface deactivated: team0
[  266.845038][T10276] batman_adv: batadv0: Removing interface: team0
[  266.894229][T10276] bridge0: port 3(team0) entered blocking state
[  266.900645][T10276] bridge0: port 3(team0) entered disabled state
[  266.917635][T10276] team0: entered allmulticast mode
[  266.923027][T10276] team_slave_0: entered allmulticast mode
[  266.928963][T10276] team_slave_1: entered allmulticast mode
[  266.935459][T10276] bridge0: port 3(team0) entered blocking state
[  266.941814][T10276] bridge0: port 3(team0) entered forwarding state
[  266.955889][T10281] loop4: detected capacity change from 0 to 2048
[  267.002385][T10281] Alternate GPT is invalid, using primary GPT.
[  267.008819][T10281]  loop4: p1 p2 p3
[  267.186566][T10283] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2142'.
[  267.255861][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.535359][T10298] loop2: detected capacity change from 0 to 8192
[  267.585098][ T1472] tipc: Subscription rejected, illegal request
[  267.599746][T10302] hub 9-0:1.0: USB hub found
[  267.608922][T10302] hub 9-0:1.0: 8 ports detected
[  267.659673][T10305] xt_hashlimit: size too large, truncated to 1048576
[  267.978660][T10315] hub 2-0:1.0: USB hub found
[  267.983623][T10315] hub 2-0:1.0: 8 ports detected
[  268.571167][T10317] loop2: detected capacity change from 0 to 512
[  268.641958][T10317] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  268.671238][T10319] loop4: detected capacity change from 0 to 8192
[  268.682410][T10317] ext4 filesystem being mounted at /414/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  268.990553][T10337] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  269.240755][T10343] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2162'.
[  269.320540][   T36] hid-generic 0000:0004:0000.0009: unknown main item tag 0x0
[  269.328030][   T36] hid-generic 0000:0004:0000.0009: unknown main item tag 0x0
[  269.335525][   T36] hid-generic 0000:0004:0000.0009: unknown main item tag 0x0
[  269.343301][   T36] hid-generic 0000:0004:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  269.366648][T10350] xt_hashlimit: size too large, truncated to 1048576
[  269.466500][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  269.658670][T10363] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2168'.
[  269.756607][T10368] hub 2-0:1.0: USB hub found
[  269.761415][T10368] hub 2-0:1.0: 8 ports detected
[  269.770849][   T23] usb usb8-port1: attempt power cycle
[  269.838947][T10372] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  270.145895][T10382] hub 2-0:1.0: USB hub found
[  270.150698][T10382] hub 2-0:1.0: 8 ports detected
[  271.615542][T10384] hub 2-0:1.0: USB hub found
[  271.620321][T10384] hub 2-0:1.0: 8 ports detected
[  272.002701][T10402] netlink: 'syz.1.2181': attribute type 10 has an invalid length.
[  272.036028][T10402] bridge0: port 3(team0) entered disabled state
[  272.044367][T10404] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  272.061552][T10402] team0: left allmulticast mode
[  272.066428][T10402] team_slave_0: left allmulticast mode
[  272.071945][T10402] team_slave_1: left allmulticast mode
[  272.077411][T10402] geneve1: left allmulticast mode
[  272.082557][T10402] team0: left promiscuous mode
[  272.087362][T10402] team_slave_0: left promiscuous mode
[  272.092933][T10402] team_slave_1: left promiscuous mode
[  272.098412][T10402] geneve1: left promiscuous mode
[  272.103616][T10402] bridge0: port 3(team0) entered disabled state
[  272.175088][T10407] netlink: 'syz.1.2181': attribute type 10 has an invalid length.
[  272.182956][T10407] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2181'.
[  272.227475][T10411] loop1: detected capacity change from 0 to 512
[  272.246454][T10402] batman_adv: batadv0: Adding interface: team0
[  272.252726][T10402] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  272.277895][T10402] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  272.352369][T10407] team0: entered promiscuous mode
[  272.357505][T10407] team_slave_0: entered promiscuous mode
[  272.363252][T10407] team_slave_1: entered promiscuous mode
[  272.368919][T10407] geneve1: entered promiscuous mode
[  272.393006][T10407] 8021q: adding VLAN 0 to HW filter on device team0
[  272.411407][T10411] EXT4-fs (loop1): too many log groups per flexible block group
[  272.419131][T10411] EXT4-fs (loop1): failed to initialize mballoc (-12)
[  272.446264][T10411] EXT4-fs (loop1): mount failed
[  272.456329][T10407] batman_adv: batadv0: Interface activated: team0
[  272.462905][T10407] batman_adv: batadv0: Interface deactivated: team0
[  272.469567][T10407] batman_adv: batadv0: Removing interface: team0
[  272.506671][T10407] bridge0: port 3(team0) entered blocking state
[  272.513122][T10407] bridge0: port 3(team0) entered disabled state
[  272.529718][T10407] team0: entered allmulticast mode
[  272.534878][T10407] team_slave_0: entered allmulticast mode
[  272.540695][T10407] team_slave_1: entered allmulticast mode
[  272.546464][T10407] geneve1: entered allmulticast mode
[  272.580971][T10407] bridge0: port 3(team0) entered blocking state
[  272.587394][T10407] bridge0: port 3(team0) entered forwarding state
[  272.669032][T10419] xt_hashlimit: size too large, truncated to 1048576
[  272.760438][   T23] usb usb8-port1: unable to enumerate USB device
[  272.766912][T10314] vhci_hcd: default hub control req: 3f0c v08a6 i0001 l1
[  272.776834][T10425] loop3: detected capacity change from 0 to 512
[  272.886427][T10430] hub 2-0:1.0: USB hub found
[  272.891344][T10430] hub 2-0:1.0: 8 ports detected
[  272.993399][T10425] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  273.024724][T10425] ext4 filesystem being mounted at /417/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  273.255122][   T10] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0
[  273.262629][   T10] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0
[  273.270018][   T10] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0
[  273.329693][   T10] hid-generic 0000:0004:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  273.687563][T10448] netlink: 'syz.4.2194': attribute type 10 has an invalid length.
[  273.698748][T10449] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  273.716722][T10448] bridge0: port 3(team0) entered disabled state
[  273.733535][T10448] team0: left allmulticast mode
[  273.738420][T10448] team_slave_0: left allmulticast mode
[  273.743964][T10448] team_slave_1: left allmulticast mode
[  273.749423][T10448] geneve1: left allmulticast mode
[  273.757825][T10448] team0: left promiscuous mode
[  273.762642][T10448] team_slave_0: left promiscuous mode
[  273.768215][T10448] team_slave_1: left promiscuous mode
[  273.773717][T10448] geneve1: left promiscuous mode
[  273.778913][T10448] bridge0: port 3(team0) entered disabled state
[  273.813261][T10452] netlink: 'syz.4.2194': attribute type 10 has an invalid length.
[  273.821138][T10452] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2194'.
[  273.946764][T10453] loop4: detected capacity change from 0 to 512
[  273.973239][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  273.983888][T10448] batman_adv: batadv0: Adding interface: team0
[  273.990062][T10448] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  274.015289][T10448] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  274.376173][T10455] hub 2-0:1.0: USB hub found
[  274.381153][T10455] hub 2-0:1.0: 8 ports detected
[  274.486350][T10453] EXT4-fs (loop4): too many log groups per flexible block group
[  274.494130][T10453] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  274.536635][T10453] EXT4-fs (loop4): mount failed
[  274.762739][T10452] team0: entered promiscuous mode
[  274.767815][T10452] team_slave_0: entered promiscuous mode
[  274.773569][T10452] team_slave_1: entered promiscuous mode
[  274.779409][T10452] geneve1: entered promiscuous mode
[  274.796663][   T29] kauditd_printk_skb: 53 callbacks suppressed
[  274.796677][   T29] audit: type=1326 audit(1746827655.263:8898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45d20de969 code=0x7ffc0000
[  274.826353][   T29] audit: type=1326 audit(1746827655.263:8899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45d20de969 code=0x7ffc0000
[  274.858480][T10465] loop3: detected capacity change from 0 to 2048
[  274.883340][T10452] 8021q: adding VLAN 0 to HW filter on device team0
[  274.900683][T10452] batman_adv: batadv0: Interface activated: team0
[  274.907158][T10452] batman_adv: batadv0: Interface deactivated: team0
[  274.913820][T10452] batman_adv: batadv0: Removing interface: team0
[  274.941561][T10452] bridge0: port 3(team0) entered blocking state
[  274.947865][T10452] bridge0: port 3(team0) entered disabled state
[  274.955379][T10465] Alternate GPT is invalid, using primary GPT.
[  274.961696][T10465]  loop3: p1 p2 p3
[  274.980070][   T29] audit: type=1326 audit(1746827655.323:8900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f45d20de969 code=0x7ffc0000
[  275.003797][   T29] audit: type=1326 audit(1746827655.323:8901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45d20de969 code=0x7ffc0000
[  275.027288][   T29] audit: type=1326 audit(1746827655.323:8902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45d20de969 code=0x7ffc0000
[  275.050764][   T29] audit: type=1326 audit(1746827655.323:8903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f45d20de969 code=0x7ffc0000
[  275.074328][   T29] audit: type=1326 audit(1746827655.323:8904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45d20de969 code=0x7ffc0000
[  275.097856][   T29] audit: type=1326 audit(1746827655.323:8905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45d20de969 code=0x7ffc0000
[  275.121378][   T29] audit: type=1326 audit(1746827655.323:8906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f45d20de969 code=0x7ffc0000
[  275.144863][   T29] audit: type=1326 audit(1746827655.323:8907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45d20de969 code=0x7ffc0000
[  275.191396][T10452] team0: entered allmulticast mode
[  275.196537][T10452] team_slave_0: entered allmulticast mode
[  275.202306][T10452] team_slave_1: entered allmulticast mode
[  275.208106][T10452] geneve1: entered allmulticast mode
[  275.262195][T10452] bridge0: port 3(team0) entered blocking state
[  275.268482][T10452] bridge0: port 3(team0) entered forwarding state
[  275.372649][T10467] loop4: detected capacity change from 0 to 512
[  275.531484][T10467] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  275.570941][T10467] ext4 filesystem being mounted at /473/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  275.696678][T10467] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #2: comm syz.4.2198: corrupted inode contents
[  275.712965][T10472] loop1: detected capacity change from 0 to 8192
[  275.733330][T10467] EXT4-fs error (device loop4): ext4_dirty_inode:6103: inode #2: comm syz.4.2198: mark_inode_dirty error
[  275.748978][T10477] pim6reg: entered allmulticast mode
[  275.756576][T10477] pim6reg: left allmulticast mode
[  275.766790][T10467] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #2: comm syz.4.2198: corrupted inode contents
[  275.832732][T10480] hub 2-0:1.0: USB hub found
[  275.837739][T10480] hub 2-0:1.0: 8 ports detected
[  275.867034][T10467] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2198'.
[  275.917963][T10478] loop2: detected capacity change from 0 to 2048
[  275.990388][T10477] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2198'.
[  276.010707][T10478] Alternate GPT is invalid, using primary GPT.
[  276.017016][T10478]  loop2: p1 p2 p3
[  276.063406][T10467] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2198'.
[  276.185929][T10477] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #2: comm syz.4.2198: corrupted inode contents
[  276.286543][T10484] loop3: detected capacity change from 0 to 1024
[  276.297296][T10467] netlink: 'syz.4.2198': attribute type 1 has an invalid length.
[  276.343368][T10484] EXT4-fs: inline encryption not supported
[  276.349255][T10484] EXT4-fs: Ignoring removed i_version option
[  276.366809][T10477] EXT4-fs error (device loop4): ext4_dirty_inode:6103: inode #2: comm syz.4.2198: mark_inode_dirty error
[  276.488782][T10484] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  276.500530][T10477] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #2: comm syz.4.2198: corrupted inode contents
[  276.535010][T10484] EXT4-fs error (device loop3): ext4_map_blocks:709: inode #3: block 1: comm syz.3.2202: lblock 1 mapped to illegal pblock 1 (length 1)
[  276.569669][T10477] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.2198: mark_inode_dirty error
[  276.592360][T10484] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.2202: Failed to acquire dquot type 0
[  276.614787][T10477] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #2: comm syz.4.2198: corrupted inode contents
[  276.641517][T10484] EXT4-fs error (device loop3): ext4_free_blocks:6587: comm syz.3.2202: Freeing blocks not in datazone - block = 0, count = 4096
[  276.664521][T10477] EXT4-fs error (device loop4): ext4_dirty_inode:6103: inode #2: comm syz.4.2198: mark_inode_dirty error
[  276.686091][T10490] xt_hashlimit: size too large, truncated to 1048576
[  276.695261][T10484] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.2202: Invalid inode bitmap blk 0 in block_group 0
[  276.719153][ T1472] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:5: lblock 1 mapped to illegal pblock 1 (length 1)
[  276.824540][T10484] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  276.840202][ T1472] EXT4-fs error (device loop3): ext4_release_dquot:6971: comm kworker/u8:5: Failed to release dquot type 0
[  276.860352][T10484] EXT4-fs (loop3): 1 orphan inode deleted
[  276.872963][T10484] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.895968][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.915264][T10484] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  276.961787][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  276.996722][T10495] loop3: detected capacity change from 0 to 512
[  277.072251][T10495] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  277.090218][T10495] ext4 filesystem being mounted at /420/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  277.247513][T10504] loop5: detected capacity change from 0 to 512
[  277.261767][T10506] netlink: 'syz.2.2209': attribute type 10 has an invalid length.
[  277.271914][T10506] bridge0: port 3(team0) entered disabled state
[  277.273036][T10504] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  277.278707][T10506] team0: left allmulticast mode
[  277.290855][T10504] ext4 filesystem being mounted at /170/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  277.295564][T10506] team_slave_0: left allmulticast mode
[  277.295594][T10506] team_slave_1: left allmulticast mode
[  277.317040][T10506] geneve1: left allmulticast mode
[  277.322273][T10506] team0: left promiscuous mode
[  277.327055][T10506] team_slave_0: left promiscuous mode
[  277.332629][T10506] team_slave_1: left promiscuous mode
[  277.334066][T10509] netlink: 'syz.2.2209': attribute type 10 has an invalid length.
[  277.338054][T10506] geneve1: left promiscuous mode
[  277.345871][T10509] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2209'.
[  277.350993][T10506] bridge0: port 3(team0) entered disabled state
[  277.367364][T10506] batman_adv: batadv0: Adding interface: team0
[  277.373604][T10506] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.398787][T10506] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  277.408966][T10509] team0: entered promiscuous mode
[  277.414140][T10509] team_slave_0: entered promiscuous mode
[  277.419901][T10509] team_slave_1: entered promiscuous mode
[  277.425668][T10509] geneve1: entered promiscuous mode
[  277.432364][T10509] 8021q: adding VLAN 0 to HW filter on device team0
[  277.439473][T10509] batman_adv: batadv0: Interface activated: team0
[  277.445983][T10509] batman_adv: batadv0: Interface deactivated: team0
[  277.452619][T10509] batman_adv: batadv0: Removing interface: team0
[  277.452776][T10506] loop2: detected capacity change from 0 to 512
[  277.465991][T10509] bridge0: port 3(team0) entered blocking state
[  277.471417][T10506] EXT4-fs (loop2): too many log groups per flexible block group
[  277.472442][T10509] bridge0: port 3(team0) entered disabled state
[  277.479983][T10506] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  277.480006][T10506] EXT4-fs (loop2): mount failed
[  277.498156][T10509] team0: entered allmulticast mode
[  277.503391][T10509] team_slave_0: entered allmulticast mode
[  277.509113][T10509] team_slave_1: entered allmulticast mode
[  277.514844][T10509] geneve1: entered allmulticast mode
[  277.521983][T10509] bridge0: port 3(team0) entered blocking state
[  277.528289][T10509] bridge0: port 3(team0) entered forwarding state
[  277.634308][T10519] hub 2-0:1.0: USB hub found
[  277.639314][T10519] hub 2-0:1.0: 8 ports detected
[  277.684762][T10521] hub 2-0:1.0: USB hub found
[  277.696125][T10521] hub 2-0:1.0: 8 ports detected
[  277.705090][T10523] loop1: detected capacity change from 0 to 8192
[  277.829072][T10525] FAULT_INJECTION: forcing a failure.
[  277.829072][T10525] name failslab, interval 1, probability 0, space 0, times 0
[  277.841792][T10525] CPU: 1 UID: 0 PID: 10525 Comm: syz.4.2215 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(voluntary) 
[  277.841823][T10525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  277.841835][T10525] Call Trace:
[  277.841841][T10525]  <TASK>
[  277.841848][T10525]  __dump_stack+0x1d/0x30
[  277.841947][T10525]  dump_stack_lvl+0xe8/0x140
[  277.841969][T10525]  dump_stack+0x15/0x1b
[  277.841985][T10525]  should_fail_ex+0x265/0x280
[  277.842123][T10525]  should_failslab+0x8c/0xb0
[  277.842153][T10525]  kmem_cache_alloc_noprof+0x50/0x310
[  277.842191][T10525]  ? security_file_alloc+0x32/0x100
[  277.842253][T10525]  security_file_alloc+0x32/0x100
[  277.842295][T10525]  init_file+0x5c/0x1d0
[  277.842331][T10525]  alloc_empty_file+0x8b/0x200
[  277.842379][T10525]  alloc_file_pseudo+0xc6/0x160
[  277.842417][T10525]  anon_inode_getfd+0xc1/0x150
[  277.842460][T10525]  bpf_map_new_fd+0x52/0x70
[  277.842535][T10525]  map_create+0xb5a/0xb90
[  277.842579][T10525]  ? security_bpf+0x2b/0x90
[  277.842612][T10525]  __sys_bpf+0x5ab/0x790
[  277.842704][T10525]  __x64_sys_bpf+0x41/0x50
[  277.842735][T10525]  x64_sys_call+0x2478/0x2fb0
[  277.842759][T10525]  do_syscall_64+0xd0/0x1a0
[  277.842828][T10525]  ? clear_bhb_loop+0x25/0x80
[  277.842873][T10525]  ? clear_bhb_loop+0x25/0x80
[  277.842901][T10525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.842988][T10525] RIP: 0033:0x7f99a011e969
[  277.843005][T10525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.843023][T10525] RSP: 002b:00007f999e787038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  277.843123][T10525] RAX: ffffffffffffffda RBX: 00007f99a0345fa0 RCX: 00007f99a011e969
[  277.843133][T10525] RDX: 0000000000000048 RSI: 0000200000000000 RDI: 0000000000000000
[  277.843144][T10525] RBP: 00007f999e787090 R08: 0000000000000000 R09: 0000000000000000
[  277.843155][T10525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.843174][T10525] R13: 0000000000000001 R14: 00007f99a0345fa0 R15: 00007ffe30dbc4d8
[  277.843196][T10525]  </TASK>
[  278.069419][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  278.336085][T10532] hub 2-0:1.0: USB hub found
[  278.341994][T10532] hub 2-0:1.0: 8 ports detected
[  278.502183][ T7882] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  278.942860][T10538] xt_hashlimit: size too large, truncated to 1048576
[  279.132259][T10542] netlink: 'syz.3.2222': attribute type 10 has an invalid length.
[  279.184499][T10542] bridge0: port 3(team0) entered disabled state
[  279.201517][T10542] team0: left allmulticast mode
[  279.206488][T10542] C: left allmulticast mode
[  279.211030][T10542] team_slave_1: left allmulticast mode
[  279.216493][T10542] geneve1: left allmulticast mode
[  279.221611][T10542] team0: left promiscuous mode
[  279.226400][T10542] C: left promiscuous mode
[  279.230942][T10542] team_slave_1: left promiscuous mode
[  279.236410][T10542] geneve1: left promiscuous mode
[  279.241515][T10542] bridge0: port 3(team0) entered disabled state
[  279.399907][T10547] netlink: 'syz.3.2222': attribute type 10 has an invalid length.
[  279.407834][T10547] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2222'.
[  279.462883][T10551] loop3: detected capacity change from 0 to 512
[  279.502237][T10542] batman_adv: batadv0: Adding interface: team0
[  279.508446][T10542] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  279.533689][T10542] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  279.584577][T10551] EXT4-fs (loop3): too many log groups per flexible block group
[  279.592332][T10551] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  279.618244][T10551] EXT4-fs (loop3): mount failed
[  279.641714][T10547] team0: entered promiscuous mode
[  279.646915][T10547] C: entered promiscuous mode
[  279.651756][T10547] team_slave_1: entered promiscuous mode
[  279.657503][T10547] geneve1: entered promiscuous mode
[  279.682280][T10547] 8021q: adding VLAN 0 to HW filter on device team0
[  279.721436][T10547] batman_adv: batadv0: Interface activated: team0
[  279.727930][T10547] batman_adv: batadv0: Interface deactivated: team0
[  279.734606][T10547] batman_adv: batadv0: Removing interface: team0
[  279.746108][T10547] bridge0: port 3(team0) entered blocking state
[  279.752455][T10547] bridge0: port 3(team0) entered disabled state
[  279.759063][T10547] team0: entered allmulticast mode
[  279.764308][T10547] C: entered allmulticast mode
[  279.769132][T10547] team_slave_1: entered allmulticast mode
[  279.774997][T10547] geneve1: entered allmulticast mode
[  279.782095][T10547] bridge0: port 3(team0) entered blocking state
[  279.788429][T10547] bridge0: port 3(team0) entered forwarding state
[  279.838809][T10563] loop1: detected capacity change from 0 to 512
[  279.877073][T10567] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2227'.
[  279.886624][T10563] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  279.909505][T10563] ext4 filesystem being mounted at /449/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  280.008602][T10572] loop3: detected capacity change from 0 to 8192
[  280.077162][T10576] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2229'.
[  280.331518][T10587] loop3: detected capacity change from 0 to 512
[  280.338329][T10587] EXT4-fs: Ignoring removed nobh option
[  280.359129][T10587] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2233: invalid indirect mapped block 256 (level 2)
[  280.394208][T10587] EXT4-fs (loop3): 2 truncates cleaned up
[  280.400708][T10587] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.475340][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.648983][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  280.660412][T10592] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  280.689278][   T29] kauditd_printk_skb: 103 callbacks suppressed
[  280.689290][   T29] audit: type=1400 audit(1746827661.153:9008): avc:  denied  { read } for  pid=10595 comm="syz.3.2238" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  280.719931][   T29] audit: type=1400 audit(1746827661.153:9009): avc:  denied  { ioctl } for  pid=10595 comm="syz.3.2238" path="/dev/loop-control" dev="devtmpfs" ino=99 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  280.758896][T10598] xt_hashlimit: size too large, truncated to 1048576
[  280.856264][T10596] FAULT_INJECTION: forcing a failure.
[  280.856264][T10596] name failslab, interval 1, probability 0, space 0, times 0
[  280.869004][T10596] CPU: 0 UID: 0 PID: 10596 Comm: syz.3.2238 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(voluntary) 
[  280.869152][T10596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  280.869169][T10596] Call Trace:
[  280.869176][T10596]  <TASK>
[  280.869185][T10596]  __dump_stack+0x1d/0x30
[  280.869206][T10596]  dump_stack_lvl+0xe8/0x140
[  280.869226][T10596]  dump_stack+0x15/0x1b
[  280.869263][T10596]  should_fail_ex+0x265/0x280
[  280.869302][T10596]  ? kobject_uevent_env+0x1c0/0x570
[  280.869337][T10596]  should_failslab+0x8c/0xb0
[  280.869419][T10596]  __kmalloc_cache_noprof+0x4c/0x320
[  280.869459][T10596]  kobject_uevent_env+0x1c0/0x570
[  280.869562][T10596]  ? device_pm_check_callbacks+0x683/0x6a0
[  280.869603][T10596]  kobject_uevent+0x1d/0x30
[  280.869696][T10596]  device_del+0x710/0x790
[  280.869727][T10596]  del_gendisk+0x4bf/0x5f0
[  280.869893][T10596]  loop_remove+0x26/0x80
[  280.869929][T10596]  loop_control_ioctl+0x3b3/0x3f0
[  280.869972][T10596]  ? __pfx_loop_control_ioctl+0x10/0x10
[  280.870037][T10596]  __se_sys_ioctl+0xcb/0x140
[  280.870062][T10596]  __x64_sys_ioctl+0x43/0x50
[  280.870085][T10596]  x64_sys_call+0x19a8/0x2fb0
[  280.870113][T10596]  do_syscall_64+0xd0/0x1a0
[  280.870169][T10596]  ? clear_bhb_loop+0x25/0x80
[  280.870238][T10596]  ? clear_bhb_loop+0x25/0x80
[  280.870261][T10596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.870326][T10596] RIP: 0033:0x7f45d20de969
[  280.870343][T10596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.870362][T10596] RSP: 002b:00007f45d0747038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  280.870384][T10596] RAX: ffffffffffffffda RBX: 00007f45d2305fa0 RCX: 00007f45d20de969
[  280.870397][T10596] RDX: 0000000000000002 RSI: 0000000000004c81 RDI: 000000000000000a
[  280.870411][T10596] RBP: 00007f45d0747090 R08: 0000000000000000 R09: 0000000000000000
[  280.870425][T10596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.870438][T10596] R13: 0000000000000000 R14: 00007f45d2305fa0 R15: 00007ffc007c8a78
[  280.870468][T10596]  </TASK>
[  281.219773][T10608] FAULT_INJECTION: forcing a failure.
[  281.219773][T10608] name failslab, interval 1, probability 0, space 0, times 0
[  281.232559][T10608] CPU: 0 UID: 0 PID: 10608 Comm: syz.3.2241 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(voluntary) 
[  281.232611][T10608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  281.232627][T10608] Call Trace:
[  281.232635][T10608]  <TASK>
[  281.232644][T10608]  __dump_stack+0x1d/0x30
[  281.232701][T10608]  dump_stack_lvl+0xe8/0x140
[  281.232727][T10608]  dump_stack+0x15/0x1b
[  281.232748][T10608]  should_fail_ex+0x265/0x280
[  281.232889][T10608]  should_failslab+0x8c/0xb0
[  281.232917][T10608]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[  281.232946][T10608]  ? sidtab_sid2str_get+0xa0/0x130
[  281.233014][T10608]  ? skb_put+0xa9/0xf0
[  281.233043][T10608]  kmemdup_noprof+0x2b/0x70
[  281.233066][T10608]  sidtab_sid2str_get+0xa0/0x130
[  281.233101][T10608]  security_sid_to_context_core+0x1eb/0x2e0
[  281.233186][T10608]  security_sid_to_context+0x27/0x40
[  281.233212][T10608]  avc_audit_post_callback+0x9d/0x520
[  281.233258][T10608]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  281.233308][T10608]  common_lsm_audit+0x1b8/0x230
[  281.233331][T10608]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  281.233458][T10608]  ? avc_denied+0xe4/0x100
[  281.233485][T10608]  slow_avc_audit+0x104/0x140
[  281.233522][T10608]  avc_has_perm+0x128/0x150
[  281.233607][T10608]  sel_write_member+0xff/0x370
[  281.233627][T10608]  selinux_transaction_write+0xc3/0x110
[  281.233657][T10608]  ? __pfx_selinux_transaction_write+0x10/0x10
[  281.233773][T10608]  vfs_write+0x266/0x8d0
[  281.233801][T10608]  ? __rcu_read_unlock+0x4f/0x70
[  281.233825][T10608]  ? __fget_files+0x184/0x1c0
[  281.233852][T10608]  ksys_write+0xda/0x1a0
[  281.233881][T10608]  __x64_sys_write+0x40/0x50
[  281.233962][T10608]  x64_sys_call+0x2cdd/0x2fb0
[  281.233986][T10608]  do_syscall_64+0xd0/0x1a0
[  281.234009][T10608]  ? clear_bhb_loop+0x25/0x80
[  281.234027][T10608]  ? clear_bhb_loop+0x25/0x80
[  281.234057][T10608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.234081][T10608] RIP: 0033:0x7f45d20de969
[  281.234098][T10608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.234138][T10608] RSP: 002b:00007f45d0747038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  281.234154][T10608] RAX: ffffffffffffffda RBX: 00007f45d2305fa0 RCX: 00007f45d20de969
[  281.234169][T10608] RDX: 0000000000000056 RSI: 00002000000004c0 RDI: 0000000000000003
[  281.234184][T10608] RBP: 00007f45d0747090 R08: 0000000000000000 R09: 0000000000000000
[  281.234198][T10608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.234214][T10608] R13: 0000000000000000 R14: 00007f45d2305fa0 R15: 00007ffc007c8a78
[  281.234297][T10608]  </TASK>
[  281.234719][   T29] audit: type=1400 audit(1746827661.683:9010): avc:  denied  { compute_member } for  pid=10607 comm="syz.3.2241" ssid=137 tcontext=system_u:object_r:security_t tclass=security permissive=1
[  281.393644][T10611] loop5: detected capacity change from 0 to 512
[  281.408987][T10612] IPv6: NLM_F_CREATE should be specified when creating new route
[  281.431113][T10611] EXT4-fs (loop5): too many log groups per flexible block group
[  281.538609][T10611] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  281.545834][T10611] EXT4-fs (loop5): mount failed
[  281.689669][   T29] audit: type=1326 audit(1746827662.153:9011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10623 comm="syz.1.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  281.713323][   T29] audit: type=1326 audit(1746827662.153:9012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10623 comm="syz.1.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  281.718595][T10624] netlink: 'syz.1.2247': attribute type 21 has an invalid length.
[  281.744776][T10624] IPv6: NLM_F_CREATE should be specified when creating new route
[  281.748359][   T29] audit: type=1326 audit(1746827662.153:9013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10623 comm="syz.1.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdf77c3d2d0 code=0x7ffc0000
[  281.776007][   T29] audit: type=1326 audit(1746827662.153:9014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10623 comm="syz.1.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdf77c3d2d0 code=0x7ffc0000
[  281.799525][   T29] audit: type=1326 audit(1746827662.153:9015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10623 comm="syz.1.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  281.823096][   T29] audit: type=1326 audit(1746827662.193:9016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10623 comm="syz.1.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  281.846716][   T29] audit: type=1326 audit(1746827662.193:9017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10623 comm="syz.1.2247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf77c3e969 code=0x7ffc0000
[  281.927153][T10627] hub 2-0:1.0: USB hub found
[  281.932352][T10627] hub 2-0:1.0: 8 ports detected
[  282.085108][T10634] loop5: detected capacity change from 0 to 512
[  282.353143][T10645] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2252'.
[  282.643092][T10634] EXT4-fs (loop5): too many log groups per flexible block group
[  282.650827][T10634] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  282.684141][T10649] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2253'.
[  282.706028][T10634] EXT4-fs (loop5): mount failed
[  282.824737][T10654] loop3: detected capacity change from 0 to 512
[  282.872936][T10654] EXT4-fs: Ignoring removed nobh option
[  283.025207][T10662] hub 2-0:1.0: USB hub found
[  283.042728][T10663] IPv6: NLM_F_CREATE should be specified when creating new route
[  283.060956][T10662] hub 2-0:1.0: 8 ports detected
[  283.178968][T10666] xt_hashlimit: size too large, truncated to 1048576
[  283.253258][T10654] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2255: invalid indirect mapped block 256 (level 2)
[  283.271713][T10654] EXT4-fs (loop3): 2 truncates cleaned up
[  283.278109][T10654] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  283.372064][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.905634][T10695] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2266'.
[  284.094205][T10702] hub 2-0:1.0: USB hub found
[  284.099249][T10705] loop4: detected capacity change from 0 to 512
[  284.105702][T10702] hub 2-0:1.0: 8 ports detected
[  284.111826][T10705] EXT4-fs: Ignoring removed nobh option
[  284.127081][T10705] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2269: invalid indirect mapped block 256 (level 2)
[  284.157287][T10705] EXT4-fs (loop4): 2 truncates cleaned up
[  284.171873][T10705] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  284.192404][T10705] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.2269: bg 0: block 5: invalid block bitmap
[  284.216009][T10705] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  284.228286][T10705] EXT4-fs (loop4): This should not happen!! Data will be lost
[  284.228286][T10705] 
[  284.241986][T10705] EXT4-fs (loop4): Total free blocks count 0
[  284.247971][T10705] EXT4-fs (loop4): Free/Dirty block details
[  284.253876][T10705] EXT4-fs (loop4): free_blocks=0
[  284.259061][T10705] EXT4-fs (loop4): dirty_blocks=66
[  284.264211][T10705] EXT4-fs (loop4): Block reservation details
[  284.270289][T10705] EXT4-fs (loop4): i_reserved_data_blocks=66
[  284.352094][T10711] loop3: detected capacity change from 0 to 512
[  284.358789][T10711] EXT4-fs: Ignoring removed nobh option
[  284.368366][T10711] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2271: invalid indirect mapped block 256 (level 2)
[  284.406906][T10711] EXT4-fs (loop3): 2 truncates cleaned up
[  284.416040][T10713] FAULT_INJECTION: forcing a failure.
[  284.416040][T10713] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  284.429132][T10713] CPU: 0 UID: 0 PID: 10713 Comm: syz.4.2269 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(voluntary) 
[  284.429185][T10713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  284.429197][T10713] Call Trace:
[  284.429203][T10713]  <TASK>
[  284.429210][T10713]  __dump_stack+0x1d/0x30
[  284.429234][T10713]  dump_stack_lvl+0xe8/0x140
[  284.429268][T10713]  dump_stack+0x15/0x1b
[  284.429282][T10713]  should_fail_ex+0x265/0x280
[  284.429353][T10713]  should_fail+0xb/0x20
[  284.429396][T10713]  should_fail_usercopy+0x1a/0x20
[  284.429433][T10713]  _copy_to_user+0x20/0xa0
[  284.429453][T10713]  do_vfs_ioctl+0x1006/0x15b0
[  284.429528][T10713]  ? selinux_file_ioctl+0x2e3/0x370
[  284.429583][T10713]  ? __fget_files+0x184/0x1c0
[  284.429609][T10713]  __se_sys_ioctl+0x82/0x140
[  284.429627][T10713]  __x64_sys_ioctl+0x43/0x50
[  284.429647][T10713]  x64_sys_call+0x19a8/0x2fb0
[  284.429741][T10713]  do_syscall_64+0xd0/0x1a0
[  284.429760][T10713]  ? clear_bhb_loop+0x25/0x80
[  284.429853][T10713]  ? clear_bhb_loop+0x25/0x80
[  284.429875][T10713]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.429897][T10713] RIP: 0033:0x7f99a011e969
[  284.429983][T10713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.429999][T10713] RSP: 002b:00007f999e766038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  284.430015][T10713] RAX: ffffffffffffffda RBX: 00007f99a0346080 RCX: 00007f99a011e969
[  284.430026][T10713] RDX: 0000200000000240 RSI: 00000000c020660b RDI: 0000000000000004
[  284.430036][T10713] RBP: 00007f999e766090 R08: 0000000000000000 R09: 0000000000000000
[  284.430104][T10713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.430115][T10713] R13: 0000000000000001 R14: 00007f99a0346080 R15: 00007ffe30dbc4d8
[  284.430132][T10713]  </TASK>
[  284.590624][T10711] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  284.672329][ T3693] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28
[  284.686161][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.751182][T10721] loop4: detected capacity change from 0 to 512
[  284.804021][T10721] EXT4-fs (loop4): too many log groups per flexible block group
[  284.811829][T10721] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  284.836973][T10721] EXT4-fs (loop4): mount failed
[  284.904582][T10729] xt_hashlimit: size too large, truncated to 1048576
[  284.917726][T10731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2279'.
[  285.089759][T10736] loop3: detected capacity change from 0 to 1024
[  285.126957][T10736] EXT4-fs: inline encryption not supported
[  285.132838][T10736] EXT4-fs: Ignoring removed i_version option
[  285.160605][T10736] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  285.202527][T10736] EXT4-fs error (device loop3): ext4_map_blocks:709: inode #3: block 1: comm syz.3.2280: lblock 1 mapped to illegal pblock 1 (length 1)
[  285.232318][T10736] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.2280: Failed to acquire dquot type 0
[  285.246817][T10740] loop5: detected capacity change from 0 to 128
[  285.258114][T10736] EXT4-fs error (device loop3): ext4_free_blocks:6587: comm syz.3.2280: Freeing blocks not in datazone - block = 0, count = 4096
[  285.286500][T10736] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.2280: Invalid inode bitmap blk 0 in block_group 0
[  285.300748][ T3699] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  285.325298][T10741] bio_check_eod: 61 callbacks suppressed
[  285.325314][T10741] syz.5.2281: attempt to access beyond end of device
[  285.325314][T10741] loop5: rw=2049, sector=985, nr_sectors = 1 limit=128
[  285.345764][T10736] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  285.354975][ T3699] EXT4-fs error (device loop3): ext4_release_dquot:6971: comm kworker/u8:8: Failed to release dquot type 0
[  285.367680][T10736] EXT4-fs (loop3): 1 orphan inode deleted
[  285.373887][T10736] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  285.389257][T10736] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  285.417952][T10741] syzkaller0: tun_chr_ioctl cmd 35111
[  285.424173][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.562944][ T1472] kworker/u8:5: attempt to access beyond end of device
[  285.562944][ T1472] loop5: rw=1, sector=153, nr_sectors = 8 limit=128
[  285.577892][ T1472] kworker/u8:5: attempt to access beyond end of device
[  285.577892][ T1472] loop5: rw=1, sector=169, nr_sectors = 8 limit=128
[  285.592774][ T1472] kworker/u8:5: attempt to access beyond end of device
[  285.592774][ T1472] loop5: rw=1, sector=185, nr_sectors = 8 limit=128
[  285.608004][ T1472] kworker/u8:5: attempt to access beyond end of device
[  285.608004][ T1472] loop5: rw=1, sector=201, nr_sectors = 8 limit=128
[  285.623062][ T1472] kworker/u8:5: attempt to access beyond end of device
[  285.623062][ T1472] loop5: rw=1, sector=217, nr_sectors = 8 limit=128
[  285.637067][ T1472] kworker/u8:5: attempt to access beyond end of device
[  285.637067][ T1472] loop5: rw=1, sector=233, nr_sectors = 8 limit=128
[  285.651675][ T1472] kworker/u8:5: attempt to access beyond end of device
[  285.651675][ T1472] loop5: rw=1, sector=249, nr_sectors = 8 limit=128
[  285.665389][ T1472] kworker/u8:5: attempt to access beyond end of device
[  285.665389][ T1472] loop5: rw=1, sector=265, nr_sectors = 8 limit=128
[  285.680048][ T1472] kworker/u8:5: attempt to access beyond end of device
[  285.680048][ T1472] loop5: rw=1, sector=281, nr_sectors = 8 limit=128
[  285.680977][T10744] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2282'.
[  285.715533][T10749] loop5: detected capacity change from 0 to 512
[  285.723029][T10749] EXT4-fs: Ignoring removed nobh option
[  285.744551][T10752] netlink: 'syz.4.2284': attribute type 10 has an invalid length.
[  285.754358][T10752] bridge0: port 3(team0) entered disabled state
[  285.761137][   T36] usb usb8-port1: attempt power cycle
[  285.769392][T10752] team0: left allmulticast mode
[  285.774486][T10752] team_slave_0: left allmulticast mode
[  285.780034][T10752] team_slave_1: left allmulticast mode
[  285.785543][T10752] geneve1: left allmulticast mode
[  285.790623][T10752] team0: left promiscuous mode
[  285.795392][T10752] team_slave_0: left promiscuous mode
[  285.800895][T10752] team_slave_1: left promiscuous mode
[  285.806381][T10752] geneve1: left promiscuous mode
[  285.811622][T10752] bridge0: port 3(team0) entered disabled state
[  285.818627][T10749] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2283: invalid indirect mapped block 256 (level 2)
[  285.820943][T10753] netlink: 'syz.4.2284': attribute type 10 has an invalid length.
[  285.839876][T10753] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2284'.
[  285.852838][T10749] EXT4-fs (loop5): 2 truncates cleaned up
[  285.859198][T10749] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  285.872386][T10752] batman_adv: batadv0: Adding interface: team0
[  285.878601][T10752] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  285.903899][T10752] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  285.916174][T10754] loop4: detected capacity change from 0 to 512
[  285.926547][ T7882] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.936295][T10753] team0: entered promiscuous mode
[  285.941489][T10753] team_slave_0: entered promiscuous mode
[  285.947302][T10753] team_slave_1: entered promiscuous mode
[  285.953174][T10753] geneve1: entered promiscuous mode
[  285.961267][T10753] 8021q: adding VLAN 0 to HW filter on device team0
[  285.968946][T10753] batman_adv: batadv0: Interface activated: team0
[  285.975642][T10753] batman_adv: batadv0: Interface deactivated: team0
[  285.982463][T10753] batman_adv: batadv0: Removing interface: team0
[  286.008788][T10753] bridge0: port 3(team0) entered blocking state
[  286.015187][T10753] bridge0: port 3(team0) entered disabled state
[  286.022238][T10753] team0: entered allmulticast mode
[  286.027515][T10753] team_slave_0: entered allmulticast mode
[  286.033394][T10753] team_slave_1: entered allmulticast mode
[  286.039196][T10753] geneve1: entered allmulticast mode
[  286.045262][T10754] EXT4-fs (loop4): too many log groups per flexible block group
[  286.053019][T10754] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  286.060376][T10754] EXT4-fs (loop4): mount failed
[  286.060620][T10753] bridge0: port 3(team0) entered blocking state
[  286.071561][T10753] bridge0: port 3(team0) entered forwarding state
[  286.118078][T10762] FAULT_INJECTION: forcing a failure.
[  286.118078][T10762] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  286.131200][T10762] CPU: 0 UID: 0 PID: 10762 Comm: syz.4.2287 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(voluntary) 
[  286.131228][T10762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  286.131297][T10762] Call Trace:
[  286.131303][T10762]  <TASK>
[  286.131310][T10762]  __dump_stack+0x1d/0x30
[  286.131332][T10762]  dump_stack_lvl+0xe8/0x140
[  286.131359][T10762]  dump_stack+0x15/0x1b
[  286.131432][T10762]  should_fail_ex+0x265/0x280
[  286.131464][T10762]  should_fail+0xb/0x20
[  286.131489][T10762]  should_fail_usercopy+0x1a/0x20
[  286.131504][T10762]  _copy_from_user+0x1c/0xb0
[  286.131527][T10762]  memdup_sockptr_noprof+0x95/0x100
[  286.131556][T10762]  do_ip_setsockopt+0x1bd7/0x2240
[  286.131621][T10762]  ip_setsockopt+0x58/0x110
[  286.131650][T10762]  udp_setsockopt+0x99/0xb0
[  286.131670][T10762]  sock_common_setsockopt+0x66/0x80
[  286.131717][T10762]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  286.131743][T10762]  __sys_setsockopt+0x181/0x200
[  286.131864][T10762]  __x64_sys_setsockopt+0x64/0x80
[  286.131949][T10762]  x64_sys_call+0x2bd5/0x2fb0
[  286.132012][T10762]  do_syscall_64+0xd0/0x1a0
[  286.132034][T10762]  ? clear_bhb_loop+0x25/0x80
[  286.132062][T10762]  ? clear_bhb_loop+0x25/0x80
[  286.132112][T10762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.132187][T10762] RIP: 0033:0x7f99a011e969
[  286.132203][T10762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.132219][T10762] RSP: 002b:00007f999e787038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  286.132237][T10762] RAX: ffffffffffffffda RBX: 00007f99a0345fa0 RCX: 00007f99a011e969
[  286.132252][T10762] RDX: 0000000000000029 RSI: 0000000000000000 RDI: 0000000000000006
[  286.132268][T10762] RBP: 00007f999e787090 R08: 0000000000005000 R09: 0000000000000000
[  286.132284][T10762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.132416][T10762] R13: 0000000000000000 R14: 00007f99a0345fa0 R15: 00007ffe30dbc4d8
[  286.132442][T10762]  </TASK>
[  286.435704][T10768] loop3: detected capacity change from 0 to 512
[  286.495048][T10768] EXT4-fs (loop3): too many log groups per flexible block group
[  286.502768][T10768] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  286.512762][T10768] EXT4-fs (loop3): mount failed
[  286.542017][T10775] loop3: detected capacity change from 0 to 1024
[  286.570672][T10775] EXT4-fs: inline encryption not supported
[  286.576518][T10775] EXT4-fs: Ignoring removed i_version option
[  286.636221][T10776] hub 2-0:1.0: USB hub found
[  286.641076][T10776] hub 2-0:1.0: 8 ports detected
[  286.693697][T10775] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  286.717738][T10778] hub 2-0:1.0: USB hub found
[  286.722775][T10778] hub 2-0:1.0: 8 ports detected
[  286.753767][T10775] EXT4-fs error (device loop3): ext4_map_blocks:709: inode #3: block 1: comm syz.3.2292: lblock 1 mapped to illegal pblock 1 (length 1)
[  286.813434][T10775] __quota_error: 46 callbacks suppressed
[  286.813463][T10775] Quota error (device loop3): write_blk: dquota write failed
[  286.826560][T10775] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  286.939874][T10775] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.2292: Failed to acquire dquot type 0
[  286.969930][   T23] hid-generic 0000:0004:0000.000B: unknown main item tag 0x0
[  286.977465][   T23] hid-generic 0000:0004:0000.000B: unknown main item tag 0x0
[  286.984975][   T23] hid-generic 0000:0004:0000.000B: unknown main item tag 0x0
[  287.014923][T10775] EXT4-fs error (device loop3): ext4_free_blocks:6587: comm syz.3.2292: Freeing blocks not in datazone - block = 0, count = 4096
[  287.056400][T10775] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.2292: Invalid inode bitmap blk 0 in block_group 0
[  287.071303][   T23] hid-generic 0000:0004:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  287.146360][T10775] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  287.184068][   T29] audit: type=1326 audit(1746827667.653:9061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10782 comm="syz.2.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  287.223725][T10775] EXT4-fs (loop3): 1 orphan inode deleted
[  287.284989][T10775] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  287.318017][   T29] audit: type=1326 audit(1746827667.683:9062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10782 comm="syz.2.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  287.341557][   T29] audit: type=1326 audit(1746827667.683:9063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10782 comm="syz.2.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  287.365177][   T29] audit: type=1326 audit(1746827667.683:9064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10782 comm="syz.2.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  287.388678][   T29] audit: type=1326 audit(1746827667.683:9065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10782 comm="syz.2.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  287.412317][   T29] audit: type=1326 audit(1746827667.683:9066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10782 comm="syz.2.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  287.435869][   T29] audit: type=1326 audit(1746827667.683:9067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10782 comm="syz.2.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  287.459387][   T29] audit: type=1326 audit(1746827667.683:9068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10782 comm="syz.2.2294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  287.561556][ T1472] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:5: lblock 1 mapped to illegal pblock 1 (length 1)
[  287.611129][ T1472] EXT4-fs error (device loop3): ext4_release_dquot:6971: comm kworker/u8:5: Failed to release dquot type 0
[  287.632755][T10775] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  287.692330][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  287.762365][   T36] usb usb8-port1: unable to enumerate USB device
[  287.799081][T10693] vhci_hcd: default hub control req: 3f0c v08a6 i0001 l1
[  287.937982][T10793] pim6reg: entered allmulticast mode
[  288.001772][T10788] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2296'.
[  288.043082][T10793] pim6reg: left allmulticast mode
[  288.094205][T10800] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2298'.
[  288.186337][T10800] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2298'.
[  288.204924][T10793] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2298'.
[  288.216111][T10800] netlink: 'syz.1.2298': attribute type 1 has an invalid length.
[  288.276768][T10808] xt_hashlimit: size too large, truncated to 1048576
[  288.669679][T10821] loop3: detected capacity change from 0 to 2048
[  288.721384][T10821] Alternate GPT is invalid, using primary GPT.
[  288.727645][T10821]  loop3: p1 p2 p3
[  289.098510][T10825] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2308'.
[  289.235206][T10834] loop3: detected capacity change from 0 to 512
[  289.271484][T10834] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.335561][T10834] ext4 filesystem being mounted at /456/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  289.350531][T10834] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.2312: corrupted inode contents
[  289.380380][T10834] EXT4-fs error (device loop3): ext4_dirty_inode:6103: inode #2: comm syz.3.2312: mark_inode_dirty error
[  289.400282][T10834] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.2312: corrupted inode contents
[  289.414530][T10841] pim6reg: entered allmulticast mode
[  289.435495][T10834] pim6reg: left allmulticast mode
[  289.484659][T10841] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2312'.
[  289.551259][T10841] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2312'.
[  289.573808][T10834] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.2312'.
[  289.646552][T10841] netlink: 'syz.3.2312': attribute type 1 has an invalid length.
[  289.668665][T10834] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.2312: corrupted inode contents
[  289.685906][T10851] hub 2-0:1.0: USB hub found
[  289.703262][T10851] hub 2-0:1.0: 8 ports detected
[  289.708188][T10834] EXT4-fs error (device loop3): ext4_dirty_inode:6103: inode #2: comm syz.3.2312: mark_inode_dirty error
[  289.725753][T10834] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.2312: corrupted inode contents
[  289.738024][T10834] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #2: comm syz.3.2312: mark_inode_dirty error
[  289.750507][T10834] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.2312: corrupted inode contents
[  289.770147][T10834] EXT4-fs error (device loop3): ext4_dirty_inode:6103: inode #2: comm syz.3.2312: mark_inode_dirty error
[  289.809150][T10856] netlink: 'syz.1.2318': attribute type 10 has an invalid length.
[  289.819346][T10856] bridge0: port 3(team0) entered disabled state
[  289.827319][T10856] team0: left allmulticast mode
[  289.832329][T10856] team_slave_0: left allmulticast mode
[  289.837827][T10856] team_slave_1: left allmulticast mode
[  289.843324][T10856] geneve1: left allmulticast mode
[  289.848372][T10856] team0: left promiscuous mode
[  289.853195][T10856] team_slave_0: left promiscuous mode
[  289.858787][T10856] team_slave_1: left promiscuous mode
[  289.864391][T10856] geneve1: left promiscuous mode
[  289.869665][T10856] bridge0: port 3(team0) entered disabled state
[  289.880781][T10859] netlink: 'syz.1.2318': attribute type 10 has an invalid length.
[  289.884042][T10853] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2317'.
[  289.888629][T10859] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2318'.
[  289.909544][T10856] batman_adv: batadv0: Adding interface: team0
[  289.915816][T10856] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  289.941002][T10856] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  289.958825][T10859] team0: entered promiscuous mode
[  289.963897][T10859] team_slave_0: entered promiscuous mode
[  289.969658][T10859] team_slave_1: entered promiscuous mode
[  289.975443][T10859] geneve1: entered promiscuous mode
[  289.983982][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.009336][T10859] 8021q: adding VLAN 0 to HW filter on device team0
[  290.012415][T10862] xt_hashlimit: size too large, truncated to 1048576
[  290.016629][T10859] batman_adv: batadv0: Interface activated: team0
[  290.029158][T10859] batman_adv: batadv0: Interface deactivated: team0
[  290.035937][T10859] batman_adv: batadv0: Removing interface: team0
[  290.044211][T10859] bridge0: port 3(team0) entered blocking state
[  290.050493][T10859] bridge0: port 3(team0) entered disabled state
[  290.076665][T10859] team0: entered allmulticast mode
[  290.081865][T10859] team_slave_0: entered allmulticast mode
[  290.087587][T10859] team_slave_1: entered allmulticast mode
[  290.093425][T10859] geneve1: entered allmulticast mode
[  290.111908][T10859] bridge0: port 3(team0) entered blocking state
[  290.118262][T10859] bridge0: port 3(team0) entered forwarding state
[  290.561248][T10873] loop5: detected capacity change from 0 to 512
[  290.590488][   T23] usb usb8-port1: attempt power cycle
[  290.596258][T10873] EXT4-fs: Ignoring removed mblk_io_submit option
[  290.606082][T10873] EXT4-fs: Invalid want_extra_isize 2
[  290.882421][T10878] TCP: out of memory -- consider tuning tcp_mem
[  290.897760][T10880] loop3: detected capacity change from 0 to 512
[  290.904822][T10880] EXT4-fs: Ignoring removed nobh option
[  290.915334][T10880] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.2326: invalid indirect mapped block 256 (level 2)
[  290.931303][T10880] EXT4-fs (loop3): 2 truncates cleaned up
[  290.937544][T10880] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.961848][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.213268][T10900] xt_hashlimit: size too large, truncated to 1048576
[  291.590042][T10914] loop4: detected capacity change from 0 to 512
[  291.596878][T10914] EXT4-fs: Ignoring removed nobh option
[  291.614518][T10914] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2338: invalid indirect mapped block 256 (level 2)
[  291.628374][T10914] EXT4-fs (loop4): 2 truncates cleaned up
[  291.634815][T10914] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  291.660370][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.677735][T10923] netlink: 'syz.4.2340': attribute type 10 has an invalid length.
[  291.687876][T10923] bridge0: port 3(team0) entered disabled state
[  291.694696][T10923] team0: left allmulticast mode
[  291.699615][T10923] team_slave_0: left allmulticast mode
[  291.705114][T10923] team_slave_1: left allmulticast mode
[  291.710630][T10923] geneve1: left allmulticast mode
[  291.715777][T10923] team0: left promiscuous mode
[  291.720593][T10923] team_slave_0: left promiscuous mode
[  291.726213][T10923] team_slave_1: left promiscuous mode
[  291.731720][T10923] geneve1: left promiscuous mode
[  291.737086][T10923] bridge0: port 3(team0) entered disabled state
[  291.747404][T10926] netlink: 'syz.4.2340': attribute type 10 has an invalid length.
[  291.747971][T10923] batman_adv: batadv0: Adding interface: team0
[  291.761518][T10923] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  291.786815][T10923] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  291.797982][T10926] team0: entered promiscuous mode
[  291.803093][T10926] team_slave_0: entered promiscuous mode
[  291.808886][T10926] team_slave_1: entered promiscuous mode
[  291.814607][T10926] geneve1: entered promiscuous mode
[  291.821418][T10926] 8021q: adding VLAN 0 to HW filter on device team0
[  291.828290][T10923] loop4: detected capacity change from 0 to 512
[  291.828646][T10926] batman_adv: batadv0: Interface activated: team0
[  291.841287][T10926] batman_adv: batadv0: Interface deactivated: team0
[  291.847990][T10926] batman_adv: batadv0: Removing interface: team0
[  291.851476][T10923] EXT4-fs (loop4): too many log groups per flexible block group
[  291.862090][T10923] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  291.869131][T10923] EXT4-fs (loop4): mount failed
[  291.869444][T10926] bridge0: port 3(team0) entered blocking state
[  291.880411][T10926] bridge0: port 3(team0) entered disabled state
[  291.886790][T10926] team0: entered allmulticast mode
[  291.892007][T10926] team_slave_0: entered allmulticast mode
[  291.897745][T10926] team_slave_1: entered allmulticast mode
[  291.903499][T10926] geneve1: entered allmulticast mode
[  291.910429][T10926] bridge0: port 3(team0) entered blocking state
[  291.916716][T10926] bridge0: port 3(team0) entered forwarding state
[  291.947693][T10933] loop4: detected capacity change from 0 to 512
[  291.969838][T10933] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  291.983776][T10933] ext4 filesystem being mounted at /501/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  292.207826][T10946] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  292.471163][   T23] usb usb8-port1: unable to enumerate USB device
[  292.498186][T10819] vhci_hcd: default hub control req: 3f0c v08a6 i0001 l1
[  292.579702][   T29] kauditd_printk_skb: 131 callbacks suppressed
[  292.579717][   T29] audit: type=1326 audit(1746827673.033:9199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10948 comm="syz.2.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  292.609545][   T29] audit: type=1326 audit(1746827673.033:9200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10948 comm="syz.2.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  292.633108][   T29] audit: type=1326 audit(1746827673.033:9201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10948 comm="syz.2.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  292.656763][   T29] audit: type=1326 audit(1746827673.033:9202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10948 comm="syz.2.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  292.680444][   T29] audit: type=1326 audit(1746827673.033:9203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10948 comm="syz.2.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  292.704006][   T29] audit: type=1326 audit(1746827673.033:9204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10948 comm="syz.2.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  292.727583][   T29] audit: type=1326 audit(1746827673.033:9205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10948 comm="syz.2.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  292.751081][   T29] audit: type=1326 audit(1746827673.033:9206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10948 comm="syz.2.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  292.774505][   T29] audit: type=1326 audit(1746827673.033:9207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10948 comm="syz.2.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdf3e969 code=0x7ffc0000
[  292.798093][   T29] audit: type=1326 audit(1746827673.033:9208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10948 comm="syz.2.2348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbfcdf3d2d0 code=0x7ffc0000
[  292.915161][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  292.961731][T10957] loop4: detected capacity change from 0 to 512
[  292.991966][T10957] EXT4-fs: Ignoring removed nobh option
[  292.999425][T10959] loop3: detected capacity change from 0 to 2048
[  293.023919][T10957] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.2350: invalid indirect mapped block 256 (level 2)
[  293.057436][T10959] Alternate GPT is invalid, using primary GPT.
[  293.063768][T10959]  loop3: p1 p2 p3
[  293.101287][T10957] EXT4-fs (loop4): 2 truncates cleaned up
[  293.138076][T10957] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  293.273394][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.346067][T10962] __nla_validate_parse: 3 callbacks suppressed
[  293.346087][T10962] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2352'.
[  294.166461][T10983] loop3: detected capacity change from 0 to 1024
[  294.182941][T10983] EXT4-fs: inline encryption not supported
[  294.188809][T10983] EXT4-fs: Ignoring removed i_version option
[  294.211201][T10983] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  294.252641][T10983] EXT4-fs error (device loop3): ext4_map_blocks:709: inode #3: block 1: comm syz.3.2357: lblock 1 mapped to illegal pblock 1 (length 1)
[  294.285995][T10983] EXT4-fs error (device loop3): ext4_acquire_dquot:6935: comm syz.3.2357: Failed to acquire dquot type 0
[  294.315405][T10983] EXT4-fs error (device loop3): ext4_free_blocks:6587: comm syz.3.2357: Freeing blocks not in datazone - block = 0, count = 4096
[  294.358405][T10983] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.2357: Invalid inode bitmap blk 0 in block_group 0
[  294.371941][   T12] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1)
[  294.407133][   T12] EXT4-fs error (device loop3): ext4_release_dquot:6971: comm kworker/u8:0: Failed to release dquot type 0
[  294.428811][T10983] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem
[  294.446386][T10983] EXT4-fs (loop3): 1 orphan inode deleted
[  294.455873][T10983] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  294.496353][T10983] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  294.533583][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.662782][T10993] netlink: 'syz.3.2362': attribute type 10 has an invalid length.
[  294.689156][T10993] bridge0: port 3(team0) entered disabled state
[  294.706102][T10993] team0: left allmulticast mode
[  294.711047][T10993] C: left allmulticast mode
[  294.715651][T10993] team_slave_1: left allmulticast mode
[  294.721190][T10993] geneve1: left allmulticast mode
[  294.726233][T10993] team0: left promiscuous mode
[  294.731021][T10993] C: left promiscuous mode
[  294.735492][T10993] team_slave_1: left promiscuous mode
[  294.740939][T10993] geneve1: left promiscuous mode
[  294.743110][T10994] netlink: 'syz.3.2362': attribute type 10 has an invalid length.
[  294.746129][T10993] bridge0: port 3(team0) entered disabled state
[  294.753804][T10994] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2362'.
[  294.783369][T10993] batman_adv: batadv0: Adding interface: team0
[  294.789552][T10993] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.814710][T10993] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  294.847968][T10995] loop3: detected capacity change from 0 to 512
[  294.871517][T10995] EXT4-fs (loop3): too many log groups per flexible block group
[  294.879355][T10995] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  294.890161][T10995] EXT4-fs (loop3): mount failed
[  294.895229][T10994] team0: entered promiscuous mode
[  294.900434][T10994] C: entered promiscuous mode
[  294.905405][T10994] team_slave_1: entered promiscuous mode
[  294.911287][T10994] geneve1: entered promiscuous mode
[  294.918204][T10994] 8021q: adding VLAN 0 to HW filter on device team0
[  294.932289][T10994] batman_adv: batadv0: Interface activated: team0
[  294.938843][T10994] batman_adv: batadv0: Interface deactivated: team0
[  294.945483][T10994] batman_adv: batadv0: Removing interface: team0
[  294.961336][T10994] bridge0: port 3(team0) entered blocking state
[  294.967633][T10994] bridge0: port 3(team0) entered disabled state
[  294.974435][T10994] team0: entered allmulticast mode
[  294.979557][T10994] C: entered allmulticast mode
[  294.984505][T10994] team_slave_1: entered allmulticast mode
[  294.990329][T10994] geneve1: entered allmulticast mode
[  294.997640][T10994] bridge0: port 3(team0) entered blocking state
[  295.003955][T10994] bridge0: port 3(team0) entered forwarding state
[  295.047357][T11007] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2365'.
[  295.102870][T11010] loop3: detected capacity change from 0 to 2048
[  295.126906][T11012] loop5: detected capacity change from 0 to 2048
[  295.141254][T11010] Alternate GPT is invalid, using primary GPT.
[  295.147551][T11010]  loop3: p1 p2 p3
[  295.172282][T11012] Alternate GPT is invalid, using primary GPT.
[  295.178600][T11012]  loop5: p1 p2 p3
[  295.257104][T11016] xt_hashlimit: size too large, truncated to 1048576
[  295.264646][T11014] loop4: detected capacity change from 0 to 2048
[  295.341902][T11014] Alternate GPT is invalid, using primary GPT.
[  295.348224][T11014]  loop4: p1 p2 p3
[  295.815195][T11030] loop3: detected capacity change from 0 to 512
[  295.832021][T11030] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  295.844633][T11030] ext4 filesystem being mounted at /471/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  295.942578][T11036] hub 2-0:1.0: USB hub found
[  295.947374][T11036] hub 2-0:1.0: 8 ports detected
[  295.956557][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  295.981032][ T3394] usb usb8-port1: attempt power cycle
[  296.010745][T11040] loop4: detected capacity change from 0 to 8192
[  296.105817][T11048] netlink: 'syz.2.2378': attribute type 10 has an invalid length.
[  296.121418][T11048] bridge0: port 3(team0) entered disabled state
[  296.135765][T11048] team0: left allmulticast mode
[  296.140722][T11048] team_slave_0: left allmulticast mode
[  296.146194][T11048] team_slave_1: left allmulticast mode
[  296.151775][T11048] geneve1: left allmulticast mode
[  296.156884][T11048] team0: left promiscuous mode
[  296.161742][T11048] team_slave_0: left promiscuous mode
[  296.167196][T11048] team_slave_1: left promiscuous mode
[  296.172710][T11048] geneve1: left promiscuous mode
[  296.177872][T11048] bridge0: port 3(team0) entered disabled state
[  296.185681][T11049] netlink: 'syz.2.2378': attribute type 10 has an invalid length.
[  296.193555][T11049] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2378'.
[  296.203926][T11048] batman_adv: batadv0: Adding interface: team0
[  296.210131][T11048] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  296.235393][T11048] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  296.250544][T11049] team0: entered promiscuous mode
[  296.255605][T11049] team_slave_0: entered promiscuous mode
[  296.261424][T11049] team_slave_1: entered promiscuous mode
[  296.267134][T11049] geneve1: entered promiscuous mode
[  296.277408][T11049] 8021q: adding VLAN 0 to HW filter on device team0
[  296.284474][T11049] batman_adv: batadv0: Interface activated: team0
[  296.290990][T11049] batman_adv: batadv0: Interface deactivated: team0
[  296.297596][T11049] batman_adv: batadv0: Removing interface: team0
[  296.304449][T11049] bridge0: port 3(team0) entered blocking state
[  296.310870][T11049] bridge0: port 3(team0) entered disabled state
[  296.317291][T11049] team0: entered allmulticast mode
[  296.322460][T11049] team_slave_0: entered allmulticast mode
[  296.328218][T11049] team_slave_1: entered allmulticast mode
[  296.333982][T11049] geneve1: entered allmulticast mode
[  296.343958][T11049] bridge0: port 3(team0) entered blocking state
[  296.350344][T11049] bridge0: port 3(team0) entered forwarding state
[  296.401795][T11056] netlink: 'syz.2.2380': attribute type 10 has an invalid length.
[  296.411682][T11056] bridge0: port 3(team0) entered disabled state
[  296.418502][T11056] team0: left allmulticast mode
[  296.422859][T11054] hub 2-0:1.0: USB hub found
[  296.423409][T11056] team_slave_0: left allmulticast mode
[  296.428227][T11054] hub 2-0:1.0: 8 ports detected
[  296.433503][T11056] team_slave_1: left allmulticast mode
[  296.443836][T11056] geneve1: left allmulticast mode
[  296.448873][T11056] team0: left promiscuous mode
[  296.452909][T11057] netlink: 'syz.2.2380': attribute type 10 has an invalid length.
[  296.453670][T11056] team_slave_0: left promiscuous mode
[  296.453774][T11056] team_slave_1: left promiscuous mode
[  296.461543][T11057] netlink: 2 bytes leftover after parsing attributes in process `syz.2.2380'.
[  296.466972][T11056] geneve1: left promiscuous mode
[  296.486224][T11056] bridge0: port 3(team0) entered disabled state
[  296.515382][T11056] batman_adv: batadv0: Adding interface: team0
[  296.521597][T11056] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  296.546847][T11056] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  296.580687][T11057] team0: entered promiscuous mode
[  296.585747][T11057] team_slave_0: entered promiscuous mode
[  296.591596][T11057] team_slave_1: entered promiscuous mode
[  296.597286][T11057] geneve1: entered promiscuous mode
[  296.649057][T11057] 8021q: adding VLAN 0 to HW filter on device team0
[  296.675187][T11057] batman_adv: batadv0: Interface activated: team0
[  296.681756][T11057] batman_adv: batadv0: Interface deactivated: team0
[  296.688438][T11057] batman_adv: batadv0: Removing interface: team0
[  296.696461][T11057] bridge0: port 3(team0) entered blocking state
[  296.702919][T11057] bridge0: port 3(team0) entered disabled state
[  296.709544][T11057] team0: entered allmulticast mode
[  296.714713][T11057] team_slave_0: entered allmulticast mode
[  296.720494][T11057] team_slave_1: entered allmulticast mode
[  296.726339][T11057] geneve1: entered allmulticast mode
[  296.765822][T11065] netlink: 'syz.5.2383': attribute type 10 has an invalid length.
[  296.766292][T11057] bridge0: port 3(team0) entered blocking state
[  296.779925][T11057] bridge0: port 3(team0) entered forwarding state
[  296.813398][T11065] bridge0: port 3(team0) entered disabled state
[  296.824639][T11065] team0: left allmulticast mode
[  296.829545][T11065] team_slave_0: left allmulticast mode
[  296.835143][T11065] team_slave_1: left allmulticast mode
[  296.840699][T11065] team0: left promiscuous mode
[  296.845571][T11065] team_slave_0: left promiscuous mode
[  296.851106][T11065] team_slave_1: left promiscuous mode
[  296.856841][T11065] bridge0: port 3(team0) entered disabled state
[  296.929468][T11068] netlink: 'syz.5.2383': attribute type 10 has an invalid length.
[  296.937375][T11068] netlink: 2 bytes leftover after parsing attributes in process `syz.5.2383'.
[  296.982645][T11066] loop5: detected capacity change from 0 to 512
[  297.001655][T11066] EXT4-fs (loop5): too many log groups per flexible block group
[  297.009408][T11066] EXT4-fs (loop5): failed to initialize mballoc (-12)
[  297.017646][T11066] EXT4-fs (loop5): mount failed
[  297.035921][T11065] batman_adv: batadv0: Adding interface: team0
[  297.042249][T11065] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.067432][T11065] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  297.079193][T11068] team0: entered promiscuous mode
[  297.084293][T11068] team_slave_0: entered promiscuous mode
[  297.090086][T11068] team_slave_1: entered promiscuous mode
[  297.098428][T11068] 8021q: adding VLAN 0 to HW filter on device team0
[  297.105559][T11068] batman_adv: batadv0: Interface activated: team0
[  297.112077][T11068] batman_adv: batadv0: Interface deactivated: team0
[  297.118682][T11068] batman_adv: batadv0: Removing interface: team0
[  297.127359][T11068] bridge0: port 3(team0) entered blocking state
[  297.133783][T11068] bridge0: port 3(team0) entered disabled state
[  297.143486][T11073] netlink: 'syz.4.2385': attribute type 10 has an invalid length.
[  297.151821][T11068] team0: entered allmulticast mode
[  297.156970][T11068] team_slave_0: entered allmulticast mode
[  297.162766][T11068] team_slave_1: entered allmulticast mode
[  297.170524][T11068] bridge0: port 3(team0) entered blocking state
[  297.176845][T11068] bridge0: port 3(team0) entered forwarding state
[  297.189036][T11073] bridge0: port 3(team0) entered disabled state
[  297.194982][T11075] netlink: 'syz.4.2385': attribute type 10 has an invalid length.
[  297.197416][T11073] team0: left allmulticast mode
[  297.203165][T11075] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2385'.
[  297.216998][T11073] team_slave_0: left allmulticast mode
[  297.222502][T11073] team_slave_1: left allmulticast mode
[  297.227969][T11073] geneve1: left allmulticast mode
[  297.233044][T11073] team0: left promiscuous mode
[  297.237915][T11073] team_slave_0: left promiscuous mode
[  297.243365][T11073] team_slave_1: left promiscuous mode
[  297.248892][T11073] geneve1: left promiscuous mode
[  297.254214][T11073] bridge0: port 3(team0) entered disabled state
[  297.273593][T11076] loop4: detected capacity change from 0 to 512
[  297.281693][T11073] batman_adv: batadv0: Adding interface: team0
[  297.287879][T11073] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  297.313175][T11073] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  297.333903][T11075] team0: entered promiscuous mode
[  297.338971][T11075] team_slave_0: entered promiscuous mode
[  297.344734][T11075] team_slave_1: entered promiscuous mode
[  297.350508][T11075] geneve1: entered promiscuous mode
[  297.361923][T11075] 8021q: adding VLAN 0 to HW filter on device team0
[  297.369420][T11075] batman_adv: batadv0: Interface activated: team0
[  297.376008][T11075] batman_adv: batadv0: Interface deactivated: team0
[  297.382681][T11075] batman_adv: batadv0: Removing interface: team0
[  297.405528][T11076] EXT4-fs (loop4): too many log groups per flexible block group
[  297.413301][T11076] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  297.421185][T11076] EXT4-fs (loop4): mount failed
[  297.426580][T11075] bridge0: port 3(team0) entered blocking state
[  297.433010][T11075] bridge0: port 3(team0) entered disabled state
[  297.444526][T11075] team0: entered allmulticast mode
[  297.449744][T11075] team_slave_0: entered allmulticast mode
[  297.455563][T11075] team_slave_1: entered allmulticast mode
[  297.461391][T11075] geneve1: entered allmulticast mode
[  297.468586][T11075] bridge0: port 3(team0) entered blocking state
[  297.474954][T11075] bridge0: port 3(team0) entered forwarding state
[  297.502677][T11085] xt_hashlimit: size too large, truncated to 1048576
[  297.625275][T11091] loop4: detected capacity change from 0 to 512
[  297.691797][T11091] EXT4-fs (loop4): too many log groups per flexible block group
[  297.699586][T11091] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  297.717742][T11091] EXT4-fs (loop4): mount failed
[  297.825083][T11104] loop4: detected capacity change from 0 to 512
[  297.842609][T11104] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  297.855394][T11104] ext4 filesystem being mounted at /512/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  297.871714][T11104] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #2: comm syz.4.2394: corrupted inode contents
[  297.885326][T11104] EXT4-fs error (device loop4): ext4_dirty_inode:6103: inode #2: comm syz.4.2394: mark_inode_dirty error
[  297.897092][T11104] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #2: comm syz.4.2394: corrupted inode contents
[  297.914605][T11104] pim6reg: entered allmulticast mode
[  297.941631][T11104] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2394'.
[  298.004634][T11110] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2394'.
[  298.022751][T11104] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2394'.
[  298.030483][ T3394] usb usb8-port1: unable to enumerate USB device
[  298.038532][T10981] vhci_hcd: default hub control req: 3f0c v08a6 i0001 l1
[  298.052345][T11110] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #2: comm syz.4.2394: corrupted inode contents
[  298.074012][T11110] EXT4-fs error (device loop4): ext4_dirty_inode:6103: inode #2: comm syz.4.2394: mark_inode_dirty error
[  298.087513][T11110] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #2: comm syz.4.2394: corrupted inode contents
[  298.100902][T11110] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.2394: mark_inode_dirty error
[  298.113893][T11104] netlink: 'syz.4.2394': attribute type 1 has an invalid length.
[  298.124117][T11110] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #2: comm syz.4.2394: corrupted inode contents
[  298.144082][T11110] EXT4-fs error (device loop4): ext4_dirty_inode:6103: inode #2: comm syz.4.2394: mark_inode_dirty error
[  298.197140][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.384728][   T29] kauditd_printk_skb: 288 callbacks suppressed
[  298.384742][   T29] audit: type=1400 audit(1746827678.853:9492): avc:  denied  { create } for  pid=11118 comm="syz.2.2399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  298.410582][   T29] audit: type=1400 audit(1746827678.853:9493): avc:  denied  { connect } for  pid=11118 comm="syz.2.2399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  299.401685][T11127] netlink: 'syz.5.2402': attribute type 10 has an invalid length.
[  299.421339][T11127] team0: Device hsr_slave_0 failed to register rx_handler
[  300.406320][   T29] audit: type=1400 audit(1746827680.863:9494): avc:  denied  { accept } for  pid=11118 comm="syz.2.2399" lport=34290 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  301.440983][T11137] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[  301.537283][   T29] audit: type=1326 audit(1746827682.003:9495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz.5.2406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  301.560876][   T29] audit: type=1326 audit(1746827682.003:9496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz.5.2406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  301.584446][   T29] audit: type=1326 audit(1746827682.003:9497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz.5.2406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  301.672337][T11141] vhci_hcd: default hub control req: 3f0c v08a6 i0001 l1
[  301.716290][   T29] audit: type=1326 audit(1746827682.083:9498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz.5.2406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  301.739890][   T29] audit: type=1326 audit(1746827682.083:9499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz.5.2406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  301.763547][   T29] audit: type=1326 audit(1746827682.083:9500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz.5.2406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  301.787130][   T29] audit: type=1326 audit(1746827682.083:9501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz.5.2406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4ab4be969 code=0x7ffc0000
[  301.928923][T11139] __nla_validate_parse: 1 callbacks suppressed
[  301.928942][T11139] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2405'.
[  301.953781][T11150] pim6reg: entered allmulticast mode
[  301.960878][T11150] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2408'.
[  302.072549][T11158] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2408'.
[  302.082351][T11150] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2408'.
[  302.094005][T11150] netlink: 'syz.1.2408': attribute type 1 has an invalid length.
[  302.120885][   T23] hid-generic 0000:0004:0000.000C: unknown main item tag 0x0
[  302.128333][   T23] hid-generic 0000:0004:0000.000C: unknown main item tag 0x0
[  302.135785][   T23] hid-generic 0000:0004:0000.000C: unknown main item tag 0x0
[  302.150454][   T23] hid-generic 0000:0004:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  302.178754][T11164] xt_hashlimit: size too large, truncated to 1048576
[  302.797789][T11179] loop3: detected capacity change from 0 to 512
[  302.822101][T11179] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  302.834766][T11179] ext4 filesystem being mounted at /478/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  303.042654][T11186] netlink: 'syz.1.2421': attribute type 10 has an invalid length.
[  303.053035][T11186] team0: Device hsr_slave_0 failed to register rx_handler
[  303.082052][T11190] pim6reg: left allmulticast mode
[  303.111475][T11190] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2422'.
[  303.172465][T11193] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2422'.
[  303.182185][T11190] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2422'.
[  303.192367][T11193] netlink: 'syz.1.2422': attribute type 1 has an invalid length.
[  303.574268][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  303.594039][T11210] xt_hashlimit: size too large, truncated to 1048576
[  303.605501][T11208] netlink: 'syz.2.2429': attribute type 13 has an invalid length.
[  303.664641][T11214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2432'.
[  303.685937][ T5583] usb usb8-port1: attempt power cycle
[  303.733930][T11219] pim6reg: entered allmulticast mode
[  303.746610][T11219] pim6reg: left allmulticast mode
[  303.808481][T11223] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2434'.
[  303.871256][T11219] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2434'.
[  303.897361][T11219] netlink: 'syz.2.2434': attribute type 1 has an invalid length.
[  304.160489][T11230] ==================================================================
[  304.168618][T11230] BUG: KCSAN: data-race in kick_pool / wq_worker_running
[  304.175650][T11230] 
[  304.177979][T11230] read-write to 0xffff888237d299e4 of 4 bytes by task 1037 on cpu 1:
[  304.186042][T11230]  wq_worker_running+0x95/0x120
[  304.190885][T11230]  schedule_preempt_disabled+0x10/0x20
[  304.196348][T11230]  __mutex_lock+0x414/0xa50
[  304.200854][T11230]  __mutex_lock_slowpath+0xa/0x10
[  304.205884][T11230]  mutex_lock+0x27/0x30
[  304.210037][T11230]  pcpu_balance_workfn+0x4a/0xc00
[  304.215078][T11230]  process_scheduled_works+0x4cb/0x9d0
[  304.220533][T11230]  worker_thread+0x582/0x770
[  304.225117][T11230]  kthread+0x486/0x510
[  304.229175][T11230]  ret_from_fork+0x4b/0x60
[  304.233581][T11230]  ret_from_fork_asm+0x1a/0x30
[  304.238338][T11230] 
[  304.240651][T11230] read to 0xffff888237d299e4 of 4 bytes by task 11230 on cpu 0:
[  304.248317][T11230]  kick_pool+0x49/0x2d0
[  304.252467][T11230]  __queue_work+0x8d6/0xb60
[  304.256963][T11230]  queue_work_on+0xd1/0x160
[  304.261457][T11230]  pcpu_alloc_noprof+0x9a4/0x1210
[  304.266473][T11230]  bpf_map_alloc_percpu+0xb3/0x200
[  304.271568][T11230]  prealloc_init+0x19d/0x490
[  304.276172][T11230]  htab_map_alloc+0x4b6/0x6b0
[  304.280843][T11230]  map_create+0x840/0xb90
[  304.285164][T11230]  __sys_bpf+0x5ab/0x790
[  304.289398][T11230]  __x64_sys_bpf+0x41/0x50
[  304.293804][T11230]  x64_sys_call+0x2478/0x2fb0
[  304.298469][T11230]  do_syscall_64+0xd0/0x1a0
[  304.302999][T11230]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.308894][T11230] 
[  304.311211][T11230] value changed: 0x00000000 -> 0x00000001
[  304.316915][T11230] 
[  304.319226][T11230] Reported by Kernel Concurrency Sanitizer on:
[  304.325369][T11230] CPU: 0 UID: 0 PID: 11230 Comm: syz.2.2436 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(voluntary) 
[  304.337970][T11230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  304.348482][T11230] ==================================================================
[  305.720391][ T5583] usb usb8-port1: unable to enumerate USB device