last executing test programs:

1.21419976s ago: executing program 4 (id=757):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000004c0)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@noinit_itable}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0x0, 0x55f, &(0x7f0000001040)="$eJzs3V1rHNUbAPBnNknf//+mUAoKSqAXVmo3TeJLBcF6KVos6H1dkmko2XRLdlOaWGh7YW+8kSKIWBA/gPdeFr+An6KghSIl6IU3K7OZTbfNbpKmGzd1fj+Y9pyZ2Zx59sxz9szOLhtAYY1l/5QiXoqIr5OIwx3bhiPfOLa638qj69PZkkSz+ekfSST5uvb+Sf7/weRx5ZcvI06W1rdbX1qeq1Sr6UJeH2/MXxmvLy2fujRfmU1n08uTU1Nn3pqafPedt/sW6+vn//ruk3sfnvnq+Mq3Pz04cieJs3Eo39YZx3O42VkZi7H8aRiJs0/tONGHxnaTZNAHwLYM5Xk+EtkYcDiG8qwH/vtuREQTKKhE/kNBtecB7Wv7Pl0HvzAefrB6AbQ+/uHV90ZiX+va6MBK8sSVUXa9O9qH9rM2fv797p1siU3eh7jRh/YA2m7eiojTw8Prx78kH/+273TrzeONPd1G0V5/YJDuZfOfN7rNf0pr85/oMv852CV3t2Pz/C896EMzPWXzv/e6zn/Xhq7Robz2v9acbyS5eKmano6I/0fEiRjZm9U3up9zZuV+s9e2zvlftmTtt+eC+XE8GN775GNmKo3K88Tc6eGtiJe7zn+Ttf5PuvR/9nyc32Ibx9K7r/batnn8O6v5Y8RrXfv/8R2tZOP7k+Ot82G8fVas9+ftY7/2an/Q8Wf9f2Dj+EeTzvu19Wdv44d9f6e9tm33/N+TfNYq78nXXas0GgsTEXuSj9evn3z82Ha9vX8W/4njG49/3c7//RHx+Rbjv330ds9dB97/zSRmnqn/n71w/6Mvvu/V/tb6/81W6US+Zivj31YP8HmeOwAAAAAAANhtShFxKJJSea1cKpXLq5/vOBoHStVavXHyYm3x8ky0vis7GiOl/E73K9HxeYiJ/POw7frkU/WpiDgSEd8M7W/Vy9O16syggwcAAAAAAAAAAAAAAAAAAIBd4mCP7/9nfhsa9NEBO85PfkNxbZr//filJ2BX8voPxSX/objkPxSX/Ifikv9QXPIfikv+Q3HJfwAAAAAAAAAAAAAAAAAAAAAAAAAAAOir8+fOZUtz5dH16aw+c3Vpca529dRMWp8rzy9Ol6drC1fKs7XabDUtT9fmN/t71VrtysRkLF4bb6T1xnh9afnCfG3xcuPCpfnKbHohHflXogIAAAAAAAAAAAAAAAAAAIAXS31pea5SraYLCj0L78euOIydDHDVth4+vFuiUOhrYcADEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0+CcAAP//PZ416Q==")
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0)

1.180334781s ago: executing program 4 (id=758):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40dddb51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42553ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000000509619f5f0cbc72eebc653946d3552236f0dfe485cfa71bd69f4ded6e131128c3875b785875addfcbd5931c12adbef75535e694f3a19f28f9f99fa32e8ff66e7b1ff674434fb63ba0e28aadccf77d387525c98e81476058c958eaccfa7d251d0671222dc9d06485f7f690d3d4227bd21bd7ff8338617705b7faec47c86789a488b43d0fedf1b0ee05d65c677ced1e8214b2f6cb74d73886eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000f3b874108b013f53479d85f0f24b7e34138faf48ea89877e3c9efa46965f983249dcf68fe5fcdacdc92e3f653858b1d1ee76e9ccfcf3a53c8254620457914dd5775ff9bc60f67e0bb04b1154d8ecbc74a69ceffc952445f3ca4f616cf85a7e35e6d4e187a3bb38bd75d6d124219a8d9bc56ee6dab0ee703d0f1a7ccd16b0c8e454ae81c48d5d7dbe5fb0e71f0974e9f3d3293f7d72afc404326a7c341c76cf319611ec0b73fab4d4c2ab1208b3a8a4676205f121bee423d5dc631b3084be5187b8536e04d7af2347a626cc696612e32154a41f2966862ab598fb1da34dabc9f3459b89b57e1ed57f0e26e63cea9615b1"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000181100003d3484a44afbdc6fce2c0e5a10e8f9a535eced18ae72d49a7dbb252dfb269be6ef682a4702a9a21fe638e042ab", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x6b)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r4}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000000)={0x2, 0x0, 0x7})
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a310000000024010000050a01020000000000000000010000000c00024000000000000000010900010073797a3100000000040004"], 0x1ac}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r8=>0x0)
io_pgetevents(r8, 0x3, 0x3, &(0x7f0000000440)=[{}, {}, {}], 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="06000000000000", @ANYRES32, @ANYBLOB="01000000050000000200"/20], 0x50)
r9 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r10 = syz_open_dev$usbfs(0x0, 0x1ff, 0xa401)
fcntl$dupfd(r10, 0x0, r10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r9}, &(0x7f0000000080), &(0x7f00000006c0)='%-010d \x00'}, 0x20)

969.042394ms ago: executing program 3 (id=766):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="c872e100e8ffffff850000000700000002c70000004002002d37f0fffcffffff"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0x3, 0x5, 0x1}, 0x10, 0x0, 0x0, 0xa, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff], &(0x7f0000000580)=[{0x3, 0x2, 0xa}, {0x3, 0x3, 0x8, 0xb}, {0x0, 0x2, 0x6, 0x6}, {0x4, 0x5, 0x9, 0x5}, {0x5, 0x1, 0x10, 0x1}, {0x2, 0x4, 0xd, 0xc}, {0x4, 0x1, 0xb, 0x4}, {0x1, 0x2, 0x10, 0xb}, {0x1, 0x5, 0xd, 0xc}, {0x3, 0x2, 0x0, 0xb}], 0x10, 0x3, @void, @value}, 0x94)
ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000208e052500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x100, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmmsg(r3, &(0x7f0000001140), 0x700, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5, 0x0, 0x3}, 0x18)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000f80)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x801, 0x3, 0x0, 0x0, 0xfffffffa, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}, 0x80000001, 0x4000000}}], [@TCA_POLICE_RATE={0x404, 0x2, [0xa3, 0x5, 0x4, 0x8, 0x2, 0x7, 0x1, 0x0, 0x8, 0xfffffffc, 0x4, 0x2, 0x55, 0x1, 0x4, 0x9, 0x8f729a78, 0x8, 0x5, 0x10001, 0x3, 0x40, 0x7, 0x3, 0x8, 0x8, 0x6, 0x9, 0x3, 0x251, 0xb, 0x3, 0x3, 0x0, 0x5, 0x7ff, 0x8, 0x6a4, 0x9, 0x8001, 0x84e, 0x0, 0x1, 0x1, 0xffffff7f, 0x4, 0x2, 0x9, 0x2, 0x7fff, 0x6, 0x80000001, 0xf9, 0x4, 0x8, 0x9, 0x1, 0x294, 0x401, 0x26, 0x3e2, 0x5d0, 0x0, 0x14c9, 0xff, 0x1ff, 0x7, 0xffff, 0x4e6, 0x0, 0x800, 0x3, 0x8, 0x2, 0x800, 0x2596, 0x8, 0x2, 0x7f, 0x1, 0xfffffffe, 0x400, 0x7f, 0x7ff, 0x10000, 0x7, 0x9, 0x9, 0xd, 0x3, 0x0, 0x2, 0xdc2d, 0x1, 0x3, 0x3, 0x1ff, 0x5628, 0x678, 0x0, 0x5, 0x0, 0x5, 0x6, 0xc0, 0x20d, 0x26, 0x7fff, 0x0, 0x5, 0x895, 0x3, 0x3, 0xc22, 0x5, 0x62, 0x9, 0x477, 0x4, 0xe, 0x1c1df941, 0x40, 0x141, 0xc, 0x9, 0x6, 0x7, 0x7, 0x8c7, 0x1, 0x5, 0x8, 0x8, 0x41d, 0x8, 0x7, 0x5, 0x7fffffff, 0x0, 0x2, 0x30, 0x80000001, 0x3, 0x1e4a, 0xa4, 0x30, 0x1395, 0x3, 0x7fff, 0x3d, 0x0, 0x11, 0x7fff, 0x7, 0xfffffffb, 0x7, 0xa, 0x401, 0xb1a1, 0x8, 0x8, 0x3, 0xd08f57a5, 0xfffffffc, 0x1, 0x719b1140, 0x8, 0x2, 0x7a56, 0xfffffa8b, 0x4, 0x8, 0x200, 0x680, 0x10, 0x5, 0x82a4, 0x3, 0x3, 0x6, 0xa, 0x10000, 0x9, 0x3508, 0x81, 0x0, 0x81, 0x4, 0x1, 0x5a5, 0x1000, 0x8, 0x0, 0x5, 0x8, 0xff, 0x6, 0x9bb, 0x7fff, 0x8, 0x3, 0x0, 0x9, 0x5, 0x5, 0x800, 0x1, 0x9, 0x2, 0xe99, 0x3, 0x2, 0x71, 0x8001, 0xbf5, 0x3, 0x1, 0x24, 0x2, 0xcf2, 0x3, 0x81, 0x0, 0x6, 0x2f4, 0x8, 0x9, 0x400, 0x7f, 0x4, 0x4, 0x1000, 0x1, 0x6, 0x9, 0x0, 0x346, 0xcaf, 0xfe, 0x10000, 0x1, 0x3ff, 0xfffffff8, 0x5, 0x8, 0x638f, 0x8, 0x7, 0x6, 0x9, 0x3, 0x8, 0x5, 0x0, 0x0, 0xff]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x2, 0x7d3, 0x2, 0x7, 0xf, 0x7f, 0xfffffff8, 0x400000, 0x7fffffff, 0x0, 0x80000001, 0x80, 0x4000005, 0x6, 0x6, 0x4, 0x6, 0x4, 0x8, 0x9, 0xb979, 0x517, 0x4bd, 0xe, 0x1, 0x9, 0x2, 0x7, 0x3ff, 0xfffffff8, 0x2, 0x9, 0x2, 0x1000, 0x812, 0x8, 0xff, 0x8, 0x3, 0x9, 0x5, 0x7, 0x4, 0x8, 0x70, 0x80000000, 0xe, 0xc5f, 0x40, 0x6, 0x8, 0x5f44, 0x70, 0x4, 0x3, 0x98, 0x0, 0x8, 0xfff, 0xd, 0xbb7, 0x41, 0x6, 0x5, 0x2, 0xfffff3e3, 0x7f, 0x4, 0x400, 0x101, 0x6, 0x0, 0x9, 0x400, 0x1, 0x37, 0x8, 0x3, 0xbcb4, 0x0, 0x49, 0x3, 0xffffffff, 0x6, 0x6, 0x101, 0x4, 0x8, 0x2, 0xce, 0x7, 0x400, 0x49, 0x0, 0x2, 0xb, 0x3, 0x8, 0x2, 0x7f, 0x800, 0x5, 0x3, 0x2, 0x9, 0x0, 0x0, 0x5, 0x6, 0x5, 0x40000000, 0x7, 0x2, 0x5, 0xc1, 0x8000, 0xb, 0x329, 0xc, 0x1, 0x1, 0x9, 0x2000, 0x101, 0xc72e, 0x0, 0x3, 0x2, 0x7, 0x6, 0x80000000, 0x8, 0x72, 0x2000095a, 0x1, 0xfffffff8, 0x3, 0x1, 0x3, 0x80000001, 0x10001, 0x9, 0xe000000, 0x1, 0x40, 0x6, 0x8, 0x200000, 0x100, 0xa, 0x1, 0xfffffffe, 0x1ff, 0x8, 0x7ff, 0x8, 0x1, 0x6, 0x3, 0x1, 0x443, 0x6, 0x5, 0x1, 0xffffff80, 0x6, 0x7fffffff, 0x0, 0x8, 0xffffff24, 0x0, 0x1, 0x4, 0x8001, 0x6, 0xd0e, 0x15, 0x5, 0xfffffffd, 0x5a9a, 0xd020, 0xfffff000, 0x1, 0x9, 0x8c, 0x7ff, 0x6, 0xfffffffb, 0x986, 0x9, 0x13c8f99b, 0x2, 0x80000001, 0xfffffffd, 0x75, 0x26, 0x0, 0x3, 0x0, 0x1000, 0x557, 0xff, 0x6, 0x2, 0x609f, 0x1, 0xd0, 0x3, 0xf1a, 0xfff, 0x2, 0x69, 0x0, 0xffff, 0x7, 0x1800, 0xc, 0x8, 0x4, 0x12e, 0x5, 0xa61, 0x1, 0x8001, 0x0, 0x4, 0x0, 0xd, 0x8, 0x16, 0x0, 0x4, 0x6d6a, 0x9, 0x1, 0x9, 0x1000, 0xba, 0x4, 0x0, 0x8, 0xffffe9b0, 0x20001, 0x4, 0x10000, 0x6, 0x3, 0x2, 0x4, 0x9, 0x101, 0x9, 0x3, 0x6, 0x1, 0xfffffe00]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_setup(0x2, &(0x7f0000002400)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}])
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x8000000, 0x238, 0xf8, 0x720d, 0x148, 0xf8, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)
sendto$inet(r8, 0x0, 0x0, 0x24000080, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000007000000020000000400000005000000", @ANYRES32, @ANYBLOB="00249a23ad638ab6000000000000ebff00000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7000000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000085000000030000007b9032108e1dc40300"/72], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r10, @ANYRES64=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r11}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)

909.191326ms ago: executing program 0 (id=770):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="c872e100e8ffffff850000000700000002c70000004002002d37f0fffcffffff"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0x3, 0x5, 0x1}, 0x10, 0x0, 0x0, 0xa, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff], &(0x7f0000000580)=[{0x3, 0x2, 0xa}, {0x3, 0x3, 0x8, 0xb}, {0x0, 0x2, 0x6, 0x6}, {0x4, 0x5, 0x9, 0x5}, {0x5, 0x1, 0x10, 0x1}, {0x2, 0x4, 0xd, 0xc}, {0x4, 0x1, 0xb, 0x4}, {0x1, 0x2, 0x10, 0xb}, {0x1, 0x5, 0xd, 0xc}, {0x3, 0x2, 0x0, 0xb}], 0x10, 0x3, @void, @value}, 0x94)
ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000208e052500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmmsg(r2, &(0x7f0000001140), 0x700, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000f80)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x801, 0x3, 0x0, 0x0, 0xfffffffa, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}, 0x80000001, 0x4000000}}], [@TCA_POLICE_RATE={0x404, 0x2, [0xa3, 0x5, 0x4, 0x8, 0x2, 0x7, 0x1, 0x0, 0x8, 0xfffffffc, 0x4, 0x2, 0x55, 0x1, 0x4, 0x9, 0x8f729a78, 0x8, 0x5, 0x10001, 0x3, 0x40, 0x7, 0x3, 0x8, 0x8, 0x6, 0x9, 0x3, 0x251, 0xb, 0x3, 0x3, 0x0, 0x5, 0x7ff, 0x8, 0x6a4, 0x9, 0x8001, 0x84e, 0x0, 0x1, 0x1, 0xffffff7f, 0x4, 0x2, 0x9, 0x2, 0x7fff, 0x6, 0x80000001, 0xf9, 0x4, 0x8, 0x9, 0x1, 0x294, 0x401, 0x26, 0x3e2, 0x5d0, 0x0, 0x14c9, 0xff, 0x1ff, 0x7, 0xffff, 0x4e6, 0x0, 0x800, 0x3, 0x8, 0x2, 0x800, 0x2596, 0x8, 0x2, 0x7f, 0x1, 0xfffffffe, 0x400, 0x7f, 0x7ff, 0x10000, 0x7, 0x9, 0x9, 0xd, 0x3, 0x0, 0x2, 0xdc2d, 0x1, 0x3, 0x3, 0x1ff, 0x5628, 0x678, 0x0, 0x5, 0x0, 0x5, 0x6, 0xc0, 0x20d, 0x26, 0x7fff, 0x0, 0x5, 0x895, 0x3, 0x3, 0xc22, 0x5, 0x62, 0x9, 0x477, 0x4, 0xe, 0x1c1df941, 0x40, 0x141, 0xc, 0x9, 0x6, 0x7, 0x7, 0x8c7, 0x1, 0x5, 0x8, 0x8, 0x41d, 0x8, 0x7, 0x5, 0x7fffffff, 0x0, 0x2, 0x30, 0x80000001, 0x3, 0x1e4a, 0xa4, 0x30, 0x1395, 0x3, 0x7fff, 0x3d, 0x0, 0x11, 0x7fff, 0x7, 0xfffffffb, 0x7, 0xa, 0x401, 0xb1a1, 0x8, 0x8, 0x3, 0xd08f57a5, 0xfffffffc, 0x1, 0x719b1140, 0x8, 0x2, 0x7a56, 0xfffffa8b, 0x4, 0x8, 0x200, 0x680, 0x10, 0x5, 0x82a4, 0x3, 0x3, 0x6, 0xa, 0x10000, 0x9, 0x3508, 0x81, 0x0, 0x81, 0x4, 0x1, 0x5a5, 0x1000, 0x8, 0x0, 0x5, 0x8, 0xff, 0x6, 0x9bb, 0x7fff, 0x8, 0x3, 0x0, 0x9, 0x5, 0x5, 0x800, 0x1, 0x9, 0x2, 0xe99, 0x3, 0x2, 0x71, 0x8001, 0xbf5, 0x3, 0x1, 0x24, 0x2, 0xcf2, 0x3, 0x81, 0x0, 0x6, 0x2f4, 0x8, 0x9, 0x400, 0x7f, 0x4, 0x4, 0x1000, 0x1, 0x6, 0x9, 0x0, 0x346, 0xcaf, 0xfe, 0x10000, 0x1, 0x3ff, 0xfffffff8, 0x5, 0x8, 0x638f, 0x8, 0x7, 0x6, 0x9, 0x3, 0x8, 0x5, 0x0, 0x0, 0xff]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x2, 0x7d3, 0x2, 0x7, 0xf, 0x7f, 0xfffffff8, 0x400000, 0x7fffffff, 0x0, 0x80000001, 0x80, 0x4000005, 0x6, 0x6, 0x4, 0x6, 0x4, 0x8, 0x9, 0xb979, 0x517, 0x4bd, 0xe, 0x1, 0x9, 0x2, 0x7, 0x3ff, 0xfffffff8, 0x2, 0x9, 0x2, 0x1000, 0x812, 0x8, 0xff, 0x8, 0x3, 0x9, 0x5, 0x7, 0x4, 0x8, 0x70, 0x80000000, 0xe, 0xc5f, 0x40, 0x6, 0x8, 0x5f44, 0x70, 0x4, 0x3, 0x98, 0x0, 0x8, 0xfff, 0xd, 0xbb7, 0x41, 0x6, 0x5, 0x2, 0xfffff3e3, 0x7f, 0x4, 0x400, 0x101, 0x6, 0x0, 0x9, 0x400, 0x1, 0x37, 0x8, 0x3, 0xbcb4, 0x0, 0x49, 0x3, 0xffffffff, 0x6, 0x6, 0x101, 0x4, 0x8, 0x2, 0xce, 0x7, 0x400, 0x49, 0x0, 0x2, 0xb, 0x3, 0x8, 0x2, 0x7f, 0x800, 0x5, 0x3, 0x2, 0x9, 0x0, 0x0, 0x5, 0x6, 0x5, 0x40000000, 0x7, 0x2, 0x5, 0xc1, 0x8000, 0xb, 0x329, 0xc, 0x1, 0x1, 0x9, 0x2000, 0x101, 0xc72e, 0x0, 0x3, 0x2, 0x7, 0x6, 0x80000000, 0x8, 0x72, 0x2000095a, 0x1, 0xfffffff8, 0x3, 0x1, 0x3, 0x80000001, 0x10001, 0x9, 0xe000000, 0x1, 0x40, 0x6, 0x8, 0x200000, 0x100, 0xa, 0x1, 0xfffffffe, 0x1ff, 0x8, 0x7ff, 0x8, 0x1, 0x6, 0x3, 0x1, 0x443, 0x6, 0x5, 0x1, 0xffffff80, 0x6, 0x7fffffff, 0x0, 0x8, 0xffffff24, 0x0, 0x1, 0x4, 0x8001, 0x6, 0xd0e, 0x15, 0x5, 0xfffffffd, 0x5a9a, 0xd020, 0xfffff000, 0x1, 0x9, 0x8c, 0x7ff, 0x6, 0xfffffffb, 0x986, 0x9, 0x13c8f99b, 0x2, 0x80000001, 0xfffffffd, 0x75, 0x26, 0x0, 0x3, 0x0, 0x1000, 0x557, 0xff, 0x6, 0x2, 0x609f, 0x1, 0xd0, 0x3, 0xf1a, 0xfff, 0x2, 0x69, 0x0, 0xffff, 0x7, 0x1800, 0xc, 0x8, 0x4, 0x12e, 0x5, 0xa61, 0x1, 0x8001, 0x0, 0x4, 0x0, 0xd, 0x8, 0x16, 0x0, 0x4, 0x6d6a, 0x9, 0x1, 0x9, 0x1000, 0xba, 0x4, 0x0, 0x8, 0xffffe9b0, 0x20001, 0x4, 0x10000, 0x6, 0x3, 0x2, 0x4, 0x9, 0x101, 0x9, 0x3, 0x6, 0x1, 0xfffffe00]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_setup(0x2, &(0x7f0000002400)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x2}])
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x8000000, 0x238, 0xf8, 0x720d, 0x148, 0xf8, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)
sendto$inet(r6, 0x0, 0x0, 0x24000080, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7000000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000085000000030000007b9032108e1dc40300"/72], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r7, @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)

907.894516ms ago: executing program 3 (id=771):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x503, &(0x7f0000000fc0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPILUhcaModhzFTmlCD+mZKxKVOMGRP4BzT9y5IHrjUg5I/IhADRIHoxlPUje1m6hJ7Gz8+UijeW/e1N/vazrvxS+NXwBD62pE7EbEWETcjojp7HouO+KT9pHc93Tv/tL+3v2lXLRan/0zl7Yn16LjzySuZK9ZjIgffS/ip7kX4za2d9YWq9XKZlafbdY2ZhvbOzdWa4srlZXKerm8ML8w99HND8tn1td3amNZ6atP/rj7rZ8naU1lVzr7cZbaXS8cxkmMRsQPziPYAIxk/RkbdCK8knxEvBkR76bP/3SMpF9NAOAya7WmozXdWQcALrt8ugaWy5eytYCpyOdLpfYa3lsxma/WG83rd+pb68vttbKZKOTvrFYrc9la4UwUckl9Pi0/q5eP1G9GxBsR8cvxibReWqpXlwf5jQ8ADLErR+b//4y3538A4JIrDjoBAKDvzP8AMHzM/wAwfMz/ADB82vP/xKDTAAD6yPt/ABg+5n8AGCo//PTT5GjtZ59/vXx3e2utfvfGcqWxVqptLZWW6psbpZV6fSX9zJ7aca9Xrdc35j+IrXsz395oNGcb2zu3avWt9eat9HO9b1UK6V27fegZANDLG+88epxLZuSPJ9IjOvZyKAw0M+C85QedADAwI4NOABgYu33B8DrFe3zLA3BJdNmi9znFbr8g1Gq1WueXEnDOrn3J+j8Mq471f/8LGIaM9X8YXtb/YXi1WrmT7vkfJ70RALjYrPEDPX7+/2Z2/l32w4GfLB+94+F5ZgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX28H+v6VsL/CpyOdLpYjXImImCrk7q9XKXES8HhF/Hi+MJ/X5AecMAJxW/m+5bP+va9PvTz3X9PaVw+JYRPzs15/96t5is7n5p4ix3L/GD643H2bXy/3PHgA43sE8nZ473sg/3bu/dHD0M5+/fzciiu34+3tjsX8YfzRG03MxChEx+e9cVm/LdaxdnMbug4j4Yrf+52IqXQNp73x6NH4S+7W+xs8/Fz+ftrXPyd/FF84gFxg2j5Lx55Nuz18+rqbn7s9/MR2hTi8b/5KXWtpPx8Bn8Q/Gv5Ee49/Vk8b44A/fb5cmXmx7EPHl0YiD2Psd489B/FyP+O+fMP5fvvL2u73aWr+JuBbd43fGmm3WNmYb2zs3VmuLK5WVynq5vDC/MPfRzQ/Ls+ka9Wzv2eAfH19/vVdb0v/JHvGLx/T/6yfs/2//d/vHX3tJ/G++1y1+Pt56SfxkTvzGCeMvTv6+2Kstib/co//Hff2vnzD+k7/uvLBtOAAwOI3tnbXFarWy+TkqPE6+pxl8Ggr9LyT/ZC9AGl0L3+lXrLHo3vSL99rP9JGmVuuVYvUaMc5i1Q24CA4f+oj476CTAQAAAAAAAAAAAAAAuurHbywNuo8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcXv8PAAD//+a4zis=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000500)='cpu.stat\x00', 0x275a, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x174)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x48041, 0x0)
pwrite64(r1, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xe, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0xa2}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="020000050000000008000a00", @ANYBLOB="08001b"], 0x30}}, 0x0)
preadv2(r2, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000200)=0x80, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000093a68f29080000005d0fda710000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r6 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
mincore(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, 0x0, 0x0)

759.268458ms ago: executing program 0 (id=773):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="c872e100e8ffffff850000000700000002c70000004002002d37f0fffcffffff"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0x3, 0x5, 0x1}, 0x10, 0x0, 0x0, 0xa, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff], &(0x7f0000000580)=[{0x3, 0x2, 0xa}, {0x3, 0x3, 0x8, 0xb}, {0x0, 0x2, 0x6, 0x6}, {0x4, 0x5, 0x9, 0x5}, {0x5, 0x1, 0x10, 0x1}, {0x2, 0x4, 0xd, 0xc}, {0x4, 0x1, 0xb, 0x4}, {0x1, 0x2, 0x10, 0xb}, {0x1, 0x5, 0xd, 0xc}, {0x3, 0x2, 0x0, 0xb}], 0x10, 0x3, @void, @value}, 0x94)
ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000208e052500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmmsg(r2, &(0x7f0000001140), 0x700, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0x3}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000f80)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x801, 0x3, 0x0, 0x0, 0xfffffffa, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}, 0x80000001, 0x4000000}}], [@TCA_POLICE_RATE={0x404, 0x2, [0xa3, 0x5, 0x4, 0x8, 0x2, 0x7, 0x1, 0x0, 0x8, 0xfffffffc, 0x4, 0x2, 0x55, 0x1, 0x4, 0x9, 0x8f729a78, 0x8, 0x5, 0x10001, 0x3, 0x40, 0x7, 0x3, 0x8, 0x8, 0x6, 0x9, 0x3, 0x251, 0xb, 0x3, 0x3, 0x0, 0x5, 0x7ff, 0x8, 0x6a4, 0x9, 0x8001, 0x84e, 0x0, 0x1, 0x1, 0xffffff7f, 0x4, 0x2, 0x9, 0x2, 0x7fff, 0x6, 0x80000001, 0xf9, 0x4, 0x8, 0x9, 0x1, 0x294, 0x401, 0x26, 0x3e2, 0x5d0, 0x0, 0x14c9, 0xff, 0x1ff, 0x7, 0xffff, 0x4e6, 0x0, 0x800, 0x3, 0x8, 0x2, 0x800, 0x2596, 0x8, 0x2, 0x7f, 0x1, 0xfffffffe, 0x400, 0x7f, 0x7ff, 0x10000, 0x7, 0x9, 0x9, 0xd, 0x3, 0x0, 0x2, 0xdc2d, 0x1, 0x3, 0x3, 0x1ff, 0x5628, 0x678, 0x0, 0x5, 0x0, 0x5, 0x6, 0xc0, 0x20d, 0x26, 0x7fff, 0x0, 0x5, 0x895, 0x3, 0x3, 0xc22, 0x5, 0x62, 0x9, 0x477, 0x4, 0xe, 0x1c1df941, 0x40, 0x141, 0xc, 0x9, 0x6, 0x7, 0x7, 0x8c7, 0x1, 0x5, 0x8, 0x8, 0x41d, 0x8, 0x7, 0x5, 0x7fffffff, 0x0, 0x2, 0x30, 0x80000001, 0x3, 0x1e4a, 0xa4, 0x30, 0x1395, 0x3, 0x7fff, 0x3d, 0x0, 0x11, 0x7fff, 0x7, 0xfffffffb, 0x7, 0xa, 0x401, 0xb1a1, 0x8, 0x8, 0x3, 0xd08f57a5, 0xfffffffc, 0x1, 0x719b1140, 0x8, 0x2, 0x7a56, 0xfffffa8b, 0x4, 0x8, 0x200, 0x680, 0x10, 0x5, 0x82a4, 0x3, 0x3, 0x6, 0xa, 0x10000, 0x9, 0x3508, 0x81, 0x0, 0x81, 0x4, 0x1, 0x5a5, 0x1000, 0x8, 0x0, 0x5, 0x8, 0xff, 0x6, 0x9bb, 0x7fff, 0x8, 0x3, 0x0, 0x9, 0x5, 0x5, 0x800, 0x1, 0x9, 0x2, 0xe99, 0x3, 0x2, 0x71, 0x8001, 0xbf5, 0x3, 0x1, 0x24, 0x2, 0xcf2, 0x3, 0x81, 0x0, 0x6, 0x2f4, 0x8, 0x9, 0x400, 0x7f, 0x4, 0x4, 0x1000, 0x1, 0x6, 0x9, 0x0, 0x346, 0xcaf, 0xfe, 0x10000, 0x1, 0x3ff, 0xfffffff8, 0x5, 0x8, 0x638f, 0x8, 0x7, 0x6, 0x9, 0x3, 0x8, 0x5, 0x0, 0x0, 0xff]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x2, 0x7d3, 0x2, 0x7, 0xf, 0x7f, 0xfffffff8, 0x400000, 0x7fffffff, 0x0, 0x80000001, 0x80, 0x4000005, 0x6, 0x6, 0x4, 0x6, 0x4, 0x8, 0x9, 0xb979, 0x517, 0x4bd, 0xe, 0x1, 0x9, 0x2, 0x7, 0x3ff, 0xfffffff8, 0x2, 0x9, 0x2, 0x1000, 0x812, 0x8, 0xff, 0x8, 0x3, 0x9, 0x5, 0x7, 0x4, 0x8, 0x70, 0x80000000, 0xe, 0xc5f, 0x40, 0x6, 0x8, 0x5f44, 0x70, 0x4, 0x3, 0x98, 0x0, 0x8, 0xfff, 0xd, 0xbb7, 0x41, 0x6, 0x5, 0x2, 0xfffff3e3, 0x7f, 0x4, 0x400, 0x101, 0x6, 0x0, 0x9, 0x400, 0x1, 0x37, 0x8, 0x3, 0xbcb4, 0x0, 0x49, 0x3, 0xffffffff, 0x6, 0x6, 0x101, 0x4, 0x8, 0x2, 0xce, 0x7, 0x400, 0x49, 0x0, 0x2, 0xb, 0x3, 0x8, 0x2, 0x7f, 0x800, 0x5, 0x3, 0x2, 0x9, 0x0, 0x0, 0x5, 0x6, 0x5, 0x40000000, 0x7, 0x2, 0x5, 0xc1, 0x8000, 0xb, 0x329, 0xc, 0x1, 0x1, 0x9, 0x2000, 0x101, 0xc72e, 0x0, 0x3, 0x2, 0x7, 0x6, 0x80000000, 0x8, 0x72, 0x2000095a, 0x1, 0xfffffff8, 0x3, 0x1, 0x3, 0x80000001, 0x10001, 0x9, 0xe000000, 0x1, 0x40, 0x6, 0x8, 0x200000, 0x100, 0xa, 0x1, 0xfffffffe, 0x1ff, 0x8, 0x7ff, 0x8, 0x1, 0x6, 0x3, 0x1, 0x443, 0x6, 0x5, 0x1, 0xffffff80, 0x6, 0x7fffffff, 0x0, 0x8, 0xffffff24, 0x0, 0x1, 0x4, 0x8001, 0x6, 0xd0e, 0x15, 0x5, 0xfffffffd, 0x5a9a, 0xd020, 0xfffff000, 0x1, 0x9, 0x8c, 0x7ff, 0x6, 0xfffffffb, 0x986, 0x9, 0x13c8f99b, 0x2, 0x80000001, 0xfffffffd, 0x75, 0x26, 0x0, 0x3, 0x0, 0x1000, 0x557, 0xff, 0x6, 0x2, 0x609f, 0x1, 0xd0, 0x3, 0xf1a, 0xfff, 0x2, 0x69, 0x0, 0xffff, 0x7, 0x1800, 0xc, 0x8, 0x4, 0x12e, 0x5, 0xa61, 0x1, 0x8001, 0x0, 0x4, 0x0, 0xd, 0x8, 0x16, 0x0, 0x4, 0x6d6a, 0x9, 0x1, 0x9, 0x1000, 0xba, 0x4, 0x0, 0x8, 0xffffe9b0, 0x20001, 0x4, 0x10000, 0x6, 0x3, 0x2, 0x4, 0x9, 0x101, 0x9, 0x3, 0x6, 0x1, 0xfffffe00]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_setup(0x2, &(0x7f0000002400)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x2}])
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x8000000, 0x238, 0xf8, 0x720d, 0x148, 0xf8, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)
sendto$inet(r7, 0x0, 0x0, 0x24000080, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7000000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000085000000030000007b9032108e1dc40300"/72], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r8, @ANYRES64=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)

629.34535ms ago: executing program 0 (id=775):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)

614.8671ms ago: executing program 0 (id=788):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = timerfd_create(0x0, 0x800)
timerfd_settime(r0, 0x3, &(0x7f0000000080), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000600)=ANY=[@ANYBLOB="851000110200000085000000b5ada100000095003300000005000000000000000000000000000000009ca53c37cd00000000d12825cda29176908ff8a69f677b50503830aef6e75b0085b51bef2d9b4a6bddec7ed14b650fcc2aac8f0619ab956aca220ba28c716f64ed91867585b041d535348b6355d70e35e4ef52dca45bb2549e68acf9aedefed9fd300cd72273241658c633a9e73aa3f3e6184eb76fdc000000000000000000000000000000c0be96a074dc7f071e067006a0ef0be38e5e40308b7288956411136fd2811df321e654c1f88449a7d80605c832aa21a38482c7384e64153e730cb97e1f3524389225c16fd4308450b1d390a3796bcc9dfcb95a6b2e07f4910618d14a07ced0411775210ea969e172fc91ae1cbdf5c2e337f1f0cbf1b710c20301a0a3a94cea0ef21a7e1a989e67ea19ec7fa836f6fcf2370429844134567046a03e210071077169a53028d26c13fa7ad8a92df5807dabc3af32586792c2761e4aafa6ae2795e272499aa9658140f88e7a4d10a78bc93b4bc5f9d7602707a8bc152c7ea6aacd8fe7771c7500e5c2bcd56d955275b076dfd97953c093fac1564dcf39fd269043843ef13bfe"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
sigaltstack(&(0x7f0000000000)={&(0x7f0000004c80)=""/4093, 0x80000001, 0xffd}, 0x0)
sigaltstack(0x0, &(0x7f0000003c40)={0x0})
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f00000000c0)={0x80, 0x6, 0x2fe, 0xe5, 0xe0, 0x0, 0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000004000000450000008814"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
r4 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r7)
io_setup(0xfcc, &(0x7f0000000240))
syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)

485.143733ms ago: executing program 3 (id=781):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0xc0f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2, 0x0, 0x3}, 0x3e)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x14, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c000", 0x0, 0x86, 0x0, 0x31, 0x0, &(0x7f00000001c0)="daf9e846ab1500fc71b5965233357c0f20000000000066d1a36bbfd0aaa2dbe567d168904cf0d5bce1771889c98ffc0abf", 0x0}, 0x50)

383.023994ms ago: executing program 3 (id=785):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="c872e100e8ffffff850000000700000002c70000004002002d37f0fffcffffff"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0x3, 0x5, 0x1}, 0x10, 0x0, 0x0, 0xa, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff], &(0x7f0000000580)=[{0x3, 0x2, 0xa}, {0x3, 0x3, 0x8, 0xb}, {0x0, 0x2, 0x6, 0x6}, {0x4, 0x5, 0x9, 0x5}, {0x5, 0x1, 0x10, 0x1}, {0x2, 0x4, 0xd, 0xc}, {0x4, 0x1, 0xb, 0x4}, {0x1, 0x2, 0x10, 0xb}, {0x1, 0x5, 0xd, 0xc}, {0x3, 0x2, 0x0, 0xb}], 0x10, 0x3, @void, @value}, 0x94)
ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000208e052500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmmsg(r2, &(0x7f0000001140), 0x700, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0x3}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000f80)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x801, 0x3, 0x0, 0x0, 0xfffffffa, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}, 0x80000001, 0x4000000}}], [@TCA_POLICE_RATE={0x404, 0x2, [0xa3, 0x5, 0x4, 0x8, 0x2, 0x7, 0x1, 0x0, 0x8, 0xfffffffc, 0x4, 0x2, 0x55, 0x1, 0x4, 0x9, 0x8f729a78, 0x8, 0x5, 0x10001, 0x3, 0x40, 0x7, 0x3, 0x8, 0x8, 0x6, 0x9, 0x3, 0x251, 0xb, 0x3, 0x3, 0x0, 0x5, 0x7ff, 0x8, 0x6a4, 0x9, 0x8001, 0x84e, 0x0, 0x1, 0x1, 0xffffff7f, 0x4, 0x2, 0x9, 0x2, 0x7fff, 0x6, 0x80000001, 0xf9, 0x4, 0x8, 0x9, 0x1, 0x294, 0x401, 0x26, 0x3e2, 0x5d0, 0x0, 0x14c9, 0xff, 0x1ff, 0x7, 0xffff, 0x4e6, 0x0, 0x800, 0x3, 0x8, 0x2, 0x800, 0x2596, 0x8, 0x2, 0x7f, 0x1, 0xfffffffe, 0x400, 0x7f, 0x7ff, 0x10000, 0x7, 0x9, 0x9, 0xd, 0x3, 0x0, 0x2, 0xdc2d, 0x1, 0x3, 0x3, 0x1ff, 0x5628, 0x678, 0x0, 0x5, 0x0, 0x5, 0x6, 0xc0, 0x20d, 0x26, 0x7fff, 0x0, 0x5, 0x895, 0x3, 0x3, 0xc22, 0x5, 0x62, 0x9, 0x477, 0x4, 0xe, 0x1c1df941, 0x40, 0x141, 0xc, 0x9, 0x6, 0x7, 0x7, 0x8c7, 0x1, 0x5, 0x8, 0x8, 0x41d, 0x8, 0x7, 0x5, 0x7fffffff, 0x0, 0x2, 0x30, 0x80000001, 0x3, 0x1e4a, 0xa4, 0x30, 0x1395, 0x3, 0x7fff, 0x3d, 0x0, 0x11, 0x7fff, 0x7, 0xfffffffb, 0x7, 0xa, 0x401, 0xb1a1, 0x8, 0x8, 0x3, 0xd08f57a5, 0xfffffffc, 0x1, 0x719b1140, 0x8, 0x2, 0x7a56, 0xfffffa8b, 0x4, 0x8, 0x200, 0x680, 0x10, 0x5, 0x82a4, 0x3, 0x3, 0x6, 0xa, 0x10000, 0x9, 0x3508, 0x81, 0x0, 0x81, 0x4, 0x1, 0x5a5, 0x1000, 0x8, 0x0, 0x5, 0x8, 0xff, 0x6, 0x9bb, 0x7fff, 0x8, 0x3, 0x0, 0x9, 0x5, 0x5, 0x800, 0x1, 0x9, 0x2, 0xe99, 0x3, 0x2, 0x71, 0x8001, 0xbf5, 0x3, 0x1, 0x24, 0x2, 0xcf2, 0x3, 0x81, 0x0, 0x6, 0x2f4, 0x8, 0x9, 0x400, 0x7f, 0x4, 0x4, 0x1000, 0x1, 0x6, 0x9, 0x0, 0x346, 0xcaf, 0xfe, 0x10000, 0x1, 0x3ff, 0xfffffff8, 0x5, 0x8, 0x638f, 0x8, 0x7, 0x6, 0x9, 0x3, 0x8, 0x5, 0x0, 0x0, 0xff]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x2, 0x7d3, 0x2, 0x7, 0xf, 0x7f, 0xfffffff8, 0x400000, 0x7fffffff, 0x0, 0x80000001, 0x80, 0x4000005, 0x6, 0x6, 0x4, 0x6, 0x4, 0x8, 0x9, 0xb979, 0x517, 0x4bd, 0xe, 0x1, 0x9, 0x2, 0x7, 0x3ff, 0xfffffff8, 0x2, 0x9, 0x2, 0x1000, 0x812, 0x8, 0xff, 0x8, 0x3, 0x9, 0x5, 0x7, 0x4, 0x8, 0x70, 0x80000000, 0xe, 0xc5f, 0x40, 0x6, 0x8, 0x5f44, 0x70, 0x4, 0x3, 0x98, 0x0, 0x8, 0xfff, 0xd, 0xbb7, 0x41, 0x6, 0x5, 0x2, 0xfffff3e3, 0x7f, 0x4, 0x400, 0x101, 0x6, 0x0, 0x9, 0x400, 0x1, 0x37, 0x8, 0x3, 0xbcb4, 0x0, 0x49, 0x3, 0xffffffff, 0x6, 0x6, 0x101, 0x4, 0x8, 0x2, 0xce, 0x7, 0x400, 0x49, 0x0, 0x2, 0xb, 0x3, 0x8, 0x2, 0x7f, 0x800, 0x5, 0x3, 0x2, 0x9, 0x0, 0x0, 0x5, 0x6, 0x5, 0x40000000, 0x7, 0x2, 0x5, 0xc1, 0x8000, 0xb, 0x329, 0xc, 0x1, 0x1, 0x9, 0x2000, 0x101, 0xc72e, 0x0, 0x3, 0x2, 0x7, 0x6, 0x80000000, 0x8, 0x72, 0x2000095a, 0x1, 0xfffffff8, 0x3, 0x1, 0x3, 0x80000001, 0x10001, 0x9, 0xe000000, 0x1, 0x40, 0x6, 0x8, 0x200000, 0x100, 0xa, 0x1, 0xfffffffe, 0x1ff, 0x8, 0x7ff, 0x8, 0x1, 0x6, 0x3, 0x1, 0x443, 0x6, 0x5, 0x1, 0xffffff80, 0x6, 0x7fffffff, 0x0, 0x8, 0xffffff24, 0x0, 0x1, 0x4, 0x8001, 0x6, 0xd0e, 0x15, 0x5, 0xfffffffd, 0x5a9a, 0xd020, 0xfffff000, 0x1, 0x9, 0x8c, 0x7ff, 0x6, 0xfffffffb, 0x986, 0x9, 0x13c8f99b, 0x2, 0x80000001, 0xfffffffd, 0x75, 0x26, 0x0, 0x3, 0x0, 0x1000, 0x557, 0xff, 0x6, 0x2, 0x609f, 0x1, 0xd0, 0x3, 0xf1a, 0xfff, 0x2, 0x69, 0x0, 0xffff, 0x7, 0x1800, 0xc, 0x8, 0x4, 0x12e, 0x5, 0xa61, 0x1, 0x8001, 0x0, 0x4, 0x0, 0xd, 0x8, 0x16, 0x0, 0x4, 0x6d6a, 0x9, 0x1, 0x9, 0x1000, 0xba, 0x4, 0x0, 0x8, 0xffffe9b0, 0x20001, 0x4, 0x10000, 0x6, 0x3, 0x2, 0x4, 0x9, 0x101, 0x9, 0x3, 0x6, 0x1, 0xfffffe00]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_setup(0x2, &(0x7f0000002400)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x2}])
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x8000000, 0x238, 0xf8, 0x720d, 0x148, 0xf8, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)
sendto$inet(r7, 0x0, 0x0, 0x24000080, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7000000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000085000000030000007b9032108e1dc40300"/72], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000", @ANYRES32=r8, @ANYRES64=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)

378.359594ms ago: executing program 0 (id=786):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x503, &(0x7f0000000fc0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSG0EmKPILUhcaModhzFTmlCD+mZKxKVOMGRP4BzT9y5IHrjUg5I/IhADRIHoxlPUje1m6hJ7Gz8+UijeW/e1N/vazrvxS+NXwBD62pE7EbEWETcjojp7HouO+KT9pHc93Tv/tL+3v2lXLRan/0zl7Yn16LjzySuZK9ZjIgffS/ip7kX4za2d9YWq9XKZlafbdY2ZhvbOzdWa4srlZXKerm8ML8w99HND8tn1td3amNZ6atP/rj7rZ8naU1lVzr7cZbaXS8cxkmMRsQPziPYAIxk/RkbdCK8knxEvBkR76bP/3SMpF9NAOAya7WmozXdWQcALrt8ugaWy5eytYCpyOdLpfYa3lsxma/WG83rd+pb68vttbKZKOTvrFYrc9la4UwUckl9Pi0/q5eP1G9GxBsR8cvxibReWqpXlwf5jQ8ADLErR+b//4y3538A4JIrDjoBAKDvzP8AMHzM/wAwfMz/ADB82vP/xKDTAAD6yPt/ABg+5n8AGCo//PTT5GjtZ59/vXx3e2utfvfGcqWxVqptLZWW6psbpZV6fSX9zJ7aca9Xrdc35j+IrXsz395oNGcb2zu3avWt9eat9HO9b1UK6V27fegZANDLG+88epxLZuSPJ9IjOvZyKAw0M+C85QedADAwI4NOABgYu33B8DrFe3zLA3BJdNmi9znFbr8g1Gq1WueXEnDOrn3J+j8Mq471f/8LGIaM9X8YXtb/YXi1WrmT7vkfJ70RALjYrPEDPX7+/2Z2/l32w4GfLB+94+F5ZgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX28H+v6VsL/CpyOdLpYjXImImCrk7q9XKXES8HhF/Hi+MJ/X5AecMAJxW/m+5bP+va9PvTz3X9PaVw+JYRPzs15/96t5is7n5p4ix3L/GD643H2bXy/3PHgA43sE8nZ473sg/3bu/dHD0M5+/fzciiu34+3tjsX8YfzRG03MxChEx+e9cVm/LdaxdnMbug4j4Yrf+52IqXQNp73x6NH4S+7W+xs8/Fz+ftrXPyd/FF84gFxg2j5Lx55Nuz18+rqbn7s9/MR2hTi8b/5KXWtpPx8Bn8Q/Gv5Ee49/Vk8b44A/fb5cmXmx7EPHl0YiD2Psd489B/FyP+O+fMP5fvvL2u73aWr+JuBbd43fGmm3WNmYb2zs3VmuLK5WVynq5vDC/MPfRzQ/Ls+ka9Wzv2eAfH19/vVdb0v/JHvGLx/T/6yfs/2//d/vHX3tJ/G++1y1+Pt56SfxkTvzGCeMvTv6+2Kstib/co//Hff2vnzD+k7/uvLBtOAAwOI3tnbXFarWy+TkqPE6+pxl8Ggr9LyT/ZC9AGl0L3+lXrLHo3vSL99rP9JGmVuuVYvUaMc5i1Q24CA4f+oj476CTAQAAAAAAAAAAAAAAuurHbywNuo8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcXv8PAAD//+a4zis=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000500)='cpu.stat\x00', 0x275a, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x174)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x48041, 0x0)
pwrite64(r1, &(0x7f0000000140)="f6", 0xffffff07, 0x8000c61)
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
preadv2(r2, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000200)=0x80, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000093a68f29080000005d0fda710000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r5 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r6}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
mincore(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, 0x0, 0x0)

325.169415ms ago: executing program 1 (id=787):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x2400c080)

324.348685ms ago: executing program 2 (id=789):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)

275.017016ms ago: executing program 2 (id=790):
syz_mount_image$vfat(&(0x7f0000000780), &(0x7f0000000000)='./file0\x00', 0x90, &(0x7f0000000140)=ANY=[], 0x6, 0x2d7, &(0x7f0000000340)="$eJzs3T9rJGUYAPBnNrN/1GJTWInggBZWx+Vamw1yB2Iqjy1OCw3eHUh2Fe4g4h+cu0rsbCz9BILgB7GxsxRsBTsjBEZmdia7m4ybjWQjmt+vSN688zzzPvPOJJkmT957cXpwP4uHTz//JQaDJDqjfsRREtvRicaTWDL6OgCA/7Kjoojfi5mWwz9/tSJ3sMG6AIDNOef3fy2tPt4rI364utoAgM24e+/tN3f39m6/lWWDuDP98nCcRET5eXZ892F8EJN4EDdjGMcR1YtCN6q3hXJ4pyiKPM1K2/HKND8cl5nTd3+sz7/7W0SVvxPD2K6mTt42qvw39m7vZDML+XlZx7P1+qMy/1YM4/mT5KX8Wy35Me7Fqy8v1H8jhvHT+/FRTOJ+VcQ8/4udLHu9+OaPz94pyyvzk/xw3K/i5oqtZvH8iu8RAAAAAAAAAAAAAAAAAAAAAAD/Pzfq3jn9qPr3lFN1/52t4/KLbmSNeX+fDzt50x8oaU407w8UnaIo8iK+bfrr3MyyrKgD5/190nghrRsLAgAAAAAAAAAAAAAAAAAAwDX3+JNPD/YnkwePLmXQdANII+LPuxH/9DyjhZmXYnVwv15zfzLp1MPlmHRxJraamCRiZRnlRVzStpw3eOZMzfXgu+/PBidPZjcujbYTDs5ftNu+1gUHH3dn+9ga0zxdB/tJ+x72T4oflDcuTt+4XrSv3o1TM72/q7B5FNe7nF7roeGFt6X3XDXIV8REsur74rVfZ2UvXMVSTK/a1db0bj1YSD/1bKz1PMdgln72Z0WiWwcAAAAAAAAAAAAAAAAAAGzU/K9/Ww4+XZnaKfobKwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArtT8//+vM0iXk9fI6sWjx//WtQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9/BUAAP//gxtVEw==")
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
write$P9_RAUTH(r0, &(0x7f0000000080)={0x14, 0x67, 0x2, {0x4, 0x1, 0x3}}, 0x14)
truncate(&(0x7f0000000140)='./file0\x00', 0x8000)
write$binfmt_aout(r0, &(0x7f00000007c0)={{0x108, 0x4c, 0x5, 0x2f9, 0x6b, 0xfffffffe, 0xff, 0x2}, "3019c7b6a332a64649da37e60366e8889ae4285e8d6e9f5ff23621161a78bd54ea41267c303714ed994c2d80203fc39ad8f00d32e493a277248222c4fe1a4a08533d8b1e355c2de7dcb25d560b34cf99c5576ef2afe681ffab6cc60d0e5cb8189bdb233f2de268408d12f7f0aaa08cc6f49aba23", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x694)

273.829025ms ago: executing program 1 (id=791):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYRES32], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='mm_page_free\x00', r2, 0x0, 0x8}, 0x18)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)

273.118476ms ago: executing program 3 (id=792):
r0 = socket$kcm(0x2, 0x1, 0x0)
shutdown(r0, 0x1)
unshare(0x68040200)
r1 = openat(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x24, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r3=>r2, {0x1}}, './bus\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000900)={'ip6gre0\x00', &(0x7f0000000880)={'syztnl1\x00', 0x0, 0x2f, 0x81, 0x3, 0x3, 0x62, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x40, 0x4, 0x7fff}})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x20, &(0x7f0000000100)={0x0, 0x0, <r5=>0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x38)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
r8 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000540), 0x8a80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x12, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x9, 0x0, 0x0, 0x1e00, 0x50, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000000340)={0x3, 0xc, 0x10001, 0xffff}, 0x10, r5, r1, 0x2, &(0x7f0000000580)=[0xffffffffffffffff, 0xffffffffffffffff, r6, 0xffffffffffffffff, r7, r8], &(0x7f00000005c0)=[{0x4, 0x4, 0x6, 0x3}, {0x1, 0x2, 0x0, 0xb}], 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000008140)={&(0x7f0000008000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x3, [@var={0x1, 0x0, 0x0, 0xe, 0x2}, @union]}, {0x0, [0x71]}}, 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/ipv6_route\x00')
close_range(r9, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_DEAUTHENTICATE(r8, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000d80)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042abd7000fcdbdf252700000008000300", @ANYRES32=r10, @ANYBLOB="0a000600080211000001000044fce6752bd376a2fcf7a6dd9ce040a16932494bed3b9faaebcbcdda06fea3d42787518f8cc123091eff26314ae2c5d2bd079dfb1afcc60edb7825ac4f01f5a0b6fd0be1640ae0eb5b678e1352cd0df65ac44db85c79be2986b39b6a31a18fae32767c97d2612ce072823be5cb793dd6c242a0e2266d5ffd823b1c608050c806d2416321d2a4976515564bd081d760678458997d8eeef1eff4595eed9b42056eae72fcd2f904e9982a1d78122fbc161f6d233e70a0e1cc6e481e395925714d8a522a5dd04fc9e00465287a4f771ef0b0e5101a1a7692e692ab882bfc8be8e47897dc0f93c1a4333894ed9da7a1c31991e19f2ac103a702"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x4000803)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_tracing={0x1a, 0x1b, &(0x7f00000009c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3ff}, {}, {}, [@ldst={0x2, 0x3, 0x6, 0x0, 0x1, 0x8, 0x1a}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1}, @alu={0x0, 0x0, 0x8, 0x8, 0xb, 0x40}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0xdf28}, @initr0={0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x2}, @map_idx={0x18, 0xa, 0x5, 0x0, 0xfffffffa}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000ac0)='GPL\x00', 0x8, 0xbc, &(0x7f0000000b00)=""/188, 0x40f00, 0x28, '\x00', 0x0, 0x19, r1, 0x8, &(0x7f0000000bc0)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000c00)={0x0, 0x2, 0x4, 0x63575a7e}, 0x10, 0x2c7b0, 0xffffffffffffffff, 0x0, &(0x7f0000000d00)=[0xffffffffffffffff, r3], 0x0, 0x10, 0xdc, @void, @value}, 0x94)

256.817896ms ago: executing program 2 (id=793):
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0)
rt_sigsuspend(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
fsetxattr$security_selinux(r0, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

224.365497ms ago: executing program 4 (id=794):
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x161080, 0x18)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x800003, &(0x7f0000000140)=ANY=[], 0x1, 0x32e, &(0x7f00000001c0)="$eJzs3UtoY1UYwPEvr05SbRNEBQfUT2ejImGStTCGYSpiYAadyuiAcMfeaMg1KbkhmiJNhIHZuHDja62CyEBBXAjCOC50Iy3DrNy4m10X1oUoWj1yk3vz6CRN+l70/1s0h3O+75ybc07T9qTkrj/zwVv/GGMKVkREQhJ+VlqhzZCkJCyBljz59sqth1965dUXcvn8uRdV53IXM1lVnX30xuV3rz9+s3bPy9/MfndCVlOvrW9k76w+uPrQ+n8X3yy6WnS1XKmppVcqlZp1xbF14SO3lFa94NiWa2ux7NrVgfaCU1lcbKhVXrh3erFqu65a5YaW7IbWKlqrNtR6wyqWNZ1O68y0YBtxkev1T3OjA+a/+ssY2aj9bMyJlhhj/CwcF+o/9tb//dHBZ2cO67JwSPpe1OMizrX6fH3e+znQ1hLJFaQojthyWpKyKd4eMZ+tmPZW8b6+k13J337qxx9UNSXLTrOT7z1G2l108zOSlFSsXRcK9fLnns+fy2jHYH5Mpvvzs5KU+zs5Hb387ND8KXniVF9+WpJy+3WpiCNrNx778875ax8H+csZ1bPn8+38sAT5CVkIJikuX/5+ROsDAAAAAAAAAMBupLVr6Pl92gu4uqSqMylZDt4T9to7Jf98PdT//sDW8/nTQ8/no3IyenTPGwAAAACA48RtXPVLjaWS5Th21d1VwftT3nKc738ZFtP6ScSxqw/MtmO6TcaY5p4G3a9CXJZKU3JAQ3z+3riYhAQ1j8xtaTKRgeBTZyJr/nK1ev3EJlvBhB8WDCqy/YWdNMbseRJiYlfdvy91ay5Ed7nZJD5pVnTM8wo69E+ftouJi0ik+50ypsOE7HB+ftuXPeb/r66Mjnnu8q9fj+1n6q75GeXmfr8GAQAAADgcvV/6z0iz8G29eenpDydMNckDvjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI6LHXzSWFhEvMLaJ8Ni1Cvc90VQc6uvaXDEf/37A2wEtwmYzB982gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgY/wcAAP//Nhy4gg==")
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000181100be1a40346af91a052330f690246851ea8c88cd2d06dc67a76dfd6a9cc58d516f94ad94d2438988da6b30e7e1cc7da40c59c5b131c0ddc05761bc7682f0d21d487f3d3603bfc73e68415cf330e30454cc1273b3568a8623ccb5dd1614b155f09f93b62fba5071a9c082fa6cdf8a3f4b341649160641eb5c5f7349d0e4b73e92f4372c8bfe0f8bde35c6985b3dbddbd05ec600122c1b037434d888947030bcdc05038392690e1fbdef82f4646449828c12637babaf72694ab144293a24c4a6615eced119d35a0f6dfaa79adc1e64918d6e9f4d", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x2, @perf_config_ext={0xf60, 0xffffffff}, 0x1100, 0x5dd8, 0x3a65, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r2 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r2, 0x0, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x401000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sched_switch\x00'}, 0x18)
r4 = socket$inet6(0xa, 0x806, 0x0)
shutdown(r4, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r5 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r5, 0x2284, &(0x7f0000000080))

223.741497ms ago: executing program 2 (id=795):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0, 0x0, 0x17ffffffffffefff}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0xac}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000100000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000aa0c000280050001000000000008000740000000001800068014000400ff010000000000000000000000000001"], 0xac}}, 0x0)

210.235707ms ago: executing program 1 (id=796):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='mm_page_free\x00', r1, 0x0, 0x8}, 0x18)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00')
sendfile(r2, r2, 0x0, 0x2000007ff)

179.307587ms ago: executing program 4 (id=797):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0xc0f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2, 0x0, 0x3}, 0x3e)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x14, 0x0, &(0x7f0000000080)="f6f4e9a10000502468da5eb1c6b2feff8833c000", 0x0, 0x86, 0x0, 0x31, 0x0, &(0x7f00000001c0)="daf9e846ab1500fc71b5965233357c0f20000000000066d1a36bbfd0aaa2dbe567d168904cf0d5bce1771889c98ffc0abf", 0x0}, 0x50)

153.752258ms ago: executing program 2 (id=798):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r0, 0x1, &(0x7f0000000600)=0xfff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'wg2\x00'})
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYRESDEC=r1], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900017b8af8ff00000f63fb40cd4b43063f053e1dd68ee22e0000bfa20000000000f60007020000f8ffffffb703000008000000b704000000d7117c9dfd8151ca000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
openat$nci(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="020a02090800000029bd7000ffdbdf25020013000900000026bd7000d501068e000000002002001000000004d304d4e8ffffff"], 0x40}}, 0x26000810)
r9 = syz_open_dev$usbfs(0x0, 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r9, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r9, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000180)=ANY=[@ANYBLOB="30000000e40fc7020da201078412677cbc67e2edae2f185137a53c9994b17714dc3cfbe99ccb7dd8701ba5248021ec2683ab936f6fc2f7c98c41a00e", @ANYRES16=0x0, @ANYBLOB="01002dbd7000fbdbdf2501000000000000000c4100000014001462726f6164636173742d6c696e6b0000"], 0x30}, 0x1, 0x0, 0x0, 0x51}, 0x40000)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x0, &(0x7f0000a00000/0x600000)=nil)

153.228718ms ago: executing program 1 (id=799):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='kfree\x00'}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
shmget(0x1, 0x1000, 0x40, &(0x7f0000ffc000/0x1000)=nil)

112.911568ms ago: executing program 1 (id=800):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="c872e100e8ffffff850000000700000002c70000004002002d37f0fffcffffff"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0x3, 0x5, 0x1}, 0x10, 0x0, 0x0, 0xa, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff], &(0x7f0000000580)=[{0x3, 0x2, 0xa}, {0x3, 0x3, 0x8, 0xb}, {0x0, 0x2, 0x6, 0x6}, {0x4, 0x5, 0x9, 0x5}, {0x5, 0x1, 0x10, 0x1}, {0x2, 0x4, 0xd, 0xc}, {0x4, 0x1, 0xb, 0x4}, {0x1, 0x2, 0x10, 0xb}, {0x1, 0x5, 0xd, 0xc}, {0x3, 0x2, 0x0, 0xb}], 0x10, 0x3, @void, @value}, 0x94)
ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000208e052500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmmsg(r2, &(0x7f0000001140), 0x700, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000f80)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x801, 0x3, 0x0, 0x0, 0xfffffffa, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}, 0x80000001, 0x4000000}}], [@TCA_POLICE_RATE={0x404, 0x2, [0xa3, 0x5, 0x4, 0x8, 0x2, 0x7, 0x1, 0x0, 0x8, 0xfffffffc, 0x4, 0x2, 0x55, 0x1, 0x4, 0x9, 0x8f729a78, 0x8, 0x5, 0x10001, 0x3, 0x40, 0x7, 0x3, 0x8, 0x8, 0x6, 0x9, 0x3, 0x251, 0xb, 0x3, 0x3, 0x0, 0x5, 0x7ff, 0x8, 0x6a4, 0x9, 0x8001, 0x84e, 0x0, 0x1, 0x1, 0xffffff7f, 0x4, 0x2, 0x9, 0x2, 0x7fff, 0x6, 0x80000001, 0xf9, 0x4, 0x8, 0x9, 0x1, 0x294, 0x401, 0x26, 0x3e2, 0x5d0, 0x0, 0x14c9, 0xff, 0x1ff, 0x7, 0xffff, 0x4e6, 0x0, 0x800, 0x3, 0x8, 0x2, 0x800, 0x2596, 0x8, 0x2, 0x7f, 0x1, 0xfffffffe, 0x400, 0x7f, 0x7ff, 0x10000, 0x7, 0x9, 0x9, 0xd, 0x3, 0x0, 0x2, 0xdc2d, 0x1, 0x3, 0x3, 0x1ff, 0x5628, 0x678, 0x0, 0x5, 0x0, 0x5, 0x6, 0xc0, 0x20d, 0x26, 0x7fff, 0x0, 0x5, 0x895, 0x3, 0x3, 0xc22, 0x5, 0x62, 0x9, 0x477, 0x4, 0xe, 0x1c1df941, 0x40, 0x141, 0xc, 0x9, 0x6, 0x7, 0x7, 0x8c7, 0x1, 0x5, 0x8, 0x8, 0x41d, 0x8, 0x7, 0x5, 0x7fffffff, 0x0, 0x2, 0x30, 0x80000001, 0x3, 0x1e4a, 0xa4, 0x30, 0x1395, 0x3, 0x7fff, 0x3d, 0x0, 0x11, 0x7fff, 0x7, 0xfffffffb, 0x7, 0xa, 0x401, 0xb1a1, 0x8, 0x8, 0x3, 0xd08f57a5, 0xfffffffc, 0x1, 0x719b1140, 0x8, 0x2, 0x7a56, 0xfffffa8b, 0x4, 0x8, 0x200, 0x680, 0x10, 0x5, 0x82a4, 0x3, 0x3, 0x6, 0xa, 0x10000, 0x9, 0x3508, 0x81, 0x0, 0x81, 0x4, 0x1, 0x5a5, 0x1000, 0x8, 0x0, 0x5, 0x8, 0xff, 0x6, 0x9bb, 0x7fff, 0x8, 0x3, 0x0, 0x9, 0x5, 0x5, 0x800, 0x1, 0x9, 0x2, 0xe99, 0x3, 0x2, 0x71, 0x8001, 0xbf5, 0x3, 0x1, 0x24, 0x2, 0xcf2, 0x3, 0x81, 0x0, 0x6, 0x2f4, 0x8, 0x9, 0x400, 0x7f, 0x4, 0x4, 0x1000, 0x1, 0x6, 0x9, 0x0, 0x346, 0xcaf, 0xfe, 0x10000, 0x1, 0x3ff, 0xfffffff8, 0x5, 0x8, 0x638f, 0x8, 0x7, 0x6, 0x9, 0x3, 0x8, 0x5, 0x0, 0x0, 0xff]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x2, 0x7d3, 0x2, 0x7, 0xf, 0x7f, 0xfffffff8, 0x400000, 0x7fffffff, 0x0, 0x80000001, 0x80, 0x4000005, 0x6, 0x6, 0x4, 0x6, 0x4, 0x8, 0x9, 0xb979, 0x517, 0x4bd, 0xe, 0x1, 0x9, 0x2, 0x7, 0x3ff, 0xfffffff8, 0x2, 0x9, 0x2, 0x1000, 0x812, 0x8, 0xff, 0x8, 0x3, 0x9, 0x5, 0x7, 0x4, 0x8, 0x70, 0x80000000, 0xe, 0xc5f, 0x40, 0x6, 0x8, 0x5f44, 0x70, 0x4, 0x3, 0x98, 0x0, 0x8, 0xfff, 0xd, 0xbb7, 0x41, 0x6, 0x5, 0x2, 0xfffff3e3, 0x7f, 0x4, 0x400, 0x101, 0x6, 0x0, 0x9, 0x400, 0x1, 0x37, 0x8, 0x3, 0xbcb4, 0x0, 0x49, 0x3, 0xffffffff, 0x6, 0x6, 0x101, 0x4, 0x8, 0x2, 0xce, 0x7, 0x400, 0x49, 0x0, 0x2, 0xb, 0x3, 0x8, 0x2, 0x7f, 0x800, 0x5, 0x3, 0x2, 0x9, 0x0, 0x0, 0x5, 0x6, 0x5, 0x40000000, 0x7, 0x2, 0x5, 0xc1, 0x8000, 0xb, 0x329, 0xc, 0x1, 0x1, 0x9, 0x2000, 0x101, 0xc72e, 0x0, 0x3, 0x2, 0x7, 0x6, 0x80000000, 0x8, 0x72, 0x2000095a, 0x1, 0xfffffff8, 0x3, 0x1, 0x3, 0x80000001, 0x10001, 0x9, 0xe000000, 0x1, 0x40, 0x6, 0x8, 0x200000, 0x100, 0xa, 0x1, 0xfffffffe, 0x1ff, 0x8, 0x7ff, 0x8, 0x1, 0x6, 0x3, 0x1, 0x443, 0x6, 0x5, 0x1, 0xffffff80, 0x6, 0x7fffffff, 0x0, 0x8, 0xffffff24, 0x0, 0x1, 0x4, 0x8001, 0x6, 0xd0e, 0x15, 0x5, 0xfffffffd, 0x5a9a, 0xd020, 0xfffff000, 0x1, 0x9, 0x8c, 0x7ff, 0x6, 0xfffffffb, 0x986, 0x9, 0x13c8f99b, 0x2, 0x80000001, 0xfffffffd, 0x75, 0x26, 0x0, 0x3, 0x0, 0x1000, 0x557, 0xff, 0x6, 0x2, 0x609f, 0x1, 0xd0, 0x3, 0xf1a, 0xfff, 0x2, 0x69, 0x0, 0xffff, 0x7, 0x1800, 0xc, 0x8, 0x4, 0x12e, 0x5, 0xa61, 0x1, 0x8001, 0x0, 0x4, 0x0, 0xd, 0x8, 0x16, 0x0, 0x4, 0x6d6a, 0x9, 0x1, 0x9, 0x1000, 0xba, 0x4, 0x0, 0x8, 0xffffe9b0, 0x20001, 0x4, 0x10000, 0x6, 0x3, 0x2, 0x4, 0x9, 0x101, 0x9, 0x3, 0x6, 0x1, 0xfffffe00]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_setup(0x2, &(0x7f0000002400)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x2}])
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x8000000, 0x238, 0xf8, 0x720d, 0x148, 0xf8, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)
sendto$inet(r6, 0x0, 0x0, 0x24000080, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7000000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000085000000030000007b9032108e1dc40300"/72], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r7, @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)

112.025118ms ago: executing program 4 (id=801):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x2400c080)

58.486149ms ago: executing program 4 (id=802):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="c872e100e8ffffff850000000700000002c70000004002002d37f0fffcffffff"], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x3, 0x3, 0x5, 0x1}, 0x10, 0x0, 0x0, 0xa, &(0x7f00000001c0)=[0x1, 0x1, 0xffffffffffffffff], &(0x7f0000000580)=[{0x3, 0x2, 0xa}, {0x3, 0x3, 0x8, 0xb}, {0x0, 0x2, 0x6, 0x6}, {0x4, 0x5, 0x9, 0x5}, {0x5, 0x1, 0x10, 0x1}, {0x2, 0x4, 0xd, 0xc}, {0x4, 0x1, 0xb, 0x4}, {0x1, 0x2, 0x10, 0xb}, {0x1, 0x5, 0xd, 0xc}, {0x3, 0x2, 0x0, 0xb}], 0x10, 0x3, @void, @value}, 0x94)
ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000208e052500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$unix(r1, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmmsg(r2, &(0x7f0000001140), 0x700, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0x3}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000f80)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x801, 0x3, 0x0, 0x0, 0xfffffffa, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}, 0x80000001, 0x4000000}}], [@TCA_POLICE_RATE={0x404, 0x2, [0xa3, 0x5, 0x4, 0x8, 0x2, 0x7, 0x1, 0x0, 0x8, 0xfffffffc, 0x4, 0x2, 0x55, 0x1, 0x4, 0x9, 0x8f729a78, 0x8, 0x5, 0x10001, 0x3, 0x40, 0x7, 0x3, 0x8, 0x8, 0x6, 0x9, 0x3, 0x251, 0xb, 0x3, 0x3, 0x0, 0x5, 0x7ff, 0x8, 0x6a4, 0x9, 0x8001, 0x84e, 0x0, 0x1, 0x1, 0xffffff7f, 0x4, 0x2, 0x9, 0x2, 0x7fff, 0x6, 0x80000001, 0xf9, 0x4, 0x8, 0x9, 0x1, 0x294, 0x401, 0x26, 0x3e2, 0x5d0, 0x0, 0x14c9, 0xff, 0x1ff, 0x7, 0xffff, 0x4e6, 0x0, 0x800, 0x3, 0x8, 0x2, 0x800, 0x2596, 0x8, 0x2, 0x7f, 0x1, 0xfffffffe, 0x400, 0x7f, 0x7ff, 0x10000, 0x7, 0x9, 0x9, 0xd, 0x3, 0x0, 0x2, 0xdc2d, 0x1, 0x3, 0x3, 0x1ff, 0x5628, 0x678, 0x0, 0x5, 0x0, 0x5, 0x6, 0xc0, 0x20d, 0x26, 0x7fff, 0x0, 0x5, 0x895, 0x3, 0x3, 0xc22, 0x5, 0x62, 0x9, 0x477, 0x4, 0xe, 0x1c1df941, 0x40, 0x141, 0xc, 0x9, 0x6, 0x7, 0x7, 0x8c7, 0x1, 0x5, 0x8, 0x8, 0x41d, 0x8, 0x7, 0x5, 0x7fffffff, 0x0, 0x2, 0x30, 0x80000001, 0x3, 0x1e4a, 0xa4, 0x30, 0x1395, 0x3, 0x7fff, 0x3d, 0x0, 0x11, 0x7fff, 0x7, 0xfffffffb, 0x7, 0xa, 0x401, 0xb1a1, 0x8, 0x8, 0x3, 0xd08f57a5, 0xfffffffc, 0x1, 0x719b1140, 0x8, 0x2, 0x7a56, 0xfffffa8b, 0x4, 0x8, 0x200, 0x680, 0x10, 0x5, 0x82a4, 0x3, 0x3, 0x6, 0xa, 0x10000, 0x9, 0x3508, 0x81, 0x0, 0x81, 0x4, 0x1, 0x5a5, 0x1000, 0x8, 0x0, 0x5, 0x8, 0xff, 0x6, 0x9bb, 0x7fff, 0x8, 0x3, 0x0, 0x9, 0x5, 0x5, 0x800, 0x1, 0x9, 0x2, 0xe99, 0x3, 0x2, 0x71, 0x8001, 0xbf5, 0x3, 0x1, 0x24, 0x2, 0xcf2, 0x3, 0x81, 0x0, 0x6, 0x2f4, 0x8, 0x9, 0x400, 0x7f, 0x4, 0x4, 0x1000, 0x1, 0x6, 0x9, 0x0, 0x346, 0xcaf, 0xfe, 0x10000, 0x1, 0x3ff, 0xfffffff8, 0x5, 0x8, 0x638f, 0x8, 0x7, 0x6, 0x9, 0x3, 0x8, 0x5, 0x0, 0x0, 0xff]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x2, 0x7d3, 0x2, 0x7, 0xf, 0x7f, 0xfffffff8, 0x400000, 0x7fffffff, 0x0, 0x80000001, 0x80, 0x4000005, 0x6, 0x6, 0x4, 0x6, 0x4, 0x8, 0x9, 0xb979, 0x517, 0x4bd, 0xe, 0x1, 0x9, 0x2, 0x7, 0x3ff, 0xfffffff8, 0x2, 0x9, 0x2, 0x1000, 0x812, 0x8, 0xff, 0x8, 0x3, 0x9, 0x5, 0x7, 0x4, 0x8, 0x70, 0x80000000, 0xe, 0xc5f, 0x40, 0x6, 0x8, 0x5f44, 0x70, 0x4, 0x3, 0x98, 0x0, 0x8, 0xfff, 0xd, 0xbb7, 0x41, 0x6, 0x5, 0x2, 0xfffff3e3, 0x7f, 0x4, 0x400, 0x101, 0x6, 0x0, 0x9, 0x400, 0x1, 0x37, 0x8, 0x3, 0xbcb4, 0x0, 0x49, 0x3, 0xffffffff, 0x6, 0x6, 0x101, 0x4, 0x8, 0x2, 0xce, 0x7, 0x400, 0x49, 0x0, 0x2, 0xb, 0x3, 0x8, 0x2, 0x7f, 0x800, 0x5, 0x3, 0x2, 0x9, 0x0, 0x0, 0x5, 0x6, 0x5, 0x40000000, 0x7, 0x2, 0x5, 0xc1, 0x8000, 0xb, 0x329, 0xc, 0x1, 0x1, 0x9, 0x2000, 0x101, 0xc72e, 0x0, 0x3, 0x2, 0x7, 0x6, 0x80000000, 0x8, 0x72, 0x2000095a, 0x1, 0xfffffff8, 0x3, 0x1, 0x3, 0x80000001, 0x10001, 0x9, 0xe000000, 0x1, 0x40, 0x6, 0x8, 0x200000, 0x100, 0xa, 0x1, 0xfffffffe, 0x1ff, 0x8, 0x7ff, 0x8, 0x1, 0x6, 0x3, 0x1, 0x443, 0x6, 0x5, 0x1, 0xffffff80, 0x6, 0x7fffffff, 0x0, 0x8, 0xffffff24, 0x0, 0x1, 0x4, 0x8001, 0x6, 0xd0e, 0x15, 0x5, 0xfffffffd, 0x5a9a, 0xd020, 0xfffff000, 0x1, 0x9, 0x8c, 0x7ff, 0x6, 0xfffffffb, 0x986, 0x9, 0x13c8f99b, 0x2, 0x80000001, 0xfffffffd, 0x75, 0x26, 0x0, 0x3, 0x0, 0x1000, 0x557, 0xff, 0x6, 0x2, 0x609f, 0x1, 0xd0, 0x3, 0xf1a, 0xfff, 0x2, 0x69, 0x0, 0xffff, 0x7, 0x1800, 0xc, 0x8, 0x4, 0x12e, 0x5, 0xa61, 0x1, 0x8001, 0x0, 0x4, 0x0, 0xd, 0x8, 0x16, 0x0, 0x4, 0x6d6a, 0x9, 0x1, 0x9, 0x1000, 0xba, 0x4, 0x0, 0x8, 0xffffe9b0, 0x20001, 0x4, 0x10000, 0x6, 0x3, 0x2, 0x4, 0x9, 0x101, 0x9, 0x3, 0x6, 0x1, 0xfffffe00]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_setup(0x2, &(0x7f0000002400)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x2}])
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x8000000, 0x238, 0xf8, 0x720d, 0x148, 0xf8, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298)
sendto$inet(r7, 0x0, 0x0, 0x24000080, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7000000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000085000000030000007b9032108e1dc40300"/72], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000", @ANYRES32=r8, @ANYRES64=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)

57.716939ms ago: executing program 0 (id=803):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000000)=0x2, 0x4)
sendto$inet(r0, &(0x7f00000000c0)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x0, @empty}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCSIFBR(r1, 0x890c, &(0x7f0000000200)=@generic={0x2, 0x10000000000002, 0xffffffffffffffff})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0xa, &(0x7f0000000080)=[{0x800, 0x77, 0xd9, 0x6}, {0x5, 0x4}, {0x0, 0x9, 0x5, 0x9754}, {0x2, 0x7, 0x7, 0x2}, {0x7, 0xf, 0x5, 0xacf6}, {0xa, 0x4, 0x3, 0x4}, {0xfff8, 0x8, 0xf, 0x5}, {0x0, 0x3, 0x9, 0x6}, {0x3, 0xa, 0x1, 0x80}, {0x9, 0x1, 0x0, 0x4aa}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000007c0)='./file2\x00', 0x0, &(0x7f0000000780)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrKpupOkcdvgQ1UQfSqoFZ+ENSaTEDLJLMmk3YTFpvgqCCJa8EWffBH8AwTpi+8iFOq7qChSs/qg0PbKnbnTTWZnkhRncpfk94Oz9557Zu73ncnOybkzN/cGcGE9GRHTETEWEc9ExFSxPS1K7HdK/rh7B3eX8pJElr30dhJJsa27r8vF8lrxtImI+MZXI76bPBh3e3dvfbHRqG8V9ZnWRvJOlu3dWNtYXK2v1jfn5+eeW3h+4ebC7FD6WY2IF77815/88JdfeeG3n33lT7f+Pv29PK3/Ztmr0dOPYep0vdJ+LbrGI2JrFMFKMt7uYcfNknMBAOB4+Xz/wxHxyfb8fyrG2rM5AAAA4DzJvjAZ7yQRGQAAAHBupRExGUlaK873nSzOWL0WER+Nq2mjud36zEpzZ3M5b4uoRiVdWWvUZ2Oife5ANSpJXp8rzrHt1p/tqc9HxKMR8eOpK+16banZWC77ww8AAAC4IK71HP//eypNa7Wicb/k5AAAAIDhqZadAAAAADByjv8BAADg/Ktmfe7Q9aB09JkAAAAAI/C1F1/MS9a9//Xyy7s7682XbyzXt9drGztLtaXm1u3aarO52r5m38ZJ+2s0m7c/F5s7d2Za9e3WzPbu3q2N5s5m69bakVtgAwAAAGfo0U+88cckIvY/f6VdcpeKtkpENnb4weNlZAiMygc6p+cvo8sDOHuHf79fKTEP4OyZ0sPFVSk7AaB0J/0B0MCTd34//FwAAIDRuP6xwd//v71SamrAiBXf/yenugAIcK6MlZ0AUJrO93/vZR1lZwOcpcpxMwAHBXDupcP5/v+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSVbWGvXZiPhQRLw1Vbmc1+faz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3s8HLiX/mWovI+KVn7300zuLrdbWXL79n+9vb71ebH+2jE8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNO9g7tL97Isyw7uLp1l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjh56XRMTYEOLvvxYRj/WLn+RpRbXI4kj8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK0+/uavZwbGfy3i8fH+4083fpLvr0/8p07Zx+98c29vUFv2i4jr/ca/5GismdbG7Znt3b0baxuLq/XV+ub8/NxzC88v3FyYnVlZa9SLf/vG+NHHf/Pe/dq7D/T/6jHjb7v/A17/p0/Z/3ffvHPwkc5qz08mKvHzLJt+qv/P/7F88en+8fP/E58qfg/k7flrmL7+rb7xn/jVH54YlFve/+UB/Z/o6f/lnv5Pn7L/z3z9+38+5UMBgDOwvbu3vtho1LesHF6J6kORxsO7ks87S08jiSTylbeONC2Wn1hn5dXiPbbY6L7bhrTn3xUHR6NMvqTxCAAAGJ37k/7elqSchAAAAAAAAAAAAAAAAAAAAOACOvEyYIOa0oi4v+XbPzjmamS9MffL6SoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLH+FwAA//8tudaU")
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r4, &(0x7f0000000040)=[{&(0x7f0000000080)=""/4097, 0x1001}], 0x1, 0x300, 0x0)
r5 = timerfd_create(0x0, 0x0)
timerfd_settime(r5, 0x0, &(0x7f0000000040)={{}, {0x0, 0x1c9c380}}, 0x0)
readv(r5, &(0x7f0000000000)=[{&(0x7f00000020c0)=""/4100, 0x1004}], 0x1)
recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0)

26.321409ms ago: executing program 2 (id=804):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000840), r2)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x0, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYRES32=r1, @ANYRES32=<r5=>0xffffffffffffffff, @ANYRESOCT=r3, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x50)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFBR(r6, 0x8940, &(0x7f0000000200)=@generic={0x2, 0x5, 0xffffffffffffffff})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r4}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000380)='kfree\x00', r7}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYRESDEC=r5, @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000a40000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r10 = syz_clone(0x104000, &(0x7f0000000c80)="23e36f048683896e8485d7eeecdf50bf5c01d26085943b5fac8b70a69c95bdbe7edc0b2e7a48ddc1183bbba1d0465f23d7c0c012890e391a86846c49f8eccd65ff4579eb50b85fb6478b35d9dad9345b9640668103e958722b84b03cce55350ba53360097660446c942c93f904483d90aa085314f7f0ddabcbcfc1d4e525f228d342dbf66d397611c2511586d54fdb51dad5fa36890d0ffbd4ac1fce80968720a0d127b26a24c4553a8661aba1276aa10b319b07ae156475d675dc6e3645ca114cfbb691a6247ec69189846f32ba6bd511b6b29cdbd9222662443c3f3770b4dbc861", 0xe2, &(0x7f0000000900), &(0x7f0000000880), &(0x7f0000000b00)="eb5f67ddf535cd05697487b0b92de8a03e51e070beeab7d6f1f938d41f50a78f9f5b3186ad169d519b1e9bcf2f1143df0ebba82853b5881a97dc9cb6d9f373ea0b23ed7690c1477bfdc80d9e207685486548a733d9ab88a8f00e9b81b7c0b6737df96a205bd989e54e5cca53cc6c9db5f967bdf93365d7e282327064f728e5b027f4028b2debb8c307897d1e3d26939e9092e6676286e2e8301d246c7db4fe6a541580f0dfcd5ef5298a45eae0a9a041613533b512cd0248f2a0434e55f6")
perf_event_open(&(0x7f0000000780)={0x4, 0x80, 0x25, 0xfe, 0x7, 0x2, 0x0, 0x7, 0x80, 0x6, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0x2, 0xffffffff}, 0x14a88, 0xfa2, 0x8000, 0x0, 0x9, 0x5, 0x401, 0x0, 0xfffffa0a, 0x0, 0x40000000006292}, r10, 0x0, 0xffffffffffffffff, 0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00<r\xe9\x9cD\x90\xce\xe1\xc5\x85=\\!\xbbQ\xde\xc3\xe3\x7f\xcf\x1f\x17G\xa6\x13\xae\x92 \x1c\xbf\xfa\xe8e\x8cD\"\xa3w')
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rmdir(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000a00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x105042, 0x145)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r11, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})

860.07µs ago: executing program 1 (id=805):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000040)='%pI4   \x00'}, 0x25)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001a80)={0x11, 0xc, &(0x7f0000000900)=ANY=[@ANYRES16=r1], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x48)
syz_mount_image$vfat(&(0x7f00000003c0), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYRES32=r3, @ANYRES8=r3, @ANYRES64], 0x8, 0x2f6, &(0x7f0000001cc0)="$eJzs3EtPE10YwPGnV9oSaBdv3jevieFEN7qZQHWtNAYSYxMJUuMlMRlgqk3HlnQaTI3xsnJr/BAuCEt2JMoXYONON27csTFxIQtjTedCoQwgbWkR/r+EzMOc88ycc1qa5zS0G3fePC7mLS2vVyUYUxIQEdkUSUlQPAH3GLTjqGz3Ui4Ofv909tbdezcy2ezEtFKTmZlLaaXU8Mj7J8/ibrfVAVlPPdj4lv66/u/6/xu/Zh4VLFWwVKlcVbqaLX+p6rOmoeYLVlFTaso0dMtQhZJlVJz2stOeN8sLCzWll+aHEgsVw7KUXqqpolFT1bKqVmoq9FAvlJSmaWooIThIbml6Ws+0mTzX5cHgiFQqGT0kIvFdLbmlvgwIAAD0VWv9HxTVzfp/+dxadfD2yrBb/69G/er/y5+da+2o/2Mi4lv/e/f3rf/1w9X/uyui06Wj+h/Hw0h016lAM2w0VjJ6wv37tb26vzxqB9T/AAAAAAAAAAAAAAAAAAAAAAD8DTbr9WS9Xk96R+9nQERiIuL97pMaEpGrfRgyuqiDxx8nQPODe+FhEfP1Ym4x5xzdDmsiYooho5KUn/bzwdWIvU8eqYaUfDBfOPkD7suDSCYvBTt/TJIRaeaH3HjyenZiTDma+Y1jRBLb89OSlH9a7+/kp33zo3Lh/LZ8TZLycU7KYsq8fe9m/vMxpa7dzLbkx+1+AAAAAACcBJraktq5/3X275q2V7uTv7W/bn1/INTcX4/67s/Dcibc37kDAAAAAHBaWLWnRd00jco+QVwO7tN+ED6iK3sz/NMs738Zjm6m+wTezXc0xdyTnVw54rcsgUMsyx5BUNrJGmnMRnW6Yt7bRnv1kanx3j+CdvDf23c/ureYV1ZiB8y0/SC0/xMg0rMXIAAAAAA90yz6vTPj/R0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnUC++Ha3fcwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOi98BAAD//xPfAEw=")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x275a, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f000016c000/0x1000)=nil, 0x1000, 0x1000000, 0x100010, r4, 0x8000000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_lsm={0x4, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000400000000000000085000100cc00000085000000000000000500feff000000009500"/56], &(0x7f00000003c0)='GPL\x00', 0x4, 0xff1, &(0x7f0000000a80)=""/4081, 0x0, 0x0, '\x00', 0x0, 0x1b, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
epoll_create1(0x80000)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x50)
lseek(0xffffffffffffffff, 0x2b, 0x1)
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x4404, &(0x7f00000004c0), 0x1, 0x5eb, &(0x7f00000025c0)="$eJzs3c9vVNUeAPDvmf6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNEESHBjYtwYY+LKhfhfKJEtK125cOPKkBA1LE0cM9N7S6e909If0ym9n08y9N5z5nDO7fQ799wz59wJoLQGa/9UIvZHxHSK6E83FvI6I8scnH/ewz8/Olt7pKhWX/s9RcrS8uen7GdfVrgnIn78IcW+juX1zsxduzg+NTV5Ndsfnr00PTwzd+3whUvj5yfPT14efWH0xPFjx0+MHFnXcV0vSDt96933+z8Ze/Obr/5KI9/+MpbiZLycPXHxcWyWwRis/07S8qy+E5tdWZt0ZH8ni1/i1NnGBrEm+evXFRH/i/7oiEcvXn98/EpbGwe0VDVFVIGSSuIfSirvB+TX9kuvgytt6ZUAW+HBqfkBgOXx3zk/Nhg99bGB3Q9TLB7WSRGxvpG5Rnsi4t7dsVvn7o7dihaNwwHFbtyMiP8XxX+qx/9A9MRAPf4rDfFf6xecyX7W0l9dZ/1Lh4rFP2yd+fjvWTH+o0n8v7Uo/t8u/u8LPvlrNPho853ehvjv3chhAQAAAAAAQCndORURzxd9/l9ZmP8TBfN/+iLi5CbUP7hkf/nn/5X7m1ANUODBqYiXCuf/VvLZvwMd2da/6vMButK5C1OTRyLi3xFxKLp21fZHVqjj8Kf7vmyWN5jN/8sftfrvZXMBs3bc79zVWGZifHZ8o8cNRDy4GfFU4fzftHD+TwXn/9r7wfRj1rHv2dtnmuWtHv9Aq1S/jjhYeP5/dNeKtPL9OYbr/YHhvFew3NMffvZds/rXG/9uMQEbVzv/7145/gfS4vv1zKy9jqNzndVmeevt/3en1+tzi7uztA/GZ2evjkR0p9MdtdSG9NG1txl2ojwe8nipxf+hZ1Ye/yvq//cWTO5PfzSuKc799+++X5u1R/8f2qcW/xNrOv+vfWP09sD3zep/vPP/sfpbzaEsxfgfzPsiD9PuxvSCcOwsytrq9gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADATlCJiD2RKkML25XK0FBEX0T8J3ZXpq7MzD537sp7lyciqvPf/1/Jv+m3f34/5d//P7Bof3TJ/tGI2BsRn3f01veHzl6Zmmj3wQMAAAAAAAAAAAAAAAAAAMA20ddk/X/Nbx3tbh3Qcp3tbgDQNgXx/9NKz7/cwrYAW8v5H8pL/EN5iX8oL/EP5SX+obzEP5SX+IfyEv8AAAAAALCj7D1w5+cUETde7K0/arqzvK5VS+9qceuAVqq0uwFA27jFD5SXqT9QXqtf4wM7XVolv6dpodVKrmT67AYKAwAAAAAAAAAAAEDpHNy/kfX/wJPM+n8oL+v/obzy9f8H2twOYOu5xgdilZX8hev/Vy0FAAAAAAAAAAAAAGymmblrF8enpiav2nhjezRjKzeq1er12l/BdmnPE76RT4XfLu1ZspGv9Xu8Uu17TwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABr9EwAA//+P/yWz")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r8}, 0x10)
pivot_root(&(0x7f0000000840)='./file0\x00', &(0x7f0000000280)='./file0\x00')
write(r7, &(0x7f0000004200)='t', 0x1)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000940)='bcache_alloc_fail\x00', r10}, 0x18)
sendfile(r7, r6, 0x0, 0x3ffff)
sendfile(r7, r6, 0x0, 0x7ffff000)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, &(0x7f0000000080), &(0x7f00000001c0)=r5}, 0x20)
sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x88}, 0xc, &(0x7f0000000540)={&(0x7f0000000640)={0x44, 0x0, 0x800, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2}, 0x40088)
ioctl$EXT4_IOC_GETSTATE(r9, 0x40046629, &(0x7f0000000300))

0s ago: executing program 3 (id=806):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x20000098, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYRESHEX=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x0, &(0x7f0000000500)=[{0x2, 0xba, 0x7, 0x90080000}, {0x9, 0xc, 0x3, 0x2}, {0x1ff, 0x1, 0x1, 0x3}, {0x7, 0x3, 0x5, 0xfffffffe}]}) (async)
process_mrelease(0xffffffffffffffff, 0x0) (async)
poll(0x0, 0x0, 0x86) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x492492492492846, 0x0) (async)
fcntl$setstatus(r4, 0x4, 0x42000)
ppoll(&(0x7f00000000c0)=[{r4, 0x200}], 0x1, 0x0, 0x0, 0x0) (async)
connect$unix(r3, &(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async)
mbind(&(0x7f00004c9000/0x3000)=nil, 0x3000, 0x8000, 0x0, 0x20, 0x2) (async)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x10001}, 0xc104, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000051afee4fe3973a580000", @ANYRES32=r6, @ANYRES64=r1], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4f, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000005600)='sys_enter\x00', r8}, 0x10) (async)
setgid(0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r7}, 0x10) (async)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xa)
fsopen(&(0x7f00000018c0)='rpc_pipefs\x00', 0x1) (async)
epoll_create1(0x0) (async)
pipe(&(0x7f0000000080)) (async)
r9 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r10=>0x0, &(0x7f0000000200)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r9, 0x70a, 0x41e3, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts.
[   33.035601][   T29] audit: type=1400 audit(1749937908.631:62): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   33.036897][ T3296] cgroup: Unknown subsys name 'net'
[   33.058569][   T29] audit: type=1400 audit(1749937908.631:63): avc:  denied  { mount } for  pid=3296 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   33.086005][   T29] audit: type=1400 audit(1749937908.661:64): avc:  denied  { unmount } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   33.226836][ T3296] cgroup: Unknown subsys name 'cpuset'
[   33.233092][ T3296] cgroup: Unknown subsys name 'rlimit'
[   33.366960][   T29] audit: type=1400 audit(1749937908.971:65): avc:  denied  { setattr } for  pid=3296 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   33.390379][   T29] audit: type=1400 audit(1749937908.971:66): avc:  denied  { create } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   33.410858][   T29] audit: type=1400 audit(1749937908.971:67): avc:  denied  { write } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   33.422418][ T3299] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   33.431368][   T29] audit: type=1400 audit(1749937908.971:68): avc:  denied  { read } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   33.460386][   T29] audit: type=1400 audit(1749937908.971:69): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   33.481347][ T3296] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   33.485443][   T29] audit: type=1400 audit(1749937908.971:70): avc:  denied  { mount } for  pid=3296 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   33.517623][   T29] audit: type=1400 audit(1749937909.041:71): avc:  denied  { relabelto } for  pid=3299 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   35.356883][ T3306] chnl_net:caif_netlink_parms(): no params data found
[   35.450771][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.458019][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.465271][ T3306] bridge_slave_0: entered allmulticast mode
[   35.471913][ T3306] bridge_slave_0: entered promiscuous mode
[   35.485896][ T3313] chnl_net:caif_netlink_parms(): no params data found
[   35.497592][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.504783][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.512343][ T3306] bridge_slave_1: entered allmulticast mode
[   35.518936][ T3306] bridge_slave_1: entered promiscuous mode
[   35.538505][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   35.551251][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   35.585123][ T3306] team0: Port device team_slave_0 added
[   35.610199][ T3306] team0: Port device team_slave_1 added
[   35.654108][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0
[   35.661261][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   35.687237][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   35.700607][ T3313] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.707784][ T3313] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.715044][ T3313] bridge_slave_0: entered allmulticast mode
[   35.721559][ T3313] bridge_slave_0: entered promiscuous mode
[   35.727954][ T3309] chnl_net:caif_netlink_parms(): no params data found
[   35.741478][ T3319] chnl_net:caif_netlink_parms(): no params data found
[   35.750674][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1
[   35.757693][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   35.783848][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   35.799035][ T3313] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.806251][ T3313] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.813530][ T3313] bridge_slave_1: entered allmulticast mode
[   35.820145][ T3313] bridge_slave_1: entered promiscuous mode
[   35.887705][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   35.912564][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   35.930585][ T3306] hsr_slave_0: entered promiscuous mode
[   35.936663][ T3306] hsr_slave_1: entered promiscuous mode
[   35.961204][ T3319] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.968484][ T3319] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.976572][ T3319] bridge_slave_0: entered allmulticast mode
[   35.983033][ T3319] bridge_slave_0: entered promiscuous mode
[   35.990261][ T3319] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.997436][ T3319] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.004689][ T3319] bridge_slave_1: entered allmulticast mode
[   36.011209][ T3319] bridge_slave_1: entered promiscuous mode
[   36.017464][ T3307] chnl_net:caif_netlink_parms(): no params data found
[   36.029538][ T3309] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.036728][ T3309] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.043960][ T3309] bridge_slave_0: entered allmulticast mode
[   36.050571][ T3309] bridge_slave_0: entered promiscuous mode
[   36.069706][ T3309] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.076871][ T3309] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.084032][ T3309] bridge_slave_1: entered allmulticast mode
[   36.090583][ T3309] bridge_slave_1: entered promiscuous mode
[   36.097708][ T3313] team0: Port device team_slave_0 added
[   36.127522][ T3313] team0: Port device team_slave_1 added
[   36.140124][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.168761][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.179313][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.192324][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.204256][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.211280][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.237311][ T3313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.268284][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.275406][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.301426][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.327556][ T3309] team0: Port device team_slave_0 added
[   36.336886][ T3309] team0: Port device team_slave_1 added
[   36.343446][ T3319] team0: Port device team_slave_0 added
[   36.368986][ T3319] team0: Port device team_slave_1 added
[   36.374772][ T3307] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.381963][ T3307] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.389322][ T3307] bridge_slave_0: entered allmulticast mode
[   36.395896][ T3307] bridge_slave_0: entered promiscuous mode
[   36.403370][ T3307] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.410493][ T3307] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.417916][ T3307] bridge_slave_1: entered allmulticast mode
[   36.424262][ T3307] bridge_slave_1: entered promiscuous mode
[   36.470873][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.477940][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.504149][ T3309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.515398][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.522430][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.548484][ T3309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.559767][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.566845][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.593005][ T3319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.620998][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.633420][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.640443][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.666780][ T3319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.679680][ T3313] hsr_slave_0: entered promiscuous mode
[   36.685871][ T3313] hsr_slave_1: entered promiscuous mode
[   36.692204][ T3313] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.699831][ T3313] Cannot create hsr debugfs directory
[   36.709225][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.753227][ T3307] team0: Port device team_slave_0 added
[   36.775742][ T3307] team0: Port device team_slave_1 added
[   36.783969][ T3309] hsr_slave_0: entered promiscuous mode
[   36.790279][ T3309] hsr_slave_1: entered promiscuous mode
[   36.796371][ T3309] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.803945][ T3309] Cannot create hsr debugfs directory
[   36.814677][ T3319] hsr_slave_0: entered promiscuous mode
[   36.820863][ T3319] hsr_slave_1: entered promiscuous mode
[   36.827050][ T3319] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.834700][ T3319] Cannot create hsr debugfs directory
[   36.873950][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.881006][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.907211][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.918663][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.925632][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.951726][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   37.013081][ T3306] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   37.041589][ T3306] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   37.054843][ T3307] hsr_slave_0: entered promiscuous mode
[   37.060965][ T3307] hsr_slave_1: entered promiscuous mode
[   37.067890][ T3307] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   37.075449][ T3307] Cannot create hsr debugfs directory
[   37.090056][ T3306] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   37.105704][ T3306] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   37.171999][ T3309] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   37.183502][ T3309] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   37.194229][ T3309] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   37.207735][ T3309] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   37.263294][ T3313] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   37.272581][ T3313] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   37.286023][ T3313] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   37.295727][ T3313] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   37.321412][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.343339][ T3319] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   37.354583][ T3319] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   37.364036][ T3319] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   37.379608][ T3306] 8021q: adding VLAN 0 to HW filter on device team0
[   37.396292][ T3319] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   37.417803][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.432477][  T110] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.439773][  T110] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.454614][ T3309] 8021q: adding VLAN 0 to HW filter on device team0
[   37.461966][ T3307] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   37.474095][  T110] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.481278][  T110] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.495880][ T3307] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   37.507165][  T270] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.514295][  T270] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.530298][ T3307] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   37.540125][ T3307] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   37.551195][  T110] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.558304][  T110] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.637828][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.648387][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.665168][ T3313] 8021q: adding VLAN 0 to HW filter on device team0
[   37.676232][ T3319] 8021q: adding VLAN 0 to HW filter on device team0
[   37.689705][ T3309] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   37.704280][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.711402][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.723000][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.730196][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.751406][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.758556][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.775050][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.790447][ T3319] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   37.800916][ T3319] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   37.821903][   T51] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.829280][   T51] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.881495][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.893867][ T3309] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.913322][ T3313] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   37.942375][ T3319] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.953017][ T3307] 8021q: adding VLAN 0 to HW filter on device team0
[   37.974365][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.981673][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[   38.000982][ T3306] veth0_vlan: entered promiscuous mode
[   38.014137][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.021516][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.045701][ T3307] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   38.056290][ T3307] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   38.089114][ T3306] veth1_vlan: entered promiscuous mode
[   38.099149][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0
[   38.147125][ T3306] veth0_macvtap: entered promiscuous mode
[   38.154561][ T3306] veth1_macvtap: entered promiscuous mode
[   38.177554][ T3309] veth0_vlan: entered promiscuous mode
[   38.200801][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.213060][ T3309] veth1_vlan: entered promiscuous mode
[   38.223964][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0
[   38.239307][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.257056][ T3319] veth0_vlan: entered promiscuous mode
[   38.265219][ T3309] veth0_macvtap: entered promiscuous mode
[   38.275287][ T3306] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.284282][ T3306] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.293251][ T3306] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.302114][ T3306] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.313294][ T3319] veth1_vlan: entered promiscuous mode
[   38.320634][ T3309] veth1_macvtap: entered promiscuous mode
[   38.359501][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.374704][ T3319] veth0_macvtap: entered promiscuous mode
[   38.384314][   T29] kauditd_printk_skb: 9 callbacks suppressed
[   38.384333][   T29] audit: type=1400 audit(1749937913.981:81): avc:  denied  { mounton } for  pid=3306 comm="syz-executor" path="/root/syzkaller.SW4lMf/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   38.418737][ T3319] veth1_macvtap: entered promiscuous mode
[   38.437525][   T29] audit: type=1400 audit(1749937914.001:82): avc:  denied  { mount } for  pid=3306 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   38.440145][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.459634][   T29] audit: type=1400 audit(1749937914.001:83): avc:  denied  { mounton } for  pid=3306 comm="syz-executor" path="/root/syzkaller.SW4lMf/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   38.470403][ T3309] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.491973][   T29] audit: type=1400 audit(1749937914.011:84): avc:  denied  { mount } for  pid=3306 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   38.492007][   T29] audit: type=1400 audit(1749937914.011:85): avc:  denied  { mounton } for  pid=3306 comm="syz-executor" path="/root/syzkaller.SW4lMf/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   38.500743][ T3309] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.522592][   T29] audit: type=1400 audit(1749937914.011:86): avc:  denied  { mounton } for  pid=3306 comm="syz-executor" path="/root/syzkaller.SW4lMf/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4510 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   38.549209][ T3309] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.557896][   T29] audit: type=1400 audit(1749937914.011:87): avc:  denied  { unmount } for  pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   38.585341][ T3309] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.594017][   T29] audit: type=1400 audit(1749937914.011:88): avc:  denied  { mounton } for  pid=3306 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   38.645333][   T29] audit: type=1400 audit(1749937914.021:89): avc:  denied  { mount } for  pid=3306 comm="syz-executor" name="/" dev="gadgetfs" ino=4511 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   38.670395][ T3306] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   38.699754][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.701240][   T29] audit: type=1400 audit(1749937914.301:90): avc:  denied  { read write } for  pid=3306 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   38.739453][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.792255][ T3313] veth0_vlan: entered promiscuous mode
[   38.808936][ T3319] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.817895][ T3319] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.826803][ T3319] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.835728][ T3319] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.874777][ T3307] veth0_vlan: entered promiscuous mode
[   38.889999][ T3313] veth1_vlan: entered promiscuous mode
[   38.905607][ T3307] veth1_vlan: entered promiscuous mode
[   38.923656][ T3485] wg2: entered promiscuous mode
[   38.928854][ T3485] wg2: entered allmulticast mode
[   38.968323][ T3307] veth0_macvtap: entered promiscuous mode
[   38.994754][ T3307] veth1_macvtap: entered promiscuous mode
[   39.023138][ T3313] veth0_macvtap: entered promiscuous mode
[   39.068900][ T3494] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.076302][ T3494] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.128544][ T3494] bridge_slave_0: left allmulticast mode
[   39.134280][ T3494] bridge_slave_0: left promiscuous mode
[   39.140586][ T3494] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.177499][ T3494] bridge_slave_1: left allmulticast mode
[   39.183235][ T3494] bridge_slave_1: left promiscuous mode
[   39.189039][ T3494] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.210690][ T3494] bond0: (slave bond_slave_0): Releasing backup interface
[   39.251681][ T3494] bond0: (slave bond_slave_1): Releasing backup interface
[   39.271321][ T3494] team0: Port device team_slave_0 removed
[   39.321486][ T3494] team0: Port device team_slave_1 removed
[   39.343745][ T3494] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   39.362882][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_0
[   39.383078][ T3494] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   39.404032][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_1
[   39.446973][ T3494] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.455945][ T3494] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.465146][ T3494] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.474640][ T3494] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   39.503282][ T3493] vxcan1 speed is unknown, defaulting to 1000
[   39.512428][ T3493] vxcan1 speed is unknown, defaulting to 1000
[   39.528054][ T3313] veth1_macvtap: entered promiscuous mode
[   39.541812][ T3493] vxcan1 speed is unknown, defaulting to 1000
[   39.545824][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.576947][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.606932][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.618920][ T3307] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.621168][ T3493] infiniband syz2: set active
[   39.627929][ T3307] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.632546][ T3493] infiniband syz2: added vxcan1
[   39.646250][ T3307] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.654995][ T3307] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.656689][ T3493] RDS/IB: syz2: added
[   39.667999][ T3493] smc: adding ib device syz2 with port count 1
[   39.673251][ T3494] syz.1.9 (3494) used greatest stack depth: 10728 bytes left
[   39.686246][ T3493] smc:    ib device syz2 port 1 has pnetid 
[   39.784223][   T23] vxcan1 speed is unknown, defaulting to 1000
[   39.789256][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.797842][ T3388] vxcan1 speed is unknown, defaulting to 1000
[   39.808762][ T3493] vxcan1 speed is unknown, defaulting to 1000
[   39.821654][ T3496] hub 6-0:1.0: USB hub found
[   39.837356][ T3313] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.846401][ T3313] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.855174][ T3313] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.863957][ T3313] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.874892][ T3496] hub 6-0:1.0: 8 ports detected
[   39.970757][ T3493] vxcan1 speed is unknown, defaulting to 1000
[   40.062799][ T3493] vxcan1 speed is unknown, defaulting to 1000
[   40.082700][ T3509] hub 2-0:1.0: USB hub found
[   40.090579][ T3509] hub 2-0:1.0: 8 ports detected
[   40.174186][ T3493] vxcan1 speed is unknown, defaulting to 1000
[   40.180543][    C1] hrtimer: interrupt took 27652 ns
[   40.243908][ T3523] capability: warning: `syz.1.15' uses deprecated v2 capabilities in a way that may be insecure
[   40.262489][ T3511] vxcan1 speed is unknown, defaulting to 1000
[   40.360799][ T3493] vxcan1 speed is unknown, defaulting to 1000
[   40.361270][ T3523] netlink: 'syz.1.15': attribute type 9 has an invalid length.
[   40.374793][ T3523] netlink: 'syz.1.15': attribute type 7 has an invalid length.
[   40.382554][ T3523] netlink: 'syz.1.15': attribute type 8 has an invalid length.
[   40.506272][ T3493] syz.2.3 (3493) used greatest stack depth: 10616 bytes left
[   40.538688][ T3522] loop3: detected capacity change from 0 to 1024
[   40.642864][ T3522] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   40.664143][ T3522] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   40.719103][ T3538] loop4: detected capacity change from 0 to 128
[   40.735882][ T3538] FAT-fs (loop4): bogus logical sector size 0
[   40.742257][ T3538] FAT-fs (loop4): Can't find a valid FAT filesystem
[   40.769717][ T3522] JBD2: no valid journal superblock found
[   40.777477][ T3522] EXT4-fs (loop3): Could not load journal inode
[   40.803745][ T3538] Invalid ELF header magic: != ELF
[   40.876524][ T3545] sd 0:0:1:0: device reset
[   40.887728][ T3522] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   41.058109][ T3551] wg2: left promiscuous mode
[   41.062825][ T3551] wg2: left allmulticast mode
[   41.097420][ T3551] wg2: entered promiscuous mode
[   41.102378][ T3551] wg2: entered allmulticast mode
[   41.306796][ T3518] syz.1.15 (3518) used greatest stack depth: 6952 bytes left
[   41.359388][ T3554] rdma_rxe: rxe_newlink: failed to add vxcan1
[   41.501406][ T3559] program syz.1.26 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   41.514671][ T3560] hub 6-0:1.0: USB hub found
[   41.519799][ T3560] hub 6-0:1.0: 8 ports detected
[   41.523199][ T3558] netlink: '+}[@': attribute type 9 has an invalid length.
[   41.532159][ T3558] netlink: '+}[@': attribute type 6 has an invalid length.
[   41.608420][ T3562] wg2: entered promiscuous mode
[   41.613373][ T3562] wg2: entered allmulticast mode
[   41.779076][ T3570] loop4: detected capacity change from 0 to 2048
[   41.818042][ T3570] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.830667][ T3570] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.864071][ T3566] hub 6-0:1.0: USB hub found
[   41.868936][ T3566] hub 6-0:1.0: 8 ports detected
[   41.934296][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.982277][ T3578] vxcan1 speed is unknown, defaulting to 1000
[   42.079333][ T3582] wg2: left promiscuous mode
[   42.084041][ T3582] wg2: left allmulticast mode
[   42.111458][ T3582] wg2: entered promiscuous mode
[   42.116609][ T3582] wg2: entered allmulticast mode
[   42.135587][ T3587] loop4: detected capacity change from 0 to 512
[   42.173990][ T3587] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.198144][ T3587] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   42.314032][ T3591] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #19: comm syz.4.34: corrupted inode contents
[   42.337947][ T3591] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #19: comm syz.4.34: mark_inode_dirty error
[   42.365658][ T3590] hub 6-0:1.0: USB hub found
[   42.376967][ T3590] hub 6-0:1.0: 8 ports detected
[   42.385901][ T3402] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   42.398481][ T3591] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #19: comm syz.4.34: corrupted inode contents
[   42.425795][ T3402] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   42.439581][ T3591] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2991: inode #19: comm syz.4.34: mark_inode_dirty error
[   42.458635][ T3591] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2994: inode #19: comm syz.4.34: mark inode dirty (error -117)
[   42.471983][ T3591] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117)
[   42.539464][ T3587] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.546803][ T3587] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.608167][ T3587] bridge_slave_0: left allmulticast mode
[   42.614009][ T3587] bridge_slave_0: left promiscuous mode
[   42.620123][ T3587] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.637839][ T3598] loop2: detected capacity change from 0 to 1024
[   42.665992][ T3598] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   42.677328][ T3598] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   42.701848][ T2997] udevd[2997]: worker [3297] terminated by signal 33 (Unknown signal 33)
[   42.720198][ T3587] bridge_slave_1: left allmulticast mode
[   42.725938][ T3587] bridge_slave_1: left promiscuous mode
[   42.732182][ T3587] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.751786][ T3598] JBD2: no valid journal superblock found
[   42.757790][ T3598] EXT4-fs (loop2): Could not load journal inode
[   42.777788][ T3598] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   42.818636][ T3587] bond0: (slave bond_slave_0): Releasing backup interface
[   42.868015][ T3587] bond0: (slave bond_slave_1): Releasing backup interface
[   42.883024][ T3587] team0: Port device team_slave_0 removed
[   42.939513][ T3587] team0: Port device team_slave_1 removed
[   42.997353][ T3587] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   43.059346][ T3610] rdma_rxe: rxe_newlink: failed to add vxcan1
[   43.061420][ T3587] batman_adv: batadv0: Removing interface: batadv_slave_0
[   43.121016][ T3587] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   43.185556][ T3587] batman_adv: batadv0: Removing interface: batadv_slave_1
[   43.234622][ T3587] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   43.244140][ T3587] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   43.253387][ T3587] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   43.262448][ T3587] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   43.320360][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.337415][ T3619] loop2: detected capacity change from 0 to 2048
[   43.376110][ T3605] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.383555][ T3605] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.400422][ T3619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.433853][ T3619] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.474225][ T3624] loop3: detected capacity change from 0 to 1024
[   43.515516][ T3605] bridge_slave_0: left allmulticast mode
[   43.521440][ T3605] bridge_slave_0: left promiscuous mode
[   43.527323][ T3605] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.551299][ T3605] bridge_slave_1: left allmulticast mode
[   43.557775][ T3605] bridge_slave_1: left promiscuous mode
[   43.563566][ T3605] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.576959][ T3605] bond0: (slave bond_slave_0): Releasing backup interface
[   43.581364][ T3624] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   43.595084][ T3624] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   43.599575][ T3627] netlink: '+}[@': attribute type 9 has an invalid length.
[   43.612179][ T3627] netlink: '+}[@': attribute type 7 has an invalid length.
[   43.619455][ T3627] netlink: '+}[@': attribute type 8 has an invalid length.
[   43.623579][ T3624] JBD2: no valid journal superblock found
[   43.632547][ T3624] EXT4-fs (loop3): Could not load journal inode
[   43.643746][ T3605] bond0: (slave bond_slave_1): Releasing backup interface
[   43.656383][ T3605] team0: Port device team_slave_0 removed
[   43.665520][ T3605] team0: Port device team_slave_1 removed
[   43.673146][ T3605] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   43.682492][ T3605] batman_adv: batadv0: Removing interface: batadv_slave_0
[   43.694918][ T3605] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   43.708046][ T3605] batman_adv: batadv0: Removing interface: batadv_slave_1
[   43.708152][ T3616] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   43.777176][ T3605] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   43.786340][ T3605] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   43.796691][ T3605] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   43.806064][ T3605] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   43.931287][   T29] kauditd_printk_skb: 3977 callbacks suppressed
[   43.931304][   T29] audit: type=1400 audit(1749937919.531:4068): avc:  denied  { create } for  pid=3630 comm="syz.3.44" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   43.957554][   T29] audit: type=1400 audit(1749937919.531:4069): avc:  denied  { bind } for  pid=3630 comm="syz.3.44" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   43.976940][   T29] audit: type=1400 audit(1749937919.531:4070): avc:  denied  { create } for  pid=3630 comm="syz.3.44" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   43.999002][ T3631] netlink: 24 bytes leftover after parsing attributes in process `syz.3.44'.
[   44.033980][   T29] audit: type=1400 audit(1749937919.601:4071): avc:  denied  { write } for  pid=3630 comm="syz.3.44" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   44.054376][   T29] audit: type=1400 audit(1749937919.601:4072): avc:  denied  { nlmsg_write } for  pid=3630 comm="syz.3.44" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   44.190183][ T3641] loop4: detected capacity change from 0 to 2048
[   44.208210][ T3641] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.220113][ T3633] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   44.221539][ T3641] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.274063][ T3646] Invalid ELF header magic: != ELF
[   44.280963][   T29] audit: type=1400 audit(1749937919.871:4073): avc:  denied  { module_load } for  pid=3645 comm="syz.0.49" path="/sys/kernel/notes" dev="sysfs" ino=210 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[   44.351976][   T29] audit: type=1326 audit(1749937919.941:4074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3636 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa526b858e7 code=0x7ffc0000
[   44.375904][   T29] audit: type=1326 audit(1749937919.941:4075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3636 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa526b2ab19 code=0x7ffc0000
[   44.399118][   T29] audit: type=1326 audit(1749937919.941:4076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3636 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa526b858e7 code=0x7ffc0000
[   44.422497][   T29] audit: type=1326 audit(1749937919.941:4077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3636 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa526b2ab19 code=0x7ffc0000
[   44.445230][ T3648] sd 0:0:1:0: device reset
[   44.517742][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.559835][ T3319] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.588728][ T3655] netlink: 24 bytes leftover after parsing attributes in process `syz.0.53'.
[   44.762535][ T3652] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   44.791996][ T3661] loop2: detected capacity change from 0 to 1024
[   44.809225][ T3661] EXT4-fs: Ignoring removed nobh option
[   44.814891][ T3661] EXT4-fs: Ignoring removed nobh option
[   44.864267][ T3661] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[   44.900654][ T3661] EXT4-fs error (device loop2): ext4_get_journal_inode:5796: comm syz.2.54: inode #4294967295: comm syz.2.54: iget: illegal inode #
[   45.113725][ T3677] FAULT_INJECTION: forcing a failure.
[   45.113725][ T3677] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   45.126909][ T3677] CPU: 0 UID: 0 PID: 3677 Comm: syz.3.58 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   45.126938][ T3677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   45.126954][ T3677] Call Trace:
[   45.126962][ T3677]  <TASK>
[   45.126972][ T3677]  __dump_stack+0x1d/0x30
[   45.126993][ T3677]  dump_stack_lvl+0xe8/0x140
[   45.127065][ T3677]  dump_stack+0x15/0x1b
[   45.127085][ T3677]  should_fail_ex+0x265/0x280
[   45.127125][ T3677]  should_fail+0xb/0x20
[   45.127214][ T3677]  should_fail_usercopy+0x1a/0x20
[   45.127247][ T3677]  _copy_from_user+0x1c/0xb0
[   45.127273][ T3677]  ___sys_sendmsg+0xc1/0x1d0
[   45.127397][ T3677]  __x64_sys_sendmsg+0xd4/0x160
[   45.127441][ T3677]  x64_sys_call+0x2999/0x2fb0
[   45.127540][ T3677]  do_syscall_64+0xd2/0x200
[   45.127577][ T3677]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.127609][ T3677]  ? clear_bhb_loop+0x40/0x90
[   45.127641][ T3677]  ? clear_bhb_loop+0x40/0x90
[   45.127668][ T3677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.127688][ T3677] RIP: 0033:0x7f95c019e929
[   45.127748][ T3677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.127765][ T3677] RSP: 002b:00007f95be7e6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   45.127788][ T3677] RAX: ffffffffffffffda RBX: 00007f95c03c6080 RCX: 00007f95c019e929
[   45.127804][ T3677] RDX: 0000000000000840 RSI: 00002000000000c0 RDI: 0000000000000005
[   45.127821][ T3677] RBP: 00007f95be7e6090 R08: 0000000000000000 R09: 0000000000000000
[   45.127836][ T3677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   45.127852][ T3677] R13: 0000000000000000 R14: 00007f95c03c6080 R15: 00007ffd689969d8
[   45.127877][ T3677]  </TASK>
[   45.134775][ T3659] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   45.194258][ T3661] EXT4-fs (loop2): no journal found
[   45.333314][ T3661] EXT4-fs (loop2): can't get journal size
[   45.336881][ T3690] FAULT_INJECTION: forcing a failure.
[   45.336881][ T3690] name failslab, interval 1, probability 0, space 0, times 1
[   45.340800][ T3661] EXT4-fs (loop2): failed to initialize system zone (-22)
[   45.351880][ T3690] CPU: 0 UID: 0 PID: 3690 Comm: syz.4.62 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   45.351921][ T3690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   45.351942][ T3690] Call Trace:
[   45.352020][ T3690]  <TASK>
[   45.352033][ T3690]  __dump_stack+0x1d/0x30
[   45.352064][ T3690]  dump_stack_lvl+0xe8/0x140
[   45.352091][ T3690]  dump_stack+0x15/0x1b
[   45.352116][ T3690]  should_fail_ex+0x265/0x280
[   45.352194][ T3690]  should_failslab+0x8c/0xb0
[   45.352228][ T3690]  kmem_cache_alloc_noprof+0x50/0x310
[   45.352265][ T3690]  ? __se_sys_mbind+0x3d7/0xac0
[   45.352305][ T3690]  __se_sys_mbind+0x3d7/0xac0
[   45.352397][ T3690]  __x64_sys_mbind+0x78/0x90
[   45.352438][ T3690]  x64_sys_call+0x14af/0x2fb0
[   45.352484][ T3690]  do_syscall_64+0xd2/0x200
[   45.352540][ T3690]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.352579][ T3690]  ? clear_bhb_loop+0x40/0x90
[   45.352608][ T3690]  ? clear_bhb_loop+0x40/0x90
[   45.352668][ T3690]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.352698][ T3690] RIP: 0033:0x7fc6ade3e929
[   45.352719][ T3690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.352744][ T3690] RSP: 002b:00007fc6ac4a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[   45.352846][ T3690] RAX: ffffffffffffffda RBX: 00007fc6ae065fa0 RCX: 00007fc6ade3e929
[   45.352864][ T3690] RDX: 0000000000000004 RSI: 0000000000800000 RDI: 0000200000001000
[   45.352881][ T3690] RBP: 00007fc6ac4a7090 R08: 0000000000000002 R09: 0000000000000002
[   45.352898][ T3690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   45.352916][ T3690] R13: 0000000000000001 R14: 00007fc6ae065fa0 R15: 00007ffd31280af8
[   45.352943][ T3690]  </TASK>
[   45.539805][ T3661] EXT4-fs (loop2): mount failed
[   45.570721][ T3698] netlink: '+}[@': attribute type 9 has an invalid length.
[   45.578184][ T3698] netlink: '+}[@': attribute type 7 has an invalid length.
[   45.585597][ T3698] netlink: '+}[@': attribute type 8 has an invalid length.
[   45.634348][ T3700] loop2: detected capacity change from 0 to 128
[   45.642356][ T3700] FAT-fs (loop2): bogus logical sector size 0
[   45.648647][ T3700] FAT-fs (loop2): Can't find a valid FAT filesystem
[   45.679636][ T3700] Invalid ELF header magic: != ELF
[   45.729002][ T3700] sd 0:0:1:0: device reset
[   45.768649][ T3716] netlink: 'syz.3.71': attribute type 27 has an invalid length.
[   45.776461][ T3716] netlink: 152 bytes leftover after parsing attributes in process `syz.3.71'.
[   45.806224][ T3719] program syz.1.69 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   45.826698][ T3716] A link change request failed with some changes committed already. Interface netdevsim1 may have been left with an inconsistent configuration, please check.
[   45.857653][ T3716] xt_hashlimit: max too large, truncated to 1048576
[   45.936763][ T3706] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   45.989761][ T3727] binfmt_misc: register: failed to install interpreter file ./file2
[   46.593330][ T3743] netlink: 24 bytes leftover after parsing attributes in process `syz.2.80'.
[   46.752992][ T3760] netlink: 76 bytes leftover after parsing attributes in process `syz.2.87'.
[   46.842914][ T3761] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3761 comm=syz.0.85
[   46.912247][ T3755] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   46.931196][ T3764] netlink: 12 bytes leftover after parsing attributes in process `syz.0.85'.
[   47.015622][ T3776] netlink: 36 bytes leftover after parsing attributes in process `syz.3.91'.
[   47.024625][ T3776] netlink: 16 bytes leftover after parsing attributes in process `syz.3.91'.
[   47.033672][ T3776] netlink: 36 bytes leftover after parsing attributes in process `syz.3.91'.
[   47.044518][ T3776] netlink: 36 bytes leftover after parsing attributes in process `syz.3.91'.
[   47.050310][ T3778] program syz.2.89 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   47.122424][ T3784] netlink: 'syz.3.94': attribute type 12 has an invalid length.
[   47.602556][ T3806] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   47.610557][ T3806] team0: Device ipvlan2 is already an upper device of the team interface
[   47.731140][ T3805] lo speed is unknown, defaulting to 1000
[   47.737246][ T3805] lo speed is unknown, defaulting to 1000
[   47.743417][ T3805] lo speed is unknown, defaulting to 1000
[   47.752424][ T3797] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   47.778611][ T3805] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   47.813768][ T3805] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   47.848980][ T3799] block device autoloading is deprecated and will be removed.
[   47.867152][ T3805] lo speed is unknown, defaulting to 1000
[   47.877627][ T3816] Invalid ELF header magic: != ELF
[   47.890198][ T3805] lo speed is unknown, defaulting to 1000
[   47.901782][ T3805] lo speed is unknown, defaulting to 1000
[   47.909265][ T3805] lo speed is unknown, defaulting to 1000
[   47.915782][ T3805] lo speed is unknown, defaulting to 1000
[   47.933057][ T3816] sd 0:0:1:0: device reset
[   48.024805][ T3834] FAULT_INJECTION: forcing a failure.
[   48.024805][ T3834] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   48.038176][ T3834] CPU: 1 UID: 0 PID: 3834 Comm: syz.0.111 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   48.038210][ T3834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   48.038240][ T3834] Call Trace:
[   48.038248][ T3834]  <TASK>
[   48.038257][ T3834]  __dump_stack+0x1d/0x30
[   48.038285][ T3834]  dump_stack_lvl+0xe8/0x140
[   48.038310][ T3834]  dump_stack+0x15/0x1b
[   48.038332][ T3834]  should_fail_ex+0x265/0x280
[   48.038478][ T3834]  should_fail+0xb/0x20
[   48.038512][ T3834]  should_fail_usercopy+0x1a/0x20
[   48.038564][ T3834]  _copy_from_user+0x1c/0xb0
[   48.038588][ T3834]  ___sys_sendmsg+0xc1/0x1d0
[   48.038713][ T3834]  __sys_sendmmsg+0x178/0x300
[   48.038803][ T3834]  __x64_sys_sendmmsg+0x57/0x70
[   48.038828][ T3834]  x64_sys_call+0x2f2f/0x2fb0
[   48.038854][ T3834]  do_syscall_64+0xd2/0x200
[   48.038874][ T3834]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   48.038927][ T3834]  ? clear_bhb_loop+0x40/0x90
[   48.039029][ T3834]  ? clear_bhb_loop+0x40/0x90
[   48.039051][ T3834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.039076][ T3834] RIP: 0033:0x7f67be5fe929
[   48.039095][ T3834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.039119][ T3834] RSP: 002b:00007f67bcc67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   48.039139][ T3834] RAX: ffffffffffffffda RBX: 00007f67be825fa0 RCX: 00007f67be5fe929
[   48.039157][ T3834] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003
[   48.039233][ T3834] RBP: 00007f67bcc67090 R08: 0000000000000000 R09: 0000000000000000
[   48.039245][ T3834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   48.039314][ T3834] R13: 0000000000000000 R14: 00007f67be825fa0 R15: 00007fff10341cc8
[   48.039338][ T3834]  </TASK>
[   48.278031][ T3839] loop1: detected capacity change from 0 to 2048
[   48.327097][ T3839] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.347605][ T3839] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.497736][ T3849] FAULT_INJECTION: forcing a failure.
[   48.497736][ T3849] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   48.511043][ T3849] CPU: 1 UID: 0 PID: 3849 Comm: syz.0.117 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   48.511072][ T3849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   48.511084][ T3849] Call Trace:
[   48.511091][ T3849]  <TASK>
[   48.511099][ T3849]  __dump_stack+0x1d/0x30
[   48.511144][ T3849]  dump_stack_lvl+0xe8/0x140
[   48.511174][ T3849]  dump_stack+0x15/0x1b
[   48.511194][ T3849]  should_fail_ex+0x265/0x280
[   48.511234][ T3849]  should_fail+0xb/0x20
[   48.511345][ T3849]  should_fail_usercopy+0x1a/0x20
[   48.511510][ T3849]  _copy_from_user+0x1c/0xb0
[   48.511537][ T3849]  __copy_msghdr+0x244/0x300
[   48.511611][ T3849]  ___sys_sendmsg+0x109/0x1d0
[   48.511664][ T3849]  __x64_sys_sendmsg+0xd4/0x160
[   48.511709][ T3849]  x64_sys_call+0x2999/0x2fb0
[   48.511812][ T3849]  do_syscall_64+0xd2/0x200
[   48.511829][ T3849]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   48.511925][ T3849]  ? clear_bhb_loop+0x40/0x90
[   48.511958][ T3849]  ? clear_bhb_loop+0x40/0x90
[   48.512030][ T3849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.512147][ T3849] RIP: 0033:0x7f67be5fe929
[   48.512171][ T3849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.512268][ T3849] RSP: 002b:00007f67bcc67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   48.512289][ T3849] RAX: ffffffffffffffda RBX: 00007f67be825fa0 RCX: 00007f67be5fe929
[   48.512301][ T3849] RDX: 0000000000000040 RSI: 0000200000001540 RDI: 0000000000000003
[   48.512318][ T3849] RBP: 00007f67bcc67090 R08: 0000000000000000 R09: 0000000000000000
[   48.512330][ T3849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   48.512342][ T3849] R13: 0000000000000000 R14: 00007f67be825fa0 R15: 00007fff10341cc8
[   48.512365][ T3849]  </TASK>
[   48.716750][ T3853] loop8: detected capacity change from 0 to 16384
[   48.767779][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.927851][ T3846] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   48.966413][ T3854] loop8: detected capacity change from 16384 to 16298
[   48.999158][ T3864] loop1: detected capacity change from 0 to 128
[   49.017145][ T3864] FAT-fs (loop1): bogus logical sector size 0
[   49.023315][ T3864] FAT-fs (loop1): Can't find a valid FAT filesystem
[   49.032221][   T29] kauditd_printk_skb: 385 callbacks suppressed
[   49.032235][   T29] audit: type=1400 audit(1749937924.631:4463): avc:  denied  { name_bind } for  pid=3868 comm="" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   49.032724][ T3864] Invalid ELF header magic: != ELF
[   49.038600][   T29] audit: type=1400 audit(1749937924.631:4464): avc:  denied  { node_bind } for  pid=3868 comm="" saddr=fc02:: src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   49.093247][ T3864] sd 0:0:1:0: device reset
[   49.099996][   T29] audit: type=1326 audit(1749937924.691:4465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3863 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa526b8e929 code=0x7ffc0000
[   49.123597][   T29] audit: type=1326 audit(1749937924.691:4466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3863 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa526b8d290 code=0x7ffc0000
[   49.147072][   T29] audit: type=1326 audit(1749937924.691:4467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3863 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa526b8e929 code=0x7ffc0000
[   49.170507][   T29] audit: type=1326 audit(1749937924.691:4468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3863 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa526b8e929 code=0x7ffc0000
[   49.206127][   T29] audit: type=1326 audit(1749937924.751:4469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3863 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa526b8e929 code=0x7ffc0000
[   49.229921][   T29] audit: type=1326 audit(1749937924.751:4470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3863 comm="syz.1.121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa526b8e929 code=0x7ffc0000
[   49.304336][ T3876] __nla_validate_parse: 6 callbacks suppressed
[   49.304354][ T3876] netlink: 16 bytes leftover after parsing attributes in process `syz.0.125'.
[   49.322296][   T29] audit: type=1400 audit(1749937924.911:4471): avc:  denied  { create } for  pid=3868 comm="syz.2.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   49.342086][   T29] audit: type=1400 audit(1749937924.911:4472): avc:  denied  { connect } for  pid=3868 comm="syz.2.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   49.451684][ T3891] loop1: detected capacity change from 0 to 256
[   49.578990][ T3891] syz.1.128: attempt to access beyond end of device
[   49.578990][ T3891] loop1: rw=2049, sector=256, nr_sectors = 4 limit=256
[   49.598050][ T3891] syz.1.128: attempt to access beyond end of device
[   49.598050][ T3891] loop1: rw=2049, sector=260, nr_sectors = 4 limit=256
[   49.614013][ T3891] Buffer I/O error on dev loop1, logical block 65, lost async page write
[   49.625832][ T3891] syz.1.128: attempt to access beyond end of device
[   49.625832][ T3891] loop1: rw=2049, sector=264, nr_sectors = 56 limit=256
[   49.642298][ T3891] syz.1.128: attempt to access beyond end of device
[   49.642298][ T3891] loop1: rw=2049, sector=256, nr_sectors = 4 limit=256
[   49.656085][ T3891] Buffer I/O error on dev loop1, logical block 64, lost async page write
[   49.829809][ T3899] hub 1-0:1.0: USB hub found
[   49.850140][ T3899] hub 1-0:1.0: 8 ports detected
[   50.194012][ T3917] program syz.4.136 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   50.206949][ T3919] netlink: 24 bytes leftover after parsing attributes in process `syz.2.138'.
[   50.328880][ T3904] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   50.348502][ T3924] program syz.2.140 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   50.435933][ T3928] FAULT_INJECTION: forcing a failure.
[   50.435933][ T3928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   50.449641][ T3928] CPU: 0 UID: 0 PID: 3928 Comm: syz.3.142 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   50.449672][ T3928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   50.449686][ T3928] Call Trace:
[   50.449692][ T3928]  <TASK>
[   50.449701][ T3928]  __dump_stack+0x1d/0x30
[   50.449726][ T3928]  dump_stack_lvl+0xe8/0x140
[   50.449772][ T3928]  dump_stack+0x15/0x1b
[   50.449846][ T3928]  should_fail_ex+0x265/0x280
[   50.449889][ T3928]  should_fail+0xb/0x20
[   50.449919][ T3928]  should_fail_usercopy+0x1a/0x20
[   50.449990][ T3928]  strncpy_from_user+0x25/0x230
[   50.450026][ T3928]  ? kmem_cache_alloc_noprof+0x186/0x310
[   50.450067][ T3928]  ? getname_flags+0x80/0x3b0
[   50.450096][ T3928]  getname_flags+0xae/0x3b0
[   50.450201][ T3928]  user_path_at+0x28/0x130
[   50.450232][ T3928]  __se_sys_mount_setattr+0x136/0x240
[   50.450276][ T3928]  __x64_sys_mount_setattr+0x67/0x80
[   50.450301][ T3928]  x64_sys_call+0xda0/0x2fb0
[   50.450326][ T3928]  do_syscall_64+0xd2/0x200
[   50.450349][ T3928]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.450457][ T3928]  ? clear_bhb_loop+0x40/0x90
[   50.450482][ T3928]  ? clear_bhb_loop+0x40/0x90
[   50.450506][ T3928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.450572][ T3928] RIP: 0033:0x7f95c019e929
[   50.450590][ T3928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.450611][ T3928] RSP: 002b:00007f95be807038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ba
[   50.450631][ T3928] RAX: ffffffffffffffda RBX: 00007f95c03c5fa0 RCX: 00007f95c019e929
[   50.450644][ T3928] RDX: 0000000000008000 RSI: 0000200000000080 RDI: ffffffffffffffff
[   50.450657][ T3928] RBP: 00007f95be807090 R08: 0000000000000020 R09: 0000000000000000
[   50.450669][ T3928] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[   50.450738][ T3928] R13: 0000000000000000 R14: 00007f95c03c5fa0 R15: 00007ffd689969d8
[   50.450759][ T3928]  </TASK>
[   50.792095][ T3935] loop1: detected capacity change from 0 to 128
[   51.211876][ T3956] netlink: '+}[@': attribute type 9 has an invalid length.
[   51.219291][ T3956] netlink: '+}[@': attribute type 7 has an invalid length.
[   51.226704][ T3956] netlink: '+}[@': attribute type 8 has an invalid length.
[   51.243486][ T3958] Invalid ELF header magic: != ELF
[   51.302226][ T3961] sd 0:0:1:0: device reset
[   51.358445][ T3966] Invalid ELF header magic: != ELF
[   51.396593][ T3966] sd 0:0:1:0: device reset
[   51.501038][ T3979] netlink: 36 bytes leftover after parsing attributes in process `syz.3.160'.
[   51.510056][ T3979] netlink: 16 bytes leftover after parsing attributes in process `syz.3.160'.
[   51.519357][ T3979] netlink: 36 bytes leftover after parsing attributes in process `syz.3.160'.
[   51.529887][ T3979] netlink: 36 bytes leftover after parsing attributes in process `syz.3.160'.
[   51.770418][ T3988] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[   51.770418][ T3988] The task syz.1.162 (3988) triggered the difference, watch for misbehavior.
[   51.796802][ T3988] netlink: 4 bytes leftover after parsing attributes in process `syz.1.162'.
[   52.253827][ T4010] syz.3.168 uses obsolete (PF_INET,SOCK_PACKET)
[   52.321139][ T4014] netlink: 16402 bytes leftover after parsing attributes in process `+}[@'.
[   52.522964][ T4016] sch_tbf: burst 2 is lower than device ip6tnl0 mtu (1452) !
[   52.832062][ T4024] FAULT_INJECTION: forcing a failure.
[   52.832062][ T4024] name failslab, interval 1, probability 0, space 0, times 0
[   52.844915][ T4024] CPU: 0 UID: 0 PID: 4024 Comm: syz.1.172 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   52.844949][ T4024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   52.844966][ T4024] Call Trace:
[   52.844974][ T4024]  <TASK>
[   52.844983][ T4024]  __dump_stack+0x1d/0x30
[   52.845020][ T4024]  dump_stack_lvl+0xe8/0x140
[   52.845109][ T4024]  dump_stack+0x15/0x1b
[   52.845131][ T4024]  should_fail_ex+0x265/0x280
[   52.845202][ T4024]  should_failslab+0x8c/0xb0
[   52.845233][ T4024]  kmem_cache_alloc_noprof+0x50/0x310
[   52.845269][ T4024]  ? getname_flags+0x80/0x3b0
[   52.845357][ T4024]  ? get_pid_task+0x96/0xd0
[   52.845385][ T4024]  getname_flags+0x80/0x3b0
[   52.845414][ T4024]  do_mq_open+0xd9/0x4f0
[   52.845443][ T4024]  ? __rcu_read_unlock+0x4f/0x70
[   52.845472][ T4024]  ? __fget_files+0x184/0x1c0
[   52.845525][ T4024]  __x64_sys_mq_open+0xcb/0x100
[   52.845557][ T4024]  x64_sys_call+0x27d6/0x2fb0
[   52.845585][ T4024]  do_syscall_64+0xd2/0x200
[   52.845604][ T4024]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   52.845641][ T4024]  ? clear_bhb_loop+0x40/0x90
[   52.845664][ T4024]  ? clear_bhb_loop+0x40/0x90
[   52.845710][ T4024]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   52.845732][ T4024] RIP: 0033:0x7fa526b8e929
[   52.845749][ T4024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   52.845770][ T4024] RSP: 002b:00007fa5251f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[   52.845843][ T4024] RAX: ffffffffffffffda RBX: 00007fa526db5fa0 RCX: 00007fa526b8e929
[   52.845857][ T4024] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000b40
[   52.845871][ T4024] RBP: 00007fa5251f7090 R08: 0000000000000000 R09: 0000000000000000
[   52.845884][ T4024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   52.845897][ T4024] R13: 0000000000000000 R14: 00007fa526db5fa0 R15: 00007ffe50d4bb08
[   52.845917][ T4024]  </TASK>
[   53.241694][ T4022] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   53.319829][ T4037] netlink: '+}[@': attribute type 9 has an invalid length.
[   53.327332][ T4037] netlink: '+}[@': attribute type 7 has an invalid length.
[   53.334204][ T4040] netlink: 24 bytes leftover after parsing attributes in process `syz.2.178'.
[   53.334604][ T4037] netlink: '+}[@': attribute type 8 has an invalid length.
[   53.435237][ T4052] program syz.0.179 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   53.581697][ T4061] mmap: syz.2.187 (4061) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   53.938383][ T4072] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   53.989522][ T4080] netlink: 24 bytes leftover after parsing attributes in process `syz.4.192'.
[   54.046319][ T4086] Invalid ELF header magic: != ELF
[   54.094637][ T4086] sd 0:0:1:0: device reset
[   54.099348][   T29] kauditd_printk_skb: 228 callbacks suppressed
[   54.099364][   T29] audit: type=1326 audit(1749937929.691:4701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.4.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ade3e929 code=0x7ffc0000
[   54.128990][   T29] audit: type=1326 audit(1749937929.691:4702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.4.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc6ade3d290 code=0x7ffc0000
[   54.152469][   T29] audit: type=1326 audit(1749937929.691:4703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.4.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ade3e929 code=0x7ffc0000
[   54.175896][   T29] audit: type=1326 audit(1749937929.691:4704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.4.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc6ade3e929 code=0x7ffc0000
[   54.201726][   T29] audit: type=1326 audit(1749937929.801:4705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.4.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ade3e929 code=0x7ffc0000
[   54.225246][   T29] audit: type=1326 audit(1749937929.801:4706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz.4.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6ade3e929 code=0x7ffc0000
[   54.279038][ T4095] vxcan1 speed is unknown, defaulting to 1000
[   54.326581][ T4095] lo speed is unknown, defaulting to 1000
[   54.396543][ T4112] GUP no longer grows the stack in syz.4.202 (4112): 200000004000-200000008000 (200000002000)
[   54.396583][ T4112] CPU: 0 UID: 0 PID: 4112 Comm: syz.4.202 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   54.396625][ T4112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   54.396680][ T4112] Call Trace:
[   54.396689][ T4112]  <TASK>
[   54.396699][ T4112]  __dump_stack+0x1d/0x30
[   54.396725][ T4112]  dump_stack_lvl+0xe8/0x140
[   54.396748][ T4112]  dump_stack+0x15/0x1b
[   54.396778][ T4112]  __get_user_pages+0x199d/0x1fb0
[   54.396823][ T4112]  ? __rcu_read_unlock+0x4f/0x70
[   54.396859][ T4112]  get_user_pages_remote+0x1dc/0x7a0
[   54.396903][ T4112]  __access_remote_vm+0x156/0x560
[   54.396944][ T4112]  access_remote_vm+0x32/0x40
[   54.396981][ T4112]  proc_pid_cmdline_read+0x30f/0x6a0
[   54.397033][ T4112]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[   54.397130][ T4112]  vfs_readv+0x3f8/0x690
[   54.397178][ T4112]  ? restore_fpregs_from_fpstate+0x61/0x120
[   54.397304][ T4112]  __x64_sys_preadv+0xfd/0x1c0
[   54.397337][ T4112]  x64_sys_call+0x1503/0x2fb0
[   54.397370][ T4112]  do_syscall_64+0xd2/0x200
[   54.397426][ T4112]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.397468][ T4112]  ? clear_bhb_loop+0x40/0x90
[   54.397499][ T4112]  ? clear_bhb_loop+0x40/0x90
[   54.397573][ T4112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.397606][ T4112] RIP: 0033:0x7fc6ade3e929
[   54.397628][ T4112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.397740][ T4112] RSP: 002b:00007fc6ac486038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   54.397771][ T4112] RAX: ffffffffffffffda RBX: 00007fc6ae066080 RCX: 00007fc6ade3e929
[   54.397791][ T4112] RDX: 0000000000000001 RSI: 0000200000000d00 RDI: 000000000000000c
[   54.397810][ T4112] RBP: 00007fc6adec0b39 R08: 0000000000000200 R09: 0000000000000000
[   54.397823][ T4112] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[   54.397837][ T4112] R13: 0000000000000000 R14: 00007fc6ae066080 R15: 00007ffd31280af8
[   54.397865][ T4112]  </TASK>
[   54.399273][   T29] audit: type=1400 audit(1749937929.991:4707): avc:  denied  { create } for  pid=4102 comm="syz.4.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   54.418069][ T4116] FAULT_INJECTION: forcing a failure.
[   54.418069][ T4116] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   54.470290][   T29] audit: type=1400 audit(1749937930.011:4708): avc:  denied  { setopt } for  pid=4102 comm="syz.4.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   54.471250][ T4116] CPU: 0 UID: 0 PID: 4116 Comm: syz.0.203 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   54.471287][ T4116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   54.471304][ T4116] Call Trace:
[   54.471313][ T4116]  <TASK>
[   54.471326][ T4116]  __dump_stack+0x1d/0x30
[   54.471360][ T4116]  dump_stack_lvl+0xe8/0x140
[   54.471389][ T4116]  dump_stack+0x15/0x1b
[   54.471414][ T4116]  should_fail_ex+0x265/0x280
[   54.471539][ T4116]  should_fail_alloc_page+0xf2/0x100
[   54.471577][ T4116]  __alloc_frozen_pages_noprof+0xff/0x360
[   54.471703][ T4116]  alloc_pages_mpol+0xb3/0x250
[   54.471825][ T4116]  alloc_pages_noprof+0x90/0x130
[   54.471867][ T4116]  get_free_pages_noprof+0xc/0x40
[   54.471937][ T4116]  proc_pid_cmdline_read+0x2c3/0x6a0
[   54.471988][ T4116]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[   54.472032][ T4116]  vfs_readv+0x3f8/0x690
[   54.472104][ T4116]  __x64_sys_preadv+0xfd/0x1c0
[   54.472134][ T4116]  x64_sys_call+0x1503/0x2fb0
[   54.472166][ T4116]  do_syscall_64+0xd2/0x200
[   54.472196][ T4116]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.472234][ T4116]  ? clear_bhb_loop+0x40/0x90
[   54.472263][ T4116]  ? clear_bhb_loop+0x40/0x90
[   54.472348][ T4116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.472380][ T4116] RIP: 0033:0x7f67be5fe929
[   54.472401][ T4116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.472507][ T4116] RSP: 002b:00007f67bcc46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   54.472564][ T4116] RAX: ffffffffffffffda RBX: 00007f67be826080 RCX: 00007f67be5fe929
[   54.472582][ T4116] RDX: 0000000000000001 RSI: 0000200000000d00 RDI: 000000000000000c
[   54.472599][ T4116] RBP: 00007f67bcc46090 R08: 0000000000000200 R09: 0000000000000000
[   54.472636][ T4116] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[   54.472654][ T4116] R13: 0000000000000000 R14: 00007f67be826080 R15: 00007fff10341cc8
[   54.472681][ T4116]  </TASK>
[   54.897716][ T4110] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   55.055219][ T4142] FAULT_INJECTION: forcing a failure.
[   55.055219][ T4142] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   55.068500][ T4142] CPU: 1 UID: 0 PID: 4142 Comm: syz.2.211 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   55.068536][ T4142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   55.068548][ T4142] Call Trace:
[   55.068555][ T4142]  <TASK>
[   55.068564][ T4142]  __dump_stack+0x1d/0x30
[   55.068638][ T4142]  dump_stack_lvl+0xe8/0x140
[   55.068662][ T4142]  dump_stack+0x15/0x1b
[   55.068682][ T4142]  should_fail_ex+0x265/0x280
[   55.068728][ T4142]  should_fail+0xb/0x20
[   55.068832][ T4142]  should_fail_usercopy+0x1a/0x20
[   55.068873][ T4142]  _copy_from_user+0x1c/0xb0
[   55.068899][ T4142]  ___sys_sendmsg+0xc1/0x1d0
[   55.069021][ T4142]  __sys_sendmmsg+0x178/0x300
[   55.069049][ T4142]  __x64_sys_sendmmsg+0x57/0x70
[   55.069069][ T4142]  x64_sys_call+0x2f2f/0x2fb0
[   55.069094][ T4142]  do_syscall_64+0xd2/0x200
[   55.069178][ T4142]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   55.069206][ T4142]  ? clear_bhb_loop+0x40/0x90
[   55.069229][ T4142]  ? clear_bhb_loop+0x40/0x90
[   55.069298][ T4142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.069320][ T4142] RIP: 0033:0x7fd74c35e929
[   55.069336][ T4142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.069353][ T4142] RSP: 002b:00007fd74a9c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   55.069372][ T4142] RAX: ffffffffffffffda RBX: 00007fd74c585fa0 RCX: 00007fd74c35e929
[   55.069385][ T4142] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005
[   55.069441][ T4142] RBP: 00007fd74a9c7090 R08: 0000000000000000 R09: 0000000000000000
[   55.069453][ T4142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.069465][ T4142] R13: 0000000000000000 R14: 00007fd74c585fa0 R15: 00007ffdc4e74378
[   55.069544][ T4142]  </TASK>
[   55.119882][ T4144] Zero length message leads to an empty skb
[   55.127890][   T29] audit: type=1400 audit(1749937930.711:4709): avc:  denied  { create } for  pid=4143 comm="syz.3.212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   55.283574][   T29] audit: type=1400 audit(1749937930.721:4710): avc:  denied  { write } for  pid=4143 comm="syz.3.212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   55.429171][ T4153] netlink: 4 bytes leftover after parsing attributes in process `syz.0.214'.
[   55.609135][ T4166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   55.618145][ T4166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   55.626567][ T4166] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   55.646941][ T4171] IPVS: Error connecting to the multicast addr
[   55.658636][ T4171] FAULT_INJECTION: forcing a failure.
[   55.658636][ T4171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   55.671889][ T4171] CPU: 1 UID: 0 PID: 4171 Comm: syz.1.220 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   55.671922][ T4171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   55.671935][ T4171] Call Trace:
[   55.671943][ T4171]  <TASK>
[   55.671952][ T4171]  __dump_stack+0x1d/0x30
[   55.671976][ T4171]  dump_stack_lvl+0xe8/0x140
[   55.671997][ T4171]  dump_stack+0x15/0x1b
[   55.672014][ T4171]  should_fail_ex+0x265/0x280
[   55.672097][ T4171]  should_fail+0xb/0x20
[   55.672158][ T4171]  should_fail_usercopy+0x1a/0x20
[   55.672299][ T4171]  _copy_from_user+0x1c/0xb0
[   55.672322][ T4171]  do_ip_vs_set_ctl+0x1a1/0x8c0
[   55.672412][ T4171]  ? _raw_spin_unlock_bh+0x14/0x40
[   55.672446][ T4171]  ? do_ip_setsockopt+0x1af3/0x2240
[   55.672479][ T4171]  nf_setsockopt+0x199/0x1b0
[   55.672581][ T4171]  ip_setsockopt+0x102/0x110
[   55.672632][ T4171]  tcp_setsockopt+0x95/0xb0
[   55.672669][ T4171]  sock_common_setsockopt+0x66/0x80
[   55.672697][ T4171]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   55.672748][ T4171]  smc_setsockopt+0x180/0x750
[   55.672773][ T4171]  ? __pfx_smc_setsockopt+0x10/0x10
[   55.672797][ T4171]  __sys_setsockopt+0x181/0x200
[   55.672898][ T4171]  __x64_sys_setsockopt+0x64/0x80
[   55.672979][ T4171]  x64_sys_call+0x2bd5/0x2fb0
[   55.673003][ T4171]  do_syscall_64+0xd2/0x200
[   55.673068][ T4171]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   55.673155][ T4171]  ? clear_bhb_loop+0x40/0x90
[   55.673179][ T4171]  ? clear_bhb_loop+0x40/0x90
[   55.673202][ T4171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.673225][ T4171] RIP: 0033:0x7fa526b8e929
[   55.673242][ T4171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.673302][ T4171] RSP: 002b:00007fa5251f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   55.673393][ T4171] RAX: ffffffffffffffda RBX: 00007fa526db5fa0 RCX: 00007fa526b8e929
[   55.673406][ T4171] RDX: 000000000000048c RSI: 0000000000000000 RDI: 0000000000000004
[   55.673439][ T4171] RBP: 00007fa5251f7090 R08: 0000000000000018 R09: 0000000000000000
[   55.673452][ T4171] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[   55.673464][ T4171] R13: 0000000000000000 R14: 00007fa526db5fa0 R15: 00007ffe50d4bb08
[   55.673486][ T4171]  </TASK>
[   56.094250][ T4181] netlink: 24 bytes leftover after parsing attributes in process `syz.4.223'.
[   56.101943][ T4174] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   56.165811][ T4189] netlink: 'syz.3.226': attribute type 1 has an invalid length.
[   56.173664][ T4189] netlink: 228 bytes leftover after parsing attributes in process `syz.3.226'.
[   56.272504][ T4197] netlink: 'syz.3.226': attribute type 1 has an invalid length.
[   56.318049][ T4200] rdma_rxe: rxe_newlink: failed to add vxcan1
[   56.831408][ T4227] netlink: 24 bytes leftover after parsing attributes in process `syz.1.241'.
[   57.085551][ T4234] syz2: rxe_newlink: already configured on vxcan1
[   57.129301][ T4218] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   57.267980][ T4249] Invalid ELF header magic: != ELF
[   57.295359][ T4249] sd 0:0:1:0: device reset
[   57.332359][ T4257] netlink: 24 bytes leftover after parsing attributes in process `syz.4.254'.
[   57.399401][ T4264] wg2: left promiscuous mode
[   57.404080][ T4264] wg2: left allmulticast mode
[   57.421676][ T4264] wg2: entered promiscuous mode
[   57.424167][ T4271] rdma_rxe: rxe_newlink: failed to add vxcan1
[   57.426665][ T4264] wg2: entered allmulticast mode
[   57.641106][ T4279] hub 6-0:1.0: USB hub found
[   57.668487][ T4279] hub 6-0:1.0: 8 ports detected
[   57.758271][ T4263] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   57.888514][ T4291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   57.916360][ T4291] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   58.085752][ T4302] Invalid ELF header magic: != ELF
[   58.090112][ T4303] netlink: 24 bytes leftover after parsing attributes in process `syz.3.270'.
[   58.114967][ T4302] sd 0:0:1:0: device reset
[   58.238254][ T3377] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[   58.268153][ T3377] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   58.528715][ T4311] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   58.548840][ T4327] program syz.4.279 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   58.930691][ T4339] netlink: 24 bytes leftover after parsing attributes in process `syz.3.283'.
[   59.140670][   T29] kauditd_printk_skb: 2892 callbacks suppressed
[   59.140691][   T29] audit: type=1326 audit(1749937934.741:7603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4356 comm="syz.1.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa526b8e929 code=0x7ffc0000
[   59.167420][ T4359] syz2: rxe_newlink: already configured on vxcan1
[   59.170560][   T29] audit: type=1326 audit(1749937934.741:7604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4356 comm="syz.1.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa526b8e929 code=0x7ffc0000
[   59.234819][   T29] audit: type=1326 audit(1749937934.801:7605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4356 comm="syz.1.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fa526b8e929 code=0x7ffc0000
[   59.258235][   T29] audit: type=1326 audit(1749937934.801:7606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4356 comm="syz.1.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa526b8e929 code=0x7ffc0000
[   59.281800][   T29] audit: type=1326 audit(1749937934.801:7607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4356 comm="syz.1.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa526b8e929 code=0x7ffc0000
[   59.305332][   T29] audit: type=1326 audit(1749937934.831:7608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4362 comm="syz.2.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd74c35e929 code=0x7ffc0000
[   59.329002][   T29] audit: type=1326 audit(1749937934.831:7609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4362 comm="syz.2.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd74c35e929 code=0x7ffc0000
[   59.352440][   T29] audit: type=1326 audit(1749937934.831:7610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4362 comm="syz.2.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7fd74c35e929 code=0x7ffc0000
[   59.375819][   T29] audit: type=1326 audit(1749937934.831:7611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4362 comm="syz.2.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd74c35e929 code=0x7ffc0000
[   59.399183][   T29] audit: type=1326 audit(1749937934.831:7612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4362 comm="syz.2.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd74c35e929 code=0x7ffc0000
[   59.505513][ T3402] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   59.534199][ T3402] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   59.546406][ T4361] vxcan1 speed is unknown, defaulting to 1000
[   59.598940][ T4367] SELinux: failed to load policy
[   59.641854][ T4367] pimreg: entered allmulticast mode
[   59.715942][ T4361] lo speed is unknown, defaulting to 1000
[   60.010622][ T4395] netlink: 24 bytes leftover after parsing attributes in process `syz.0.309'.
[   60.125752][ T4365] pimreg: left allmulticast mode
[   60.784170][ T4533] rdma_rxe: rxe_newlink: failed to add vxcan1
[   61.102265][ T4545] wg2: entered promiscuous mode
[   61.107257][ T4545] wg2: entered allmulticast mode
[   61.310394][ T4551] hub 6-0:1.0: USB hub found
[   61.316275][ T4551] hub 6-0:1.0: 8 ports detected
[   61.362766][ T4555] SELinux: failed to load policy
[   61.432045][ T4567] Invalid ELF header magic: != ELF
[   61.439330][ T4555] pimreg: entered allmulticast mode
[   61.499756][ T4571] sd 0:0:1:0: device reset
[   61.635701][ T4575] program syz.4.319 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   61.674607][ T4577] Invalid ELF header magic: != ELF
[   61.709260][ T4577] sd 0:0:1:0: device reset
[   61.790347][ T4583] rdma_rxe: rxe_newlink: failed to add vxcan1
[   62.179190][ T4595] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ%ºu@
) failed with errno=-22
[   62.203703][ T4600] vxcan1 speed is unknown, defaulting to 1000
[   62.272428][ T4600] lo speed is unknown, defaulting to 1000
[   62.327648][ T4554] pimreg: left allmulticast mode
[   62.611266][ T4631] Invalid ELF header magic: != ELF
[   62.638740][ T4631] sd 0:0:1:0: device reset
[   62.658062][ T4618] netlink: '+}[@': attribute type 9 has an invalid length.
[   62.665370][ T4618] netlink: '+}[@': attribute type 7 has an invalid length.
[   62.672781][ T4618] netlink: '+}[@': attribute type 8 has an invalid length.
[   62.870438][ T4691] vxcan1 speed is unknown, defaulting to 1000
[   62.879388][   T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   62.906006][   T23] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   62.953564][ T4691] lo speed is unknown, defaulting to 1000
[   63.384957][ T4729] netlink: '+}[@': attribute type 9 has an invalid length.
[   63.392320][ T4729] netlink: '+}[@': attribute type 7 has an invalid length.
[   63.399632][ T4729] netlink: '+}[@': attribute type 8 has an invalid length.
[   63.803979][ T4763] netlink: 24 bytes leftover after parsing attributes in process `syz.0.342'.
[   63.831277][ T4764] Invalid ELF header magic: != ELF
[   63.901990][ T4770] sd 0:0:1:0: device reset
[   64.085730][ T4721] syz.3.339 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[   64.096772][ T4721] CPU: 1 UID: 0 PID: 4721 Comm: syz.3.339 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   64.096871][ T4721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   64.096890][ T4721] Call Trace:
[   64.096900][ T4721]  <TASK>
[   64.096911][ T4721]  __dump_stack+0x1d/0x30
[   64.096942][ T4721]  dump_stack_lvl+0xe8/0x140
[   64.096969][ T4721]  dump_stack+0x15/0x1b
[   64.096991][ T4721]  dump_header+0x81/0x220
[   64.097046][ T4721]  oom_kill_process+0x334/0x3f0
[   64.097091][ T4721]  out_of_memory+0x979/0xb80
[   64.097167][ T4721]  try_charge_memcg+0x5e6/0x9e0
[   64.097257][ T4721]  charge_memcg+0x51/0xc0
[   64.097302][ T4721]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[   64.097351][ T4721]  __read_swap_cache_async+0x1df/0x350
[   64.097444][ T4721]  swap_cluster_readahead+0x277/0x3e0
[   64.097564][ T4721]  swapin_readahead+0xde/0x6f0
[   64.097604][ T4721]  ? __filemap_get_folio+0x4f7/0x6b0
[   64.097707][ T4721]  ? __rcu_read_unlock+0x34/0x70
[   64.097732][ T4721]  ? swap_cache_get_folio+0x77/0x200
[   64.097848][ T4721]  do_swap_page+0x301/0x2430
[   64.097878][ T4721]  ? css_rstat_updated+0xcd/0x5b0
[   64.097923][ T4721]  ? __pfx_default_wake_function+0x10/0x10
[   64.097958][ T4721]  handle_mm_fault+0x9a5/0x2be0
[   64.098049][ T4721]  ? mas_walk+0xf2/0x120
[   64.098100][ T4721]  do_user_addr_fault+0x636/0x1090
[   64.098138][ T4721]  ? fpregs_assert_state_consistent+0xb4/0xe0
[   64.098174][ T4721]  exc_page_fault+0x62/0xa0
[   64.098229][ T4721]  asm_exc_page_fault+0x26/0x30
[   64.098257][ T4721] RIP: 0033:0x7f95c00716d0
[   64.098276][ T4721] Code: 31 c9 48 83 bf 88 00 00 00 ff 8d 14 95 03 00 00 00 8d 0c 8d 01 00 00 00 74 60 80 b8 94 00 00 00 00 75 4f 0f 1f 80 00 00 00 00 <8b> 78 24 45 31 c0 83 ff 3f 7f 18 be 01 00 00 00 89 f9 45 31 c0 48
[   64.098294][ T4721] RSP: 002b:00007ffd68996b38 EFLAGS: 00010246
[   64.098336][ T4721] RAX: 00007f95c03c5fa0 RBX: 00007f95c03c5fa0 RCX: 00007f95bfc0f000
[   64.098354][ T4721] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00007f95c03c5fa0
[   64.098371][ T4721] RBP: 00007f95c03c7ba0 R08: 00007f95c03c5fa0 R09: 0000000000000026
[   64.098388][ T4721] R10: 3fffffffffffffff R11: 0000000000000293 R12: 000000000000fa2d
[   64.098401][ T4721] R13: 00007f95c03c6080 R14: ffffffffffffffff R15: 00007ffd68996c50
[   64.098423][ T4721]  </TASK>
[   64.098432][ T4721] memory: usage 307200kB, limit 307200kB, failcnt 200
[   64.177578][   T29] kauditd_printk_skb: 5706 callbacks suppressed
[   64.177603][   T29] audit: type=1326 audit(1749937939.741:13319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4771 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f67be5f58e7 code=0x7ffc0000
[   64.180600][ T4721] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0
[   64.185424][   T29] audit: type=1326 audit(1749937939.741:13320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4771 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f67be59ab19 code=0x7ffc0000
[   64.190741][ T4721] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0
[   64.195713][   T29] audit: type=1326 audit(1749937939.741:13321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4771 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f67be5f58e7 code=0x7ffc0000
[   64.201063][ T4721] Memory cgroup stats for /syz3:
[   64.268474][ T4781] vxcan1 speed is unknown, defaulting to 1000
[   64.271374][   T29] audit: type=1326 audit(1749937939.741:13322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4771 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f67be59ab19 code=0x7ffc0000
[   64.325176][ T4781] lo speed is unknown, defaulting to 1000
[   64.328181][   T29] audit: type=1326 audit(1749937939.741:13323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4771 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f67be5f58e7 code=0x7ffc0000
[   64.358935][ T4721] cache 4096
[   64.365910][   T29] audit: type=1326 audit(1749937939.741:13324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4771 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f67be59ab19 code=0x7ffc0000
[   64.389361][ T4721] rss 0
[   64.396737][   T29] audit: type=1326 audit(1749937939.741:13325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4771 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f67be5fe929 code=0x7ffc0000
[   64.420059][ T4721] shmem 0
[   64.425026][   T29] audit: type=1326 audit(1749937939.741:13326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4771 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f67be5f58e7 code=0x7ffc0000
[   64.431118][ T4721] mapped_file 0
[   64.431133][ T4721] dirty 0
[   64.431142][ T4721] writeback 4096
[   64.454492][   T29] audit: type=1326 audit(1749937939.741:13327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4771 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f67be59ab19 code=0x7ffc0000
[   64.460198][ T4721] workingset_refault_anon 50
[   64.460212][ T4721] workingset_refault_file 32
[   64.483572][   T29] audit: type=1326 audit(1749937939.741:13328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4771 comm="syz.0.344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67be5fe929 code=0x7ffc0000
[   64.486790][ T4721] swap 192512
[   64.486801][ T4721] swapcached 16384
[   64.486809][ T4721] pgpgin 18022
[   64.486816][ T4721] pgpgout 18017
[   64.486822][ T4721] pgfault 22806
[   64.486828][ T4721] pgmajfault 32
[   64.486834][ T4721] inactive_anon 4096
[   64.486841][ T4721] active_anon 12288
[   64.486849][ T4721] inactive_file 0
[   64.663640][ T4721] active_file 4096
[   64.667544][ T4721] unevictable 0
[   64.671010][ T4721] hierarchical_memory_limit 314572800
[   64.676532][ T4721] hierarchical_memsw_limit 9223372036854771712
[   64.682732][ T4721] total_cache 4096
[   64.686503][ T4721] total_rss 0
[   64.689809][ T4721] total_shmem 0
[   64.693340][ T4721] total_mapped_file 0
[   64.697352][ T4721] total_dirty 0
[   64.700819][ T4721] total_writeback 4096
[   64.704907][ T4721] total_workingset_refault_anon 50
[   64.710049][ T4721] total_workingset_refault_file 32
[   64.715175][ T4721] total_swap 192512
[   64.718999][ T4721] total_swapcached 16384
[   64.723327][ T4721] total_pgpgin 18022
[   64.727330][ T4721] total_pgpgout 18017
[   64.731333][ T4721] total_pgfault 22806
[   64.735336][ T4721] total_pgmajfault 32
[   64.739390][ T4721] total_inactive_anon 4096
[   64.743820][ T4721] total_active_anon 12288
[   64.748268][ T4721] total_inactive_file 0
[   64.752434][ T4721] total_active_file 4096
[   64.756783][ T4721] total_unevictable 0
[   64.760776][ T4721] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.339,pid=4721,uid=0
[   64.775346][ T4721] Memory cgroup out of memory: Killed process 4721 (syz.3.339) total-vm:95804kB, anon-rss:936kB, file-rss:22308kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   64.865194][ T4799] netlink: 24 bytes leftover after parsing attributes in process `syz.2.354'.
[   64.977295][ T4806] vxcan1 speed is unknown, defaulting to 1000
[   65.037697][ T4806] lo speed is unknown, defaulting to 1000
[   65.281946][ T4822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.363'.
[   65.309194][ T4823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.363'.
[   65.387657][ T4827] netlink: 24 bytes leftover after parsing attributes in process `syz.2.366'.
[   65.459481][ T4837] wg2: entered promiscuous mode
[   65.464426][ T4837] wg2: entered allmulticast mode
[   65.664657][ T4855] FAULT_INJECTION: forcing a failure.
[   65.664657][ T4855] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   65.677957][ T4855] CPU: 1 UID: 0 PID: 4855 Comm: syz.3.376 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   65.678007][ T4855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   65.678021][ T4855] Call Trace:
[   65.678029][ T4855]  <TASK>
[   65.678038][ T4855]  __dump_stack+0x1d/0x30
[   65.678073][ T4855]  dump_stack_lvl+0xe8/0x140
[   65.678094][ T4855]  dump_stack+0x15/0x1b
[   65.678138][ T4855]  should_fail_ex+0x265/0x280
[   65.678172][ T4855]  should_fail+0xb/0x20
[   65.678201][ T4855]  should_fail_usercopy+0x1a/0x20
[   65.678235][ T4855]  strncpy_from_user+0x25/0x230
[   65.678305][ T4855]  path_setxattrat+0xeb/0x310
[   65.678410][ T4855]  __x64_sys_lsetxattr+0x71/0x90
[   65.678433][ T4855]  x64_sys_call+0x1e36/0x2fb0
[   65.678456][ T4855]  do_syscall_64+0xd2/0x200
[   65.678477][ T4855]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   65.678574][ T4855]  ? clear_bhb_loop+0x40/0x90
[   65.678597][ T4855]  ? clear_bhb_loop+0x40/0x90
[   65.678620][ T4855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.678732][ T4855] RIP: 0033:0x7f95c019e929
[   65.678749][ T4855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.678822][ T4855] RSP: 002b:00007f95be807038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[   65.678841][ T4855] RAX: ffffffffffffffda RBX: 00007f95c03c5fa0 RCX: 00007f95c019e929
[   65.678854][ T4855] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000200000000000
[   65.678866][ T4855] RBP: 00007f95be807090 R08: 0000000000000000 R09: 0000000000000000
[   65.678878][ T4855] R10: 000000000000008c R11: 0000000000000246 R12: 0000000000000001
[   65.678890][ T4855] R13: 0000000000000000 R14: 00007f95c03c5fa0 R15: 00007ffd689969d8
[   65.678986][ T4855]  </TASK>
[   65.875368][ T4859] netlink: 32 bytes leftover after parsing attributes in process `syz.3.377'.
[   65.978681][ T4870] netlink: 24 bytes leftover after parsing attributes in process `syz.3.382'.
[   66.358144][ T4895] netlink: '+}[@': attribute type 9 has an invalid length.
[   66.365517][ T4895] netlink: '+}[@': attribute type 7 has an invalid length.
[   66.372929][ T4895] netlink: '+}[@': attribute type 8 has an invalid length.
[   66.622868][ T4925] wg2: entered promiscuous mode
[   66.627950][ T4925] wg2: entered allmulticast mode
[   66.744520][ T4936] netlink: '+}[@': attribute type 9 has an invalid length.
[   67.262199][ T4987] wg2: left promiscuous mode
[   67.266895][ T4987] wg2: left allmulticast mode
[   67.405215][ T4990] wg2: entered promiscuous mode
[   67.410193][ T4990] wg2: entered allmulticast mode
[   67.691295][ T5018] wg2: left promiscuous mode
[   67.696265][ T5018] wg2: left allmulticast mode
[   67.739477][ T5018] wg2: entered promiscuous mode
[   67.744439][ T5018] wg2: entered allmulticast mode
[   68.074648][ T5053] wg2: left promiscuous mode
[   68.079506][ T5053] wg2: left allmulticast mode
[   68.094082][ T5056] FAULT_INJECTION: forcing a failure.
[   68.094082][ T5056] name failslab, interval 1, probability 0, space 0, times 0
[   68.106958][ T5056] CPU: 0 UID: 0 PID: 5056 Comm: syz.1.467 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   68.106995][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   68.107007][ T5056] Call Trace:
[   68.107014][ T5056]  <TASK>
[   68.107021][ T5056]  __dump_stack+0x1d/0x30
[   68.107042][ T5056]  dump_stack_lvl+0xe8/0x140
[   68.107066][ T5056]  dump_stack+0x15/0x1b
[   68.107086][ T5056]  should_fail_ex+0x265/0x280
[   68.107117][ T5056]  should_failslab+0x8c/0xb0
[   68.107146][ T5056]  kmem_cache_alloc_noprof+0x50/0x310
[   68.107180][ T5056]  ? vm_area_dup+0x33/0x2c0
[   68.107217][ T5056]  vm_area_dup+0x33/0x2c0
[   68.107253][ T5056]  __split_vma+0xe9/0x650
[   68.107281][ T5056]  ? mntput+0x4b/0x80
[   68.107305][ T5056]  ? terminate_walk+0x27f/0x2a0
[   68.107328][ T5056]  vms_gather_munmap_vmas+0x172/0x7a0
[   68.107349][ T5056]  ? _parse_integer_limit+0x170/0x190
[   68.107378][ T5056]  ? _parse_integer+0x27/0x40
[   68.107407][ T5056]  do_vmi_align_munmap+0x1a4/0x3d0
[   68.107446][ T5056]  do_vmi_munmap+0x1db/0x220
[   68.107475][ T5056]  __vm_munmap+0x1a1/0x280
[   68.107511][ T5056]  __x64_sys_munmap+0x36/0x50
[   68.107530][ T5056]  x64_sys_call+0xa65/0x2fb0
[   68.107551][ T5056]  do_syscall_64+0xd2/0x200
[   68.107570][ T5056]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   68.107597][ T5056]  ? clear_bhb_loop+0x40/0x90
[   68.107617][ T5056]  ? clear_bhb_loop+0x40/0x90
[   68.107638][ T5056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.107665][ T5056] RIP: 0033:0x7fa526b8e929
[   68.107683][ T5056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.107706][ T5056] RSP: 002b:00007fa5251f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[   68.107730][ T5056] RAX: ffffffffffffffda RBX: 00007fa526db5fa0 RCX: 00007fa526b8e929
[   68.107746][ T5056] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000200000001000
[   68.107762][ T5056] RBP: 00007fa5251f7090 R08: 0000000000000000 R09: 0000000000000000
[   68.107777][ T5056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.107792][ T5056] R13: 0000000000000000 R14: 00007fa526db5fa0 R15: 00007ffe50d4bb08
[   68.107823][ T5056]  </TASK>
[   68.107880][ T5053] wg2: entered promiscuous mode
[   68.334965][ T5053] wg2: entered allmulticast mode
[   68.349490][ T5074] wg2: left promiscuous mode
[   68.354245][ T5074] wg2: left allmulticast mode
[   68.372464][ T5074] wg2: entered promiscuous mode
[   68.377630][ T5074] wg2: entered allmulticast mode
[   68.454790][ T5088] vxcan1 speed is unknown, defaulting to 1000
[   68.495716][ T5088] lo speed is unknown, defaulting to 1000
[   68.564415][ T5095] validate_nla: 2 callbacks suppressed
[   68.564429][ T5095] netlink: '+}[@': attribute type 9 has an invalid length.
[   68.577382][ T5095] netlink: '+}[@': attribute type 7 has an invalid length.
[   68.584637][ T5095] netlink: '+}[@': attribute type 8 has an invalid length.
[   68.616750][ T5101] wg2: left promiscuous mode
[   68.621706][ T5101] wg2: left allmulticast mode
[   68.641935][ T5101] wg2: entered promiscuous mode
[   68.646937][ T5101] wg2: entered allmulticast mode
[   68.724685][ T5118] wg2: left promiscuous mode
[   68.729630][ T5118] wg2: left allmulticast mode
[   68.745156][ T5118] wg2: entered promiscuous mode
[   68.750233][ T5118] wg2: entered allmulticast mode
[   68.813555][ T5126] vxcan1 speed is unknown, defaulting to 1000
[   68.853018][ T5126] lo speed is unknown, defaulting to 1000
[   68.878429][ T5136] wg2: left promiscuous mode
[   68.883382][ T5136] wg2: left allmulticast mode
[   68.904815][ T5136] wg2: entered promiscuous mode
[   68.909895][ T5136] wg2: entered allmulticast mode
[   68.913381][ T5138] netlink: '+}[@': attribute type 9 has an invalid length.
[   68.922264][ T5138] netlink: '+}[@': attribute type 7 has an invalid length.
[   68.929633][ T5138] netlink: '+}[@': attribute type 8 has an invalid length.
[   69.193638][   T29] kauditd_printk_skb: 1338 callbacks suppressed
[   69.193656][   T29] audit: type=1400 audit(1749937944.791:14667): avc:  denied  { map_create } for  pid=5168 comm="syz.1.516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   69.203121][ T5167] vxcan1 speed is unknown, defaulting to 1000
[   69.270287][   T29] audit: type=1400 audit(1749937944.821:14668): avc:  denied  { prog_load } for  pid=5168 comm="syz.1.516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   69.289644][   T29] audit: type=1400 audit(1749937944.861:14669): avc:  denied  { prog_load } for  pid=5166 comm="syz.3.517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   69.308840][   T29] audit: type=1400 audit(1749937944.861:14670): avc:  denied  { prog_load } for  pid=5166 comm="syz.3.517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   69.328112][   T29] audit: type=1400 audit(1749937944.861:14671): avc:  denied  { map_create } for  pid=5166 comm="syz.3.517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   69.347401][   T29] audit: type=1400 audit(1749937944.861:14672): avc:  denied  { map_create } for  pid=5166 comm="syz.3.517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   69.366668][   T29] audit: type=1400 audit(1749937944.861:14673): avc:  denied  { prog_load } for  pid=5166 comm="syz.3.517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   69.380156][ T5171] netlink: '+}[@': attribute type 9 has an invalid length.
[   69.386217][   T29] audit: type=1400 audit(1749937944.861:14674): avc:  denied  { bpf } for  pid=5166 comm="syz.3.517" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=0
[   69.393152][ T5171] netlink: '+}[@': attribute type 7 has an invalid length.
[   69.393166][ T5171] netlink: '+}[@': attribute type 8 has an invalid length.
[   69.428471][   T29] audit: type=1400 audit(1749937944.861:14675): avc:  denied  { prog_load } for  pid=5166 comm="syz.3.517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   69.482585][ T5167] lo speed is unknown, defaulting to 1000
[   69.506127][   T29] audit: type=1400 audit(1749937944.911:14676): avc:  denied  { prog_load } for  pid=5172 comm="syz.1.518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   69.690305][ T5206] netlink: 8 bytes leftover after parsing attributes in process `syz.3.530'.
[   69.721349][ T5208] wg2: left promiscuous mode
[   69.726063][ T5208] wg2: left allmulticast mode
[   69.742341][ T5205] netlink: '+}[@': attribute type 9 has an invalid length.
[   69.760341][ T5208] wg2: entered promiscuous mode
[   69.765287][ T5208] wg2: entered allmulticast mode
[   69.905791][ T5218] wg2: left promiscuous mode
[   69.905815][ T5218] wg2: left allmulticast mode
[   69.910755][ T5218] wg2: entered promiscuous mode
[   69.910847][ T5218] wg2: entered allmulticast mode
[   69.953502][ T5225] vxcan1 speed is unknown, defaulting to 1000
[   70.017070][ T5233] FAULT_INJECTION: forcing a failure.
[   70.017070][ T5233] name failslab, interval 1, probability 0, space 0, times 0
[   70.017142][ T5233] CPU: 1 UID: 0 PID: 5233 Comm: syz.4.544 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   70.017169][ T5233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   70.017181][ T5233] Call Trace:
[   70.017189][ T5233]  <TASK>
[   70.017198][ T5233]  __dump_stack+0x1d/0x30
[   70.017224][ T5233]  dump_stack_lvl+0xe8/0x140
[   70.017249][ T5233]  dump_stack+0x15/0x1b
[   70.017270][ T5233]  should_fail_ex+0x265/0x280
[   70.017355][ T5233]  ? alloc_pipe_info+0xae/0x350
[   70.017379][ T5233]  should_failslab+0x8c/0xb0
[   70.017410][ T5233]  __kmalloc_cache_noprof+0x4c/0x320
[   70.017451][ T5233]  alloc_pipe_info+0xae/0x350
[   70.017520][ T5233]  splice_direct_to_actor+0x592/0x680
[   70.017629][ T5233]  ? kstrtouint_from_user+0x9f/0xf0
[   70.017669][ T5233]  ? __pfx_direct_splice_actor+0x10/0x10
[   70.017709][ T5233]  ? __rcu_read_unlock+0x4f/0x70
[   70.017738][ T5233]  ? get_pid_task+0x96/0xd0
[   70.017783][ T5233]  ? avc_policy_seqno+0x15/0x30
[   70.017827][ T5233]  ? selinux_file_permission+0x1e4/0x320
[   70.017859][ T5233]  do_splice_direct+0xda/0x150
[   70.017894][ T5233]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   70.017958][ T5233]  do_sendfile+0x380/0x650
[   70.018035][ T5233]  __x64_sys_sendfile64+0x105/0x150
[   70.018065][ T5233]  x64_sys_call+0xb39/0x2fb0
[   70.018115][ T5233]  do_syscall_64+0xd2/0x200
[   70.018138][ T5233]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   70.018193][ T5233]  ? clear_bhb_loop+0x40/0x90
[   70.018220][ T5233]  ? clear_bhb_loop+0x40/0x90
[   70.018247][ T5233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.018273][ T5233] RIP: 0033:0x7fc6ade3e929
[   70.018352][ T5233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.018441][ T5233] RSP: 002b:00007fc6ac4a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   70.018462][ T5233] RAX: ffffffffffffffda RBX: 00007fc6ae065fa0 RCX: 00007fc6ade3e929
[   70.018475][ T5233] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[   70.018488][ T5233] RBP: 00007fc6ac4a7090 R08: 0000000000000000 R09: 0000000000000000
[   70.018501][ T5233] R10: 0000000800000009 R11: 0000000000000246 R12: 0000000000000001
[   70.018514][ T5233] R13: 0000000000000000 R14: 00007fc6ae065fa0 R15: 00007ffd31280af8
[   70.018574][ T5233]  </TASK>
[   70.035844][ T5225] lo speed is unknown, defaulting to 1000
[   70.196072][ T5241] wg2: left promiscuous mode
[   70.196096][ T5241] wg2: left allmulticast mode
[   70.211820][ T5241] wg2: entered promiscuous mode
[   70.211850][ T5241] wg2: entered allmulticast mode
[   70.333707][ T5253] wg2: left promiscuous mode
[   70.333733][ T5253] wg2: left allmulticast mode
[   70.337546][ T5253] wg2: entered promiscuous mode
[   70.337569][ T5253] wg2: entered allmulticast mode
[   70.660964][ T5270] wg2: left promiscuous mode
[   70.661075][ T5270] wg2: left allmulticast mode
[   70.673057][ T5270] wg2: entered promiscuous mode
[   70.673078][ T5270] wg2: entered allmulticast mode
[   70.730229][ T5274] vxcan1 speed is unknown, defaulting to 1000
[   70.788238][ T5274] lo speed is unknown, defaulting to 1000
[   71.242239][ T5305] wg2: left promiscuous mode
[   71.247051][ T5305] wg2: left allmulticast mode
[   71.255249][ T5305] wg2: entered promiscuous mode
[   71.260240][ T5305] wg2: entered allmulticast mode
[   71.660016][ T5331] wg2: left promiscuous mode
[   71.664714][ T5331] wg2: left allmulticast mode
[   71.968572][ T5364] wg2: left promiscuous mode
[   71.973254][ T5364] wg2: left allmulticast mode
[   71.982785][ T5364] wg2: entered promiscuous mode
[   71.987886][ T5364] wg2: entered allmulticast mode
[   72.134460][ T5390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.609'.
[   72.369814][ T5403] wg2: left promiscuous mode
[   72.374632][ T5403] wg2: left allmulticast mode
[   72.421734][ T5403] wg2: entered promiscuous mode
[   72.426699][ T5403] wg2: entered allmulticast mode
[   72.450273][ T5412] wg2: entered promiscuous mode
[   72.455453][ T5412] wg2: entered allmulticast mode
[   72.504685][ T5418] vxcan1 speed is unknown, defaulting to 1000
[   72.545215][ T5418] lo speed is unknown, defaulting to 1000
[   72.745329][ T5443] wg2: left promiscuous mode
[   72.750076][ T5443] wg2: left allmulticast mode
[   72.760022][ T5443] wg2: entered promiscuous mode
[   72.764949][ T5443] wg2: entered allmulticast mode
[   72.890692][ T5453] vxcan1 speed is unknown, defaulting to 1000
[   72.928036][ T5453] lo speed is unknown, defaulting to 1000
[   73.108828][ T5471] wg2: left promiscuous mode
[   73.113593][ T5471] wg2: left allmulticast mode
[   73.123938][ T5471] wg2: entered promiscuous mode
[   73.128949][ T5471] wg2: entered allmulticast mode
[   73.269164][ T5486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.650'.
[   73.457757][ T5503] wg2: left promiscuous mode
[   73.462705][ T5503] wg2: left allmulticast mode
[   73.472192][ T5503] wg2: entered promiscuous mode
[   73.477349][ T5503] wg2: entered allmulticast mode
[   73.605611][ T5513] vxcan1 speed is unknown, defaulting to 1000
[   73.661128][ T5513] lo speed is unknown, defaulting to 1000
[   73.824622][ T5538] wg2: left promiscuous mode
[   73.829460][ T5538] wg2: left allmulticast mode
[   73.883311][ T5538] wg2: entered promiscuous mode
[   73.888425][ T5538] wg2: entered allmulticast mode
[   73.923417][ T5548] vxcan1 speed is unknown, defaulting to 1000
[   73.986583][ T5548] lo speed is unknown, defaulting to 1000
[   74.127306][ T5575] wg2: left promiscuous mode
[   74.132310][ T5575] wg2: left allmulticast mode
[   74.149284][ T5575] wg2: entered promiscuous mode
[   74.154221][ T5575] wg2: entered allmulticast mode
[   74.191234][ T5585] vxcan1 speed is unknown, defaulting to 1000
[   74.199408][   T29] kauditd_printk_skb: 1824 callbacks suppressed
[   74.199428][   T29] audit: type=1326 audit(1749937949.801:16501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5578 comm="syz.0.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67be5fe929 code=0x7ffc0000
[   74.240335][   T29] audit: type=1326 audit(1749937949.801:16502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5578 comm="syz.0.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67be5fe929 code=0x7ffc0000
[   74.264128][   T29] audit: type=1400 audit(1749937949.841:16503): avc:  denied  { mounton } for  pid=5582 comm="syz.3.698" path="/152" dev="tmpfs" ino=803 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=0
[   74.268041][ T5585] lo speed is unknown, defaulting to 1000
[   74.316480][   T29] audit: type=1400 audit(1749937949.841:16504): avc:  denied  { create } for  pid=5582 comm="syz.3.698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[   74.337378][   T29] audit: type=1400 audit(1749937949.841:16505): avc:  denied  { create } for  pid=5582 comm="syz.3.698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0
[   74.357921][   T29] audit: type=1400 audit(1749937949.891:16506): avc:  denied  { prog_load } for  pid=5578 comm="syz.0.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   74.377242][   T29] audit: type=1400 audit(1749937949.891:16507): avc:  denied  { write } for  pid=5578 comm="syz.0.696" name="001" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=0
[   74.400202][   T29] audit: type=1400 audit(1749937949.891:16508): avc:  denied  { read write } for  pid=5578 comm="syz.0.696" name="uhid" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=0
[   74.423636][   T29] audit: type=1400 audit(1749937949.891:16509): avc:  denied  { map_create } for  pid=5578 comm="syz.0.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   74.442901][   T29] audit: type=1400 audit(1749937949.891:16510): avc:  denied  { prog_load } for  pid=5578 comm="syz.0.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
[   74.483494][ T5592] vxcan1 speed is unknown, defaulting to 1000
[   74.520617][ T5592] lo speed is unknown, defaulting to 1000
[   74.586770][ T5597] FAULT_INJECTION: forcing a failure.
[   74.586770][ T5597] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   74.599959][ T5597] CPU: 1 UID: 0 PID: 5597 Comm: syz.1.703 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   74.599988][ T5597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   74.600044][ T5597] Call Trace:
[   74.600053][ T5597]  <TASK>
[   74.600063][ T5597]  __dump_stack+0x1d/0x30
[   74.600091][ T5597]  dump_stack_lvl+0xe8/0x140
[   74.600146][ T5597]  dump_stack+0x15/0x1b
[   74.600168][ T5597]  should_fail_ex+0x265/0x280
[   74.600209][ T5597]  should_fail+0xb/0x20
[   74.600314][ T5597]  should_fail_usercopy+0x1a/0x20
[   74.600362][ T5597]  _copy_to_user+0x20/0xa0
[   74.600383][ T5597]  aio_read_events+0x213/0x400
[   74.600417][ T5597]  do_io_getevents+0x266/0x400
[   74.600489][ T5597]  ? __pfx_autoremove_wake_function+0x10/0x10
[   74.600537][ T5597]  ? __pfx_hrtimer_wakeup+0x10/0x10
[   74.600572][ T5597]  __se_sys_io_pgetevents+0x13e/0x2d0
[   74.600602][ T5597]  __x64_sys_io_pgetevents+0x78/0x90
[   74.600732][ T5597]  x64_sys_call+0xb74/0x2fb0
[   74.600754][ T5597]  do_syscall_64+0xd2/0x200
[   74.600772][ T5597]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   74.600801][ T5597]  ? clear_bhb_loop+0x40/0x90
[   74.600829][ T5597]  ? clear_bhb_loop+0x40/0x90
[   74.600883][ T5597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.600904][ T5597] RIP: 0033:0x7fa526b8e929
[   74.600919][ T5597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.600937][ T5597] RSP: 002b:00007fa5251f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000014d
[   74.600962][ T5597] RAX: ffffffffffffffda RBX: 00007fa526db5fa0 RCX: 00007fa526b8e929
[   74.600983][ T5597] RDX: 0000000000000002 RSI: 0000000000000002 RDI: 00007fa525156000
[   74.600995][ T5597] RBP: 00007fa5251f7090 R08: 0000000000000000 R09: 0000000000000000
[   74.601075][ T5597] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   74.601091][ T5597] R13: 0000000000000000 R14: 00007fa526db5fa0 R15: 00007ffe50d4bb08
[   74.601115][ T5597]  </TASK>
[   74.989654][ T5616] wg2: left promiscuous mode
[   74.994518][ T5616] wg2: left allmulticast mode
[   75.003197][ T5616] wg2: entered promiscuous mode
[   75.008159][ T5616] wg2: entered allmulticast mode
[   75.068294][ T5621] vxcan1 speed is unknown, defaulting to 1000
[   75.112935][ T5621] lo speed is unknown, defaulting to 1000
[   75.415645][ T5643] wg2: left promiscuous mode
[   75.420695][ T5643] wg2: left allmulticast mode
[   75.439107][ T5643] wg2: entered promiscuous mode
[   75.444059][ T5643] wg2: entered allmulticast mode
[   75.505442][ T5650] vxcan1 speed is unknown, defaulting to 1000
[   75.533403][ T5653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.724'.
[   75.604254][ T5650] lo speed is unknown, defaulting to 1000
[   75.678097][ T5659] FAULT_INJECTION: forcing a failure.
[   75.678097][ T5659] name failslab, interval 1, probability 0, space 0, times 0
[   75.690931][ T5659] CPU: 1 UID: 0 PID: 5659 Comm: syz.4.728 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   75.690967][ T5659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   75.690982][ T5659] Call Trace:
[   75.690990][ T5659]  <TASK>
[   75.690998][ T5659]  __dump_stack+0x1d/0x30
[   75.691022][ T5659]  dump_stack_lvl+0xe8/0x140
[   75.691060][ T5659]  dump_stack+0x15/0x1b
[   75.691076][ T5659]  should_fail_ex+0x265/0x280
[   75.691114][ T5659]  should_failslab+0x8c/0xb0
[   75.691143][ T5659]  kmem_cache_alloc_noprof+0x50/0x310
[   75.691176][ T5659]  ? getname_flags+0x80/0x3b0
[   75.691220][ T5659]  getname_flags+0x80/0x3b0
[   75.691247][ T5659]  user_path_at+0x28/0x130
[   75.691354][ T5659]  __se_sys_mount+0x25b/0x2e0
[   75.691374][ T5659]  ? fput+0x8f/0xc0
[   75.691399][ T5659]  __x64_sys_mount+0x67/0x80
[   75.691421][ T5659]  x64_sys_call+0xd36/0x2fb0
[   75.691447][ T5659]  do_syscall_64+0xd2/0x200
[   75.691544][ T5659]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   75.691574][ T5659]  ? clear_bhb_loop+0x40/0x90
[   75.691601][ T5659]  ? clear_bhb_loop+0x40/0x90
[   75.691627][ T5659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.691777][ T5659] RIP: 0033:0x7fc6ade3e929
[   75.691797][ T5659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.691818][ T5659] RSP: 002b:00007fc6ac4a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   75.691841][ T5659] RAX: ffffffffffffffda RBX: 00007fc6ae065fa0 RCX: 00007fc6ade3e929
[   75.691856][ T5659] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000
[   75.691871][ T5659] RBP: 00007fc6ac4a7090 R08: 0000200000000340 R09: 0000000000000000
[   75.691887][ T5659] R10: 000000000000080c R11: 0000000000000246 R12: 0000000000000001
[   75.691903][ T5659] R13: 0000000000000000 R14: 00007fc6ae065fa0 R15: 00007ffd31280af8
[   75.691973][ T5659]  </TASK>
[   76.062146][ T5677] wg2: left promiscuous mode
[   76.067168][ T5677] wg2: left allmulticast mode
[   76.131959][ T5677] wg2: entered promiscuous mode
[   76.137022][ T5677] wg2: entered allmulticast mode
[   76.139340][ T5690] FAULT_INJECTION: forcing a failure.
[   76.139340][ T5690] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   76.155171][ T5690] CPU: 0 UID: 0 PID: 5690 Comm: syz.4.743 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   76.155213][ T5690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   76.155228][ T5690] Call Trace:
[   76.155234][ T5690]  <TASK>
[   76.155243][ T5690]  __dump_stack+0x1d/0x30
[   76.155268][ T5690]  dump_stack_lvl+0xe8/0x140
[   76.155335][ T5690]  dump_stack+0x15/0x1b
[   76.155355][ T5690]  should_fail_ex+0x265/0x280
[   76.155395][ T5690]  should_fail+0xb/0x20
[   76.155431][ T5690]  should_fail_usercopy+0x1a/0x20
[   76.155522][ T5690]  strncpy_from_user+0x25/0x230
[   76.155570][ T5690]  ? kmem_cache_alloc_noprof+0x186/0x310
[   76.155606][ T5690]  ? getname_flags+0x80/0x3b0
[   76.155637][ T5690]  getname_flags+0xae/0x3b0
[   76.155746][ T5690]  path_setxattrat+0x223/0x310
[   76.155849][ T5690]  __x64_sys_lsetxattr+0x71/0x90
[   76.155875][ T5690]  x64_sys_call+0x1e36/0x2fb0
[   76.155951][ T5690]  do_syscall_64+0xd2/0x200
[   76.155975][ T5690]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   76.156016][ T5690]  ? clear_bhb_loop+0x40/0x90
[   76.156043][ T5690]  ? clear_bhb_loop+0x40/0x90
[   76.156068][ T5690]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.156135][ T5690] RIP: 0033:0x7fc6ade3e929
[   76.156155][ T5690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.156178][ T5690] RSP: 002b:00007fc6ac4a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[   76.156208][ T5690] RAX: ffffffffffffffda RBX: 00007fc6ae065fa0 RCX: 00007fc6ade3e929
[   76.156222][ T5690] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000200000000000
[   76.156235][ T5690] RBP: 00007fc6ac4a7090 R08: 0000000000000000 R09: 0000000000000000
[   76.156248][ T5690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.156299][ T5690] R13: 0000000000000000 R14: 00007fc6ae065fa0 R15: 00007ffd31280af8
[   76.156320][ T5690]  </TASK>
[   76.470861][ T5699] netlink: 8 bytes leftover after parsing attributes in process `syz.2.746'.
[   76.643468][ T5718] netlink: 40 bytes leftover after parsing attributes in process `syz.4.753'.
[   76.698806][ T5719] vxcan1 speed is unknown, defaulting to 1000
[   76.760619][ T5719] lo speed is unknown, defaulting to 1000
[   76.975445][ T5748] wg2: left promiscuous mode
[   76.980175][ T5748] wg2: left allmulticast mode
[   76.989058][ T5748] wg2: entered promiscuous mode
[   76.994192][ T5748] wg2: entered allmulticast mode
[   77.113380][ T5760] netlink: 8 bytes leftover after parsing attributes in process `syz.3.771'.
[   77.255288][ T5766] netlink: 12 bytes leftover after parsing attributes in process `syz.2.774'.
[   77.377658][ T5781] validate_nla: 15 callbacks suppressed
[   77.377678][ T5781] netlink: 'syz.2.779': attribute type 1 has an invalid length.
[   77.757420][ T5808] vxcan1 speed is unknown, defaulting to 1000
[   77.808380][ T5821] wg2: left promiscuous mode
[   77.813167][ T5821] wg2: left allmulticast mode
[   77.859758][ T5808] lo speed is unknown, defaulting to 1000
[   77.870764][ T5821] wg2: entered promiscuous mode
[   77.875744][ T5821] wg2: entered allmulticast mode
[   77.971735][ T5840] ==================================================================
[   77.979955][ T5840] BUG: KCSAN: data-race in call_rcu / mas_state_walk
[   77.986804][ T5840] 
[   77.989165][ T5840] write to 0xffff888104703508 of 8 bytes by task 5838 on cpu 0:
[   77.996831][ T5840]  call_rcu+0x48/0x3e0
[   78.000948][ T5840]  mas_wmb_replace+0xc6a/0x14a0
[   78.005857][ T5840]  mas_wr_store_entry+0x1773/0x2b50
[   78.011102][ T5840]  mas_store_prealloc+0x74d/0x9e0
[   78.016182][ T5840]  vma_iter_store_new+0x1c5/0x200
[   78.021606][ T5840]  vma_complete+0x125/0x580
[   78.026311][ T5840]  __split_vma+0x591/0x650
[   78.030762][ T5840]  vma_modify+0x21e/0xca0
[   78.035120][ T5840]  vma_modify_flags+0x101/0x130
[   78.040031][ T5840]  mprotect_fixup+0x2cc/0x570
[   78.044735][ T5840]  do_mprotect_pkey+0x6d6/0x980
[   78.049619][ T5840]  __x64_sys_mprotect+0x48/0x60
[   78.054502][ T5840]  x64_sys_call+0x2794/0x2fb0
[   78.059205][ T5840]  do_syscall_64+0xd2/0x200
[   78.063734][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.069652][ T5840] 
[   78.071990][ T5840] read to 0xffff888104703508 of 8 bytes by task 5840 on cpu 1:
[   78.079551][ T5840]  mas_state_walk+0x3e9/0x650
[   78.084259][ T5840]  mas_walk+0x30/0x120
[   78.088357][ T5840]  lock_vma_under_rcu+0xa2/0x2f0
[   78.093330][ T5840]  do_user_addr_fault+0x233/0x1090
[   78.098481][ T5840]  exc_page_fault+0x62/0xa0
[   78.103024][ T5840]  asm_exc_page_fault+0x26/0x30
[   78.107896][ T5840] 
[   78.110229][ T5840] value changed: 0x000055555dd1dfff -> 0xffff888104703408
[   78.117438][ T5840] 
[   78.119800][ T5840] Reported by Kernel Concurrency Sanitizer on:
[   78.125966][ T5840] CPU: 1 UID: 0 PID: 5840 Comm: syz.3.806 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(voluntary) 
[   78.138487][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   78.148577][ T5840] ==================================================================