last executing test programs:

1m46.750277482s ago: executing program 1 (id=53):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x4048841)
r1 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000780)="a0005b020eaa4d56", 0x8}], 0x1, 0x0, 0x0, 0x900}, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES64=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000bc0)="0100000200", 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x11, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@call={0x85, 0x0, 0x0, 0x8}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x2}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x101}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}]}, &(0x7f0000000400)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x82, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x4, 0x8, 0x400, 0x3}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000740)=[{0x5, 0x4, 0xe, 0xb}, {0x0, 0x2, 0xe, 0x8}], 0x10, 0x81, @void, @value}, 0x94)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x214004, &(0x7f0000000880)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRES32, @ANYRESHEX, @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES8], 0x1, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r6 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x130)
r7 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x51)
write$9p(r6, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3f", 0x101)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r8}, 0x10)
sendfile(r6, r7, 0x0, 0xe065)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f00000003c0)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1m46.627862153s ago: executing program 1 (id=57):
syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff000000000000"], 0x0)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x4e20, 0x0, @mcast1, 0x3}}}, 0x88)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/bus/input/devices\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000000)=[{&(0x7f0000000080)=""/4094, 0xbd}], 0x1, 0x33, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000007c0)=ANY=[], 0x310)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, 0x108)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000001100)=<r2=>0x0, &(0x7f0000001140)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', r2, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB], &(0x7f0000001180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
symlinkat(&(0x7f0000000400)='./file0/../file0\x00', 0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00')
readlinkat(0xffffffffffffffff, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/198, 0xc6)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000140)={{0xa, 0x0, 0x101, @loopback, 0x18000}, {0xa, 0x0, 0xfffffffd, @dev={0xfe, 0x80, '\x00', 0x23}, 0x4}, 0x0, {[0x6, 0x0, 0x0, 0xfffffef9, 0x0, 0x1, 0x5, 0x200000]}}, 0x5c)
sendto$inet(r3, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000680)=[@ip_tos_u8={{0x11, 0x0, 0x7}}], 0x18}, 0x0)

1m46.501129365s ago: executing program 1 (id=61):
r0 = syz_usb_connect$printer(0x3, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xb4, 0x0, 0x7f, [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x7, 0x1, 0x2, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x0, 0x2, 0xfc}}, [{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x8, 0x1, 0x3}}]}}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x110, 0x4, 0x7, 0x93, 0x20, 0x2}, 0x24, &(0x7f0000000340)={0x5, 0xf, 0x24, 0x4, [@wireless={0xb, 0x10, 0x1, 0x2, 0xb3, 0x0, 0xe, 0x3, 0xe}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0xc, 0x9, 0xe}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xc, 0x10, 0xd, 0x5fb}, @ptm_cap={0x3}]}, 0x1, [{0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x400a}}]})
syz_usb_control_io$printer(r0, &(0x7f0000000b80)={0x14, &(0x7f0000000800)={0x40, 0x8, 0xe8, {0xe8, 0xd, "413afb078c1a3df0fcb511dd8ea010979547cc0cf69f7272f295d489b3fbba29bcf247ad0ec5f8ecaca2525b992b81131a4cea6b70f45b96d921460454e4811d122417506ea6ee0e88896da76bbdf66430f7d65d93952bc2e38ef0472e4df5b3c5394592b81edb072211f68b8f9ec2c892cd63a91d320283437b8036f6f27743b2fd7b07fbfbbf263f4001671d9a6065afe1c1dd007872bbc5479fdade1b393112fc5fac938bb4520c7821a12c28265e40366682a98e9ce95cfa63f18d3c31b1d7b0d03350ad4934808713f59806fd36ee1e4a1a9ebf84450f089a344c29d5bf45b65f978aa4"}}, &(0x7f00000009c0)={0x0, 0x3, 0x40, @string={0x40, 0x3, "b8a2a669321b1300f956e3964030be4be9c7a60be93e547699f6333037bad7487e8ef316adb3db4e2209a5637ee90f717fd38cdaf8c6a9d68256bd8d8bbc"}}}, &(0x7f0000000d80)={0x34, &(0x7f0000000bc0)={0x40, 0x3, 0x6a, "745444c517014d173e3a0b2a18af4022efa7977cb832bf0f9f77ab414a5e8bd132f74d2efc5bc575ede6715f0428b6f849c7dc4feed3ab508f6528cd0058271e7a3e3d17abbff3ffa0450a6d847e5d7cd51f20744c94fb044d2d8ee8a028e9ba450e4eeda4046fe852f2"}, &(0x7f0000000c40)={0x0, 0xa, 0x1, 0xd6}, &(0x7f0000000c80)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000cc0)={0x20, 0x0, 0x27, {0x25, "ee19c33bc1dce60ff4d14c50a76dede936c23f5b26f4b138d5784af28a612ccaa8f4690fc5"}}, &(0x7f0000000d00)={0x20, 0x1, 0x1, 0x9}, &(0x7f0000000d40)={0x20, 0x0, 0x1, 0xa}})
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000100000011, 0x3, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x13, 0x0, &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000140)={<r5=>0x0}, &(0x7f0000000180)=0xc)
getpid()
syz_open_procfs(r5, &(0x7f00000001c0)='net/netfilter\x00')
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6, 0x0, 0xfffffffffffffffe}, 0x18)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="7e000000272a4fe900db969e4cfb501c83b64bc691b95993ca9b0100e8", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3020046, &(0x7f0000000380)={[{@delalloc}, {@abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x9c13}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@usrquota}, {@acl}, {@max_batch_time={'max_batch_time', 0x3d, 0x20007}}, {@user_xattr}, {@bh}, {@errors_remount}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xfecc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={0x0, 0x68}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073"], 0xe8}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r9=>0x0})
r10 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYRES8=r10, @ANYRESOCT=r9], 0x4c}, 0x1, 0x0, 0x0, 0x24000040}, 0x64008880)

1m45.741260277s ago: executing program 1 (id=71):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
syz_io_uring_setup(0x2c0c, &(0x7f0000000400)={0x0, 0x0, 0x4002}, 0x0, 0x0) (fail_nth: 7)

1m45.458848622s ago: executing program 1 (id=74):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000001dc0)=ANY=[@ANYBLOB="9feb01001800000000000000fc000000fc000000060000001000000008000084030000000900000004000000030000000a000000000000000600000008000000030000000800000001000000020000000a00000005000000000000000000600000000000030000000002000010000000050000000600000002000000050000000b0000000c000000000000090000000007040000050000930100000008000000000100000400000002010000ffffffff0e0000000c00000004000000ff7f00001000000003000000020000000800000007000000030d00000900000000000009010000000200000000000012030000000e0000000000000c0400000002000000000000120500000005000000000000080200616161000000000092743f1c479802d7abac7abb9b81ba27f57609e177ccd43813ae6761613382d3625162ed4f173ac737a5a7e55e813422b6e05a6cfcdfbda6ccc9672d190e537810f758410019b1db89bcab684f2a3ec6f048f739414328ad015a77281c9765a3f4fab48b9274ecbdd8a011224d12744368150d0a3ede1befe3f7dd655343d04ab20f17d3a76bd82b8e8662866cfe1b37dc59fccb874b1f9ea5d88b45f2654a1ad5d36c36cce645158d9ec96cd1894f24bbddac91a66f6c08d3305ac0d008fc6ec3cd5934619cceffb33fd5d86b79b768fb11e53ccf855d7ef2b3a320574a8ef87cccc727a3a3578af880eb80bd6653a28d97dce1703e70b7336dd831f38ee0e7858cd1"], &(0x7f0000000040)=""/49, 0x11a, 0x31, 0x1, 0x2d, 0x0, @void, @value}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000005c0)={r0, 0x20, &(0x7f00000003c0)={&(0x7f0000000500)=""/76, 0x4c, <r1=>0x0, &(0x7f0000000bc0)=""/4096, 0x1000}}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x35, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
ioctl$VT_DISALLOCATE(r0, 0x5608)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x80, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4, 0x0, 0x7}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_EVENTS(r5, 0x84, 0xb, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2a10886, &(0x7f00000001c0)={[{@quota}, {@dioread_nolock}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='kfree\x00', r6, 0x0, 0xfffffffffffffffc}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000901, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
r7 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r8 = open$dir(&(0x7f0000000080)='./file0\x00', 0x100, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r8, 0x0)
syz_clone(0x80000100, 0x0, 0x0, 0x0, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r7, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r9, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40)

1m45.095694136s ago: executing program 1 (id=80):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x80, 0x24, 0xd0f, 0x10003, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4c, 0x2, [@TCA_FQ_CODEL_QUANTUM={0xff87, 0x6, 0xe}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x4}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x7fff}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0xffffffa7}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0xd}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x6}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x9}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0xac}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x6}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, 0xfffffffffffffffe, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000140)={<r3=>0x0})
r4 = accept(0xffffffffffffffff, 0x0, &(0x7f00000001c0))
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000240)={r3, 0x3, r4, 0x73b, 0x80000})
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000003c0), 0x2, 0x1}}, 0x20)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000140), 0x12)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
close_range(r6, 0xffffffffffffffff, 0x0)

1m30.080916633s ago: executing program 32 (id=80):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x80, 0x24, 0xd0f, 0x10003, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4c, 0x2, [@TCA_FQ_CODEL_QUANTUM={0xff87, 0x6, 0xe}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x4}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x7fff}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0xffffffa7}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0xd}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x6}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0x9}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0xac}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x6}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, 0xfffffffffffffffe, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000140)={<r3=>0x0})
r4 = accept(0xffffffffffffffff, 0x0, &(0x7f00000001c0))
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000240)={r3, 0x3, r4, 0x73b, 0x80000})
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000003c0), 0x2, 0x1}}, 0x20)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000140), 0x12)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
close_range(r6, 0xffffffffffffffff, 0x0)

1m5.500351663s ago: executing program 3 (id=876):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
r1 = socket$xdp(0x2c, 0x3, 0x0)
mremap(&(0x7f00000ad000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f00000ae000/0x1000)=nil)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000200)={0x0, 0x201000, 0x1000}, 0x20)

1m5.473137024s ago: executing program 3 (id=877):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x4048841)
r1 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000780)="a0005b020eaa4d56", 0x8}], 0x1, 0x0, 0x0, 0x900}, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES64=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffac, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000bc0)="0100000200", 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x214004, &(0x7f0000000880)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRES32, @ANYRESHEX, @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES8], 0x1, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r6 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x130)
r7 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x51)
write$9p(r6, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3f", 0x101)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r8}, 0x10)
sendfile(r6, r7, 0x0, 0xe065)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f00000003c0)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRESHEX], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1m5.428285345s ago: executing program 3 (id=878):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x4}, 0x18)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000023ed0000180100002820702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000838500000071000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100), 0x2, 0x500, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJn/sTdMmhR4AFbqUwoJWayfeNqp6oZwqhCoheuSwDYkTRbHjKHZKE/aQPXJHohInOHHmgMQBqSfuSBzgxqUckAqsQA0SByOP7V3njzfWbmzvxr+fNJo38+L53tvRvGd91s4LYGJdj4ijiJiNiPcjYqFzPuls8XZ7a/3dZ/fvrh3fv7uWRLP53j+TrL51Lno+0/Jc55r5iPjBOxE/Sk4F/VNE/eBwe7VSKe91ThUb1d1i/eDw1lZ1dbO8Wd4plVaWV5bevP1G6dL6+kr1N59ei4jf/+7Ln/zx6Fs/aTVrvlPX24/L1O76zIM4LdMR8b1hBBuDqU5/Zh/nw4/1IS5TGhGfi4hXs+d/Iaayu3nSydv07RG2DgAYhmZzIZoLvccAwFWXZjmwJC10cgHzkaaFQjuH91LMpZVavXFzo7a/s97OlS3GTLqxVSkvdXKFizGTbGxNl5ezcve4Ui6dOr4dES9GxM9y17Ljwlqtsj7OLz4AMMGeOzX//yfXnv8BgCsu/7CYG2c7AIDRyY+7AQDAyJn/AWDymP8BYPKY/wFg8pj/AWDymP8BYKJ8/913W1vzuPP+6/UPDva3ax/cWi/XtwvV/bXCWm1vt7BZq21m7+ypXnS9Sq22u/x67H9YbJTrjWL94PBOtba/07iTvdf7TnlmJL0CAB7lxVc+/ksSEUdvXcu26Hnf/4Vz9cvDbh0wTOm4GwCMzdS4GwCMzdnVvoBJIR8P9CzRe6/ndP5M4bSPBrp8at1QePrc+OIT5P+BZ5r8P0yux8v/+y4PV4H8P0yuZjOx5j8ATBg5fiC5oL739/+lZs/BYL//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJU0n21JWuisBT4faVooRDwfEYsxk2xsVcpLEfFCRPw5N5NrHS9HhHWDAOBZlv496az/dWPhtfnTtbO5/+ayfUT8+Bfv/fzD1UZjbzliNvnXg/ONjzrnS+NoPwBwke483Z3Huz67f3etu42yPZ9+p724aCvucWdr10zHdLbPZ7mGuX8nneO21veVqUuIf3QvIr5wXv+TLDey2Fn59HT8VuznRxo/PRE/zera+9a/xecvoS0waT5ujT9vn/f8pXE925///OezEerJdce/4zPjX/pg/JvqM/5dHzTG63/47pmTzYV23b2IL01HHHcv3jP+dOMnfeK/NmD8v778lVf71TV/GXEjzut/ciJWsVHdLdYPDm9tVVc3y5vlnVJpZXll6c3bb5SKWY662M1Un/WPt26+0C9+q/9zfeLnL+j/1wfs/6/+9/4Pv/qI+N/82vn3/6VHxG/Nid8YMP7q3G/z/epa8df79P+i+39zwPif/O1wfcA/BQBGoH5wuL1aqZT3hl1Ihx8iKyQRRyPoTruQ+/VP3xlVrCEW4ulohsLTVBj3yAQM28OHftwtAQAAAAAAAAAAAAAA+hnFfycadx8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4uv4fAAD//5iA1Hs=")

1m5.10531245s ago: executing program 3 (id=888):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000060000000600000005"], 0x48)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
read$qrtrtun(r0, &(0x7f0000000140)=""/227, 0xe3)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000480)='btrfs_handle_em_exist\x00', 0xffffffffffffffff, 0x0, 0x8000000000000000}, 0x18)
perf_event_open(0x0, 0x0, 0x6, 0xffffffffffffffff, 0x1)
r2 = epoll_create1(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0x20000014})
close_range(r2, r3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000700000000000000000018110000", @ANYRES32=<r6=>r4, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
syz_read_part_table(0x60d, &(0x7f0000002240)="$eJzs3D9olHcYB/DvJbmcUTAdnFxqHDoJRXE0Q5XkqlgIp1IIDvYfIs0UIXDSw5Q4tBkUM0jHLlK4DhonYwYnRaFzEQeLkMGlYBepHXLl7l6SOyjF0oRS/HyGe353PDzf94F3/V34XxtIuTi1Kp3y/qd/298a3TzP50xzYvJ4q9VqnU5KOZtyxsq7l5MMpX9q9icZ7plz8/udq9/+9mG5+fTUq/fOPVgc2JhZyTtJdvU2Z+SvHqXyzzZlO9wafzi6cGW2erX9pdpYW/84uf1yorZycnFp+UT52Oft3y8nj4r+7osxkoup51K+zCdDbxz19eax1Jc/386vj194Um2sfdd8fnB9b3Xw7vkjr/etXrt/KJlrR0yl87JvGv6Xi/fkL/Tkz41dn15qHD1wZ8+Nw/V7j2svBn9vdRWR5a3JBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABge9xqf1yZrV6tj194Um2sffPzTx/dfjlRWzm5uLR8YvjYs6LvUVGHinox9VxKOclMZvJFZt88crrUmz/+cHRhI/+Pncnzg+t7q82754+8nly9dv9Qp6uUqXYZ2IqN+/XnN9bmxq5PLzWOHriz58bh+r3HtReD3b6ZSj7rrJuksvWPAQAAAAAAAAAAAAAAAAAAwFtuYvL4vqkPaqeTUs7uSPLrV51b9q3KyI/p3Lzv2l/UZ5Vkd5KbO7r/BdB8eurV8LkHi78Ul+LnU8l8kl0/rJxJ3t3IudwfW96czH/pzwAAAP//gTiR5w==")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1db)
writev(r7, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x100000}], 0x1)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES64=r2, @ANYRES32=r6], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000680)='mm_page_free\x00', r8}, 0x10)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x200, 0xa)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x363003, 0x0)
sendfile(r10, r9, 0x0, 0x7f)

1m4.796431934s ago: executing program 3 (id=894):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000002900000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000060060000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='kfree\x00', r2}, 0x18)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x72, 0x101301)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0x20000007d, 0x0)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000001c0)={@empty, <r5=>0x0}, &(0x7f0000000200)=0x14)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r7=>0x0})
r8 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r8, &(0x7f0000000000)={0x1d, r7}, 0x10)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
r11 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r11, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r11, &(0x7f00000001c0)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r12, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="4000000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000010240000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r12], 0x40}}, 0x4000)
sendmsg$ETHTOOL_MSG_WOL_GET(r4, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="b4000000", @ANYRES16=0x0, @ANYBLOB="000225bd7000fbdbdf25090000002000018008000100", @ANYRES32=r12, @ANYBLOB="140002006772653000000000000000000000000060000180080003000300000008000300020000001400020076657468305f766c616e0000000000001400020064756d6d79300000000000000000000008000100", @ANYRES32=r5, @ANYBLOB="00000100", @ANYRES32=r7, @ANYBLOB="140002006272696467655f736c6176655f300000200001801400020076657468305f6d6163767461700000000800030002000000"], 0xb4}, 0x1, 0x0, 0x0, 0x1}, 0x4008000)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x18615, &(0x7f0000000440)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x8}}, {@jqfmt_vfsold}, {@minixdf}, {@errors_remount}, {@discard}, {@noblock_validity}, {@grpquota}, {@journal_dev={'journal_dev', 0x3d, 0xf35}}]}, 0xff, 0x618, &(0x7f0000000640)="$eJzs3c9rHG0dAPDvzCYxed9oWpFii2LAQwvS/KjFqqe2F3soWLAHEQ8NTVJDN21oUrC1YAoeFBREvIr04j/gXYpXbyKoN89CFYl4UOnKzM60a3Y32ebN7mwznw/M9plnZvd5vjv7dJ5nNs9OALU1nz2kEWcj4k4SMdexbTbaG+eL/fb+8exutiTRan3j70kkRV65/+vi3w+zhyRiOiJ+fz3ik43ucrefPL2/0my1fT9icWdza3H7ydOLG5sr99burT1YvvTly1eWvrJ8eflY4izjunHz65/5yQ++86X1PzQvJnE1bk9+bzX2xXFc5mM+XhchduZPRMSVLNHjfXnflCEkFdeDo2kUn8fJiDgTc9HI19rmYuPHlVYOGKpWI6IF1FSi/UNNlf2Acmw/jHHwOHt1rT0A6o5/on1tJKbzsdEHe0nHyKg93j11DOVnZfz32blfZEv0uQ4xcQzl9LP7PCI+3Sv+JK/bqfwqThZ/GmnH87L0UkRMFe/FYOP/ya6c+X3ro/78vUv8ncchi/9q8W+Wf/2I5VcdPwD19PJacSLfzdbenv+ynmHZ/4ke/Z/ZHueuo6j6/Ne//1ee76fza+Tpvn5Y1t+51fsluzo5f/nRjZ/1K7+z/5ctWfllX3AUXj2POLcv/h/mHb3kzfFPehz/bJc7A5bxtT/+7Ua/bVXH33oRcb7n+OdtjzZLLe5sbpV5+76fXFzfaK4ttR97lvGb3337V/3Krzr+7PhHn/HfQcc/y9sasIxf33qx2W/b7KHxp3+dSm7nqaki57srOzuPliOmkpvFLh35lw6uS7lP+RpZ/Bc+37v994q/KCo/0Lv/9270t/XN+3v99hv4+HcPnTKvWweHe6gs/tU+n//Djv9PByzjX996/Nl9WTNl4qD4Z7pfKtl95wgBAAAAAACgPtL8O9gkXXiTTtOFhfYc3k/FB2nz4fbOF9YfPn6wGnEh/3vIybT8pnuuvZ5k68vF38OW65f2rX8xIk5HxM8bM/n6wt2HzdWqgwcAAAAAAAAAAAAAAAAAAIAx8WEx/7+8T/U/G+35/wPZOTPk2gFDN8wbzAHjTfuH+srbf1p1LYAqOP9DfWn/UF/aP9SX9g/1pf1DfWn/UF/aP9SX9g8AAAAAJ9Lpz738cxIRu1+dyZfMVLFtstKaAcP27m18fij1AEavMdKnAePkzVf/pv9D7QzU//938eOAw68OUIGkV2beOWgd3Phf9nwmAAAAAAAAAAAAADAE58+a/w91lcZvq64CUJHuifxn9wac6Oc3AOA956f/ob4+0hjfBQI4EQ6bxT/db4P5/wAAAAAAAAAAAAAwMrP5kqQLxS1AZyNNFxYiPh4Rp2IyWd9ori1FxCci4k+NyY9l68tVVxoAAAAAAAAAAAAAAAAAAABOmO0nT++vNJtrjzoT/+nKOdmJ8i6o41KfzkQkoy90JiLGIfbhJCY6cpKI3ezIj0XFHm3HWFQjzatR8X9MAAAAAAAAAAAAAAAAAABQQx1zj3s798sR1wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARu/t/f+PnkgOeZ2qYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k//CwAA//9vNjw9")

1m4.524722458s ago: executing program 3 (id=901):
syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff000000000000"], 0x0)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x4e20, 0x0, @mcast1, 0x3}}}, 0x88)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/bus/input/devices\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000000), 0x0, 0x33, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, 0x108)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000001100), &(0x7f0000001140)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB], &(0x7f0000001180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
symlinkat(&(0x7f0000000400)='./file0/../file0\x00', 0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00')
readlinkat(0xffffffffffffffff, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/198, 0xc6)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
socket$igmp6(0xa, 0x3, 0x3a)
sendto$inet(r2, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000680)=[@ip_tos_u8={{0x11, 0x0, 0x7}}], 0x18}, 0x0)

1m4.524411008s ago: executing program 33 (id=901):
syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff000000000000"], 0x0)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x4e20, 0x0, @mcast1, 0x3}}}, 0x88)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/bus/input/devices\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000000), 0x0, 0x33, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, 0x108)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000001100), &(0x7f0000001140)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB], &(0x7f0000001180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
symlinkat(&(0x7f0000000400)='./file0/../file0\x00', 0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00')
readlinkat(0xffffffffffffffff, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/198, 0xc6)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
socket$igmp6(0xa, 0x3, 0x3a)
sendto$inet(r2, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000), 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000680)=[@ip_tos_u8={{0x11, 0x0, 0x7}}], 0x18}, 0x0)

2.867266897s ago: executing program 0 (id=2234):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2101, 0x0)
write$binfmt_aout(r3, &(0x7f0000000240)=ANY=[], 0xff2e)
fcntl$setstatus(r3, 0x4, 0x800)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"})
r4 = syz_open_pts(r3, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0xff)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
clock_gettime(0x0, &(0x7f00000002c0)={<r6=>0x0, <r7=>0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000001cabf1cde27788377e4925a3d3602a5024c4a72e8c9455d776657b5d98a617c8fdea643c629685b2d8cb64b4ff010146fb72d131605b9ea951e2ad9a3c5cdf54e022f807633cb32752b000a7585cbc6e8eef0271be1e7d1eb8fd6c3c86b909f671a7a499c13f27eb9e25c2f52fecb861e428b9f553084fc3361189b5867fd8bb2b4f5e3e9877ef2de2b8810df6f91ea29598e53a0ba75aeebf6754f4386b0daad560e60355cd"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mknodat$null(0xffffffffffffff9c, 0x0, 0xb0a54e68b1cd2fdb, 0x103)
epoll_pwait2(r0, &(0x7f0000000140)=[{}, {}, {}], 0x3, &(0x7f00000003c0)={r6, r7+10000000}, &(0x7f0000000400)={[0x4]}, 0x8)
io_uring_setup(0x7b04, &(0x7f00000001c0)={0x0, 0xa258, 0x20, 0x3, 0x256})
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
fsetxattr$security_selinux(r9, &(0x7f00000000c0), &(0x7f0000000100)='system_u:object_r:dhcp_state_t:s0\x00', 0x22, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000200)=0x1, 0x4)

1.887756152s ago: executing program 0 (id=2258):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0x6}, {0xffffffffffffff7f, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x1}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x2}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0xf384}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0xffffffff}, @TCA_FQ_CODEL_FLOWS={0x8}, @TCA_FQ_CODEL_DROP_BATCH_SIZE={0x8}, @TCA_FQ_CODEL_ECN={0x8}]}}, @TCA_RATE={0x6, 0x5, {0x4}}]}, 0x78}}, 0x0)

1.850337912s ago: executing program 0 (id=2262):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB='\v\x00\x00\x00\b\x00\x00\x00\f'], 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x10, &(0x7f0000000080)="170000000200020000ffbe8c5ee17688a2003c000303000afdff02a257fc5ad90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd36276a3afff", 0xb8)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_addr=@empty, @remote}, 0x10)
setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, &(0x7f0000000280)={@broadcast, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
setsockopt$MRT_FLUSH(r3, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r4, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
syz_emit_ethernet(0x8a, &(0x7f00000008c0)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x3, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast, {[@ra={0x94, 0x4, 0x1}]}}, {0x0, 0x883e, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x4, "44c108fc5c47c72626fe2f7cfa25b602ed48a4e23aa1fa1930cef821fa9ef26d", "78b501b40402b3f74ca615813e0a1261", {"b6b63b29d2396379bcc0226ed355261e", "4842183ff3929a0d1927f2044ca14ce4"}}}}}}}, 0x0)

1.803164233s ago: executing program 0 (id=2263):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x862b01)
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000b40)={0x52, 0x1, 0x6, {0x1017, 0x1}, {0x61, 0x2}, @cond=[{0x5, 0x6, 0x8, 0xffff, 0x3ecb, 0x4}, {0x604, 0x8000, 0x4, 0x4, 0x1ab1, 0xe00}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x40, &(0x7f0000000580)={[], [{@smackfsroot={'smackfsroot', 0x3d, ' \xc2:\xda~\xb8\xc8\xa1G \x1dj\xe2\xe0+\xd3\x88\xda]\xac\xce\x03\xdf\xb0\xdc\xdcD\xfe\xb2U\xb0\x84\x9f\xf1l\xb7<\xa3\xb3W\x12\xd2\xd9\xe1S\xba,C.\xbc\b\xech\xeb\xedu\xb3\x8f\xa1\x03\xaf\xe3\xde\x9c\xb2\xd3\xce\x1e\x99\xf1\x9d:\x1b\xce\x83\xc4\xe0\xd6\f\x04f6\x89\x17\neE=f\xe9DN7\xa2\xf6yt\xde\xe9\xbckw\xd4\x1a =\x8akg\x1e\xf1Ir\xd3 \xdc1\xc6HMO[\xe3'}}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@uid_eq={'uid', 0x3d, 0xffffffffffffffff}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@audit}, {@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@smackfsfloor}, {@appraise}, {@flag='async'}]}, 0xfe, 0x79e, &(0x7f0000001740)="$eJzs3ctrXNUfAPDvnbyatL9fIghaVwFBA6UTU2Or4CLShQgWCrpxYxsm01AzyZTMpDQhYIsIbgQVF4JuuvZRdy7c+Njqf+FCWqqmxYqLErnzSKbNTJukmUlLPh+4uefc17nfe+7jTO5hJoA9azj9k4k4GBEfJRGDtelJRPRUUt0RE9Xlbq0s59IhidXVN/5MKsvcXFnOxfo6Xel4fy3zZET89H7EoczGckuLSzOThUJ+vpYfLc+eGy0tLh0+Ozs5nZ/Ozx0dGx8/cuyFY0d3Lta/f106cO3jV5/9ZuLf95648uHPSUzEgdq8xjh2ynAMV45ReiQn7pp3fKcL22XJbu8A25Jeml3VqzwOxmB0VVIt9HdyzwCAdnk3IlYBgD0m8fwHgD2m/n+AmyvLufqwu/+R6Kzrr0TEvmr89feb1TndtXd2+yrvQQdu3vmGK80N7UD5wxHxxXdvf5UO0ab3kADNXLwUEaeHhjfe/5MNfRa26rlNLDN8V979Dzrnh7T982Kz9l9mrf0TtfZPY8+QvibX7nbc//rPXN2BYlpK238vN/Rtu9UQf01vPfe/SpuvJzlztpBP723/j4iR6OlL82MbN13vShcjN27faFV+Y/vvr0/e+TItPx2vL5G52t135zpTk+XJBwx7zfVLEU91N4s/Wav/pEn9p9NObrKM11764PNW89L403jrw8b422v1csQzTet/vb2f3LN/4mjldBitnxRNfPvbZwOtym+s/3RIy69/FuiEtP4H7h3/UNLYX7O09TJ+uTz4Y6t594+/+fnfm7xZSffWpl2YLJfnxyJ6k9c3Tj+yvm49X18+jX/k6ebX/73O//Qz4en7xP19bdx97Y+vtx9/e6XxT22p/reeuHJrpqu6qY0dgTdX/+OV1Eh1wkBs4v632R184AMIAAAAAAAAAAAAAAAAAAAAAAAAAJuQiYgDkWSya+lMJput/ob34zGQKRRL5UNnigtzU1H5reyh6MnUv+pysOH7UMdq34dfzx+5K/98RDwWEZ/29Vfy2Vzxrdu7HTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1Oxv8fv/qd/7dnvvAIC22bfN9ZId3g8AoHO2+/wHAB5dW3v+97dtPwCAzvH5HwD2Hs9/ANh7PP8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABos5MnTqTD6j8ry7k0P3V+cWGmeP7wVL40k51dyGVzxflz2elicbqQz+aKsy03dLE6KhSL58ZjbuHCaDlfKo+WFpdOzRYX5sqnzs5OTudP5Xs6FhkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbF5pcWlmslDIz7chcbxtW25zor92cB5gO4O1TTwM4UisJboj4iHYjUch0XiX6O/8jQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgEfFfAAAA///t1CMf")

1.736899554s ago: executing program 0 (id=2268):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000009"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x401, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.156958322s ago: executing program 5 (id=2280):
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="757466382c626c6f636b3d307830303030303030303030303030323030006e6f726f636b2c63727566742c6d61703d6f66662c646d6f64653d3078303430303030303030303030303063664173657373696f6e3d3078303030303030303030303030303033382c756e686964652c756e686964652c6769643d29e0cd5c372ab078c28fb05c6421428d066455368833565fd726743513f4466efa8d4fba06d57341875f5775ab343c0f6bc59fbde784ec3597e0e286d8d0dbf360afa3bc5c145b6e4f8b0305932fb55ff13f9fcb5035769f5fca33ac02bdeacb24c58103edc3d8b46df7614aa493952584ee662174309b11a4ad19e64dcdeeca1c148170b8d1aaf26082364b0d90d63d8502ffa63dde945e4612ac134315f389af667a04931ad25ff10b9b5107e517dbbcf5dcb60f564f54b344218d9325b53e829c38c96c69adc9e745202923a1b8124333cce0a8f1c748d42a272eb3e5502051090f1ac34fe5e8f038", @ANYRESHEX=0x0, @ANYRESOCT], 0x2, 0x699, &(0x7f0000000140)="$eJzs3V9rG9n9x/HPyLIte3+E5dcSQsifk6QLDk2VkbxxMCl01dHInlbSiBm52FBY0o29hMjZNkmh8c3WN/0D2yfQu970og+i0Ot9Fr0pLSztXaE3KnNmJEvRv3ijOLvN+2V2NTrznTnfmaPoy9iaIwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADle1XVLjupBc2fXTOZVo7AxZX26t0XdTBduzuxXcpL/VCjoQtp04Zsnq88n/7uuS+mzSyokDwUdvXP+3XvfyOd6209J6MvQaXf49PnRo/udzv6Tl4hd0Kl3/yYp11taycZkTNCW3wziMGhUtnwTxKHZ3Nhwb2/XYlML6n68F7f9hvEiP9cOI7Pm3TSlzc114xf3wp3mVrVS93uNd79Tdt0N84PldKAlFWNvO6jXg+aWjUlWJzF3zWc/TgP8SsOYg4ed/fVZR5IElV4mqDwrqOyWy6VSuVzauLN5567r5kca3ITj9mkkYu4vWnzNzOeNG5iDXFL//+pIdRXU1I52Zcb+eKoqUqjGhPWZXv1/77Y/td/B+t+r8hek72WrL8rW/yvpsyuT6v+EXIyM3WDcGmdC++l+Fm1GRk/1XEd6pPvqqKN9PZnDvo3M1bns5Qx+tuSrqUCxQgVqqGJbTNZitKkNbcjVh9pWTbGMagpUl69Ye4rVlm9fUZ4i+aqorVCRjNbk6aaMStrUptZl5KuoPYXaUVNbqqqif3e73QM9tOd9fUqO6gWVJgQsDwaVp+xpUv3/yafp6zSr/y71/22Vvg6W04fPp8UAXwHd7Pp/UG72ZldfX0YAAAAAAGDeHPvbd8f+7f6ypK5qQd1333RaAAAAAABgjhx1l3VJTnL9L+myHK7/AQAAAAD4X+PYe+wcSav2Q/3OyZ1QL/NLgIUzSBEAAAAAALwie+f/lSWpayetuCrnVNf/AAAAAADga+A3A3Ps53tz7HZ7f9bPSYpby86f/7msaNE5bu1+yzmsJGsqh1nMyCcA2rWLzrlsol77sCTJPvP8S07WWzYJZn/ewS8OZs3170QvJLC0MLiDCQk4Sc8b+eyZPtO1dJNr2TzzD45ysmvSXlZrQd0vemH9XkmVyrlc299t//zxw19IUf84Dx529osffdJ5YHM5TpqOD5OdfjqUTm78yTjJ5Zmdb8HeczHuiFdU63X522Zj1bH9ur3jX1DlMDfY0bQBOOnzV7qejtn11TR29ag/435y/IXk+EtFO2RDRx8tOidZlF488nEDMSGLgs3iRhpzY+2Gyn9Ll/ujkHMK316QysXRMRjKojyYxexz4fxr5FwMZGEfemsGzsV6ksVfkh1NyGL9dFmMjAgAvCkHuiz7LnRZdhLzfhUqZHW3Vx56b2pfqu7Mru4fDFf3Z7/vdu0GC1I++9vE1F4KSt7R1xxbh5bSQ8pfHPOO7mZ1paAJ7+juK1S3pK8/nXwHUpb2SBb/6Xa790q239+9UFX/MNTdSL9xvbyQnMLbzw5/aifAT3y8//H+43J5fcN933XvlLVoDyN7WBC1BwAwYvZ37MyMcN7XtTTi2oN/vJcuDVW8/+9/pKCoj/SJOnqgW72vELg6fq+rAx9DuJVetWrgqtWcf/ee/V664diSbk28qrO1dCC23I9dVG+T4Up9Erv+mkcBAICzdX1GHR5f/wtD9f+W1tKItYtjr7uHa3l2ddy/pJ8UW5qd/AfzPhsAALwd/OgLZ7X9ayeKgtaHpc3NUqW97Zso9H5ooqC65Zug2fYjb7vS3PJNKwrboRfWTSvSclD1YxPvtFph1Da1MDKtMA527Te/m+yr32O/UWm2Ay9u1f1K7BsvbLYrXttUg9gzrZ3v14N424/sxnHL94Ja4FXaQdg0cbgTeX7RmNj3BwKDqt9sB7UgWWyaVhQ0KtGe+VFY32n4purHXhS02mG6w15fQbMWRg2722K+O+7zAgAAvHWePj96dL/T2X/y4sJKcmmethxrQszowpKePk+uypOWfLaKOYIAAPiKOSngp9io8BoTAgAAAAAAAAAAAAAAAAAAAAAAI2bf0nfKhcVxNwtK/Zafncta9Eud3GI4sh9H807sNAu5027VuyXi6NHnU4JX+i290z8Yc3xmB/j3/5PesS1KW/Lz72tlyuC+joXvHqRndGJMsnLsquX+WOTn/88hWXj8xwmrut1ud/rmy8PncGnaAQ4v5CU9WXqFITj79yIAZ+u/AQAA//9b5DOa")
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x41)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], 0x0, 0x0)

1.155858033s ago: executing program 5 (id=2281):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, @NFT_OBJECT_CT_HELPER=@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}}, @NFT_MSG_DELFLOWTABLE={0x248, 0x18, 0xa, 0x102, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x68e}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x1e8, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x7c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_bridge\x00'}, {0x14, 0x1, 'pim6reg\x00'}, {0x14, 0x1, 'gretap0\x00'}, {0x14, 0x1, 'veth0\x00'}, {0x14, 0x1, 'bond0\x00'}, {0x14, 0x1, 'veth0_macvtap\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'netdevsim0\x00'}, {0x14, 0x1, 'wlan1\x00'}, {0x14, 0x1, 'virt_wifi0\x00'}, {0x14, 0x1, 'bond0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'team0\x00'}, {0x14, 0x1, 'erspan0\x00'}, {0x14, 0x1, 'erspan0\x00'}, {0x14, 0x1, 'pim6reg0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x90, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve1\x00'}, {0x14, 0x1, 'batadv_slave_1\x00'}, {0x14, 0x1, 'veth1_to_batadv\x00'}, {0x14, 0x1, 'wlan1\x00'}, {0x14, 0x1, 'vlan1\x00'}, {0x14, 0x1, 'pimreg0\x00'}, {0x14, 0x1, 'veth1\x00'}]}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}, @NFT_MSG_DELSETELEM={0x208, 0xe, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c4, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}]}, {0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}]}, {0x158, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}, @NFTA_SET_ELEM_EXPRESSIONS={0x98, 0xb, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x16}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xf}]}}}, {0x60, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x54, 0x2, 0x0, 0x1, [@NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x29}, @NFTA_FIB_FLAGS={0x8}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_FIB_RESULT={0x8}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_FIB_FLAGS={0x8}]}}}]}, @NFTA_SET_ELEM_DATA={0x68, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VALUE={0x31, 0x1, "2967ba954ecbfe4b210db4f966307997d0580a5834306867b2be65784605d80f3a226f2f6c5e4bbd2a24678873"}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x24, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @payload={{0xc}, @void}}, {0x10, 0x1, 0x0, 0x1, @range={{0xa}, @void}}]}]}, {0x4c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPR={0xc, 0x7, 0x0, 0x1, @ct={{0x7}, @void}}, @NFTA_SET_ELEM_KEY_END={0x3c, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x38, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWTABLE={0x158, 0x0, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_USERDATA={0x45, 0x6, "b0a4eeb7e8772b2a97d4ea011a7101719f20460366099e56b0494f8112f7ab634c1b63dc401aacec0e9eba065932a315c5d07a96eeda6c8f1b9a5863e0eb4cc5bc"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_USERDATA={0xe1, 0x6, "e1da31cab36025537fa3c18656019fc1e3640653f2b4f879937f2ce8a527cae8e7c650b7b5b67b40ae0a7bc91c34ebb199909740995ea048e1be0e4e49f5a7f981c7930504abb703dcfd3fcd4347fd868001c45bb00041e00cae7b522850c407cc8dbf3437afcd7070cbd02bf80ad8686b253eb6be08a6fd36cd07714d62fd60fbe8f80b020e0e4f1c954cb8d2ad660d1230086e85b5878f2baae143a90a474f97311a8b43c7bfd794ab19b1763de93a974655ede59dd131276fc124fbb5d033dd16899826018a0ab9ac9c0ea907e8a68b24e8658dfbde3335ea6b1f86"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x5f0}, 0x1, 0x0, 0x0, 0x20000}, 0x20020055)
r0 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x7005, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x3)

1.098848414s ago: executing program 5 (id=2284):
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc))
socket$nl_generic(0x10, 0x3, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0)
openat$cgroup_procs(r1, &(0x7f0000000080)='tasks\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, @perf_bp={0x0, 0x13}, 0x400, 0xffffffff, 0x6, 0x2, 0x0, 0x1, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r2 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x6e24, @empty}, 0x10)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
r3 = socket(0x2, 0x2, 0x1)
bind$unix(r3, &(0x7f0000000000)=@abs, 0x6e)
r4 = socket(0x2, 0x2, 0x1)
bind$unix(r4, &(0x7f0000000000)=@abs, 0x6e)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)

972.528735ms ago: executing program 6 (id=2287):
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
socket$inet_mptcp(0x2, 0x1, 0x106)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000771923cf0000000000009500200000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x800, 0x103)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0)
acct(&(0x7f00000001c0)='./file0\x00')

971.979735ms ago: executing program 6 (id=2289):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
r2 = socket$rds(0x15, 0x5, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48)
r4 = socket$netlink(0x10, 0x3, 0xf)
setsockopt$sock_int(r4, 0x1, 0x34, &(0x7f0000000000), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r3}, 0x0, &(0x7f0000001c40)}, 0x20)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x44000)
bind$rds(r2, 0x0, 0x0)
sendmsg$rds(r2, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x4, @local}, 0x10, 0x0, 0x0, &(0x7f0000000240)}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, r4)
r6 = syz_open_procfs(0x0, &(0x7f00000004c0)='map_files\x00')
getdents64(r6, &(0x7f0000000080)=""/95, 0x5f)
process_mrelease(r6, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x9c, 0xe, 0x0, 0xffffffffffffffff, 0x7fffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8, 0x0, 0xfffffffffffffffd}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x1, 0x2})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r9}, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000900c0000000000000000100018010000646c6c2500000000002020207b1af8ff0000000007010058f8ffffffb702000008000000b70300000400000085000000060000009500000000000000a56b19af271e5ec4441d76ac2047ed6b4e827512d5eff8f9018a611282da0ae06cf3856851da04628624bebabd168ff614d3e001e9b07f3ad675f4ce429fc3c14c63940a40ae5fc000b07cbf8d1c49c1fffac700d83a6afda2e4"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0, r10}, 0x18)

945.683416ms ago: executing program 6 (id=2291):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000"], 0x48)
mbind(&(0x7f0000048000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x7, 0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000600)="f0caac48bbcd57762a3936d4d89d8be8", 0x10)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r5, 0xffffffffffffffff, 0x0)
r6 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8003}, &(0x7f0000000240)=<r7=>0x0, &(0x7f0000000200)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x38, 0x3, r6, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r6, 0x6e2, 0x600, 0x1, 0x0, 0x0)

883.945886ms ago: executing program 0 (id=2292):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r2, 0x2007ffc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000202300800000000000"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
syz_io_uring_setup(0x1725, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x400002, 0x3a6}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000006c0)={'syztnl0\x00', &(0x7f0000000680)={'gre0\x00', 0x0, 0x20, 0x20, 0x1000, 0x4cb, {{0x5, 0x4, 0x0, 0x3a, 0x14, 0x65, 0x0, 0x5, 0x4, 0x0, @broadcast, @broadcast}}}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='kfree\x00', r5, 0x0, 0x4}, 0x18)
r6 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x4, 0x224}, &(0x7f0000000040)=<r7=>0x0, &(0x7f00000000c0)=<r8=>0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x5, 0x1000, 0x0, 0x0, 0x2, 0x1, {0x2, r9}})
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r8, &(0x7f00000003c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0xb, 0x0, 0xaa05, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r10}})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000e868495fb58d00b6ad1f50ad32d6ad25dfd73a015e0ca6a0f68a7d007dc6751dfb265a0e3ccae669e173a64bc1cfd514600650a58f145ff1205fc9ddaa275e687d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983cd44c05bd0a48dfe3e26e7a23129d6606ed28a69989d552af6d9a9df2c3af36e0360070011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a1a83109753f54b21cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b81a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a928903000000cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba739cd0c31b05c00fba8a4aee676d7caa2e53b91a68ff2e60da7b01a2e5785a238afa4aba70c08b0d71b6f72d6a8d87fb08533d97ad96d3943c4cc8306dac433a5cdf78b04963d679d5a5d07e618a1ef9057fec00f9e93021f5a8d30e716de8cde9c6000000000c3b64d10f0939b42b33ab2a8717096c58bb3bb1d457d8bb96870f5a7e2ba31fd69bb80235d957eaa9a40b764e5381ffa604aaafb76a980e72b408f686b185736693089213b4e140f8f38e5589663115093889deb646122a5dc5a9e5ba4d37749a36b880110e2bf524b79bc91105f1d3f7d0de694a9417d68694f17ba5e27ea1cec518b93fadcfe0de010ae9be3273ff73c34b5695080a35bfa5c69e3b533e1b939c81b3beda037b7191cb0000000000000000000010e5d683b8938db5c305cf7e6e62a6890ba9e1f4ee64f8202b59de5036569febfaa95f4633db108b2f786333ec7bacc927f4a1785165b5d2444b4c022bb5cff472e6a0c8ee9d6d8df83b704669147b732ac508c9b9f0ca0a1ce45319d43d4643eb285835daf2065b57bebd61ad6671296c27253a5f9688d57c91ccd40ffe2dbc5dd1613a2e6f5b363cc8d205ce6ef3c3c6ded7dd3dfdb39008d8997213f68cdc971c1d6fdacb7729a5560880a77525e9cfb94ef1735dfe74e6b948697f7e3580436b532a82e315d56b17a5dba98436cc24babaae409f0aab0b40af116001bc85492455956e853ead08b5793d4ecf72378a3dfd9cc837b1c66212d9a2be8fd6341c2f837c7fe09924a51ec42912856cce3d3b2d092c80813aad03e1e63a655f4138730f302df339f30a4fbd453c9a0fba381d071ad7cb80a52bec572e29b0b9b55c235806b97e166609f8083ce776075c"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r11}, 0x18)
ioprio_get$pid(0x2, 0x0)
add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000280)='0', 0x1, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
unshare(0x6020400)
pipe(&(0x7f00000002c0)={<r12=>0xffffffffffffffff})
vmsplice(r12, &(0x7f0000000400)=[{&(0x7f0000000080)="7cd1f233f595b9483683fb7f", 0xc}], 0x1, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)

723.416799ms ago: executing program 4 (id=2296):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x35d, &(0x7f0000000f00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPNiDurJvyeatLzFpfr/2+4GSycw8u7OZSXk27WYv3/3yo0rJ0kp6Q6JJJRERkSuRrEQlEPEfo245IWGH8srMnz+/uL5ZTHoVaiW/8WpOKTU3/8PHn6X8bmfTcpF9//KP3O8Xz148f/nvxodlS5UtVa01lK62a7829G3TULtlq6IptWoaumWoctUy6l77d/52zNreXlPp1d3Z9F7dsCylV5uqYjRVo6Ya9abSP9DLVaVpmppNC25SPF5b0/NDBu+MeDAYk3o9r0+JSKqnpXg8kQEBAICJ6s7/o05KP0z+vyVzhcLymnI6t/P/k5fOGzPvnM75+f9Zol/+/9ov3rY68n/ndKKd/9e884PSzfn/13KH/L83I3pchs7/s2MYDIYzn+ipinQ8c/L/tP/+dR29d7LoFsj/AQAAAAAAAAAAAAAAAAAAAAB4GlzZdsa27UzwGPy0LyHwn+NBGjT/0yKSdGbfZv4fsvXNLUm6F+45c2x+sV/cL3qPfodzETHF+Mfu5qyN4Moj5cjKj+aBH3+wX5xyW/IlKTvxsiQZybrrKRRv2ytvFZaXlMePb12mlA7H5yQjz4Tjv3dXpxOf64z395+QlxdC8Zpk5KcdqYkpu25ke/+fLyn15tuFrviU209Efrv3SQEAAAAAYMQ01dL3/F3TBrV73zKSL7kfExmyKBn5u//5/WLf8/NY5oXYpI8eAAAAAIDHwWp+WtElatTdgmn2K6RkYNMICrGOmriI9O2c6KqJX7flqdAR3nY8CfHuYPJ/j+ub4FW9S1TwjxTOwFtN/h1VZLjxBMfv1kRiw09T5FDcBXAYborKLcJj3YOfdypU384LA7dz5B9Iqyb42Cgx4HWW1d7tRK9ZCfGeGjsy3AJ47qtv/xrdG+T1U38FfHJz5yPTsA/kNpPSVXB20dsUH/svHgAAAAD3rp30BzVvhJvDNxIJ3yyHv9wDAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBCY/lKv67CpI8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFL8FwAA//8GuPOT")
r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x240, &(0x7f0000000140)=<r2=>0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=<r4=>r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000300)={'sit0\x00', <r7=>0x0, 0x10, 0x8768, 0x5, 0x80, {{0x16, 0x4, 0x0, 0x0, 0x58, 0x68, 0x0, 0x40, 0x2f, 0x0, @broadcast, @rand_addr=0x64010101, {[@lsrr={0x83, 0x7, 0xc8, [@local]}, @timestamp_prespec={0x44, 0x3c, 0xd, 0x3, 0x5, [{@multicast2, 0x9}, {@remote, 0xffff}, {@multicast1, 0xe}, {@empty}, {@broadcast, 0x2}, {@loopback, 0x3}, {@local, 0xf6}]}]}}}}})
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYRESDEC=r0, @ANYRES16=r2, @ANYRES64=r1, @ANYRESOCT=r4, @ANYRESDEC=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r7, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r8}, 0x10)
r9 = dup(r6)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB="a0ce416271921d029e7c14940f1f9afeeee987b6750695603a91328b54e4acb00f5fda6cdf1a17dfef5493cc310a12b432ae33e9ea", @ANYRESHEX=r9, @ANYBLOB=',k'])
open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x39)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000}])

593.480761ms ago: executing program 4 (id=2299):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x129682)
r2 = dup(r1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x0, 0x0})
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009900"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x2)
r4 = socket$netlink(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x2)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000180)=0x8, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r6, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r7}, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x800, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

341.019685ms ago: executing program 2 (id=2300):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r2 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8003}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_RENAMEAT={0x23, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000100)='./file0\x00'})
io_uring_enter(r2, 0x6e2, 0x600, 0x1, 0x0, 0xfffc)
r5 = socket(0x2, 0x3, 0xff)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r6 = gettid()
perf_event_open(&(0x7f0000000440)={0x4, 0x80, 0xc, 0xbc, 0x2, 0x3, 0x0, 0x5, 0x8000, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x6, 0x2}, 0x4070, 0x7, 0x8, 0x2, 0x2, 0x9, 0xb0, 0x0, 0x2, 0x0, 0x800}, r6, 0x1, r1, 0x8)
connect$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg$unix(r5, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000005c0)="18fcae977278aeffab01b11015896dd2979391ede335535b8440ca4f71a0665a", 0x20}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{0x0}], 0x1}}], 0x2, 0x0)
getsockopt$inet_int(r5, 0x0, 0x6, &(0x7f0000000000), &(0x7f0000000280)=0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
r8 = io_uring_setup(0x34b1, &(0x7f0000000080)={0x0, 0x6d33, 0x10000, 0x1, 0x368})
modify_ldt$read_default(0x2, &(0x7f0000000680)=""/192, 0xc0)
inotify_init1(0x800)
r9 = syz_io_uring_setup(0x27f3, &(0x7f0000000340)={0x0, 0x4, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000140), &(0x7f0000000100))
syz_io_uring_setup(0x7414, &(0x7f00000003c0)={0x0, 0xd326, 0x800, 0x0, 0x2ac}, &(0x7f0000000040), &(0x7f0000000180))
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xc97c, 0x0, @perf_config_ext={0x0, 0x5}, 0x8, 0x0, 0x409, 0x4, 0x0, 0x40, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00'}, 0x3d)
io_uring_enter(r9, 0x184c, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

340.588165ms ago: executing program 2 (id=2301):
socket$igmp(0x2, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={r0}, 0x4)
r1 = socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='hrtimer_init\x00', r4}, 0x18)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0202000311000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000bb000000000000000002000100000007000000000b000000000200090000000000000000000000000005000600000000000a00000000000000fe8800000000000000000000000000010000000000000000010018"], 0x88}}, 0x20000000)

340.127065ms ago: executing program 4 (id=2302):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000780), r1)
sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x7c, r3, 0x4, 0x70bd2d, 0x25dfdbfb, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'rose0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'macvtap0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'sit0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x24008083)
syz_read_part_table(0x634, &(0x7f0000000000)="$eJzs3DFoXVUYB/D/Td+77yWFpjp2SXUWi51NDUj6qHSqdMtSFTRUHOJUseRFs5ghg4OzSxGytHXR0MFBLeIkTqGDWnEVpKjUIr1y3715fU8QRNOh8PtBuN859/vOd07uzZgbHmkz6SbFKOylk+TES3/L2Mh+Qvp1fpKq2947v7N8+kxVVVVR56ykmyc+P3I9Sact6Y+XqapqfTw4lSsfzt14rxh2d27VTb/cOlRPzzbbOJo8dbjsj5aZWCFVNbWx3kH+Hvhvri7eLIrNsh09+ev9peTaL8vnds9uvX/9hXZ6Pfmqebrv1O/FfvZbuXj8QmcU1k/5zcl1f2subeprU497Np2pPQw31wb167a3P3FssPPpq8/+cfxGqpP5uuzM7N8oynFRmQwP5vzz9du/fWlxdW9weXZ8o/vB419koR3cqaocrVs+ltGfzsIBdAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GG4unhz/t3NtcF2sro36LWzy+d2z26VSZ5/ZTSeybUTk1WH2uvFXLhdX9ezlvz4SbqTSUX9023Ku0vN3A8L1dOjoLPfvzfbBJcWV/cG9+aS28/cPzZoqpLPTj5otz5eeTfPtdHdqjEabPzTIdsW1XyT9829yfMXnWRtsD3qf/mnotNPspKPi+F4m/VGXu/l5eZ41d2yrf3zwTEAAAAAAAAAAAAAAAAAAADgf1k+feaNO2280k/y89szdVz1mv9yL+aKqfzvesnsqeRKP8VwKcmtF38vvz2y9X376YBhehkmOfzRxvm2pJxaYPyJgCJV+TBPxr/xVwAAAP//mFl59Q==")
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)={0x40, r6, 0x1, 0xffffffff, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x5396ebcfacd913b0}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000640)={0x0, r1}, 0x8)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r10}, 0x10)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x4, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r11, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x80, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffc603000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r12}, 0x10)
sendmmsg(r4, &(0x7f0000000180), 0x3ef, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700)={'team0\x00', <r13=>0x0})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x1, 0x2240, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000e40)={0x60, r2, 0x405, 0x70bd29, 0x25dfdbfc, {}, [{{0x8, 0x1, r13}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)

296.871756ms ago: executing program 6 (id=2303):
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
socket$inet_mptcp(0x2, 0x1, 0x106)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000771923cf0000000000009500200000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x800, 0x103)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0)
acct(&(0x7f00000001c0)='./file0\x00')

296.228416ms ago: executing program 2 (id=2304):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f62726964676500140001007767320000"], 0xa8}}, 0x0)

295.800546ms ago: executing program 4 (id=2305):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0xa048e4, 0x0, 0x0, 0x0, &(0x7f0000000000))
openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0xc2)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r3 = gettid()
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x1f12c0, 0xc4)
read(r4, &(0x7f0000000440)=""/247, 0x26)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000080)={0x44, @time={0x8f, 0x6}, 0x0, {0x0, 0x40}, 0x0, 0x2})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0xc0bc5310, &(0x7f0000000040)={0x87, @time={0xbc, 0x3142b719}, 0x0, {0x71, 0x6}, 0x6, 0x1, 0x1})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x10)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x100)
tkill(r3, 0x7)
r6 = socket$key(0xf, 0x3, 0x2)
timer_create(0x6, &(0x7f0000000100)={0x0, 0xb, 0x1, @thr={&(0x7f0000000540)="f2efa010fd2fb5f21529e6296ef4a28956c5f119b6cfe8df825d943c58dbea3e3c9b20ed0abcfbaf5d46639b2fe6df515c1a90f5db951dd3d174d0530979e6166ee4c68101cb3176cffef2307b65eee1566791d547a78b5ccc7d182d7e9786f958bd6e4fc586ae569e879a04bad4f3a712ee0ad9c87e04fbb85cac27f8124aaa52ab98e48eb2f1f05ab919ca017acb007fac8fd26c70924810a667ac7e0bc1c3ee32a752abb999f062143005d431", &(0x7f0000000600)="da73db47b1b46d9b1b0e25c4b75cb1606a00ce8f66781ccab68f63b193a3791f9dc63950fb3bb374e9f9e92338e9e184f3d9be80b0cb607599162b1ad77cc43c1a32a21e02fa8b6cb01240f97b1bbbbdc047651783f0f05e805adccbe76d4df1a98e286b5c4693cc97407784c01ff9e23441b0c179ab76440bd3c054412bf2ba7faa979b9cd17d32ce2f7eeefe3efd1704b871db5034effc951a9876839faaa0867b24f92bddb9df0f82c74e2f4725c6b8bf8cd6a50965bcbfdaf9e42f81530e00d100489040b5e07c3a545ff9199056fc2fe20b9dc46cde4958d3ad5c6aacc6047bc5472acde2c027"}}, &(0x7f0000000240)=<r7=>0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000002c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x70}}, 0x0)
sendmmsg(r6, &(0x7f0000000180), 0x3ef, 0x0)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000002280)=ANY=[@ANYRES16=r7], 0x58}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)

278.955216ms ago: executing program 2 (id=2306):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}})

278.235236ms ago: executing program 6 (id=2307):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@fwd={0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x3}]}]}}, 0x0, 0x3e, 0x0, 0x2, 0x0, 0x0, @void, @value}, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x408, 0xcd, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r2, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10)
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000b00000005"], 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x44880)
ptrace$setsig(0x4203, r6, 0x400, &(0x7f0000000140)={0x3a, 0x8, 0x401})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000f4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r7}, 0x10)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
r10 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r10, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000840)=ANY=[@ANYBLOB="020300030d00000000070000000000000300090080000000e925051abca75b82aed73e97b853c16003000600000000000200000000000000000000000000000002000100000000000000000dfbffffff030005000000000002"], 0x68}, 0x1, 0x7}, 0x0)

219.149297ms ago: executing program 5 (id=2308):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x742, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$rxrpc(0x21, 0x2, 0x2)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c5902, 0x0)
write(r6, &(0x7f0000004200)='t', 0x1)
sendfile(r6, r5, 0x0, 0x3ffff)
fallocate(r4, 0x0, 0x0, 0x1001f0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000180)=ANY=[], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f0000000080)={'veth1_virt_wifi\x00', &(0x7f0000000680)=@ethtool_perm_addr})
sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c40042001000090400001d3330b7b7f9c2846dbb8f001af8ff0000002200", @ANYRESHEX=r1, @ANYRESOCT=r7, @ANYRESOCT, @ANYRES16=r3, @ANYRES8=r9, @ANYRES8=r2, @ANYRES32=r1], 0xb4}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bind$rxrpc(r0, &(0x7f0000000400)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x2d)
r11 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r11, 0x8946, &(0x7f0000000100)={'batadv0\x00', &(0x7f0000000140)=@ethtool_gstrings={0x1b, 0x1}})
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r12 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000e4b4b1200000000000000000"], 0x48)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r12}, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kmem_cache_free\x00', r13}, 0x10)

218.865977ms ago: executing program 2 (id=2309):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x35d, &(0x7f0000000f00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPNiDurJvyeatLzFpfr/2+4GSycw8u7OZSXk27WYv3/3yo0rJ0kp6Q6JJJRERkSuRrEQlEPEfo245IWGH8srMnz+/uL5ZTHoVaiW/8WpOKTU3/8PHn6X8bmfTcpF9//KP3O8Xz148f/nvxodlS5UtVa01lK62a7829G3TULtlq6IptWoaumWoctUy6l77d/52zNreXlPp1d3Z9F7dsCylV5uqYjRVo6Ya9abSP9DLVaVpmppNC25SPF5b0/NDBu+MeDAYk3o9r0+JSKqnpXg8kQEBAICJ6s7/o05KP0z+vyVzhcLymnI6t/P/k5fOGzPvnM75+f9Zol/+/9ov3rY68n/ndKKd/9e884PSzfn/13KH/L83I3pchs7/s2MYDIYzn+ipinQ8c/L/tP/+dR29d7LoFsj/AQAAAAAAAAAAAAAAAAAAAAB4GlzZdsa27UzwGPy0LyHwn+NBGjT/0yKSdGbfZv4fsvXNLUm6F+45c2x+sV/cL3qPfodzETHF+Mfu5qyN4Moj5cjKj+aBH3+wX5xyW/IlKTvxsiQZybrrKRRv2ytvFZaXlMePb12mlA7H5yQjz4Tjv3dXpxOf64z395+QlxdC8Zpk5KcdqYkpu25ke/+fLyn15tuFrviU209Efrv3SQEAAAAAYMQ01dL3/F3TBrV73zKSL7kfExmyKBn5u//5/WLf8/NY5oXYpI8eAAAAAIDHwWp+WtElatTdgmn2K6RkYNMICrGOmriI9O2c6KqJX7flqdAR3nY8CfHuYPJ/j+ub4FW9S1TwjxTOwFtN/h1VZLjxBMfv1kRiw09T5FDcBXAYborKLcJj3YOfdypU384LA7dz5B9Iqyb42Cgx4HWW1d7tRK9ZCfGeGjsy3AJ47qtv/xrdG+T1U38FfHJz5yPTsA/kNpPSVXB20dsUH/svHgAAAAD3rp30BzVvhJvDNxIJ3yyHv9wDAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBCY/lKv67CpI8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFL8FwAA//8GuPOT")
r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
fcntl$setstatus(r1, 0x4, 0x6000)
io_setup(0x240, &(0x7f0000000140)=<r2=>0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=<r4=>r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000300)={'sit0\x00', <r7=>0x0, 0x10, 0x8768, 0x5, 0x80, {{0x7, 0x4, 0x0, 0x0, 0x1c, 0x68, 0x0, 0x40, 0x2f, 0x0, @broadcast, @rand_addr=0x64010101, {[@lsrr={0x83, 0x7, 0xc8, [@local]}, @noop]}}}}})
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYRESDEC=r0, @ANYRES16=r2, @ANYRES64=r1, @ANYRESOCT=r4, @ANYRESDEC=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r7, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r8}, 0x10)
r9 = dup(r6)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB="a0ce416271921d029e7c14940f1f9afeeee987b6750695603a91328b54e4acb00f5fda6cdf1a17dfef5493cc310a12b432ae33e9ea", @ANYRESHEX=r9, @ANYBLOB=',k'])
open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x39)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000}])

217.520057ms ago: executing program 6 (id=2310):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, 0x26)
r2 = syz_open_procfs(0x0, 0x0)
getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000240)={0x0, 'vlan0\x00', {0x1}, 0x6})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff00", @ANYBLOB, @ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)

64.069489ms ago: executing program 5 (id=2311):
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x40, &(0x7f0000000580)={[], [{@smackfsroot={'smackfsroot', 0x3d, ' \xc2:\xda~\xb8\xc8\xa1G \x1dj\xe2\xe0+\xd3\x88\xda]\xac\xce\x03\xdf\xb0\xdc\xdcD\xfe\xb2U\xb0\x84\x9f\xf1l\xb7<\xa3\xb3W\x12\xd2\xd9\xe1S\xba,C.\xbc\b\xech\xeb\xedu\xb3\x8f\xa1\x03\xaf\xe3\xde\x9c\xb2\xd3\xce\x1e\x99\xf1\x9d:\x1b\xce\x83\xc4\xe0\xd6\f\x04f6\x89\x17\neE=f\xe9DN7\xa2\xf6yt\xde\xe9\xbckw\xd4\x1a =\x8akg\x1e\xf1Ir\xd3 \xdc1\xc6HMO[\xe3'}}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@uid_eq={'uid', 0x3d, 0xffffffffffffffff}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@audit}, {@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@smackfsfloor}, {@appraise}, {@flag='async'}]}, 0xfe, 0x79e, &(0x7f0000001740)="$eJzs3ctrXNUfAPDvnbyatL9fIghaVwFBA6UTU2Or4CLShQgWCrpxYxsm01AzyZTMpDQhYIsIbgQVF4JuuvZRdy7c+Njqf+FCWqqmxYqLErnzSKbNTJukmUlLPh+4uefc17nfe+7jTO5hJoA9azj9k4k4GBEfJRGDtelJRPRUUt0RE9Xlbq0s59IhidXVN/5MKsvcXFnOxfo6Xel4fy3zZET89H7EoczGckuLSzOThUJ+vpYfLc+eGy0tLh0+Ozs5nZ/Ozx0dGx8/cuyFY0d3Lta/f106cO3jV5/9ZuLf95648uHPSUzEgdq8xjh2ynAMV45ReiQn7pp3fKcL22XJbu8A25Jeml3VqzwOxmB0VVIt9HdyzwCAdnk3IlYBgD0m8fwHgD2m/n+AmyvLufqwu/+R6Kzrr0TEvmr89feb1TndtXd2+yrvQQdu3vmGK80N7UD5wxHxxXdvf5UO0ab3kADNXLwUEaeHhjfe/5MNfRa26rlNLDN8V979Dzrnh7T982Kz9l9mrf0TtfZPY8+QvibX7nbc//rPXN2BYlpK238vN/Rtu9UQf01vPfe/SpuvJzlztpBP723/j4iR6OlL82MbN13vShcjN27faFV+Y/vvr0/e+TItPx2vL5G52t135zpTk+XJBwx7zfVLEU91N4s/Wav/pEn9p9NObrKM11764PNW89L403jrw8b422v1csQzTet/vb2f3LN/4mjldBitnxRNfPvbZwOtym+s/3RIy69/FuiEtP4H7h3/UNLYX7O09TJ+uTz4Y6t594+/+fnfm7xZSffWpl2YLJfnxyJ6k9c3Tj+yvm49X18+jX/k6ebX/73O//Qz4en7xP19bdx97Y+vtx9/e6XxT22p/reeuHJrpqu6qY0dgTdX/+OV1Eh1wkBs4v632R184AMIAAAAAAAAAAAAAAAAAAAAAAAAAJuQiYgDkWSya+lMJput/ob34zGQKRRL5UNnigtzU1H5reyh6MnUv+pysOH7UMdq34dfzx+5K/98RDwWEZ/29Vfy2Vzxrdu7HTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1Oxv8fv/qd/7dnvvAIC22bfN9ZId3g8AoHO2+/wHAB5dW3v+97dtPwCAzvH5HwD2Hs9/ANh7PP8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABos5MnTqTD6j8ry7k0P3V+cWGmeP7wVL40k51dyGVzxflz2elicbqQz+aKsy03dLE6KhSL58ZjbuHCaDlfKo+WFpdOzRYX5sqnzs5OTudP5Xs6FhkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbF5pcWlmslDIz7chcbxtW25zor92cB5gO4O1TTwM4UisJboj4iHYjUch0XiX6O/8jQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgEfFfAAAA///t1CMf")

37.318689ms ago: executing program 4 (id=2312):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r2 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8003}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_RENAMEAT={0x23, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000100)='./file0\x00'})
io_uring_enter(r2, 0x6e2, 0x600, 0x1, 0x0, 0xfffc)
r5 = socket(0x2, 0x3, 0xff)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r6 = gettid()
perf_event_open(&(0x7f0000000440)={0x4, 0x80, 0xc, 0xbc, 0x2, 0x3, 0x0, 0x5, 0x8000, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x6, 0x2}, 0x4070, 0x7, 0x8, 0x2, 0x2, 0x9, 0xb0, 0x0, 0x2, 0x0, 0x800}, r6, 0x1, r1, 0x8)
connect$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg$unix(r5, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000005c0)="18fcae977278aeffab01b11015896dd2979391ede335535b8440ca4f71a0665a", 0x20}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{0x0}], 0x1}}], 0x2, 0x0)
getsockopt$inet_int(r5, 0x0, 0x6, &(0x7f0000000000), &(0x7f0000000280)=0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
r8 = io_uring_setup(0x34b1, &(0x7f0000000080)={0x0, 0x6d33, 0x10000, 0x1, 0x368})
modify_ldt$read_default(0x2, &(0x7f0000000680)=""/192, 0xc0)
inotify_init1(0x800)
r9 = syz_io_uring_setup(0x27f3, &(0x7f0000000340)={0x0, 0x4, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000140), &(0x7f0000000100))
syz_io_uring_setup(0x7414, &(0x7f00000003c0)={0x0, 0xd326, 0x800, 0x0, 0x2ac}, &(0x7f0000000040), &(0x7f0000000180))
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xc97c, 0x0, @perf_config_ext={0x0, 0x5}, 0x8, 0x0, 0x409, 0x4, 0x0, 0x40, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00'}, 0x3d)
io_uring_enter(r9, 0x184c, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

23.71797ms ago: executing program 5 (id=2313):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x129682)
r2 = dup(r1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040))
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009900"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x2)
r4 = socket$netlink(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x2)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000180)=0x8, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r6, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r7}, 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x800, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

543.55µs ago: executing program 4 (id=2314):
chown(0x0, 0x0, 0xee01)
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x6000)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='syscall\x00')
socket$inet6_sctp(0xa, 0x801, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000a40)={0x8, 0x4000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x4e24, @empty}, {0x2, 0x0, @loopback}, {0x2, 0x4e23, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff})
pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)

0s ago: executing program 2 (id=2315):
socket$igmp(0x2, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={r0}, 0x4)
r1 = socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='hrtimer_init\x00', r4}, 0x18)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0202000311000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000bb000000000000000002000100000007000000000b000000000200090000000000000000000000000005000600000000000a00000000000000fe8800000000000000000000000000010000000000000000010018"], 0x88}}, 0x20000000)

0s ago: executing program 0 (id=2317):
ioctl$TCFLSH(0xffffffffffffffff, 0x40045436, 0x3) (async)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) (async)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x42800, 0x55007}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0x3}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000080)=ANY=[@ANYBLOB="0000000028d1994ae088e929afb075dae3000a0248faaeddfa6d0600000000000000d3", @ANYRES16=r2, @ANYBLOB="010025bd7000fbdbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x4040) (async)
r4 = socket$kcm(0x10, 0x2, 0x0) (async)
r5 = syz_clone(0x48000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5) (async)
ptrace$setregs(0xd, r5, 0x0, 0x0) (async)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x80, 0xd4, 0x6, 0x7f, 0x0, 0xfffffffffffffffe, 0x2000, 0x7, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x8, 0x2, @perf_config_ext={0x0, 0x9}, 0xc040, 0x43b, 0xffffffff, 0x9, 0x55, 0x9, 0x5, 0x0, 0x5}, r5, 0x2, 0xffffffffffffffff, 0x1)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

kernel console output (not intermixed with test programs):

rom_user+0x1c/0xa0
[   97.854980][ T7336]  copy_msghdr_from_user+0x54/0x2b0
[   97.855012][ T7336]  ? __fget_files+0x186/0x1c0
[   97.855058][ T7336]  do_recvmmsg+0x24d/0x6e0
[   97.855139][ T7336]  __x64_sys_recvmmsg+0xe4/0x170
[   97.855161][ T7336]  x64_sys_call+0x1b90/0x2e10
[   97.855183][ T7336]  do_syscall_64+0xc9/0x1c0
[   97.855208][ T7336]  ? clear_bhb_loop+0x25/0x80
[   97.855234][ T7336]  ? clear_bhb_loop+0x25/0x80
[   97.855308][ T7336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.855336][ T7336] RIP: 0033:0x7fa0d9e2d169
[   97.855350][ T7336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.855372][ T7336] RSP: 002b:00007fa0d8497038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   97.855394][ T7336] RAX: ffffffffffffffda RBX: 00007fa0da045fa0 RCX: 00007fa0d9e2d169
[   97.855408][ T7336] RDX: 0000000000000001 RSI: 0000200000000500 RDI: 0000000000000003
[   97.855422][ T7336] RBP: 00007fa0d8497090 R08: 0000000000000000 R09: 0000000000000000
[   97.855496][ T7336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   97.855510][ T7336] R13: 0000000000000000 R14: 00007fa0da045fa0 R15: 00007fff47577058
[   97.855530][ T7336]  </TASK>
[   98.332051][ T7361] loop5: detected capacity change from 0 to 512
[   98.343332][ T7361] EXT4-fs (loop5): too many log groups per flexible block group
[   98.351123][ T7361] EXT4-fs (loop5): failed to initialize mballoc (-12)
[   98.358091][ T7361] EXT4-fs (loop5): mount failed
[   98.433216][ T7381] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1330'.
[   98.557338][ T7389] loop5: detected capacity change from 0 to 256
[   98.570611][ T7389] FAT-fs (loop5): Directory bread(block 64) failed
[   98.577303][ T7389] FAT-fs (loop5): Directory bread(block 65) failed
[   98.583988][ T7389] FAT-fs (loop5): Directory bread(block 66) failed
[   98.590634][ T7389] FAT-fs (loop5): Directory bread(block 67) failed
[   98.597328][ T7389] FAT-fs (loop5): Directory bread(block 68) failed
[   98.604229][ T7389] FAT-fs (loop5): Directory bread(block 69) failed
[   98.610853][ T7389] FAT-fs (loop5): Directory bread(block 70) failed
[   98.621000][ T7389] FAT-fs (loop5): Directory bread(block 71) failed
[   98.632023][ T7389] FAT-fs (loop5): Directory bread(block 72) failed
[   98.638665][ T7389] FAT-fs (loop5): Directory bread(block 73) failed
[   98.750334][ T7401] 9pnet_fd: Insufficient options for proto=fd
[   99.132326][ T7408] loop0: detected capacity change from 0 to 512
[   99.171304][ T7408] EXT4-fs (loop0): too many log groups per flexible block group
[   99.179100][ T7408] EXT4-fs (loop0): failed to initialize mballoc (-12)
[   99.187851][ T7408] EXT4-fs (loop0): mount failed
[   99.219808][ T7176] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.285328][ T7176] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.310322][ T7176] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.341316][ T7176] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.437245][ T7425] loop6: detected capacity change from 0 to 512
[   99.549568][ T7425] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   99.575832][ T7425] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   99.593351][ T7425] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   99.709431][ T7442] loop0: detected capacity change from 0 to 1024
[   99.716565][ T7442] EXT4-fs: Ignoring removed nobh option
[   99.722249][ T7442] EXT4-fs: Ignoring removed bh option
[   99.749771][ T7442] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   99.908450][ T7448] FAULT_INJECTION: forcing a failure.
[   99.908450][ T7448] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   99.921576][ T7448] CPU: 1 UID: 0 PID: 7448 Comm: syz.5.1354 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[   99.921605][ T7448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   99.921617][ T7448] Call Trace:
[   99.921630][ T7448]  <TASK>
[   99.921639][ T7448]  dump_stack_lvl+0xf6/0x150
[   99.921664][ T7448]  dump_stack+0x15/0x1a
[   99.921711][ T7448]  should_fail_ex+0x261/0x270
[   99.921734][ T7448]  should_fail+0xb/0x10
[   99.921749][ T7448]  should_fail_usercopy+0x1a/0x20
[   99.921771][ T7448]  _copy_from_user+0x1c/0xa0
[   99.921803][ T7448]  get_user_ifreq+0x8c/0x160
[   99.921903][ T7448]  sock_do_ioctl+0xcb/0x270
[   99.921935][ T7448]  sock_ioctl+0x436/0x630
[   99.921963][ T7448]  ? __pfx_sock_ioctl+0x10/0x10
[   99.922039][ T7448]  __se_sys_ioctl+0xc9/0x140
[   99.922073][ T7448]  __x64_sys_ioctl+0x43/0x50
[   99.922098][ T7448]  x64_sys_call+0x168d/0x2e10
[   99.922121][ T7448]  do_syscall_64+0xc9/0x1c0
[   99.922145][ T7448]  ? clear_bhb_loop+0x25/0x80
[   99.922172][ T7448]  ? clear_bhb_loop+0x25/0x80
[   99.922249][ T7448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.922413][ T7448] RIP: 0033:0x7f591029d169
[   99.922439][ T7448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.922462][ T7448] RSP: 002b:00007f590e907038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   99.922479][ T7448] RAX: ffffffffffffffda RBX: 00007f59104b5fa0 RCX: 00007f591029d169
[   99.922501][ T7448] RDX: 00002000000002c0 RSI: 0000000000008946 RDI: 0000000000000003
[   99.922516][ T7448] RBP: 00007f590e907090 R08: 0000000000000000 R09: 0000000000000000
[   99.922567][ T7448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   99.922604][ T7448] R13: 0000000000000000 R14: 00007f59104b5fa0 R15: 00007ffd27fd9d68
[   99.922632][ T7448]  </TASK>
[  100.151230][ T7446] loop2: detected capacity change from 0 to 512
[  100.163860][ T7446] EXT4-fs (loop2): too many log groups per flexible block group
[  100.171605][ T7446] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  100.178894][ T7446] EXT4-fs (loop2): mount failed
[  100.242237][ T7469] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.309526][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  100.346393][ T7469] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.394302][ T7469] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.443614][ T7469] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.521279][ T7469] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.535927][ T7469] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.545926][ T7485] 9pnet_fd: Insufficient options for proto=fd
[  100.549434][ T7469] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.565533][ T7469] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.581138][ T7485] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.634401][ T7485] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.694408][ T7485] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.755502][ T7485] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.831809][ T7485] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.844079][ T7485] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.856570][ T7485] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.868756][ T7485] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.003654][   T29] kauditd_printk_skb: 102 callbacks suppressed
[  101.003672][   T29] audit: type=1400 audit(1743390822.823:1506): avc:  denied  { read } for  pid=7487 comm="syz.5.1367" name="usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  101.035399][   T29] audit: type=1400 audit(1743390822.853:1507): avc:  denied  { map } for  pid=7487 comm="syz.5.1367" path="/dev/usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  101.189750][   T29] audit: type=1400 audit(1743390823.003:1508): avc:  denied  { read } for  pid=7493 comm="syz.4.1370" lport=28 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  101.309726][ T7509] loop6: detected capacity change from 0 to 512
[  101.337008][ T7509] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  101.349846][ T7509] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.366652][ T7509] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  101.396626][ T7519] loop0: detected capacity change from 0 to 128
[  101.443298][   T29] audit: type=1326 audit(1743390823.263:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7522 comm="syz.0.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  101.467227][ T7526] Invalid logical block size (18)
[  101.478827][   T29] audit: type=1326 audit(1743390823.263:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7522 comm="syz.0.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  101.479929][ T7526] 9pnet_fd: Insufficient options for proto=fd
[  101.502553][   T29] audit: type=1326 audit(1743390823.263:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7522 comm="syz.0.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  101.532078][   T29] audit: type=1326 audit(1743390823.263:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7522 comm="syz.0.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  101.555825][   T29] audit: type=1326 audit(1743390823.263:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7522 comm="syz.0.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  101.579277][   T29] audit: type=1326 audit(1743390823.263:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7522 comm="syz.0.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  101.602788][   T29] audit: type=1326 audit(1743390823.263:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7522 comm="syz.0.1382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  101.632434][ T7530] loop0: detected capacity change from 0 to 2048
[  101.653765][ T7530] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.703436][ T7538] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1386'.
[  101.754245][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.841360][ T7553] FAULT_INJECTION: forcing a failure.
[  101.841360][ T7553] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  101.854774][ T7553] CPU: 0 UID: 0 PID: 7553 Comm: syz.0.1390 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  101.854806][ T7553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  101.854821][ T7553] Call Trace:
[  101.854829][ T7553]  <TASK>
[  101.854838][ T7553]  dump_stack_lvl+0xf6/0x150
[  101.854867][ T7553]  dump_stack+0x15/0x1a
[  101.854884][ T7553]  should_fail_ex+0x261/0x270
[  101.854953][ T7553]  should_fail_alloc_page+0xfd/0x110
[  101.855015][ T7553]  __alloc_frozen_pages_noprof+0x11e/0x340
[  101.855041][ T7553]  alloc_pages_mpol+0xb6/0x260
[  101.855118][ T7553]  vma_alloc_folio_noprof+0x1a2/0x310
[  101.855138][ T7553]  handle_mm_fault+0xdec/0x2b30
[  101.855178][ T7553]  exc_page_fault+0x3b9/0x650
[  101.855215][ T7553]  asm_exc_page_fault+0x26/0x30
[  101.855302][ T7553] RIP: 0033:0x7fcf39a0e860
[  101.855319][ T7553] Code: d1 12 00 89 c3 85 c0 0f 88 f5 07 00 00 83 f8 1d 0f 8f 4d 09 00 00 48 8d 3d ed e7 18 00 31 c0 e8 56 e7 fe ff 41 ba 01 00 00 00 <f0> 44 0f c1 15 97 1a 47 00 41 83 fa 05 7f 06 49 83 fd 1a 77 1b 48
[  101.855341][ T7553] RSP: 002b:00007fcf381a4f70 EFLAGS: 00010206
[  101.855359][ T7553] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000000000
[  101.855370][ T7553] RDX: 0000000000000000 RSI: 00007fcf39bbdf84 RDI: 00007fcf39b9d040
[  101.855381][ T7553] RBP: 00007fcf381a7090 R08: 0000000000000000 R09: 0000000000000000
[  101.855392][ T7553] R10: 0000000000000001 R11: 0000000000000293 R12: 0000000000000005
[  101.855440][ T7553] R13: 000000000000004d R14: 0000200000000d80 R15: 00007fff0263faa8
[  101.855458][ T7553]  </TASK>
[  101.855467][ T7553] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  102.014922][ T7553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  102.023419][ T7553] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  102.061223][ T7556] loop4: detected capacity change from 0 to 512
[  102.075651][ T7556] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  102.088498][ T7556] ext4 filesystem being mounted at /254/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  102.101479][ T7556] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  102.227585][ T7570] loop4: detected capacity change from 0 to 512
[  102.256877][ T7570] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  102.299081][ T7570] ext4 filesystem being mounted at /258/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  102.326719][ T7570] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  102.338321][ T7576] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1397'.
[  102.463681][ T7588] loop2: detected capacity change from 0 to 512
[  102.505810][ T7588] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  102.530276][ T7588] ext4 filesystem being mounted at /290/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  102.552615][ T7583] loop4: detected capacity change from 0 to 2048
[  102.561273][ T7588] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  102.571630][ T7583] EXT4-fs (loop4): bad block size 8192
[  102.717474][ T7604] Invalid logical block size (18)
[  102.758649][ T7604] 9pnet_fd: Insufficient options for proto=fd
[  102.765772][ T7612] FAULT_INJECTION: forcing a failure.
[  102.765772][ T7612] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  102.779080][ T7612] CPU: 0 UID: 0 PID: 7612 Comm: syz.0.1411 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  102.779109][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  102.779187][ T7612] Call Trace:
[  102.779192][ T7612]  <TASK>
[  102.779199][ T7612]  dump_stack_lvl+0xf6/0x150
[  102.779222][ T7612]  dump_stack+0x15/0x1a
[  102.779322][ T7612]  should_fail_ex+0x261/0x270
[  102.779347][ T7612]  should_fail+0xb/0x10
[  102.779367][ T7612]  should_fail_usercopy+0x1a/0x20
[  102.779388][ T7612]  _copy_from_user+0x1c/0xa0
[  102.779428][ T7612]  copy_msghdr_from_user+0x54/0x2b0
[  102.779460][ T7612]  ? __fget_files+0x186/0x1c0
[  102.779506][ T7612]  __sys_sendmmsg+0x1eb/0x4b0
[  102.779736][ T7612]  __x64_sys_sendmmsg+0x57/0x70
[  102.779759][ T7612]  x64_sys_call+0x2b53/0x2e10
[  102.779785][ T7612]  do_syscall_64+0xc9/0x1c0
[  102.779808][ T7612]  ? clear_bhb_loop+0x25/0x80
[  102.779849][ T7612]  ? clear_bhb_loop+0x25/0x80
[  102.779869][ T7612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.779917][ T7612] RIP: 0033:0x7fcf39b3d169
[  102.779934][ T7612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.779956][ T7612] RSP: 002b:00007fcf381a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  102.779978][ T7612] RAX: ffffffffffffffda RBX: 00007fcf39d55fa0 RCX: 00007fcf39b3d169
[  102.779995][ T7612] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000005
[  102.780009][ T7612] RBP: 00007fcf381a7090 R08: 0000000000000000 R09: 0000000000000000
[  102.780023][ T7612] R10: 0000000014004841 R11: 0000000000000246 R12: 0000000000000001
[  102.780050][ T7612] R13: 0000000000000000 R14: 00007fcf39d55fa0 R15: 00007fff0263faa8
[  102.780070][ T7612]  </TASK>
[  102.987355][ T7619] loop0: detected capacity change from 0 to 128
[  102.996896][ T7615] hub 4-0:1.0: USB hub found
[  102.997617][ T7619] 9pnet_fd: Insufficient options for proto=fd
[  103.001557][ T7615] hub 4-0:1.0: 8 ports detected
[  103.029690][ T7615] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1412'.
[  103.039277][ T7615] netlink: 'syz.5.1412': attribute type 1 has an invalid length.
[  103.094678][ T7624] loop0: detected capacity change from 0 to 2048
[  103.105370][ T7625] loop5: detected capacity change from 0 to 1024
[  103.112422][ T7625] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  103.121340][ T7625] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  103.133025][ T7625] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  103.141165][ T7625] EXT4-fs (loop5): orphan cleanup on readonly fs
[  103.145208][ T7624] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  103.148519][ T7625] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5882: Corrupt filesystem
[  103.163591][ T7624] FAULT_INJECTION: forcing a failure.
[  103.163591][ T7624] name failslab, interval 1, probability 0, space 0, times 0
[  103.169803][ T7625] EXT4-fs (loop5): Remounting filesystem read-only
[  103.181747][ T7624] CPU: 1 UID: 0 PID: 7624 Comm: syz.0.1415 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  103.181783][ T7624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  103.181820][ T7624] Call Trace:
[  103.181828][ T7624]  <TASK>
[  103.181839][ T7624]  dump_stack_lvl+0xf6/0x150
[  103.181930][ T7624]  dump_stack+0x15/0x1a
[  103.181952][ T7624]  should_fail_ex+0x261/0x270
[  103.182048][ T7624]  should_failslab+0x8f/0xb0
[  103.182082][ T7624]  __kmalloc_noprof+0xad/0x410
[  103.182123][ T7624]  ? ext4_convert_inline_data_nolock+0x94/0x4d0
[  103.182161][ T7624]  ext4_convert_inline_data_nolock+0x94/0x4d0
[  103.182196][ T7624]  ? __ext4_journal_start_sb+0x130/0x340
[  103.182297][ T7624]  ext4_convert_inline_data+0x2e5/0x3a0
[  103.182413][ T7624]  ext4_fallocate+0xa5/0x690
[  103.182459][ T7624]  vfs_fallocate+0x368/0x3b0
[  103.182527][ T7624]  __x64_sys_fallocate+0x78/0xc0
[  103.182569][ T7624]  x64_sys_call+0x295f/0x2e10
[  103.182598][ T7624]  do_syscall_64+0xc9/0x1c0
[  103.182624][ T7624]  ? clear_bhb_loop+0x25/0x80
[  103.182694][ T7624]  ? clear_bhb_loop+0x25/0x80
[  103.182721][ T7624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.182748][ T7624] RIP: 0033:0x7fcf39b3d169
[  103.182767][ T7624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.182791][ T7624] RSP: 002b:00007fcf381a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[  103.182815][ T7624] RAX: ffffffffffffffda RBX: 00007fcf39d55fa0 RCX: 00007fcf39b3d169
[  103.182830][ T7624] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  103.182909][ T7624] RBP: 00007fcf381a7090 R08: 0000000000000000 R09: 0000000000000000
[  103.182925][ T7624] R10: 00000000001001f0 R11: 0000000000000246 R12: 0000000000000001
[  103.182940][ T7624] R13: 0000000000000000 R14: 00007fcf39d55fa0 R15: 00007fff0263faa8
[  103.183016][ T7624]  </TASK>
[  103.378225][ T7625] EXT4-fs (loop5): 1 orphan inode deleted
[  103.381894][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.384577][ T7625] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  103.430211][ T7631] loop6: detected capacity change from 0 to 512
[  103.441118][ T4384] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.453972][ T7631] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  103.467380][ T7631] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  103.480164][ T7631] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  103.602296][ T7651] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1422'.
[  103.656249][ T7657] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1425'.
[  103.680367][ T7658] loop6: detected capacity change from 0 to 512
[  103.690836][ T7661] loop2: detected capacity change from 0 to 512
[  103.698677][ T7658] EXT4-fs (loop6): too many log groups per flexible block group
[  103.706556][ T7658] EXT4-fs (loop6): failed to initialize mballoc (-12)
[  103.715303][ T7658] EXT4-fs (loop6): mount failed
[  103.731296][ T7661] EXT4-fs (loop2): too many log groups per flexible block group
[  103.739148][ T7661] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  103.747616][ T7661] EXT4-fs (loop2): mount failed
[  103.865539][ T7675] team0: Mode changed to "loadbalance"
[  103.871144][ T7673] loop2: detected capacity change from 0 to 2048
[  103.878216][ T7673] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  103.985465][ T7677] loop0: detected capacity change from 0 to 1024
[  103.992429][ T7677] EXT4-fs: Ignoring removed nobh option
[  103.998014][ T7677] EXT4-fs: Ignoring removed bh option
[  104.016698][ T7681] Invalid logical block size (18)
[  104.035433][ T7677] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.086983][ T7680] FAULT_INJECTION: forcing a failure.
[  104.086983][ T7680] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  104.100192][ T7680] CPU: 0 UID: 0 PID: 7680 Comm: syz.4.1431 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  104.100224][ T7680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  104.100240][ T7680] Call Trace:
[  104.100246][ T7680]  <TASK>
[  104.100252][ T7680]  dump_stack_lvl+0xf6/0x150
[  104.100275][ T7680]  dump_stack+0x15/0x1a
[  104.100292][ T7680]  should_fail_ex+0x261/0x270
[  104.100371][ T7680]  should_fail+0xb/0x10
[  104.100404][ T7680]  should_fail_usercopy+0x1a/0x20
[  104.100430][ T7680]  _copy_from_user+0x1c/0xa0
[  104.100458][ T7680]  copy_msghdr_from_user+0x54/0x2b0
[  104.100488][ T7680]  ? __fget_files+0x186/0x1c0
[  104.100583][ T7680]  __sys_sendmsg+0x141/0x240
[  104.100614][ T7680]  __x64_sys_sendmsg+0x46/0x50
[  104.100634][ T7680]  x64_sys_call+0x26f3/0x2e10
[  104.100658][ T7680]  do_syscall_64+0xc9/0x1c0
[  104.100681][ T7680]  ? clear_bhb_loop+0x25/0x80
[  104.100741][ T7680]  ? clear_bhb_loop+0x25/0x80
[  104.100764][ T7680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.100844][ T7680] RIP: 0033:0x7f074354d169
[  104.100861][ T7680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.100882][ T7680] RSP: 002b:00007f0741baf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  104.100903][ T7680] RAX: ffffffffffffffda RBX: 00007f0743765fa0 RCX: 00007f074354d169
[  104.100948][ T7680] RDX: 0000000000044084 RSI: 0000200000004bc0 RDI: 0000000000000003
[  104.101030][ T7680] RBP: 00007f0741baf090 R08: 0000000000000000 R09: 0000000000000000
[  104.101044][ T7680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.101057][ T7680] R13: 0000000000000000 R14: 00007f0743765fa0 R15: 00007ffe320c3bb8
[  104.101078][ T7680]  </TASK>
[  104.294279][ T7681] 9pnet_fd: Insufficient options for proto=fd
[  104.305046][ T7686] loop6: detected capacity change from 0 to 512
[  104.354978][ T7686] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  104.367703][ T7686] ext4 filesystem being mounted at /99/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.379036][ T7686] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  104.395348][ T7694] loop4: detected capacity change from 0 to 128
[  104.441791][ T7698] loop4: detected capacity change from 0 to 2048
[  104.448743][ T7698] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  104.488080][ T7696] loop6: detected capacity change from 0 to 256
[  104.518070][ T7703] loop4: detected capacity change from 0 to 512
[  104.531323][ T7696] FAT-fs (loop6): Directory bread(block 64) failed
[  104.538471][ T7696] FAT-fs (loop6): Directory bread(block 65) failed
[  104.539617][ T7703] EXT4-fs (loop4): too many log groups per flexible block group
[  104.545240][ T7696] FAT-fs (loop6): Directory bread(block 66) failed
[  104.552749][ T7703] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  104.553210][ T7703] EXT4-fs (loop4): mount failed
[  104.562534][ T7696] FAT-fs (loop6): Directory bread(block 67) failed
[  104.579556][ T7696] FAT-fs (loop6): Directory bread(block 68) failed
[  104.587636][ T7696] FAT-fs (loop6): Directory bread(block 69) failed
[  104.600075][ T7696] FAT-fs (loop6): Directory bread(block 70) failed
[  104.612073][ T7696] FAT-fs (loop6): Directory bread(block 71) failed
[  104.630785][ T7696] FAT-fs (loop6): Directory bread(block 72) failed
[  104.643633][ T7696] FAT-fs (loop6): Directory bread(block 73) failed
[  104.675868][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.805104][ T7713] hub 4-0:1.0: USB hub found
[  104.811186][ T7713] hub 4-0:1.0: 8 ports detected
[  104.840334][ T7713] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1443'.
[  104.861361][ T7713] netlink: 'syz.6.1443': attribute type 1 has an invalid length.
[  104.927828][ T7723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  104.936593][ T7723] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.117029][ T7726] loop6: detected capacity change from 0 to 1024
[  105.161471][ T7726] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  105.197336][ T7726] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  105.235207][ T7730] loop2: detected capacity change from 0 to 128
[  105.260734][ T7726] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  105.280284][ T7730] 9pnet_fd: Insufficient options for proto=fd
[  105.296457][ T7726] EXT4-fs (loop6): orphan cleanup on readonly fs
[  105.305822][ T7726] EXT4-fs error (device loop6) in ext4_reserve_inode_write:5882: Corrupt filesystem
[  105.317550][ T7726] EXT4-fs (loop6): Remounting filesystem read-only
[  105.326514][ T7726] EXT4-fs (loop6): 1 orphan inode deleted
[  105.399506][ T7726] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  105.427549][ T6169] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.463993][ T7737] loop6: detected capacity change from 0 to 164
[  105.471407][ T7737] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  105.482020][ T7737] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  105.502733][ T7737] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1452'.
[  105.511717][ T7737] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1452'.
[  105.527104][ T7737] netlink: 332 bytes leftover after parsing attributes in process `syz.6.1452'.
[  105.541760][ T7739] loop2: detected capacity change from 0 to 1024
[  105.548541][ T7739] EXT4-fs: Ignoring removed nobh option
[  105.554174][ T7739] EXT4-fs: Ignoring removed bh option
[  105.596109][ T7743] loop6: detected capacity change from 0 to 2048
[  105.615612][ T7739] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.631279][ T7743] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.739102][ T6169] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.888468][ T7751] loop6: detected capacity change from 0 to 256
[  105.906305][ T7756] loop4: detected capacity change from 0 to 512
[  105.937019][ T7756] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  105.950840][ T7756] ext4 filesystem being mounted at /277/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  105.980927][ T7751] FAT-fs (loop6): Directory bread(block 64) failed
[  105.997862][ T7751] FAT-fs (loop6): Directory bread(block 65) failed
[  106.008002][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  106.017765][ T7751] FAT-fs (loop6): Directory bread(block 66) failed
[  106.030064][ T7751] FAT-fs (loop6): Directory bread(block 67) failed
[  106.039962][ T7751] FAT-fs (loop6): Directory bread(block 68) failed
[  106.070394][ T7751] FAT-fs (loop6): Directory bread(block 69) failed
[  106.079868][ T7751] FAT-fs (loop6): Directory bread(block 70) failed
[  106.089201][ T7751] FAT-fs (loop6): Directory bread(block 71) failed
[  106.099561][ T7751] FAT-fs (loop6): Directory bread(block 72) failed
[  106.108369][ T7751] FAT-fs (loop6): Directory bread(block 73) failed
[  106.211788][ T7766] loop6: detected capacity change from 0 to 128
[  106.221582][ T7766] 9pnet_fd: Insufficient options for proto=fd
[  106.235867][ T7762] hub 4-0:1.0: USB hub found
[  106.240574][ T7762] hub 4-0:1.0: 8 ports detected
[  106.265246][ T7762] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1460'.
[  106.275428][ T7762] netlink: 'syz.4.1460': attribute type 1 has an invalid length.
[  106.286526][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.315054][ T7773] FAULT_INJECTION: forcing a failure.
[  106.315054][ T7773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  106.328303][ T7773] CPU: 1 UID: 0 PID: 7773 Comm: syz.6.1463 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  106.328357][ T7773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  106.328372][ T7773] Call Trace:
[  106.328380][ T7773]  <TASK>
[  106.328387][ T7773]  dump_stack_lvl+0xf6/0x150
[  106.328415][ T7773]  dump_stack+0x15/0x1a
[  106.328438][ T7773]  should_fail_ex+0x261/0x270
[  106.328463][ T7773]  should_fail+0xb/0x10
[  106.328575][ T7773]  should_fail_usercopy+0x1a/0x20
[  106.328604][ T7773]  _copy_from_user+0x1c/0xa0
[  106.328637][ T7773]  snd_seq_ioctl+0x124/0x2c0
[  106.328715][ T7773]  ? __pfx_snd_seq_ioctl+0x10/0x10
[  106.328748][ T7773]  __se_sys_ioctl+0xc9/0x140
[  106.328777][ T7773]  __x64_sys_ioctl+0x43/0x50
[  106.328862][ T7773]  x64_sys_call+0x168d/0x2e10
[  106.328890][ T7773]  do_syscall_64+0xc9/0x1c0
[  106.328955][ T7773]  ? clear_bhb_loop+0x25/0x80
[  106.329010][ T7773]  ? clear_bhb_loop+0x25/0x80
[  106.329037][ T7773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.329063][ T7773] RIP: 0033:0x7f0bb652d169
[  106.329081][ T7773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.329139][ T7773] RSP: 002b:00007f0bb4b8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  106.329163][ T7773] RAX: ffffffffffffffda RBX: 00007f0bb6745fa0 RCX: 00007f0bb652d169
[  106.329186][ T7773] RDX: 0000200000000480 RSI: 00000000c0a85320 RDI: 0000000000000003
[  106.329202][ T7773] RBP: 00007f0bb4b8f090 R08: 0000000000000000 R09: 0000000000000000
[  106.329216][ T7773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.329230][ T7773] R13: 0000000000000000 R14: 00007f0bb6745fa0 R15: 00007ffdef234b28
[  106.329253][ T7773]  </TASK>
[  106.510926][ T7776] loop4: detected capacity change from 0 to 1024
[  106.518269][ T7776] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  106.528956][ T7776] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  106.544681][ T7778] loop6: detected capacity change from 0 to 128
[  106.551439][   T29] kauditd_printk_skb: 172 callbacks suppressed
[  106.551455][   T29] audit: type=1400 audit(1743390828.363:1680): avc:  denied  { create } for  pid=7774 comm="syz.2.1464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  106.578851][ T7776] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  106.591282][ T7776] EXT4-fs (loop4): orphan cleanup on readonly fs
[  106.619532][ T7776] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5882: Corrupt filesystem
[  106.638044][ T7776] EXT4-fs (loop4): Remounting filesystem read-only
[  106.653596][ T7776] Quota error (device loop4): write_blk: dquota write failed
[  106.661058][ T7776] Quota error (device loop4): write_blk: dquota write failed
[  106.668544][ T7776] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[  106.725067][ T7776] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  106.735996][ T7776] EXT4-fs (loop4): 1 orphan inode deleted
[  106.742749][ T7776] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  106.765235][ T7792] loop2: detected capacity change from 0 to 512
[  106.783291][ T7794] loop6: detected capacity change from 0 to 512
[  106.789754][ T7792] EXT4-fs (loop2): too many log groups per flexible block group
[  106.797552][ T7792] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  106.804801][ T7792] EXT4-fs (loop2): mount failed
[  106.810282][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.823505][ T7794] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  106.838051][ T7794] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  106.854775][ T7803] loop4: detected capacity change from 0 to 128
[  106.862254][ T7794] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  106.871580][ T7800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1474'.
[  106.882729][ T7803] 9pnet_fd: Insufficient options for proto=fd
[  106.913717][   T29] audit: type=1400 audit(1743390828.733:1681): avc:  denied  { getopt } for  pid=7807 comm="syz.6.1476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  106.950104][ T3381] IPVS: starting estimator thread 0...
[  107.042588][ T7815] IPVS: using max 2544 ests per chain, 127200 per kthread
[  107.188502][ T7837] loop4: detected capacity change from 0 to 2048
[  107.188588][ T7840] FAULT_INJECTION: forcing a failure.
[  107.188588][ T7840] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  107.208047][ T7840] CPU: 0 UID: 0 PID: 7840 Comm: syz.2.1489 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  107.208081][ T7840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  107.208168][ T7840] Call Trace:
[  107.208175][ T7840]  <TASK>
[  107.208183][ T7840]  dump_stack_lvl+0xf6/0x150
[  107.208280][ T7840]  dump_stack+0x15/0x1a
[  107.208297][ T7840]  should_fail_ex+0x261/0x270
[  107.208370][ T7840]  should_fail+0xb/0x10
[  107.208389][ T7840]  should_fail_usercopy+0x1a/0x20
[  107.208415][ T7840]  _copy_from_user+0x1c/0xa0
[  107.208446][ T7840]  do_ip_vs_set_ctl+0x19b/0x910
[  107.208473][ T7840]  ? __rcu_read_unlock+0x4e/0x70
[  107.208551][ T7840]  ? __pfx_ip4_datagram_release_cb+0x10/0x10
[  107.208586][ T7840]  ? ip4_datagram_release_cb+0x36a/0x390
[  107.208621][ T7840]  ? do_ip_setsockopt+0x1f20/0x22a0
[  107.208709][ T7840]  nf_setsockopt+0x195/0x1b0
[  107.208743][ T7840]  ip_setsockopt+0xea/0x100
[  107.208772][ T7840]  udp_setsockopt+0x95/0xb0
[  107.208794][ T7840]  sock_common_setsockopt+0x64/0x80
[  107.208820][ T7840]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  107.208923][ T7840]  __sys_setsockopt+0x187/0x200
[  107.208956][ T7840]  __x64_sys_setsockopt+0x66/0x80
[  107.208988][ T7840]  x64_sys_call+0x2a09/0x2e10
[  107.209035][ T7840]  do_syscall_64+0xc9/0x1c0
[  107.209053][ T7840]  ? clear_bhb_loop+0x25/0x80
[  107.209087][ T7840]  ? clear_bhb_loop+0x25/0x80
[  107.209113][ T7840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.209138][ T7840] RIP: 0033:0x7fa0d9e2d169
[  107.209163][ T7840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.209181][ T7840] RSP: 002b:00007fa0d8497038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  107.209203][ T7840] RAX: ffffffffffffffda RBX: 00007fa0da045fa0 RCX: 00007fa0d9e2d169
[  107.209285][ T7840] RDX: 0000000000000482 RSI: 0000000000000000 RDI: 0000000000000003
[  107.209298][ T7840] RBP: 00007fa0d8497090 R08: 000000000000002c R09: 0000000000000000
[  107.209309][ T7840] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  107.209321][ T7840] R13: 0000000000000000 R14: 00007fa0da045fa0 R15: 00007fff47577058
[  107.209339][ T7840]  </TASK>
[  107.453586][ T7837]  loop4: p1 < > p3
[  107.465554][ T7837] loop4: p3 size 134217728 extends beyond EOD, truncated
[  107.512961][ T7837] team0: Unable to change to the same mode the team is in
[  107.946360][ T7868] loop4: detected capacity change from 0 to 2048
[  107.953277][ T7868] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  107.967292][ T7872] loop5: detected capacity change from 0 to 128
[  108.097212][ T7887] loop4: detected capacity change from 0 to 512
[  108.105031][ T7887] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  108.145732][ T7890] loop5: detected capacity change from 0 to 1024
[  108.152638][ T7890] EXT4-fs: Ignoring removed nobh option
[  108.158553][ T7890] EXT4-fs: Ignoring removed bh option
[  108.181520][ T7887] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.203158][ T7894] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.222199][ T7887] ext4 filesystem being mounted at /292/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.257224][ T7890] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.284410][ T7894] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.298062][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.401428][ T7902] bridge_slave_0: left allmulticast mode
[  108.407236][ T7902] bridge_slave_0: left promiscuous mode
[  108.412966][ T7902] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.424024][ T7902] bridge_slave_1: left allmulticast mode
[  108.429696][ T7902] bridge_slave_1: left promiscuous mode
[  108.435578][ T7902] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.458057][ T7902] bond0: (slave bond_slave_0): Releasing backup interface
[  108.468053][ T7902] bond0: (slave bond_slave_1): Releasing backup interface
[  108.483778][ T7902] team0: Port device team_slave_0 removed
[  108.493516][ T7902] team0: Port device team_slave_1 removed
[  108.500554][ T7902] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  108.508147][ T7902] batman_adv: batadv0: Removing interface: batadv_slave_0
[  108.519005][ T7902] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  108.526600][ T7902] batman_adv: batadv0: Removing interface: batadv_slave_1
[  108.560742][ T7894] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.604622][ T7894] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  108.621665][ T7909] loop6: detected capacity change from 0 to 128
[  108.675587][ T7894] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.689725][ T7894] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.701786][ T7894] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.716510][ T7894] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.873803][   T29] audit: type=1326 audit(1743390830.693:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7914 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f074354d169 code=0x7ffc0000
[  108.900774][ T7921] loop0: detected capacity change from 0 to 164
[  108.916012][   T29] audit: type=1326 audit(1743390830.693:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7914 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f074354d169 code=0x7ffc0000
[  108.939564][   T29] audit: type=1326 audit(1743390830.693:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7914 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f074354d169 code=0x7ffc0000
[  108.963206][   T29] audit: type=1326 audit(1743390830.693:1685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7914 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f074354d169 code=0x7ffc0000
[  108.986873][ T7924] loop6: detected capacity change from 0 to 512
[  108.997356][ T4384] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.008765][ T7924] EXT4-fs (loop6): too many log groups per flexible block group
[  109.016702][ T7924] EXT4-fs (loop6): failed to initialize mballoc (-12)
[  109.019679][ T7928] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1521'.
[  109.025596][ T7924] EXT4-fs (loop6): mount failed
[  109.166730][ T7939] FAULT_INJECTION: forcing a failure.
[  109.166730][ T7939] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.179877][ T7939] CPU: 1 UID: 0 PID: 7939 Comm: syz.6.1525 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  109.179912][ T7939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  109.179943][ T7939] Call Trace:
[  109.179950][ T7939]  <TASK>
[  109.179958][ T7939]  dump_stack_lvl+0xf6/0x150
[  109.179986][ T7939]  dump_stack+0x15/0x1a
[  109.180007][ T7939]  should_fail_ex+0x261/0x270
[  109.180033][ T7939]  should_fail+0xb/0x10
[  109.180053][ T7939]  should_fail_usercopy+0x1a/0x20
[  109.180100][ T7939]  strncpy_from_user+0x25/0x230
[  109.180147][ T7939]  strncpy_from_user_nofault+0x66/0xe0
[  109.180188][ T7939]  bpf_probe_read_user_str+0x2a/0x70
[  109.180228][ T7939]  bpf_prog_78f9c3f13797e2ae+0x3e/0x40
[  109.180249][ T7939]  bpf_trace_run3+0x10e/0x1d0
[  109.180285][ T7939]  ? user_path_at+0x10f/0x140
[  109.180357][ T7939]  ? user_path_at+0x10f/0x140
[  109.180375][ T7939]  __traceiter_kmem_cache_free+0x33/0x50
[  109.180489][ T7939]  kmem_cache_free+0x243/0x2e0
[  109.180521][ T7939]  ? user_path_at+0x10f/0x140
[  109.180545][ T7939]  user_path_at+0x10f/0x140
[  109.180568][ T7939]  __se_sys_mount+0x25e/0x2e0
[  109.180637][ T7939]  __x64_sys_mount+0x67/0x80
[  109.180690][ T7939]  x64_sys_call+0xd11/0x2e10
[  109.180715][ T7939]  do_syscall_64+0xc9/0x1c0
[  109.180734][ T7939]  ? clear_bhb_loop+0x25/0x80
[  109.180759][ T7939]  ? clear_bhb_loop+0x25/0x80
[  109.180861][ T7939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.180885][ T7939] RIP: 0033:0x7f0bb652d169
[  109.180899][ T7939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.180921][ T7939] RSP: 002b:00007f0bb4b8f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  109.181029][ T7939] RAX: ffffffffffffffda RBX: 00007f0bb6745fa0 RCX: 00007f0bb652d169
[  109.181072][ T7939] RDX: 00002000000000c0 RSI: 0000200000000240 RDI: 0000000000000000
[  109.181087][ T7939] RBP: 00007f0bb4b8f090 R08: 0000200000000000 R09: 0000000000000000
[  109.181102][ T7939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.181116][ T7939] R13: 0000000000000000 R14: 00007f0bb6745fa0 R15: 00007ffdef234b28
[  109.181145][ T7939]  </TASK>
[  109.181678][ T7939] SELinux: security_context_str_to_sid () failed with errno=-22
[  109.578175][ T7948] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1529'.
[  109.663525][ T7953] netlink: 'syz.0.1529': attribute type 1 has an invalid length.
[  109.683344][ T7955] loop4: detected capacity change from 0 to 2048
[  109.690051][ T7955] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  109.728370][ T7953] loop0: detected capacity change from 0 to 1024
[  109.740671][ T7953] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  109.752394][ T7953] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  109.774674][ T7953] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  109.778312][ T7958] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1532'.
[  109.782907][ T7953] EXT4-fs (loop0): orphan cleanup on readonly fs
[  109.805573][ T7958] loop4: detected capacity change from 0 to 1024
[  109.813355][ T7958] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  109.814608][ T7953] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5882: Corrupt filesystem
[  109.824402][ T7958] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[  109.843899][ T7958] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  109.854369][ T7953] EXT4-fs (loop0): Remounting filesystem read-only
[  109.855586][ T7958] EXT4-fs (loop4): invalid journal inode
[  109.861245][ T7953] EXT4-fs (loop0): 1 orphan inode deleted
[  109.872822][ T7958] EXT4-fs (loop4): can't get journal size
[  109.880790][ T7958] EXT4-fs error (device loop4): ext4_protect_reserved_inode:182: inode #3: comm syz.4.1532: blocks 2-2 from inode overlap system zone
[  109.914709][ T7953] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  109.927791][ T7958] EXT4-fs (loop4): failed to initialize system zone (-117)
[  109.936733][ T7958] EXT4-fs (loop4): mount failed
[  110.002552][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.040858][ T7968] loop5: detected capacity change from 0 to 512
[  110.064632][ T7968] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  110.070520][ T7973] loop4: detected capacity change from 0 to 512
[  110.078798][ T7968] ext4 filesystem being mounted at /169/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  110.096371][ T7968] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  110.130421][ T7973] EXT4-fs (loop4): too many log groups per flexible block group
[  110.138346][ T7973] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  110.149446][ T7979] FAULT_INJECTION: forcing a failure.
[  110.149446][ T7979] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  110.154280][ T7973] EXT4-fs (loop4): mount failed
[  110.162893][ T7979] CPU: 0 UID: 0 PID: 7979 Comm: syz.5.1538 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  110.162929][ T7979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  110.162945][ T7979] Call Trace:
[  110.162952][ T7979]  <TASK>
[  110.162963][ T7979]  dump_stack_lvl+0xf6/0x150
[  110.163060][ T7979]  dump_stack+0x15/0x1a
[  110.163107][ T7979]  should_fail_ex+0x261/0x270
[  110.163134][ T7979]  should_fail+0xb/0x10
[  110.163156][ T7979]  should_fail_usercopy+0x1a/0x20
[  110.163216][ T7979]  strncpy_from_user+0x25/0x230
[  110.163262][ T7979]  strncpy_from_user_nofault+0x66/0xe0
[  110.163309][ T7979]  bpf_probe_read_user_str+0x2a/0x70
[  110.163350][ T7979]  bpf_prog_78f9c3f13797e2ae+0x3e/0x40
[  110.163372][ T7979]  bpf_trace_run3+0x10e/0x1d0
[  110.163407][ T7979]  ? user_path_at+0x10f/0x140
[  110.163483][ T7979]  ? user_path_at+0x10f/0x140
[  110.163506][ T7979]  __traceiter_kmem_cache_free+0x33/0x50
[  110.163575][ T7979]  kmem_cache_free+0x243/0x2e0
[  110.163645][ T7979]  ? user_path_at+0x10f/0x140
[  110.163670][ T7979]  user_path_at+0x10f/0x140
[  110.163695][ T7979]  __se_sys_pivot_root+0xcd/0x1340
[  110.163752][ T7979]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  110.163791][ T7979]  ? vfs_write+0x669/0x950
[  110.163860][ T7979]  ? putname+0xe1/0x100
[  110.163897][ T7979]  ? __fget_files+0x186/0x1c0
[  110.163935][ T7979]  ? fput+0x99/0xd0
[  110.164015][ T7979]  __x64_sys_pivot_root+0x31/0x40
[  110.164062][ T7979]  x64_sys_call+0x2cc5/0x2e10
[  110.164133][ T7979]  do_syscall_64+0xc9/0x1c0
[  110.164160][ T7979]  ? clear_bhb_loop+0x25/0x80
[  110.164189][ T7979]  ? clear_bhb_loop+0x25/0x80
[  110.164217][ T7979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.164245][ T7979] RIP: 0033:0x7f591029d169
[  110.164271][ T7979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.164294][ T7979] RSP: 002b:00007f590e907038 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
[  110.164318][ T7979] RAX: ffffffffffffffda RBX: 00007f59104b5fa0 RCX: 00007f591029d169
[  110.164333][ T7979] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000000
[  110.164349][ T7979] RBP: 00007f590e907090 R08: 0000000000000000 R09: 0000000000000000
[  110.164364][ T7979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  110.164379][ T7979] R13: 0000000000000000 R14: 00007f59104b5fa0 R15: 00007ffd27fd9d68
[  110.164480][ T7979]  </TASK>
[  110.488370][ T7987] loop0: detected capacity change from 0 to 2048
[  110.499966][ T7989] FAULT_INJECTION: forcing a failure.
[  110.499966][ T7989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  110.513234][ T7989] CPU: 0 UID: 0 PID: 7989 Comm: syz.4.1543 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  110.513260][ T7989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  110.513271][ T7989] Call Trace:
[  110.513277][ T7989]  <TASK>
[  110.513284][ T7989]  dump_stack_lvl+0xf6/0x150
[  110.513309][ T7989]  dump_stack+0x15/0x1a
[  110.513383][ T7989]  should_fail_ex+0x261/0x270
[  110.513408][ T7989]  should_fail+0xb/0x10
[  110.513502][ T7989]  should_fail_usercopy+0x1a/0x20
[  110.513522][ T7989]  _copy_from_user+0x1c/0xa0
[  110.513546][ T7989]  copy_msghdr_from_user+0x54/0x2b0
[  110.513569][ T7989]  ? __fget_files+0x186/0x1c0
[  110.513622][ T7989]  __sys_sendmsg+0x141/0x240
[  110.513661][ T7989]  __x64_sys_sendmsg+0x46/0x50
[  110.513724][ T7989]  x64_sys_call+0x26f3/0x2e10
[  110.513749][ T7989]  do_syscall_64+0xc9/0x1c0
[  110.513773][ T7989]  ? clear_bhb_loop+0x25/0x80
[  110.513798][ T7989]  ? clear_bhb_loop+0x25/0x80
[  110.513906][ T7989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.513988][ T7989] RIP: 0033:0x7f074354d169
[  110.514009][ T7989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.514026][ T7989] RSP: 002b:00007f0741baf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  110.514080][ T7989] RAX: ffffffffffffffda RBX: 00007f0743765fa0 RCX: 00007f074354d169
[  110.514093][ T7989] RDX: 0000000000000000 RSI: 0000200000006280 RDI: 0000000000000006
[  110.514104][ T7989] RBP: 00007f0741baf090 R08: 0000000000000000 R09: 0000000000000000
[  110.514140][ T7989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  110.514153][ T7989] R13: 0000000000000000 R14: 00007f0743765fa0 R15: 00007ffe320c3bb8
[  110.514172][ T7989]  </TASK>
[  110.707915][ T7987] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  110.724425][ T7996] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1545'.
[  110.857873][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.923362][ T8009] SELinux:  policydb string  does not match my string SE Linux
[  110.944061][ T8009] SELinux: failed to load policy
[  110.956661][ T8009] loop0: detected capacity change from 0 to 256
[  110.971082][ T8009] msdos: Unknown parameter ''
[  111.107162][ T8012] loop5: detected capacity change from 0 to 512
[  111.144990][ T8012] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  111.179009][ T8012] ext4 filesystem being mounted at /172/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  111.208421][ T8012] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  111.224584][ T8023] loop4: detected capacity change from 0 to 512
[  111.239493][ T8022] loop0: detected capacity change from 0 to 2048
[  111.264014][ T8023] EXT4-fs (loop4): too many log groups per flexible block group
[  111.271880][ T8023] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  111.288958][ T8023] EXT4-fs (loop4): mount failed
[  111.294703][ T8022]  loop0: p1 < > p3
[  111.304342][ T8022] loop0: p3 size 134217728 extends beyond EOD, truncated
[  111.336380][ T8022] team0: Mode changed to "loadbalance"
[  111.350483][ T8029] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1557'.
[  111.525895][ T8038] loop4: detected capacity change from 0 to 2048
[  111.545272][ T8038] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.740945][ T8047] loop5: detected capacity change from 0 to 1024
[  111.747804][ T8047] EXT4-fs: Ignoring removed nobh option
[  111.753522][ T8047] EXT4-fs: Ignoring removed bh option
[  111.759235][   T29] kauditd_printk_skb: 68 callbacks suppressed
[  111.759251][   T29] audit: type=1326 audit(1743390833.543:1750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8042 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  111.788975][   T29] audit: type=1326 audit(1743390833.543:1751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8042 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  111.812455][   T29] audit: type=1326 audit(1743390833.543:1752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8042 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  111.835981][   T29] audit: type=1326 audit(1743390833.543:1753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8042 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  111.859419][   T29] audit: type=1326 audit(1743390833.543:1754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8042 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  111.882950][   T29] audit: type=1326 audit(1743390833.543:1755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8042 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  111.906306][   T29] audit: type=1326 audit(1743390833.543:1756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8042 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  111.929718][   T29] audit: type=1326 audit(1743390833.543:1757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8042 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  112.070730][ T8047] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.203868][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.239167][   T29] audit: type=1326 audit(1743390834.053:1758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8052 comm="syz.4.1563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f074354d169 code=0x7ffc0000
[  112.272292][   T29] audit: type=1326 audit(1743390834.083:1759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8052 comm="syz.4.1563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f074354d169 code=0x7ffc0000
[  112.311659][ T8055] syzkaller1: entered allmulticast mode
[  112.330382][ T8055] loop4: detected capacity change from 0 to 164
[  112.346672][ T8055] syz.4.1564: attempt to access beyond end of device
[  112.346672][ T8055] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  112.364099][ T4384] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.374518][ T8055] syz.4.1564: attempt to access beyond end of device
[  112.374518][ T8055] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[  112.483442][ T8062] loop0: detected capacity change from 0 to 128
[  112.493296][ T8062] 9pnet_fd: Insufficient options for proto=fd
[  112.596418][ T8067] loop6: detected capacity change from 0 to 512
[  112.648521][ T8067] EXT4-fs (loop6): too many log groups per flexible block group
[  112.656286][ T8067] EXT4-fs (loop6): failed to initialize mballoc (-12)
[  112.664980][ T8067] EXT4-fs (loop6): mount failed
[  112.708401][ T8077] loop0: detected capacity change from 0 to 2048
[  112.735299][ T8077] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.876944][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.218282][ T8005] netlink: 'syz.2.1548': attribute type 1 has an invalid length.
[  113.234270][ T8005] bond4: entered promiscuous mode
[  113.239388][ T8005] bond4: entered allmulticast mode
[  113.272512][ T8005] batadv1: entered promiscuous mode
[  113.277885][ T8005] batadv1: entered allmulticast mode
[  113.285990][ T8005] 8021q: adding VLAN 0 to HW filter on device batadv1
[  113.295004][ T8005] bond4: (slave batadv1): making interface the new active one
[  113.306018][ T8005] bond4: (slave batadv1): Enslaving as an active interface with an up link
[  113.358884][ T8104] loop2: detected capacity change from 0 to 128
[  113.370857][ T8104] 9pnet_fd: Insufficient options for proto=fd
[  113.444945][ T8110] loop4: detected capacity change from 0 to 164
[  113.452609][ T8111] loop2: detected capacity change from 0 to 2048
[  113.492794][ T8111]  loop2: p1 < > p3
[  113.497392][ T8111] loop2: p3 size 134217728 extends beyond EOD, truncated
[  113.510423][ T8111] team0: Mode changed to "loadbalance"
[  113.560726][ T8120] loop2: detected capacity change from 0 to 512
[  113.578969][ T8124] loop5: detected capacity change from 0 to 164
[  113.588151][ T8120] EXT4-fs (loop2): too many log groups per flexible block group
[  113.595939][ T8120] EXT4-fs (loop2): failed to initialize mballoc (-12)
[  113.607323][ T8120] EXT4-fs (loop2): mount failed
[  113.635279][ T8122] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1589'.
[  113.646297][ T8122] netlink: 'syz.4.1589': attribute type 1 has an invalid length.
[  113.717226][ T8133] loop4: detected capacity change from 0 to 1024
[  113.734888][ T8133] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  113.776231][ T8133] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  113.794118][ T8133] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  113.810102][ T8133] EXT4-fs (loop4): orphan cleanup on readonly fs
[  113.813068][ T8139] loop0: detected capacity change from 0 to 128
[  113.828456][ T8139] 9pnet_fd: Insufficient options for proto=fd
[  113.838210][ T8133] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5882: Corrupt filesystem
[  113.868530][ T8133] EXT4-fs (loop4): Remounting filesystem read-only
[  113.881792][ T8133] EXT4-fs (loop4): 1 orphan inode deleted
[  113.890110][ T8133] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  114.004264][ T8143] loop0: detected capacity change from 0 to 512
[  114.015772][ T8145] loop6: detected capacity change from 0 to 164
[  114.038400][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.054403][ T8143] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  114.068809][ T8143] ext4 filesystem being mounted at /394/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  114.083113][ T8151] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1598'.
[  114.134507][ T8143] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  114.219852][ T8161] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1602'.
[  114.430109][ T8171] vlan2: entered allmulticast mode
[  114.435357][ T8171] bridge_slave_0: entered allmulticast mode
[  114.530074][ T8177] loop4: detected capacity change from 0 to 512
[  114.549646][ T8177] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  114.553597][ T8179] loop0: detected capacity change from 0 to 2048
[  114.572357][ T8177] ext4 filesystem being mounted at /322/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  114.596532][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  114.612700][ T8179]  loop0: p1 < > p3
[  114.617164][ T8179] loop0: p3 size 134217728 extends beyond EOD, truncated
[  114.701314][ T8188] loop4: detected capacity change from 0 to 512
[  114.738231][ T8188] EXT4-fs (loop4): too many log groups per flexible block group
[  114.745979][ T8188] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  114.760430][ T8188] EXT4-fs (loop4): mount failed
[  114.979544][ T8204] loop0: detected capacity change from 0 to 1024
[  114.986822][ T8204] EXT4-fs: Ignoring removed nobh option
[  114.992442][ T8204] EXT4-fs: Ignoring removed bh option
[  114.998889][ T8203] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1618'.
[  115.025674][ T8204] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.391427][ T8219] loop6: detected capacity change from 0 to 2048
[  115.403718][ T8219] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.438149][ T8223] loop5: detected capacity change from 0 to 2048
[  115.447716][ T8223] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  115.521610][ T8230] loop5: detected capacity change from 0 to 128
[  115.567585][ T8233] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1629'.
[  115.579606][ T8233] netlink: 'syz.4.1629': attribute type 1 has an invalid length.
[  115.598315][ T8231] Cannot find set identified by id 0 to match
[  115.646999][ T8238] loop5: detected capacity change from 0 to 512
[  115.658219][ T8240] loop4: detected capacity change from 0 to 1024
[  115.668512][ T8238] ext4 filesystem being mounted at /187/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  115.685124][ T8240] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  115.703471][ T8240] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  115.727314][ T8240] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  115.736058][ T8240] EXT4-fs (loop4): orphan cleanup on readonly fs
[  115.745319][ T8244] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1631'.
[  115.755335][ T8240] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5882: Corrupt filesystem
[  115.756909][ T8244] netlink: 'syz.0.1631': attribute type 1 has an invalid length.
[  115.777731][ T8240] EXT4-fs (loop4): Remounting filesystem read-only
[  115.787590][ T8240] EXT4-fs (loop4): 1 orphan inode deleted
[  115.816806][ T8252] FAULT_INJECTION: forcing a failure.
[  115.816806][ T8252] name failslab, interval 1, probability 0, space 0, times 0
[  115.829562][ T8252] CPU: 1 UID: 0 PID: 8252 Comm: syz.5.1633 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  115.829720][ T8252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  115.829733][ T8252] Call Trace:
[  115.829740][ T8252]  <TASK>
[  115.829748][ T8252]  dump_stack_lvl+0xf6/0x150
[  115.829775][ T8252]  dump_stack+0x15/0x1a
[  115.829874][ T8252]  should_fail_ex+0x261/0x270
[  115.829898][ T8252]  should_failslab+0x8f/0xb0
[  115.829929][ T8252]  kmem_cache_alloc_noprof+0x59/0x340
[  115.830046][ T8252]  ? getname_flags+0x81/0x3b0
[  115.830111][ T8252]  getname_flags+0x81/0x3b0
[  115.830223][ T8252]  __x64_sys_link+0x33/0x70
[  115.830253][ T8252]  x64_sys_call+0x2d65/0x2e10
[  115.830336][ T8252]  do_syscall_64+0xc9/0x1c0
[  115.830360][ T8252]  ? clear_bhb_loop+0x25/0x80
[  115.830385][ T8252]  ? clear_bhb_loop+0x25/0x80
[  115.830421][ T8252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.830482][ T8252] RIP: 0033:0x7f591029d169
[  115.830499][ T8252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.830520][ T8252] RSP: 002b:00007f590e907038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[  115.830542][ T8252] RAX: ffffffffffffffda RBX: 00007f59104b5fa0 RCX: 00007f591029d169
[  115.830606][ T8252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000003040
[  115.830619][ T8252] RBP: 00007f590e907090 R08: 0000000000000000 R09: 0000000000000000
[  115.830633][ T8252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.830647][ T8252] R13: 0000000000000000 R14: 00007f59104b5fa0 R15: 00007ffd27fd9d68
[  115.830668][ T8252]  </TASK>
[  115.998714][ T8253] loop0: detected capacity change from 0 to 1024
[  116.012116][ T8253] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  116.027554][ T8253] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  116.041811][ T8253] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  116.053002][ T8253] EXT4-fs (loop0): orphan cleanup on readonly fs
[  116.070224][ T8253] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5882: Corrupt filesystem
[  116.082721][ T8253] EXT4-fs (loop0): Remounting filesystem read-only
[  116.090622][ T8253] EXT4-fs (loop0): 1 orphan inode deleted
[  116.139098][ T8270] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1641'.
[  116.157623][ T8266] loop5: detected capacity change from 0 to 2048
[  116.164614][ T8266] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  116.171471][ T8273] loop0: detected capacity change from 0 to 2048
[  116.182603][ T8273] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  116.229193][ T8277] loop4: detected capacity change from 0 to 164
[  116.246403][ T8283] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1646'.
[  116.261488][ T8278] loop6: detected capacity change from 0 to 2048
[  116.276670][ T8281] loop5: detected capacity change from 0 to 2048
[  116.283384][ T8281] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  116.292242][ T8278] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  116.378171][ T8299] loop0: detected capacity change from 0 to 512
[  116.395269][ T8299] EXT4-fs (loop0): too many log groups per flexible block group
[  116.403373][ T8299] EXT4-fs (loop0): failed to initialize mballoc (-12)
[  116.419008][ T8299] EXT4-fs (loop0): mount failed
[  116.445041][ T8308] loop4: detected capacity change from 0 to 2048
[  116.477154][ T8311] loop2: detected capacity change from 0 to 512
[  116.484007][ T8308]  loop4: p1 < > p3
[  116.489059][ T8308] loop4: p3 size 134217728 extends beyond EOD, truncated
[  116.498297][ T8311] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  116.516851][ T8308] team0: Unable to change to the same mode the team is in
[  116.535793][ T8311] ext4 filesystem being mounted at /327/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  116.717241][ T8331] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1666'.
[  116.746422][ T8329] bond4: (slave batadv1): Releasing active interface
[  116.810788][ T8335] loop6: detected capacity change from 0 to 1024
[  116.817781][ T8335] EXT4-fs: Ignoring removed nobh option
[  116.823529][ T8335] EXT4-fs: Ignoring removed bh option
[  116.902045][   T29] kauditd_printk_skb: 173 callbacks suppressed
[  116.902062][   T29] audit: type=1400 audit(1743390838.713:1921): avc:  denied  { search } for  pid=8336 comm="syz.2.1668" name="/" dev="configfs" ino=1531 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  116.930714][   T29] audit: type=1400 audit(1743390838.713:1922): avc:  denied  { read } for  pid=8336 comm="syz.2.1668" name="/" dev="configfs" ino=1531 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  116.952771][   T29] audit: type=1400 audit(1743390838.713:1923): avc:  denied  { open } for  pid=8336 comm="syz.2.1668" path="/" dev="configfs" ino=1531 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  117.153127][ T8346] loop4: detected capacity change from 0 to 2048
[  117.178193][ T8348] loop0: detected capacity change from 0 to 2048
[  117.202964][ T8346]  loop4: p1 < > p3
[  117.207633][ T8346] loop4: p3 size 134217728 extends beyond EOD, truncated
[  117.223869][ T8346] team0: Unable to change to the same mode the team is in
[  117.400998][ T8369] loop5: detected capacity change from 0 to 164
[  117.464265][   T29] audit: type=1326 audit(1743390839.283:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8370 comm="syz.6.1682" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0bb652d169 code=0x0
[  117.512461][ T8375] loop0: detected capacity change from 0 to 2048
[  117.552539][ T8375]  loop0: p1 < > p3
[  117.553084][ T8382] loop4: detected capacity change from 0 to 2048
[  117.557087][ T8375] loop0: p3 size 134217728 extends beyond EOD, truncated
[  117.583789][ T8375] team0: Unable to change to the same mode the team is in
[  117.691464][   T29] audit: type=1326 audit(1743390839.503:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8388 comm="syz.5.1688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591029d169 code=0x7ffc0000
[  117.715016][   T29] audit: type=1326 audit(1743390839.503:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8388 comm="syz.5.1688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591029d169 code=0x7ffc0000
[  117.738883][   T29] audit: type=1326 audit(1743390839.503:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8388 comm="syz.5.1688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f591029d169 code=0x7ffc0000
[  117.762404][   T29] audit: type=1326 audit(1743390839.503:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8388 comm="syz.5.1688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591029d169 code=0x7ffc0000
[  117.785906][   T29] audit: type=1326 audit(1743390839.503:1929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8388 comm="syz.5.1688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f591029d169 code=0x7ffc0000
[  117.809466][   T29] audit: type=1326 audit(1743390839.503:1930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8388 comm="syz.5.1688" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591029d169 code=0x7ffc0000
[  117.912056][ T8392] loop5: detected capacity change from 0 to 8192
[  117.921225][ T8398] FAULT_INJECTION: forcing a failure.
[  117.921225][ T8398] name failslab, interval 1, probability 0, space 0, times 0
[  117.934009][ T8398] CPU: 1 UID: 0 PID: 8398 Comm: syz.4.1690 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  117.934038][ T8398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  117.934104][ T8398] Call Trace:
[  117.934110][ T8398]  <TASK>
[  117.934119][ T8398]  dump_stack_lvl+0xf6/0x150
[  117.934148][ T8398]  dump_stack+0x15/0x1a
[  117.934165][ T8398]  should_fail_ex+0x261/0x270
[  117.934194][ T8398]  should_failslab+0x8f/0xb0
[  117.934219][ T8398]  kmem_cache_alloc_noprof+0x59/0x340
[  117.934249][ T8398]  ? alloc_empty_file+0x78/0x200
[  117.934279][ T8398]  ? _raw_spin_unlock+0x26/0x50
[  117.934388][ T8398]  alloc_empty_file+0x78/0x200
[  117.934427][ T8398]  alloc_file_pseudo+0xcb/0x160
[  117.934474][ T8398]  anon_inode_getfd+0xc2/0x170
[  117.934498][ T8398]  do_inotify_init+0x221/0x270
[  117.934531][ T8398]  __do_sys_inotify_init+0x10/0x20
[  117.934562][ T8398]  x64_sys_call+0xa51/0x2e10
[  117.934663][ T8398]  do_syscall_64+0xc9/0x1c0
[  117.934682][ T8398]  ? clear_bhb_loop+0x25/0x80
[  117.934719][ T8398]  ? clear_bhb_loop+0x25/0x80
[  117.934739][ T8398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.934764][ T8398] RIP: 0033:0x7f074354d169
[  117.934781][ T8398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.934803][ T8398] RSP: 002b:00007f0741baf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fd
[  117.934845][ T8398] RAX: ffffffffffffffda RBX: 00007f0743765fa0 RCX: 00007f074354d169
[  117.934860][ T8398] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  117.934874][ T8398] RBP: 00007f0741baf090 R08: 0000000000000000 R09: 0000000000000000
[  117.934888][ T8398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.934902][ T8398] R13: 0000000000000000 R14: 00007f0743765fa0 R15: 00007ffe320c3bb8
[  117.934921][ T8398]  </TASK>
[  118.232729][ T8404] loop4: detected capacity change from 0 to 512
[  118.469049][ T8404] ext4 filesystem being mounted at /344/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  118.602473][ T8419] loop6: detected capacity change from 0 to 1024
[  118.609563][ T8419] EXT4-fs: Ignoring removed nobh option
[  118.615234][ T8419] EXT4-fs: Ignoring removed bh option
[  119.067455][ T8428] loop2: detected capacity change from 0 to 2048
[  119.116219][ T8431] loop4: detected capacity change from 0 to 256
[  119.123216][ T8428] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  119.279828][ T8431] FAT-fs (loop4): Directory bread(block 64) failed
[  119.310024][ T8431] FAT-fs (loop4): Directory bread(block 65) failed
[  119.331661][ T8431] FAT-fs (loop4): Directory bread(block 66) failed
[  119.344947][ T8431] FAT-fs (loop4): Directory bread(block 67) failed
[  119.364277][ T8431] FAT-fs (loop4): Directory bread(block 68) failed
[  119.384195][ T8431] FAT-fs (loop4): Directory bread(block 69) failed
[  119.392915][ T8389] syz.5.1688 (8389) used greatest stack depth: 7184 bytes left
[  119.402362][ T8431] FAT-fs (loop4): Directory bread(block 70) failed
[  119.413699][ T8431] FAT-fs (loop4): Directory bread(block 71) failed
[  119.422232][ T8431] FAT-fs (loop4): Directory bread(block 72) failed
[  119.450101][ T8431] FAT-fs (loop4): Directory bread(block 73) failed
[  119.543392][ T8453] hub 4-0:1.0: USB hub found
[  119.548230][ T8453] hub 4-0:1.0: 8 ports detected
[  119.556551][ T8455] loop0: detected capacity change from 0 to 2048
[  119.575057][ T8455] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  119.579129][ T8453] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1711'.
[  119.595574][ T8453] netlink: 'syz.4.1711': attribute type 1 has an invalid length.
[  119.685896][ T8463] loop4: detected capacity change from 0 to 1024
[  119.695369][ T8463] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  119.704299][ T8463] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  119.732541][ T8463] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  119.735693][ T8467] 9pnet: p9_errstr2errno: server reported unknown error �@��
[  119.740787][ T8463] EXT4-fs (loop4): orphan cleanup on readonly fs
[  119.755015][ T8463] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5882: Corrupt filesystem
[  119.764952][ T8463] EXT4-fs (loop4): Remounting filesystem read-only
[  119.771767][ T8463] EXT4-fs (loop4): 1 orphan inode deleted
[  120.133108][ T8504] FAULT_INJECTION: forcing a failure.
[  120.133108][ T8504] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.146270][ T8504] CPU: 1 UID: 0 PID: 8504 Comm: syz.4.1732 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  120.146301][ T8504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  120.146314][ T8504] Call Trace:
[  120.146322][ T8504]  <TASK>
[  120.146351][ T8504]  dump_stack_lvl+0xf6/0x150
[  120.146379][ T8504]  dump_stack+0x15/0x1a
[  120.146399][ T8504]  should_fail_ex+0x261/0x270
[  120.146424][ T8504]  should_fail+0xb/0x10
[  120.146444][ T8504]  should_fail_usercopy+0x1a/0x20
[  120.146468][ T8504]  _copy_to_user+0x20/0xa0
[  120.146526][ T8504]  simple_read_from_buffer+0xb2/0x130
[  120.146558][ T8504]  proc_fail_nth_read+0x103/0x140
[  120.146595][ T8504]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  120.146646][ T8504]  vfs_read+0x1b2/0x710
[  120.146671][ T8504]  ? __rcu_read_unlock+0x4e/0x70
[  120.146705][ T8504]  ? __fget_files+0x186/0x1c0
[  120.146740][ T8504]  ksys_read+0xeb/0x1b0
[  120.146767][ T8504]  __x64_sys_read+0x42/0x50
[  120.146865][ T8504]  x64_sys_call+0x2a3b/0x2e10
[  120.146892][ T8504]  do_syscall_64+0xc9/0x1c0
[  120.146916][ T8504]  ? clear_bhb_loop+0x25/0x80
[  120.146942][ T8504]  ? clear_bhb_loop+0x25/0x80
[  120.146977][ T8504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.147001][ T8504] RIP: 0033:0x7f074354bb7c
[  120.147020][ T8504] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  120.147040][ T8504] RSP: 002b:00007f0741baf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  120.147062][ T8504] RAX: ffffffffffffffda RBX: 00007f0743765fa0 RCX: 00007f074354bb7c
[  120.147077][ T8504] RDX: 000000000000000f RSI: 00007f0741baf0a0 RDI: 0000000000000003
[  120.147092][ T8504] RBP: 00007f0741baf090 R08: 0000000000000000 R09: 0000000000000000
[  120.147104][ T8504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.147151][ T8504] R13: 0000000000000000 R14: 00007f0743765fa0 R15: 00007ffe320c3bb8
[  120.147172][ T8504]  </TASK>
[  121.703394][ T8578] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1764'.
[  121.921498][   T29] kauditd_printk_skb: 362 callbacks suppressed
[  121.921512][   T29] audit: type=1400 audit(1743390843.733:2289): avc:  denied  { read write } for  pid=8587 comm="syz.0.1770" name="loop0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  121.923671][ T8589] veth1_macvtap: left promiscuous mode
[  121.942098][   T29] audit: type=1400 audit(1743390843.743:2290): avc:  denied  { read write } for  pid=4384 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  122.056554][ T8589] macsec0: entered allmulticast mode
[  122.076529][   T29] audit: type=1400 audit(1743390843.773:2291): avc:  denied  { execmem } for  pid=8590 comm="syz.5.1771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0
[  122.095852][   T29] audit: type=1400 audit(1743390843.803:2292): avc:  denied  { read } for  pid=8581 comm="syz.2.1767" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=0
[  122.118487][   T29] audit: type=1400 audit(1743390843.823:2293): avc:  denied  { read write } for  pid=3310 comm="syz-executor" name="loop0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  122.142963][   T29] audit: type=1400 audit(1743390843.853:2294): avc:  denied  { execmem } for  pid=8594 comm="syz.0.1772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0
[  122.162213][   T29] audit: type=1400 audit(1743390843.873:2295): avc:  denied  { read } for  pid=8590 comm="syz.5.1771" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=0
[  122.184917][   T29] audit: type=1400 audit(1743390843.883:2296): avc:  denied  { create } for  pid=8590 comm="syz.5.1771" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=0
[  122.283831][ T8593] veth1_macvtap: entered promiscuous mode
[  122.289702][ T8593] veth1_macvtap: entered allmulticast mode
[  122.327648][ T8593] macsec0: left allmulticast mode
[  122.332888][ T8593] veth1_macvtap: left allmulticast mode
[  122.396482][   T29] audit: type=1400 audit(1743390844.213:2297): avc:  denied  { read write } for  pid=3304 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  122.506734][   T29] audit: type=1400 audit(1743390844.233:2298): avc:  denied  { create } for  pid=8594 comm="syz.0.1772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  123.606307][ T8650] can0: slcan on ttyS3.
[  124.032088][ T8645] can0 (unregistered): slcan off ttyS3.
[  125.410302][ T8764] syzkaller0: entered promiscuous mode
[  125.415956][ T8764] syzkaller0: entered allmulticast mode
[  125.564707][ T8774] serio: Serial port ptm0
[  126.964728][   T29] kauditd_printk_skb: 330 callbacks suppressed
[  126.964743][   T29] audit: type=1400 audit(1743390848.783:2629): avc:  denied  { mounton } for  pid=8840 comm="syz.6.1883" path="/180/file0" dev="tmpfs" ino=979 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=0
[  127.005791][   T29] audit: type=1400 audit(1743390848.813:2630): avc:  denied  { read write } for  pid=4384 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  127.058912][   T29] audit: type=1326 audit(1743390848.823:2631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8844 comm="syz.5.1884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591029d169 code=0x7ffc0000
[  127.082443][   T29] audit: type=1326 audit(1743390848.823:2632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8844 comm="syz.5.1884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f591029d169 code=0x7ffc0000
[  127.105982][   T29] audit: type=1326 audit(1743390848.823:2633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8844 comm="syz.5.1884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591029d169 code=0x7ffc0000
[  127.129523][   T29] audit: type=1400 audit(1743390848.853:2634): avc:  denied  { read write } for  pid=4384 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  127.153781][   T29] audit: type=1400 audit(1743390848.863:2635): avc:  denied  { create } for  pid=8846 comm="syz.5.1885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  127.174254][   T29] audit: type=1400 audit(1743390848.873:2636): avc:  denied  { create } for  pid=8846 comm="syz.5.1885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  127.196744][   T29] audit: type=1400 audit(1743390849.013:2637): avc:  denied  { read write } for  pid=4384 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  127.242726][   T29] audit: type=1400 audit(1743390849.053:2638): avc:  denied  { read write } for  pid=4384 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  132.417710][   T29] kauditd_printk_skb: 260 callbacks suppressed
[  132.417729][   T29] audit: type=1400 audit(1743390854.233:2899): avc:  denied  { read write } for  pid=3310 comm="syz-executor" name="loop0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  132.480664][   T29] audit: type=1400 audit(1743390854.273:2900): avc:  denied  { read write } for  pid=6169 comm="syz-executor" name="loop6" dev="devtmpfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  132.481594][ T9064] can0: slcan on ttyS3.
[  132.504946][   T29] audit: type=1400 audit(1743390854.273:2901): avc:  denied  { create } for  pid=9063 comm="syz.0.1976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  132.529504][   T29] audit: type=1400 audit(1743390854.273:2902): avc:  denied  { create } for  pid=9063 comm="syz.0.1976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  132.550172][   T29] audit: type=1400 audit(1743390854.273:2903): avc:  denied  { execmem } for  pid=9063 comm="syz.0.1976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0
[  132.569466][   T29] audit: type=1400 audit(1743390854.273:2904): avc:  denied  { bpf } for  pid=9063 comm="syz.0.1976" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=0
[  132.590042][   T29] audit: type=1400 audit(1743390854.273:2905): avc:  denied  { create } for  pid=9065 comm="syz.6.1977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  132.610630][   T29] audit: type=1400 audit(1743390854.273:2906): avc:  denied  { create } for  pid=9065 comm="syz.6.1977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  132.631174][   T29] audit: type=1400 audit(1743390854.283:2907): avc:  denied  { read write } for  pid=4384 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  132.655453][   T29] audit: type=1400 audit(1743390854.293:2908): avc:  denied  { read write } for  pid=6169 comm="syz-executor" name="loop6" dev="devtmpfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  132.742334][ T9063] can0 (unregistered): slcan off ttyS3.
Mar 31 03:14:15 syzkaller daemon.err dhcpcd[3042]: ps_sendpsmmsg: Connection refused
Mar 31 03:14:15 syzkaller daemon.err dhcpcd[3042]: ps_root_recvmsgcb: failed to send message to pid 5714: Connection refused
Mar 31 03:14:16 syzkaller daemon.err dhcpcd[3042]: ps_sendpsmmsg: Connection refused
Mar 31 03:14:16 syzkaller daemon.err dhcpcd[3042]: ps_root_recvmsgcb: failed to send message to pid 5671: Connection refused
Mar 31 03:14:16 syzkaller daemon.err dhcpcd[3042]: ps_sendpsmmsg: Connection refused
Mar 31 03:14:16 syzkaller daemon.err dhcpcd[3042]: ps_root_recvmsgcb: failed to send message to pid 5760: Connection refused
[  135.769448][ T9320] FAULT_INJECTION: forcing a failure.
[  135.769448][ T9320] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  135.782759][ T9320] CPU: 1 UID: 0 PID: 9320 Comm: syz.2.2091 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  135.782817][ T9320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  135.782832][ T9320] Call Trace:
[  135.782839][ T9320]  <TASK>
[  135.782847][ T9320]  dump_stack_lvl+0xf6/0x150
[  135.782876][ T9320]  dump_stack+0x15/0x1a
[  135.782931][ T9320]  should_fail_ex+0x261/0x270
[  135.782957][ T9320]  should_fail+0xb/0x10
[  135.783045][ T9320]  should_fail_usercopy+0x1a/0x20
[  135.783102][ T9320]  _copy_from_user+0x1c/0xa0
[  135.783134][ T9320]  __sys_bpf+0x16a/0x800
[  135.783166][ T9320]  __x64_sys_bpf+0x43/0x50
[  135.783288][ T9320]  x64_sys_call+0x23da/0x2e10
[  135.783310][ T9320]  do_syscall_64+0xc9/0x1c0
[  135.783329][ T9320]  ? clear_bhb_loop+0x25/0x80
[  135.783369][ T9320]  ? clear_bhb_loop+0x25/0x80
[  135.783424][ T9320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.783448][ T9320] RIP: 0033:0x7fa0d9e2d169
[  135.783466][ T9320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.783500][ T9320] RSP: 002b:00007fa0d8497038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  135.783523][ T9320] RAX: ffffffffffffffda RBX: 00007fa0da045fa0 RCX: 00007fa0d9e2d169
[  135.783538][ T9320] RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 000000000000001c
[  135.783552][ T9320] RBP: 00007fa0d8497090 R08: 0000000000000000 R09: 0000000000000000
[  135.783642][ T9320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.783657][ T9320] R13: 0000000000000000 R14: 00007fa0da045fa0 R15: 00007fff47577058
[  135.783679][ T9320]  </TASK>
Mar 31 03:14:17 syzkaller daemon.err dhcpcd[3042]: ps_sendpsmmsg: Connection refused
Mar 31 03:14:17 syzkaller daemon.err dhcpcd[3042]: ps_root_recvmsgcb: failed to send message to pid 5794: Connection refused
[  136.096240][ T9349] FAULT_INJECTION: forcing a failure.
[  136.096240][ T9349] name failslab, interval 1, probability 0, space 0, times 0
[  136.108981][ T9349] CPU: 0 UID: 0 PID: 9349 Comm: syz.2.2104 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  136.109059][ T9349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  136.109076][ T9349] Call Trace:
[  136.109092][ T9349]  <TASK>
[  136.109101][ T9349]  dump_stack_lvl+0xf6/0x150
[  136.109128][ T9349]  dump_stack+0x15/0x1a
[  136.109149][ T9349]  should_fail_ex+0x261/0x270
[  136.109174][ T9349]  should_failslab+0x8f/0xb0
[  136.109286][ T9349]  kmem_cache_alloc_noprof+0x59/0x340
[  136.109326][ T9349]  ? getname_flags+0x81/0x3b0
[  136.109365][ T9349]  getname_flags+0x81/0x3b0
[  136.109454][ T9349]  do_sys_openat2+0x65/0x110
[  136.109499][ T9349]  __x64_sys_openat+0xf8/0x120
[  136.109531][ T9349]  x64_sys_call+0x1ac/0x2e10
[  136.109579][ T9349]  do_syscall_64+0xc9/0x1c0
[  136.109603][ T9349]  ? clear_bhb_loop+0x25/0x80
[  136.109629][ T9349]  ? clear_bhb_loop+0x25/0x80
[  136.109655][ T9349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.109680][ T9349] RIP: 0033:0x7fa0d9e2d169
[  136.109695][ T9349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.109794][ T9349] RSP: 002b:00007fa0d8497038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  136.109818][ T9349] RAX: ffffffffffffffda RBX: 00007fa0da045fa0 RCX: 00007fa0d9e2d169
[  136.109830][ T9349] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: ffffffffffffff9c
[  136.109844][ T9349] RBP: 00007fa0d8497090 R08: 0000000000000000 R09: 0000000000000000
[  136.109858][ T9349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.109925][ T9349] R13: 0000000000000001 R14: 00007fa0da045fa0 R15: 00007fff47577058
[  136.109946][ T9349]  </TASK>
[  136.499281][ T9379] FAULT_INJECTION: forcing a failure.
[  136.499281][ T9379] name failslab, interval 1, probability 0, space 0, times 0
[  136.511986][ T9379] CPU: 1 UID: 0 PID: 9379 Comm: syz.6.2117 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  136.512066][ T9379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  136.512080][ T9379] Call Trace:
[  136.512088][ T9379]  <TASK>
[  136.512096][ T9379]  dump_stack_lvl+0xf6/0x150
[  136.512123][ T9379]  dump_stack+0x15/0x1a
[  136.512144][ T9379]  should_fail_ex+0x261/0x270
[  136.512169][ T9379]  should_failslab+0x8f/0xb0
[  136.512357][ T9379]  __kmalloc_cache_noprof+0x55/0x320
[  136.512423][ T9379]  ? syslog_print_all+0x74/0x3f0
[  136.512445][ T9379]  syslog_print_all+0x74/0x3f0
[  136.512465][ T9379]  ? avc_has_perm+0xd6/0x150
[  136.512486][ T9379]  do_syslog+0x44a/0x810
[  136.512507][ T9379]  ? ksys_write+0x180/0x1b0
[  136.512598][ T9379]  __x64_sys_syslog+0x43/0x50
[  136.512618][ T9379]  x64_sys_call+0x2b8f/0x2e10
[  136.512637][ T9379]  do_syscall_64+0xc9/0x1c0
[  136.512653][ T9379]  ? clear_bhb_loop+0x25/0x80
[  136.512672][ T9379]  ? clear_bhb_loop+0x25/0x80
[  136.512722][ T9379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.512741][ T9379] RIP: 0033:0x7f0bb652d169
[  136.512753][ T9379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.512768][ T9379] RSP: 002b:00007f0bb4b8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000067
[  136.512783][ T9379] RAX: ffffffffffffffda RBX: 00007f0bb6745fa0 RCX: 00007f0bb652d169
[  136.512836][ T9379] RDX: 0000000000000011 RSI: 0000200000000000 RDI: 0000000000000004
[  136.512849][ T9379] RBP: 00007f0bb4b8f090 R08: 0000000000000000 R09: 0000000000000000
[  136.512862][ T9379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.512876][ T9379] R13: 0000000000000001 R14: 00007f0bb6745fa0 R15: 00007ffdef234b28
[  136.512898][ T9379]  </TASK>
[  136.747960][ T9382] block device autoloading is deprecated and will be removed.
[  136.756242][ T9382] syz.5.2118: attempt to access beyond end of device
[  136.756242][ T9382] md30: rw=2048, sector=0, nr_sectors = 8 limit=0
[  137.117899][ T9415] FAULT_INJECTION: forcing a failure.
[  137.117899][ T9415] name failslab, interval 1, probability 0, space 0, times 0
[  137.130693][ T9415] CPU: 0 UID: 0 PID: 9415 Comm: syz.0.2133 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  137.130723][ T9415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  137.130736][ T9415] Call Trace:
[  137.130743][ T9415]  <TASK>
[  137.130807][ T9415]  dump_stack_lvl+0xf6/0x150
[  137.130864][ T9415]  dump_stack+0x15/0x1a
[  137.130881][ T9415]  should_fail_ex+0x261/0x270
[  137.130903][ T9415]  should_failslab+0x8f/0xb0
[  137.130930][ T9415]  kmem_cache_alloc_noprof+0x59/0x340
[  137.131037][ T9415]  ? audit_log_start+0x37f/0x6e0
[  137.131062][ T9415]  audit_log_start+0x37f/0x6e0
[  137.131085][ T9415]  ? kstrtouint+0x7b/0xc0
[  137.131120][ T9415]  audit_seccomp+0x4b/0x130
[  137.131155][ T9415]  __seccomp_filter+0x694/0x10e0
[  137.131186][ T9415]  ? vfs_write+0x669/0x950
[  137.131287][ T9415]  __secure_computing+0x7e/0x160
[  137.131322][ T9415]  syscall_trace_enter+0xcf/0x1f0
[  137.131379][ T9415]  do_syscall_64+0xaa/0x1c0
[  137.131403][ T9415]  ? clear_bhb_loop+0x25/0x80
[  137.131423][ T9415]  ? clear_bhb_loop+0x25/0x80
[  137.131498][ T9415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.131521][ T9415] RIP: 0033:0x7fcf39b3d169
[  137.131535][ T9415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  137.131555][ T9415] RSP: 002b:00007fcf381a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad
[  137.131577][ T9415] RAX: ffffffffffffffda RBX: 00007fcf39d55fa0 RCX: 00007fcf39b3d169
[  137.131615][ T9415] RDX: ffffffffffffff9c RSI: 0000200000000040 RDI: 0000000000000004
[  137.131629][ T9415] RBP: 00007fcf381a7090 R08: 0000000000000001 R09: 0000000000000000
[  137.131643][ T9415] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[  137.131655][ T9415] R13: 0000000000000000 R14: 00007fcf39d55fa0 R15: 00007fff0263faa8
[  137.131671][ T9415]  </TASK>
[  137.142699][ T9406] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9406 comm=syz.4.2130
[  137.428895][   T29] kauditd_printk_skb: 1163 callbacks suppressed
[  137.428914][   T29] audit: type=1400 audit(1743390859.243:4070): avc:  denied  { read write } for  pid=4384 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  137.465538][   T29] audit: type=1400 audit(1743390859.283:4071): avc:  denied  { read write } for  pid=3310 comm="syz-executor" name="loop0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  137.489906][   T29] audit: type=1400 audit(1743390859.283:4072): avc:  denied  { read write } for  pid=3304 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  137.539684][   T29] audit: type=1400 audit(1743390859.313:4073): avc:  denied  { read write } for  pid=3308 comm="syz-executor" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  137.563969][   T29] audit: type=1400 audit(1743390859.333:4074): avc:  denied  { prog_load } for  pid=9447 comm="syz.2.2149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  137.583342][   T29] audit: type=1400 audit(1743390859.333:4075): avc:  denied  { create } for  pid=9447 comm="syz.2.2149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=0
[  137.603640][   T29] audit: type=1400 audit(1743390859.333:4076): avc:  denied  { prog_load } for  pid=9447 comm="syz.2.2149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  137.622886][   T29] audit: type=1400 audit(1743390859.333:4077): avc:  denied  { map_create } for  pid=9447 comm="syz.2.2149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  137.642327][   T29] audit: type=1400 audit(1743390859.343:4078): avc:  denied  { create } for  pid=9445 comm="syz.5.2147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=0
[  137.662099][   T29] audit: type=1400 audit(1743390859.343:4079): avc:  denied  { map_create } for  pid=9445 comm="syz.5.2147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  137.729849][ T9464] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  137.736423][ T9464] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  137.744313][ T9464] vhci_hcd vhci_hcd.0: Device attached
[  137.789328][ T9475] FAULT_INJECTION: forcing a failure.
[  137.789328][ T9475] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  137.802543][ T9475] CPU: 0 UID: 0 PID: 9475 Comm: syz.2.2159 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  137.802569][ T9475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  137.802581][ T9475] Call Trace:
[  137.802586][ T9475]  <TASK>
[  137.802593][ T9475]  dump_stack_lvl+0xf6/0x150
[  137.802615][ T9475]  dump_stack+0x15/0x1a
[  137.802668][ T9475]  should_fail_ex+0x261/0x270
[  137.802687][ T9475]  should_fail+0xb/0x10
[  137.802750][ T9475]  should_fail_usercopy+0x1a/0x20
[  137.802772][ T9475]  _copy_to_user+0x20/0xa0
[  137.802804][ T9475]  simple_read_from_buffer+0xb2/0x130
[  137.802835][ T9475]  proc_fail_nth_read+0x103/0x140
[  137.802908][ T9475]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  137.802984][ T9475]  vfs_read+0x1b2/0x710
[  137.803009][ T9475]  ? __rcu_read_unlock+0x4e/0x70
[  137.803042][ T9475]  ? __fget_files+0x186/0x1c0
[  137.803072][ T9475]  ksys_read+0xeb/0x1b0
[  137.803138][ T9475]  __x64_sys_read+0x42/0x50
[  137.803164][ T9475]  x64_sys_call+0x2a3b/0x2e10
[  137.803189][ T9475]  do_syscall_64+0xc9/0x1c0
[  137.803212][ T9475]  ? clear_bhb_loop+0x25/0x80
[  137.803264][ T9475]  ? clear_bhb_loop+0x25/0x80
[  137.803290][ T9475]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.803315][ T9475] RIP: 0033:0x7fa0d9e2bb7c
[  137.803333][ T9475] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  137.803350][ T9475] RSP: 002b:00007fa0d8497030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  137.803372][ T9475] RAX: ffffffffffffffda RBX: 00007fa0da045fa0 RCX: 00007fa0d9e2bb7c
[  137.803405][ T9475] RDX: 000000000000000f RSI: 00007fa0d84970a0 RDI: 0000000000000003
[  137.803420][ T9475] RBP: 00007fa0d8497090 R08: 0000000000000000 R09: 0000000000000000
[  137.803434][ T9475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.803448][ T9475] R13: 0000000000000000 R14: 00007fa0da045fa0 R15: 00007fff47577058
[  137.803485][ T9475]  </TASK>
[  138.025272][ T9491] FAULT_INJECTION: forcing a failure.
[  138.025272][ T9491] name failslab, interval 1, probability 0, space 0, times 0
[  138.038147][ T9491] CPU: 0 UID: 0 PID: 9491 Comm: wޣ� Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  138.038177][ T9491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  138.038200][ T9491] Call Trace:
[  138.038206][ T9491]  <TASK>
[  138.038215][ T9491]  dump_stack_lvl+0xf6/0x150
[  138.038243][ T9491]  dump_stack+0x15/0x1a
[  138.038266][ T9491]  should_fail_ex+0x261/0x270
[  138.038288][ T9491]  should_failslab+0x8f/0xb0
[  138.038319][ T9491]  kmem_cache_alloc_noprof+0x59/0x340
[  138.038442][ T9491]  ? audit_log_start+0x37f/0x6e0
[  138.038486][ T9491]  audit_log_start+0x37f/0x6e0
[  138.038512][ T9491]  ? kstrtouint+0x7b/0xc0
[  138.038554][ T9491]  audit_seccomp+0x4b/0x130
[  138.038596][ T9491]  __seccomp_filter+0x694/0x10e0
[  138.038634][ T9491]  ? vfs_write+0x669/0x950
[  138.038660][ T9491]  ? putname+0xe1/0x100
[  138.038821][ T9491]  __secure_computing+0x7e/0x160
[  138.038858][ T9491]  syscall_trace_enter+0xcf/0x1f0
[  138.038890][ T9491]  ? fpregs_assert_state_consistent+0x83/0xa0
[  138.039008][ T9491]  do_syscall_64+0xaa/0x1c0
[  138.039033][ T9491]  ? clear_bhb_loop+0x25/0x80
[  138.039054][ T9491]  ? clear_bhb_loop+0x25/0x80
[  138.039074][ T9491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.039094][ T9491] RIP: 0033:0x7fa0d9e2d169
[  138.039108][ T9491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.039163][ T9491] RSP: 002b:00007fa0d8497038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  138.039203][ T9491] RAX: ffffffffffffffda RBX: 00007fa0da045fa0 RCX: 00007fa0d9e2d169
[  138.039218][ T9491] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000002c0
[  138.039233][ T9491] RBP: 00007fa0d8497090 R08: 0000000000000000 R09: 0000000000000000
[  138.039246][ T9491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.039259][ T9491] R13: 0000000000000000 R14: 00007fa0da045fa0 R15: 00007fff47577058
[  138.039281][ T9491]  </TASK>
[  138.259065][ T9497] FAULT_INJECTION: forcing a failure.
[  138.259065][ T9497] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  138.272347][ T9497] CPU: 0 UID: 0 PID: 9497 Comm: syz.2.2170 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  138.272379][ T9497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  138.272393][ T9497] Call Trace:
[  138.272402][ T9497]  <TASK>
[  138.272410][ T9497]  dump_stack_lvl+0xf6/0x150
[  138.272449][ T9497]  dump_stack+0x15/0x1a
[  138.272467][ T9497]  should_fail_ex+0x261/0x270
[  138.272489][ T9497]  should_fail+0xb/0x10
[  138.272507][ T9497]  should_fail_usercopy+0x1a/0x20
[  138.272535][ T9497]  _copy_to_user+0x20/0xa0
[  138.272584][ T9497]  simple_read_from_buffer+0xb2/0x130
[  138.272615][ T9497]  proc_fail_nth_read+0x103/0x140
[  138.272651][ T9497]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  138.272726][ T9497]  vfs_read+0x1b2/0x710
[  138.272753][ T9497]  ? __rcu_read_unlock+0x4e/0x70
[  138.272787][ T9497]  ? __fget_files+0x186/0x1c0
[  138.272900][ T9497]  ksys_read+0xeb/0x1b0
[  138.272942][ T9497]  __x64_sys_read+0x42/0x50
[  138.272971][ T9497]  x64_sys_call+0x2a3b/0x2e10
[  138.273057][ T9497]  do_syscall_64+0xc9/0x1c0
[  138.273081][ T9497]  ? clear_bhb_loop+0x25/0x80
[  138.273106][ T9497]  ? clear_bhb_loop+0x25/0x80
[  138.273127][ T9497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.273152][ T9497] RIP: 0033:0x7fa0d9e2bb7c
[  138.273170][ T9497] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  138.273214][ T9497] RSP: 002b:00007fa0d8497030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  138.273259][ T9497] RAX: ffffffffffffffda RBX: 00007fa0da045fa0 RCX: 00007fa0d9e2bb7c
[  138.273273][ T9497] RDX: 000000000000000f RSI: 00007fa0d84970a0 RDI: 0000000000000003
[  138.273286][ T9497] RBP: 00007fa0d8497090 R08: 0000000000000000 R09: 0000000000000000
[  138.273300][ T9497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.273315][ T9497] R13: 0000000000000000 R14: 00007fa0da045fa0 R15: 00007fff47577058
[  138.273379][ T9497]  </TASK>
[  138.481657][ T3378] usb 9-1: new high-speed USB device number 2 using vhci_hcd
[  138.508138][ T9509] FAULT_INJECTION: forcing a failure.
[  138.508138][ T9509] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  138.521474][ T9509] CPU: 1 UID: 0 PID: 9509 Comm: syz.0.2174 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  138.521508][ T9509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  138.521523][ T9509] Call Trace:
[  138.521531][ T9509]  <TASK>
[  138.521540][ T9509]  dump_stack_lvl+0xf6/0x150
[  138.521569][ T9509]  dump_stack+0x15/0x1a
[  138.521590][ T9509]  should_fail_ex+0x261/0x270
[  138.521615][ T9509]  should_fail+0xb/0x10
[  138.521710][ T9509]  should_fail_usercopy+0x1a/0x20
[  138.521736][ T9509]  _copy_to_user+0x20/0xa0
[  138.521780][ T9509]  simple_read_from_buffer+0xb2/0x130
[  138.521813][ T9509]  proc_fail_nth_read+0x103/0x140
[  138.521871][ T9509]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  138.521971][ T9509]  vfs_read+0x1b2/0x710
[  138.521992][ T9509]  ? __rcu_read_unlock+0x4e/0x70
[  138.522023][ T9509]  ? __fget_files+0x186/0x1c0
[  138.522094][ T9509]  ksys_read+0xeb/0x1b0
[  138.522161][ T9509]  __x64_sys_read+0x42/0x50
[  138.522187][ T9509]  x64_sys_call+0x2a3b/0x2e10
[  138.522212][ T9509]  do_syscall_64+0xc9/0x1c0
[  138.522237][ T9509]  ? clear_bhb_loop+0x25/0x80
[  138.522262][ T9509]  ? clear_bhb_loop+0x25/0x80
[  138.522311][ T9509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.522331][ T9509] RIP: 0033:0x7fcf39b3bb7c
[  138.522347][ T9509] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  138.522368][ T9509] RSP: 002b:00007fcf381a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  138.522390][ T9509] RAX: ffffffffffffffda RBX: 00007fcf39d55fa0 RCX: 00007fcf39b3bb7c
[  138.522472][ T9509] RDX: 000000000000000f RSI: 00007fcf381a70a0 RDI: 0000000000000003
[  138.522487][ T9509] RBP: 00007fcf381a7090 R08: 0000000000000000 R09: 0000000000000000
[  138.522501][ T9509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.522514][ T9509] R13: 0000000000000000 R14: 00007fcf39d55fa0 R15: 00007fff0263faa8
[  138.522537][ T9509]  </TASK>
[  138.717566][ T9465] vhci_hcd: connection reset by peer
[  138.724066][  T109] vhci_hcd: stop threads
[  138.728342][  T109] vhci_hcd: release socket
[  138.732881][  T109] vhci_hcd: disconnect device
[  139.299425][ T9587] FAULT_INJECTION: forcing a failure.
[  139.299425][ T9587] name failslab, interval 1, probability 0, space 0, times 0
[  139.312235][ T9587] CPU: 0 UID: 0 PID: 9587 Comm: syz.6.2210 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  139.312268][ T9587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  139.312328][ T9587] Call Trace:
[  139.312335][ T9587]  <TASK>
[  139.312342][ T9587]  dump_stack_lvl+0xf6/0x150
[  139.312369][ T9587]  dump_stack+0x15/0x1a
[  139.312387][ T9587]  should_fail_ex+0x261/0x270
[  139.312453][ T9587]  should_failslab+0x8f/0xb0
[  139.312512][ T9587]  __kmalloc_cache_noprof+0x55/0x320
[  139.312547][ T9587]  ? __se_sys_memfd_create+0x1ea/0x5a0
[  139.312645][ T9587]  __se_sys_memfd_create+0x1ea/0x5a0
[  139.312672][ T9587]  __x64_sys_memfd_create+0x31/0x40
[  139.312694][ T9587]  x64_sys_call+0x1163/0x2e10
[  139.312716][ T9587]  do_syscall_64+0xc9/0x1c0
[  139.312748][ T9587]  ? clear_bhb_loop+0x25/0x80
[  139.312775][ T9587]  ? clear_bhb_loop+0x25/0x80
[  139.312801][ T9587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.312893][ T9587] RIP: 0033:0x7f0bb652d169
[  139.312911][ T9587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.312999][ T9587] RSP: 002b:00007f0bb4b8ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  139.313016][ T9587] RAX: ffffffffffffffda RBX: 0000000000000446 RCX: 00007f0bb652d169
[  139.313028][ T9587] RDX: 00007f0bb4b8eef0 RSI: 0000000000000000 RDI: 00007f0bb65aec3c
[  139.313039][ T9587] RBP: 0000200000000d40 R08: 00007f0bb4b8ebb7 R09: 00007f0bb4b8ee40
[  139.313050][ T9587] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  139.313061][ T9587] R13: 00007f0bb4b8eef0 R14: 00007f0bb4b8eeb0 R15: 00002000000004c0
[  139.313081][ T9587]  </TASK>
[  139.871697][ T9648] FAULT_INJECTION: forcing a failure.
[  139.871697][ T9648] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.884951][ T9648] CPU: 0 UID: 0 PID: 9648 Comm: syz.6.2237 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  139.884990][ T9648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  139.885005][ T9648] Call Trace:
[  139.885013][ T9648]  <TASK>
[  139.885023][ T9648]  dump_stack_lvl+0xf6/0x150
[  139.885072][ T9648]  dump_stack+0x15/0x1a
[  139.885088][ T9648]  should_fail_ex+0x261/0x270
[  139.885108][ T9648]  should_fail+0xb/0x10
[  139.885123][ T9648]  should_fail_usercopy+0x1a/0x20
[  139.885153][ T9648]  _copy_from_user+0x1c/0xa0
[  139.885236][ T9648]  kstrtouint_from_user+0x84/0x100
[  139.885259][ T9648]  ? 0xffffffff81000000
[  139.885275][ T9648]  ? selinux_file_permission+0x22d/0x360
[  139.885317][ T9648]  proc_fail_nth_write+0x54/0x160
[  139.885351][ T9648]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  139.885479][ T9648]  vfs_write+0x295/0x950
[  139.885501][ T9648]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  139.885560][ T9648]  ? __fget_files+0x186/0x1c0
[  139.885597][ T9648]  ksys_write+0xeb/0x1b0
[  139.885627][ T9648]  __x64_sys_write+0x42/0x50
[  139.885679][ T9648]  x64_sys_call+0x2a45/0x2e10
[  139.885702][ T9648]  do_syscall_64+0xc9/0x1c0
[  139.885727][ T9648]  ? clear_bhb_loop+0x25/0x80
[  139.885754][ T9648]  ? clear_bhb_loop+0x25/0x80
[  139.885780][ T9648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.885802][ T9648] RIP: 0033:0x7f0bb652bc1f
[  139.885890][ T9648] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  139.885948][ T9648] RSP: 002b:00007f0bb4b8f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  139.885975][ T9648] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0bb652bc1f
[  139.885989][ T9648] RDX: 0000000000000001 RSI: 00007f0bb4b8f0a0 RDI: 0000000000000003
[  139.886004][ T9648] RBP: 00007f0bb4b8f090 R08: 0000000000000000 R09: 0000000000000000
[  139.886018][ T9648] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  139.886032][ T9648] R13: 0000000000000000 R14: 00007f0bb6745fa0 R15: 00007ffdef234b28
[  139.886118][ T9648]  </TASK>
[  140.298771][ T9682] FAULT_INJECTION: forcing a failure.
[  140.298771][ T9682] name failslab, interval 1, probability 0, space 0, times 0
[  140.311503][ T9682] CPU: 1 UID: 0 PID: 9682 Comm: syz.6.2251 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  140.311538][ T9682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  140.311553][ T9682] Call Trace:
[  140.311562][ T9682]  <TASK>
[  140.311600][ T9682]  dump_stack_lvl+0xf6/0x150
[  140.311627][ T9682]  dump_stack+0x15/0x1a
[  140.311643][ T9682]  should_fail_ex+0x261/0x270
[  140.311740][ T9682]  should_failslab+0x8f/0xb0
[  140.311846][ T9682]  __kmalloc_cache_noprof+0x55/0x320
[  140.311878][ T9682]  ? audit_log_d_path+0x8e/0x150
[  140.311904][ T9682]  audit_log_d_path+0x8e/0x150
[  140.311931][ T9682]  audit_log_d_path_exe+0x42/0x70
[  140.311958][ T9682]  audit_log_task+0x1f1/0x250
[  140.312063][ T9682]  audit_seccomp+0x68/0x130
[  140.312086][ T9682]  __seccomp_filter+0x694/0x10e0
[  140.312123][ T9682]  ? vfs_write+0x669/0x950
[  140.312188][ T9682]  __secure_computing+0x7e/0x160
[  140.312291][ T9682]  syscall_trace_enter+0xcf/0x1f0
[  140.312390][ T9682]  do_syscall_64+0xaa/0x1c0
[  140.312414][ T9682]  ? clear_bhb_loop+0x25/0x80
[  140.312495][ T9682]  ? clear_bhb_loop+0x25/0x80
[  140.312515][ T9682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.312549][ T9682] RIP: 0033:0x7f0bb652d169
[  140.312634][ T9682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.312663][ T9682] RSP: 002b:00007f0bb4b8f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  140.312686][ T9682] RAX: ffffffffffffffda RBX: 00007f0bb6745fa0 RCX: 00007f0bb652d169
[  140.312700][ T9682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  140.312713][ T9682] RBP: 00007f0bb4b8f090 R08: 0000000000000000 R09: 0000000000000000
[  140.312724][ T9682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.312807][ T9682] R13: 0000000000000000 R14: 00007f0bb6745fa0 R15: 00007ffdef234b28
[  140.312829][ T9682]  </TASK>
[  140.566981][ T9688] FAULT_INJECTION: forcing a failure.
[  140.566981][ T9688] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  140.580252][ T9688] CPU: 0 UID: 0 PID: 9688 Comm: syz.6.2254 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  140.580340][ T9688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  140.580355][ T9688] Call Trace:
[  140.580363][ T9688]  <TASK>
[  140.580371][ T9688]  dump_stack_lvl+0xf6/0x150
[  140.580399][ T9688]  dump_stack+0x15/0x1a
[  140.580420][ T9688]  should_fail_ex+0x261/0x270
[  140.580444][ T9688]  should_fail+0xb/0x10
[  140.580483][ T9688]  should_fail_usercopy+0x1a/0x20
[  140.580504][ T9688]  _copy_from_user+0x1c/0xa0
[  140.580535][ T9688]  copy_msghdr_from_user+0x54/0x2b0
[  140.580601][ T9688]  ? __fget_files+0x186/0x1c0
[  140.580640][ T9688]  __sys_sendmsg+0x141/0x240
[  140.580676][ T9688]  __x64_sys_sendmsg+0x46/0x50
[  140.580693][ T9688]  x64_sys_call+0x26f3/0x2e10
[  140.580717][ T9688]  do_syscall_64+0xc9/0x1c0
[  140.580804][ T9688]  ? clear_bhb_loop+0x25/0x80
[  140.580830][ T9688]  ? clear_bhb_loop+0x25/0x80
[  140.580855][ T9688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.580887][ T9688] RIP: 0033:0x7f0bb652d169
[  140.580904][ T9688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.580953][ T9688] RSP: 002b:00007f0bb4b8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.580973][ T9688] RAX: ffffffffffffffda RBX: 00007f0bb6745fa0 RCX: 00007f0bb652d169
[  140.580987][ T9688] RDX: 0000000000000000 RSI: 0000200000000640 RDI: 0000000000000003
[  140.581001][ T9688] RBP: 00007f0bb4b8f090 R08: 0000000000000000 R09: 0000000000000000
[  140.581015][ T9688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.581028][ T9688] R13: 0000000000000000 R14: 00007f0bb6745fa0 R15: 00007ffdef234b28
[  140.581048][ T9688]  </TASK>
[  140.842503][ T9700] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  140.902490][ T9709] Process accounting resumed
[  140.990885][ T9724] FAULT_INJECTION: forcing a failure.
[  140.990885][ T9724] name failslab, interval 1, probability 0, space 0, times 0
[  141.003631][ T9724] CPU: 1 UID: 0 PID: 9724 Comm: syz.5.2271 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  141.003662][ T9724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  141.003677][ T9724] Call Trace:
[  141.003684][ T9724]  <TASK>
[  141.003692][ T9724]  dump_stack_lvl+0xf6/0x150
[  141.003756][ T9724]  dump_stack+0x15/0x1a
[  141.003777][ T9724]  should_fail_ex+0x261/0x270
[  141.003803][ T9724]  should_failslab+0x8f/0xb0
[  141.003831][ T9724]  kmem_cache_alloc_node_noprof+0x5c/0x340
[  141.003888][ T9724]  ? __alloc_skb+0x10d/0x320
[  141.003955][ T9724]  __alloc_skb+0x10d/0x320
[  141.003989][ T9724]  netlink_alloc_large_skb+0xad/0xe0
[  141.004017][ T9724]  netlink_sendmsg+0x3da/0x720
[  141.004050][ T9724]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.004107][ T9724]  __sock_sendmsg+0x140/0x180
[  141.004139][ T9724]  ____sys_sendmsg+0x350/0x4e0
[  141.004166][ T9724]  __sys_sendmsg+0x1a0/0x240
[  141.004205][ T9724]  __x64_sys_sendmsg+0x46/0x50
[  141.004227][ T9724]  x64_sys_call+0x26f3/0x2e10
[  141.004254][ T9724]  do_syscall_64+0xc9/0x1c0
[  141.004302][ T9724]  ? clear_bhb_loop+0x25/0x80
[  141.004329][ T9724]  ? clear_bhb_loop+0x25/0x80
[  141.004354][ T9724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.004374][ T9724] RIP: 0033:0x7f591029d169
[  141.004388][ T9724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.004471][ T9724] RSP: 002b:00007f590e907038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  141.004492][ T9724] RAX: ffffffffffffffda RBX: 00007f59104b5fa0 RCX: 00007f591029d169
[  141.004507][ T9724] RDX: 0000000020040000 RSI: 00002000000003c0 RDI: 0000000000000003
[  141.004521][ T9724] RBP: 00007f590e907090 R08: 0000000000000000 R09: 0000000000000000
[  141.004572][ T9724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.004586][ T9724] R13: 0000000000000000 R14: 00007f59104b5fa0 R15: 00007ffd27fd9d68
[  141.004606][ T9724]  </TASK>
[  141.244532][ T9731] FAULT_INJECTION: forcing a failure.
[  141.244532][ T9731] name failslab, interval 1, probability 0, space 0, times 0
[  141.257331][ T9731] CPU: 0 UID: 0 PID: 9731 Comm: syz.2.2274 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  141.257365][ T9731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  141.257385][ T9731] Call Trace:
[  141.257393][ T9731]  <TASK>
[  141.257402][ T9731]  dump_stack_lvl+0xf6/0x150
[  141.257433][ T9731]  dump_stack+0x15/0x1a
[  141.257453][ T9731]  should_fail_ex+0x261/0x270
[  141.257479][ T9731]  should_failslab+0x8f/0xb0
[  141.257511][ T9731]  kmem_cache_alloc_node_noprof+0x5c/0x340
[  141.257584][ T9731]  ? __alloc_skb+0x10d/0x320
[  141.257620][ T9731]  __alloc_skb+0x10d/0x320
[  141.257653][ T9731]  ? audit_log_start+0x37f/0x6e0
[  141.257680][ T9731]  audit_log_start+0x39a/0x6e0
[  141.257706][ T9731]  ? kstrtouint+0x7b/0xc0
[  141.257823][ T9731]  audit_seccomp+0x4b/0x130
[  141.257847][ T9731]  __seccomp_filter+0x694/0x10e0
[  141.257876][ T9731]  ? vfs_write+0x669/0x950
[  141.257906][ T9731]  __secure_computing+0x7e/0x160
[  141.257995][ T9731]  syscall_trace_enter+0xcf/0x1f0
[  141.258034][ T9731]  do_syscall_64+0xaa/0x1c0
[  141.258055][ T9731]  ? clear_bhb_loop+0x25/0x80
[  141.258080][ T9731]  ? clear_bhb_loop+0x25/0x80
[  141.258183][ T9731]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.258282][ T9731] RIP: 0033:0x7fa0d9e2d169
[  141.258301][ T9731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.258323][ T9731] RSP: 002b:00007fa0d8497038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3
[  141.258346][ T9731] RAX: ffffffffffffffda RBX: 00007fa0da045fa0 RCX: 00007fa0d9e2d169
[  141.258361][ T9731] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  141.258415][ T9731] RBP: 00007fa0d8497090 R08: 0000000000000000 R09: 0000000000000000
[  141.258428][ T9731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  141.258442][ T9731] R13: 0000000000000000 R14: 00007fa0da045fa0 R15: 00007fff47577058
[  141.258463][ T9731]  </TASK>
[  141.705462][ T9761] Process accounting resumed
[  142.094071][ T9789] FAULT_INJECTION: forcing a failure.
[  142.094071][ T9789] name failslab, interval 1, probability 0, space 0, times 0
[  142.106802][ T9789] CPU: 0 UID: 0 PID: 9789 Comm: syz.2.2298 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  142.106871][ T9789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  142.106883][ T9789] Call Trace:
[  142.106890][ T9789]  <TASK>
[  142.106898][ T9789]  dump_stack_lvl+0xf6/0x150
[  142.106927][ T9789]  dump_stack+0x15/0x1a
[  142.107000][ T9789]  should_fail_ex+0x261/0x270
[  142.107019][ T9789]  should_failslab+0x8f/0xb0
[  142.107045][ T9789]  kmem_cache_alloc_noprof+0x59/0x340
[  142.107075][ T9789]  ? security_file_alloc+0x32/0x100
[  142.107175][ T9789]  security_file_alloc+0x32/0x100
[  142.107209][ T9789]  init_file+0x5e/0x1e0
[  142.107248][ T9789]  alloc_empty_file+0x8e/0x200
[  142.107288][ T9789]  alloc_file_pseudo+0xcb/0x160
[  142.107396][ T9789]  __shmem_file_setup+0x1bb/0x1f0
[  142.107434][ T9789]  shmem_file_setup+0x3b/0x50
[  142.107479][ T9789]  __se_sys_memfd_create+0x2e1/0x5a0
[  142.107500][ T9789]  __x64_sys_memfd_create+0x31/0x40
[  142.107524][ T9789]  x64_sys_call+0x1163/0x2e10
[  142.107575][ T9789]  do_syscall_64+0xc9/0x1c0
[  142.107644][ T9789]  ? clear_bhb_loop+0x25/0x80
[  142.107670][ T9789]  ? clear_bhb_loop+0x25/0x80
[  142.107703][ T9789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.107728][ T9789] RIP: 0033:0x7fa0d9e2d169
[  142.107745][ T9789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.107767][ T9789] RSP: 002b:00007fa0d8496e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  142.107790][ T9789] RAX: ffffffffffffffda RBX: 0000000000000503 RCX: 00007fa0d9e2d169
[  142.107845][ T9789] RDX: 00007fa0d8496ef0 RSI: 0000000000000000 RDI: 00007fa0d9eaec3c
[  142.107857][ T9789] RBP: 0000200000000880 R08: 00007fa0d8496bb7 R09: 00007fa0d8496e40
[  142.107868][ T9789] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000140
[  142.107921][ T9789] R13: 00007fa0d8496ef0 R14: 00007fa0d8496eb0 R15: 0000200000000580
[  142.107942][ T9789]  </TASK>
[  142.396744][ T9801] Process accounting resumed
[  142.432339][   T29] kauditd_printk_skb: 1564 callbacks suppressed
[  142.432435][   T29] audit: type=1400 audit(1743390864.253:5638): avc:  denied  { prog_load } for  pid=9809 comm="syz.5.2308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  142.467993][   T29] audit: type=1400 audit(1743390864.253:5639): avc:  denied  { create } for  pid=9811 comm="syz.2.2309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[  142.488705][   T29] audit: type=1400 audit(1743390864.253:5640): avc:  denied  { read write } for  pid=9811 comm="syz.2.2309" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[  142.512832][   T29] audit: type=1326 audit(1743390864.253:5641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9772 comm="syz.0.2292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcf39b34127 code=0x7ffc0000
[  142.536244][   T29] audit: type=1326 audit(1743390864.253:5642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9772 comm="syz.0.2292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf39ad9359 code=0x7ffc0000
[  142.559725][   T29] audit: type=1326 audit(1743390864.253:5643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9772 comm="syz.0.2292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7fcf39b3d169 code=0x7ffc0000
[  142.565590][ T9810] audit: audit_backlog=65 > audit_backlog_limit=64
[  142.583168][   T29] audit: type=1400 audit(1743390864.253:5644): avc:  denied  { map_create } for  pid=9811 comm="syz.2.2309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  142.583201][   T29] audit: type=1400 audit(1743390864.253:5645): avc:  denied  { prog_load } for  pid=9811 comm="syz.2.2309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[  142.589711][ T9810] audit: audit_lost=7 audit_rate_limit=0 audit_backlog_limit=64
[  142.698321][ T9830] ==================================================================
[  142.706466][ T9830] BUG: KCSAN: data-race in mas_replace_node / mtree_range_walk
[  142.714105][ T9830] 
[  142.716452][ T9830] write to 0xffff8881178e1400 of 8 bytes by task 9829 on cpu 1:
[  142.724101][ T9830]  mas_replace_node+0x1b8/0x430
[  142.728985][ T9830]  mas_wr_store_entry+0x1e80/0x2460
[  142.734210][ T9830]  mas_store_prealloc+0x6d5/0x960
[  142.739242][ T9830]  vma_complete+0x3a7/0x760
[  142.743771][ T9830]  __split_vma+0x5d9/0x6a0
[  142.748205][ T9830]  vma_modify+0x105/0x200
[  142.752549][ T9830]  vma_modify_flags+0xf3/0x120
[  142.757330][ T9830]  mprotect_fixup+0x323/0x600
[  142.762029][ T9830]  do_mprotect_pkey+0x6ce/0x9a0
[  142.766899][ T9830]  __x64_sys_mprotect+0x48/0x60
[  142.771768][ T9830]  x64_sys_call+0x272f/0x2e10
[  142.776468][ T9830]  do_syscall_64+0xc9/0x1c0
[  142.781000][ T9830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.786989][ T9830] 
[  142.789315][ T9830] read to 0xffff8881178e1400 of 8 bytes by task 9830 on cpu 0:
[  142.796865][ T9830]  mtree_range_walk+0x347/0x460
[  142.801722][ T9830]  mas_walk+0x16e/0x320
[  142.805898][ T9830]  lock_vma_under_rcu+0x97/0x290
[  142.810856][ T9830]  exc_page_fault+0x150/0x650
[  142.815549][ T9830]  asm_exc_page_fault+0x26/0x30
[  142.820417][ T9830] 
[  142.822750][ T9830] value changed: 0xffff888101dbc90e -> 0xffff8881178e1400
[  142.829901][ T9830] 
[  142.832235][ T9830] Reported by Kernel Concurrency Sanitizer on:
[  142.838411][ T9830] CPU: 0 UID: 0 PID: 9830 Comm: syz.0.2317 Not tainted 6.14.0-syzkaller-10764-gaa918db707fb #0 PREEMPT(voluntary) 
[  142.850492][ T9830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  142.860643][ T9830] ==================================================================
[  143.563912][ T3378] vhci_hcd: vhci_device speed not set