last executing test programs:

3.383779862s ago: executing program 2 (id=9022):
r0 = socket$inet(0x2, 0x1, 0x0)
unshare(0xe020600)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001f40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r3}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r4, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0)
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f00000003c0)={0x0, 0x0, 0x1, "a9"}, 0x9)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r0, &(0x7f0000000480)="0c268a927f1f65a8974895abeaf401000000000000c3a9d425a38676758044ab4ea639b322da72f7bbfe7511bf766bec2bc22600"/67, 0x994b6e03113064ae, 0xce9d32186c4c8c5, 0x0, 0x2)
r6 = socket$l2tp(0x2, 0x2, 0x73)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4000, @loopback}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f00000058c0)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000004780)=""/4107, 0x100b}], 0x1}}, {{&(0x7f0000000300)=@qipcrtr, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000640)=""/204, 0xcc}, {&(0x7f0000000800)=""/220, 0xdc}, {&(0x7f00000010c0)=""/72, 0x48}, {&(0x7f0000001300)=""/159, 0x9f}, {&(0x7f0000000280)=""/27, 0x1b}, {&(0x7f00000009c0)=""/142, 0x8e}], 0x6, &(0x7f0000000500)=""/82, 0x52}, 0xc}, {{&(0x7f0000000b80)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000001140)=[{&(0x7f0000000400)=""/11, 0xb}, {&(0x7f00000005c0)=""/21, 0x15}, {&(0x7f0000000c00)=""/238, 0xee}, {&(0x7f0000000d00)=""/255, 0xff}, {&(0x7f0000000e00)=""/97, 0x61}, {&(0x7f0000000740)=""/44, 0x2c}, {&(0x7f0000000e80)=""/175, 0xaf}, {&(0x7f0000000f40)=""/199, 0xc7}, {&(0x7f0000001040)=""/16, 0x10}], 0x9, &(0x7f0000001080)=""/1, 0x1}, 0xc9}, {{&(0x7f0000000900)=@tipc=@id, 0x80, &(0x7f0000000980)=[{&(0x7f00000013c0)=""/248, 0xf8}], 0x1, &(0x7f0000000b00)=""/80, 0x50}, 0x218}, {{&(0x7f00000014c0)=@alg, 0x80, &(0x7f0000001880)=[{&(0x7f0000001540)=""/149, 0x95}, {&(0x7f0000001600)=""/162, 0xa2}, {&(0x7f00000016c0)=""/249, 0xf9}, {&(0x7f00000017c0)=""/10, 0xa}, {&(0x7f0000001800)=""/72, 0x48}], 0x5, &(0x7f0000001900)=""/159, 0x9f}, 0x3e1c}, {{&(0x7f00000019c0)=@ieee802154, 0x80, &(0x7f0000001bc0)=[{&(0x7f0000001a40)=""/154, 0x9a}, {&(0x7f0000001b00)=""/156, 0x9c}, {&(0x7f0000002000)=""/4096, 0x1000}], 0x3, &(0x7f0000001c00)=""/67, 0x43}, 0x2}, {{0x0, 0x0, &(0x7f00000032c0)=[{&(0x7f0000001d00)=""/110, 0x6e}, {&(0x7f0000001d80)=""/193, 0xc1}, {&(0x7f0000003000)=""/208, 0xd0}, {&(0x7f0000001e80)=""/26, 0x1a}, {&(0x7f0000003100)=""/244, 0xf4}, {&(0x7f0000003200)=""/138, 0x8a}, {&(0x7f0000001ec0)=""/20, 0x14}], 0x7, &(0x7f0000001f00)=""/30, 0x1e}, 0x80}, {{&(0x7f0000003340), 0x80, &(0x7f0000004680)=[{&(0x7f00000033c0)=""/59, 0x3b}, {&(0x7f0000003400)}, {&(0x7f0000003440)}, {&(0x7f0000003480)=""/135, 0x87}, {&(0x7f0000003540)=""/236, 0xec}, {&(0x7f0000003640)=""/42, 0x2a}, {&(0x7f0000003680)=""/4096, 0x1000}], 0x7, &(0x7f00000057c0)=""/248, 0xf8}, 0x81}], 0x8, 0x0, 0x0)
connect$inet(r6, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1fffffff, 0x0, 0x0, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

3.383056762s ago: executing program 0 (id=9023):
syz_usb_connect(0x5, 0x0, 0x0, &(0x7f0000000940)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x250, 0xd4, 0x4, 0x7, 0x20, 0xb}, 0xd8, &(0x7f00000000c0)={0x5, 0xf, 0xd8, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x12, 0x0, 0x2, 0x9}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "a2accb0f1892cf281786d2bbce7ef650"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x2, 0x9, 0x9}, @ss_container_id={0x14, 0x10, 0x4, 0xff, "969165cc76f2199f3e1389529f7f8d83"}, @ptm_cap={0x3}, @generic={0x9a, 0x10, 0x2, "36b145d7a9eb721d99cfc981142ce87c4ede3b375f11d5e4695a3fd473100c9d49b24ebe959db2cc6b3ca3991b3caa29d7ab5e06c0234da58f84d9b225a2b9e30d47fba48ab2358b2920974ed195e5606c808c5b3a090e5b9ed6826fe170d3161571fd2087fb9f70d5d20b8ef4b0448bebafee203ebb582295adac2f8f8a8505955d0effe4238b0cf9d45b67d5adcfefac2de37e8aa5ec"}]}, 0xa, [{0xc5, &(0x7f0000001180)=@string={0xc5, 0x3, "6b80fa8de46e83f8056e7b5eb850b6d0b35c82d2f966c92cf2f77ffaaf62216bf2c8788a9951d41afdc5f8bdbcea0608896ba9b49dae962044704dba21d2cc4e8ee14ca7f869a28c891da3160dee0c823f5d394d09a7a4e8e507207b2e66ba6df23729f9bb94ee67c7a3bf2620c7ff0e6fde24dd5e507311e277470d05eb01647cc6ccde7e1454a300703a65c2f9063cea1b08f3f7279d63d43684b65a01dac920a37380c121ba44da7005a4c65d62bb47e31e5159f884cb9be49512010d1349f61351"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0xa2ab4e08f3cc5659}}, {0x9e, &(0x7f0000000340)=ANY=[@ANYBLOB="9e03ee774e99560226354195cd7bdb4fda4469771f7052f78700fa08b0b2bb1a32f1513ac7016ee9f3925690dcd3d83844e03a9f6259b149855647fd6410ae2875e7583bdfc12fd9fb175973ed507bf2a10e1e65defe2a3683ee6339b539f96b59cb2453bf3427d64f092ec039020087689d143f5a515bf298a0c3c7b81dd73bbe510e29f3e77f071ec5344156df1dc0d947edef8dcd2f71caa80100f85c"]}, {0x2c, &(0x7f0000000540)=@string={0x2c, 0x3, "c491706d2a3df6b3c982e39b4cb97508be3ad28cb480058edb7379be2028a81cd751c78d1313fe2fd302"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x423}}, {0xe6, &(0x7f0000000600)=@string={0xe6, 0x3, "55223a8797a8de8460af5faa2a90907c7839004906f91dde23319f71d4786367866b4d2d566db15d6fa016f81668dda8c311997d2cad61197e2477149044e4e4904b653a2cd17c5db4ee2a6b6d0cad780f821f10d38943aad28e30255116526e7bac3af329a8a0e5b65ce5019ce4e47dcefd5432def7c1066d21090047a483487339e2df98fb0a43d444bae974f790fa5f9a7435f484b8f0bb560e5cbd08f52f00d7a59c785a058630e198333325fea1be71174e0a2741e85a21a311ca8ccd15988491aa336f7f5cd463998c6e1a502c998c4284c27fad3d6417ea7f76d7471615b0144c"}}, {0xbb, &(0x7f0000000700)=@string={0xbb, 0x3, "a2f1569c760aebc656eaf836b34e31303446668aa08622b1c6ca9b10a5e02605489c2c8b2223bec5a2c7ca0b705b04261a926df125351a2eaec42a699e48ef7408920bf260d49d7195c7eb03d8dd93ce43b62c69148964a463826f50383c56cac2b063c37f64229fe96efbe8d9010ce739f3c0c87c0c919b9b8e18e42ff01857a17ddd523494dd1468039f1d3d53bc24826423e2f1c9d12e77064cfa87e7c6d25b9958999da7aa7db5cfaf5a734ae4883dbbd959c7ee17fa59"}}, {0x4, &(0x7f00000008c0)=@lang_id={0x4, 0x3, 0x41c}}, {0x4, &(0x7f0000000900)=@lang_id={0x4}}]})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000500)=@chain)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xfb, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYRESOCT=0x0, @ANYRESDEC, @ANYRESHEX=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
add_key$user(&(0x7f0000000400), &(0x7f0000000440)={'syz', 0x0}, &(0x7f00000005c0)="b71f", 0x2, r1)

3.317748273s ago: executing program 2 (id=9024):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
personality(0x4000000)

3.283773213s ago: executing program 2 (id=9025):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@newtaction={0x98, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x4, r3}}]}, {0x4}, {0xc}, {0xc}}}, @m_csum={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)

3.283260013s ago: executing program 2 (id=9026):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000110"], 0x48)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000380)='./file0\x00', 0x800804, &(0x7f0000000640)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c757466383d312c73686f72746e616d653d6c6f7765722c636865636b3d72656c617865642c726f6469722c726f6469722c757466383d302c74696d655f6f66667365743d3078666666666666666666666666666632382c636f6465706167653d3835372c6e6f6e756d7461696c3d302c696f636861727365743d6b6f69382d72752c73686f72746e616d653d77696e39352c73686f72746e616d653d6d697865642c747a3d5554432c00b6638b2365bfce5edff2d3206c0f3ff8c1bfe859ee824ff85d7690d773272154164bea29b754d1a2e184"], 0x1, 0x276, &(0x7f00000003c0)="$eJzs3UFqG1cYB/BvLMmW2oW06KoUPNAuujJ2T2BTXCg1FFq0aLtoTS1DsYTBBkGTEMWrnCAnyHmyCblADpCQXbwwmSDPSFbCyEaJbJnk99vo8d77z/vezCCtZvTPN72DvcPj/ZN7z6NeT2JpMzbjNIlWLMXIgyj17GV5PwBwy51mWbzKciulM2pTktWlay0MALg2k7//i64FALgZv//x5y9bOzvbv6VpPaL3sN9OIv/Mx7f247/oRifWoxlnEdlY3v7p553tqKZDrfiuN+i3h8ne30+K42+9iDjPb0QzWuX5jTQ3kR/027X4olh/sxudXx9HM74qz/9Qko/2cnz/7UT9a9GMp//GYXRjr6htlL+/kaY/Zo9e3/1r2DvMJ4N+e2U8r5hdudELAwAAAAAAAAAAAAAAAAAAAADAJ20tHWu9+/6dytn5+Nq08Tw/7f1Ag4n386ynaZol+fyLfDW+rkZ1kXsHAAAAAAAAAAAAAAAAAACA2+L4/zsHu91u52iujdFj/SVD8Waea63OmopKUVo3iZhtrVqRvHpyZcZdNIb1dI6SaszvEiTjnsbk0Grkaw17GnljouejV6/HeWN0dx3sJnFFql52k8yhkZXcfpWpqeX3exrFDkomNy5ZffnLD6o5a04ZSiKiNj6Zlx+nNt9zeFPfQAAAAAAAAAAAAAAAAAAAwMjFQ78lgycLKAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFuDi//9naAyK8LQ5WWXYqEbRs+AtAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Bl4GwAA//95LWni")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)="35cb1f", 0x3, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r5, 0xfffffffffffffffb, 0xffffffffffffffff, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00'})
sendmsg$nl_route_sched(r6, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)

3.164877354s ago: executing program 3 (id=9029):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
socket(0x1, 0x4, 0xffffffe1)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0)
close(0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000980)={'wg2\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000180)="0b031407e0ff640f0200475400f6a13bb1000e00080008004803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)

3.089924694s ago: executing program 3 (id=9031):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r0, 0x1000000, 0x11, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b722780", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18004000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff1900b802000000000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$inet6_dccp(0xa, 0x6, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000004180)=ANY=[@ANYBLOB="020000000400000007000000020000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000005000c0001000000080006004802000005000b"], 0x44}}, 0x0)

3.087809834s ago: executing program 1 (id=9032):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000faffffffb703000008400000b70600000000feff850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000040), &(0x7f0000000080)=0x8)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x2f, 0xca, 0x10, 0x5, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x42}, 0x700, 0x0, 0x100000, 0x401}})
r4 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x2001)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000040)=ANY=[])
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000280)={0x0, 0xfe, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}}, 0x0)

2.970301065s ago: executing program 3 (id=9033):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000003080)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {}, {0x3, 0xe}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x18, 0x2, [@TCA_CGROUP_ACT={0x4}, @TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffd}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x15}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2.952489825s ago: executing program 3 (id=9034):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRESHEX], 0x20}}, 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x7, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000100)={0x4, 0xd4, 0xfe, 0x9, 0xff, 0x2, 0x7, 0xe, 0x5, 0x6, 0x3, 0xfa, 0xc0, 0xae}, 0xe)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000900), 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
r5 = socket(0x15, 0x5, 0x0)
getsockopt$nfc_llcp(r5, 0x114, 0x2718, 0x0, 0x20000000)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000bc0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010029bd70000000000015000000080003008aaf14d20b7a93871561845baa3ba850e884b658f45c6656611cfdc963e45dacb5bc4e8aaafccae81f4f64038ae7a2a7d99e6c3002a871ec3ed1b577", @ANYRES32=r6, @ANYBLOB="2c002b80080001000000000020000380080002000300000006000100030000000c0004000202aaaaaaaaaaaa"], 0x48}}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000600)={<r7=>0xffffffffffffffff}, 0x111, 0x4}}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r8}, 0x18)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000003a1000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000600000085000000710000009500000000100000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r9}, 0x10)
r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r10, 0xc0105500, &(0x7f0000000000)={0x40, 0x8, 0x7, 0x0, 0x0, 0xf021, 0x0})
write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r7}}, 0x18)
socket$inet(0x2, 0x80001, 0x84)

2.814848325s ago: executing program 0 (id=9036):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x802, &(0x7f0000000300)={[{@noblock_validity}, {@dioread_nolock}, {@nobh}, {@minixdf}, {@nobh}, {@usrjquota, 0x2e}, {@grpquota}, {@nodiscard}, {@jqfmt_vfsv0}, {@noload}], [], 0x2c}, 0x84, 0x452, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getdents(r0, 0x0, 0x0)

2.378604967s ago: executing program 2 (id=9043):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000014b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
unshare(0x68060200)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r2 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f00000008c0)=[{{&(0x7f0000000040)={0x2, 0x64, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000340)=[@ip_retopts={{0x30, 0x0, 0x7, {[@rr={0x7, 0x1b, 0x8, [@multicast1, @empty, @remote, @loopback, @local, @dev={0xac, 0x14, 0x14, 0x30}]}, @noop, @ra={0x94, 0x4, 0x1}]}}}], 0x30}}], 0x1, 0x0)

1.781300111s ago: executing program 3 (id=9045):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01000000", @ANYRES32=0x1, @ANYBLOB="00000000003eaf03f8ffffd6c300"/23, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6}]})
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="9e", 0x1a000, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

1.715252831s ago: executing program 0 (id=9046):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./bus\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x36c, &(0x7f00000023c0)="$eJzs3c9rK1UUwPGTNMlL8nhNFqIoSC++jW6GNroWg7wHQsBHXyO2gjBtJxoyJmUmVCNi25Vbce9KcFG6s+CioP0HunGnGxHcdSO4sAt1ZH4lk2SSpjE1vvb7gZKbe++Z3Jt7C2fSTub87c8/aNRsraa3JZlVkhARuRApSlJCieAx6ZUzErUvL939/cfnH69Xs36Felhee7mklFpc+u7DT3JBt5M7clZ89/y30q9nT589e/732vt1W9Vt1Wy1la42Wz+39U3TUNt1u6Ep9cg0dNtQ9aZtWH77N8FxzNbOTkfpze17+R3LsG2lNzuqYXRUu6XaVkfp7+n1ptI0Td3Lyzjpsa23RfVwdVUvTxm8NePB4JpYlqMviEhuqKV6OJcBAQCAuRrM/5NuSj9N/r8hi5XKg1Xldu7l/0cvnLbvvnW8GOT/J5m4/P+Vn/xj9eX/7ulEL/9v+ecHtcvz/y9lovzfN5wR3S5T5//FaxgMprOUGapK9D2zrLKeD35/PQfvHC17BfJ/AAAAAAAAAAAAAAAAAAAAAACeBBeOU3AcpxA+hj+9SwiC57iRsiPW/47b5q6+w/rfZI/XNyTrXbjnrrH52W51t+o/Bh1ORcQU4y9nkLs3wiuPlKso35t7QfzebnXBaynXpO7Gy4oUpOjtp0i84zx8o/JgRfmC+O5lSvlofEkK8lQ0/ltvd7rxpf744PUz8uL9SLwmBflhS1piyrYX2Xv9T1eUev3NykB8zusnIr/854sCAAAAAMCMaaor9vxd00a1+98yUq55HxMZsiwF+TP+/H459vw8VXguNe/ZAwAAAABwO9idjxu6JA3LK5hmXCEnI5viC7mrdE711aRFJLZzZqAmPe7IC5EZTjgMPSP+HUyuNNOYwlfhu3qVqPAfKdyBd5uCO6rIdOMJ5+/VJFLTTsc0E/vibYD9aFNSJghPDQ5+ya1QsZ3vjzzOQTCRbk34sVFmxPssj4aPkxyzE9JDNU5iug3wzBdf//Fv90+v8OpxsAM+urzzgWk4ezLJogwU3JcYbuL2OAAAAMAN1Ev6w5rXos3RG4lEb5bDX+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJihmXxR2SWFec8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+L/4JwAA//94DPMO")
r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x8, 0x7fff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
io_setup(0x200, &(0x7f0000000140)=<r5=>0x0)
r6 = open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r6, &(0x7f0000000080), 0x208e24b)
io_submit(r5, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r3, &(0x7f0000000000), 0x77000, 0xfff0}])

1.714988691s ago: executing program 4 (id=9047):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f608ce27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e30400000000000000000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a95d32f46ed9bd1f00fb8191bbab2dc599dda61ee2010000294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bfe2777e808fcba821a00e8c5c39609ff854256cb490000000000c1fee30a3f7a85d1b2b458c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd210819203828b202779d386ed295f023c67d867014d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff00004043060000005dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df40600000000000000e9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b0600b805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1202000000b59fed817072a0da60160761fd3dffda0f7c742eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7000000000000000542954c167dd9b4acd946ffffffffffffffff1389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c9e281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b630500163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
sysfs$2(0x2, 0x5, &(0x7f0000000040)=""/51)

1.555742192s ago: executing program 4 (id=9048):
syz_emit_ethernet(0x0, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x2a, 0x0, &(0x7f0000000280))
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
socket(0x10, 0x3, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x89901)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000001ec0)={0x0, 0x0})
ioctl$VT_DISALLOCATE(r3, 0x5608)
ioctl$PIO_UNIMAP(r3, 0x4b67, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x10241, 0x0)

1.475372612s ago: executing program 4 (id=9049):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000040)=0x1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c)
recvmmsg(r0, &(0x7f00000007c0), 0x10, 0x0, 0x0)

1.245390464s ago: executing program 0 (id=9050):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@newtaction={0x98, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x4, r3}}]}, {0x4}, {0xc}, {0xc}}}, @m_csum={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0)

1.157002334s ago: executing program 1 (id=9051):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
socket$rds(0x15, 0x5, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040))
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2000000, 0x0)

1.156542584s ago: executing program 1 (id=9052):
mlock(&(0x7f0000741000/0x4000)=nil, 0x4000)
mbind(&(0x7f0000ba4000/0x2000)=nil, 0x2000, 0x8000, 0x0, 0x2a05, 0xd)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000280))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000380)={0x60, 0x2, &(0x7f0000741000/0x3000)=nil, &(0x7f0000743000/0x3000)=nil, 0x0, &(0x7f00000002c0)=[{0x4, 0x7, 0x2}, {0x8, 0x16}, {0x4, 0x9, 0x6}], 0x3, 0x3, 0x0, 0x5e, 0x41, 0x3})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
mlockall(0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc7d7}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
pivot_root(0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)

1.112352924s ago: executing program 1 (id=9053):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000110"], 0x48)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000380)='./file0\x00', 0x800804, &(0x7f0000000640)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c757466383d312c73686f72746e616d653d6c6f7765722c636865636b3d72656c617865642c726f6469722c726f6469722c757466383d302c74696d655f6f66667365743d3078666666666666666666666666666632382c636f6465706167653d3835372c6e6f6e756d7461696c3d302c696f636861727365743d6b6f69382d72752c73686f72746e616d653d77696e39352c73686f72746e616d653d6d697865642c747a3d5554432c00b6638b2365bfce5edff2d3206c0f3ff8c1bfe859ee824ff85d7690d773272154164bea29b754d1a2e184"], 0x1, 0x276, &(0x7f00000003c0)="$eJzs3UFqG1cYB/BvLMmW2oW06KoUPNAuujJ2T2BTXCg1FFq0aLtoTS1DsYTBBkGTEMWrnCAnyHmyCblADpCQXbwwmSDPSFbCyEaJbJnk99vo8d77z/vezCCtZvTPN72DvcPj/ZN7z6NeT2JpMzbjNIlWLMXIgyj17GV5PwBwy51mWbzKciulM2pTktWlay0MALg2k7//i64FALgZv//x5y9bOzvbv6VpPaL3sN9OIv/Mx7f247/oRifWoxlnEdlY3v7p553tqKZDrfiuN+i3h8ne30+K42+9iDjPb0QzWuX5jTQ3kR/027X4olh/sxudXx9HM74qz/9Qko/2cnz/7UT9a9GMp//GYXRjr6htlL+/kaY/Zo9e3/1r2DvMJ4N+e2U8r5hdudELAwAAAAAAAAAAAAAAAAAAAADAJ20tHWu9+/6dytn5+Nq08Tw/7f1Ag4n386ynaZol+fyLfDW+rkZ1kXsHAAAAAAAAAAAAAAAAAACA2+L4/zsHu91u52iujdFj/SVD8Waea63OmopKUVo3iZhtrVqRvHpyZcZdNIb1dI6SaszvEiTjnsbk0Grkaw17GnljouejV6/HeWN0dx3sJnFFql52k8yhkZXcfpWpqeX3exrFDkomNy5ZffnLD6o5a04ZSiKiNj6Zlx+nNt9zeFPfQAAAAAAAAAAAAAAAAAAAwMjFQ78lgycLKAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFuDi//9naAyK8LQ5WWXYqEbRs+AtAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Bl4GwAA//95LWni")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)="35cb1f", 0x3, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r5, 0xfffffffffffffffb, 0xffffffffffffffff, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00'})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)

935.669465ms ago: executing program 0 (id=9054):
mkdir(0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800006, @void, @value}, 0x94)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x7, <r0=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000000))
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
readv(r2, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
pwrite64(r4, &(0x7f0000000080)='3', 0x1, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000000), &(0x7f00000005c0)=r7}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000)
connect$unix(0xffffffffffffffff, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)

935.351245ms ago: executing program 4 (id=9055):
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001f40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r2}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r3, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r5, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f00000003c0)={0x0, 0x0, 0x1, "a9"}, 0x9)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r0, &(0x7f0000000480)="0c268a927f1f65a8974895abeaf401000000000000c3a9d425a38676758044ab4ea639b322da72f7bbfe7511bf766bec2bc22600"/67, 0x994b6e03113064ae, 0xce9d32186c4c8c5, 0x0, 0x2)
r6 = socket$l2tp(0x2, 0x2, 0x73)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4000, @loopback}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f00000058c0)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000004780)=""/4107, 0x100b}], 0x1}}, {{&(0x7f0000000300)=@qipcrtr, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000640)=""/204, 0xcc}, {&(0x7f0000000800)=""/220, 0xdc}, {&(0x7f00000010c0)=""/72, 0x48}, {&(0x7f0000001300)=""/159, 0x9f}, {&(0x7f0000000280)=""/27, 0x1b}, {&(0x7f00000009c0)=""/142, 0x8e}], 0x6, &(0x7f0000000500)=""/82, 0x52}, 0xc}, {{&(0x7f0000000b80)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000001140)=[{&(0x7f0000000400)=""/11, 0xb}, {&(0x7f00000005c0)=""/21, 0x15}, {&(0x7f0000000c00)=""/238, 0xee}, {&(0x7f0000000d00)=""/255, 0xff}, {&(0x7f0000000e00)=""/97, 0x61}, {&(0x7f0000000740)=""/44, 0x2c}, {&(0x7f0000000e80)=""/175, 0xaf}, {&(0x7f0000000f40)=""/199, 0xc7}, {&(0x7f0000001040)=""/16, 0x10}], 0x9, &(0x7f0000001080)=""/1, 0x1}, 0xc9}, {{&(0x7f0000000900)=@tipc=@id, 0x80, &(0x7f0000000980)=[{&(0x7f00000013c0)=""/248, 0xf8}], 0x1, &(0x7f0000000b00)=""/80, 0x50}, 0x218}, {{&(0x7f00000014c0)=@alg, 0x80, &(0x7f0000001880)=[{&(0x7f0000001540)=""/149, 0x95}, {&(0x7f0000001600)=""/162, 0xa2}, {&(0x7f00000016c0)=""/249, 0xf9}, {&(0x7f00000017c0)=""/10, 0xa}, {&(0x7f0000001800)=""/72, 0x48}], 0x5, &(0x7f0000001900)=""/159, 0x9f}, 0x3e1c}, {{&(0x7f00000019c0)=@ieee802154, 0x80, &(0x7f0000001bc0)=[{&(0x7f0000001a40)=""/154, 0x9a}, {0x0}, {&(0x7f0000002000)=""/4096, 0x1000}], 0x3, &(0x7f0000001c00)=""/67, 0x43}, 0x2}, {{0x0, 0x0, &(0x7f00000032c0)=[{&(0x7f0000001d80)=""/193, 0xc1}, {&(0x7f0000001e80)=""/26, 0x1a}, {&(0x7f0000003100)=""/244, 0xf4}, {&(0x7f0000001ec0)=""/20, 0x14}], 0x4, &(0x7f0000001f00)=""/30, 0x1e}, 0x80}, {{&(0x7f0000003340), 0x80, &(0x7f0000004680)=[{&(0x7f00000033c0)=""/59, 0x3b}, {&(0x7f0000003400)}, {&(0x7f0000003440)}, {&(0x7f0000003480)=""/135, 0x87}, {&(0x7f0000003540)=""/236, 0xec}, {&(0x7f0000003640)=""/42, 0x2a}, {&(0x7f0000003680)=""/4096, 0x1000}], 0x7, &(0x7f00000057c0)=""/248, 0xf8}, 0x81}], 0x8, 0x0, 0x0)
connect$inet(r6, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1fffffff, 0x0, 0x0, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

903.684795ms ago: executing program 2 (id=9056):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000200020850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='rss_stat\x00', r0}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x1200, 0x0, 0x3)
socket$inet6_dccp(0xa, 0x6, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$rds(0x15, 0x5, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xf7, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f008000de0ffff00184000633c77fbac141412e000002062079f4b4d2f87e5feca6aab845013f2325f1a3903050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff40000", 0x0, 0xfe, 0x60000000, 0x3f, 0x51, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f90931dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x410c}, {0x4c, 0x14, {0xfffffff0, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, &(0x7f0000000040))
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="6400000002060103000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a31000000001800078005000300000000000c00018008000100ac14140005000500020000000500010006"], 0x64}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
read(0xffffffffffffffff, &(0x7f0000000040)=""/148, 0xffffff96)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

708.891876ms ago: executing program 3 (id=9057):
capset(&(0x7f0000000080)={0x20071026}, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext3\x00', &(0x7f0000000180)='./bus\x00', 0x200000, &(0x7f00000005c0)={[{@barrier_val={'barrier', 0x3d, 0x101}}, {@nodioread_nolock}]}, 0x1, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRES64=<r1=>0xffffffffffffffff, @ANYRES64, @ANYBLOB="e63dd1a8818da7c6461510ed44518ed193e4942b4c684d6c8b48ddb44f518d49dbc9575b98fee166d15d5e36876aa229b26a87a3234ba19b56ac7c3dc38e8face2a0d772a99c92a1b94bbadd3a80000000000000005aa7ba3e98cd0f53898b5c6acbda2ad0356dd6ac64dc026ef3ccf6a453060c6b57250e482ad560da3904b33287fb096492c4b179da930b", @ANYRESOCT, @ANYRES16, @ANYBLOB="01f53dd44df1d4ba5bc552eb9ee32637103a04d08fe62668405bd89120b4f2eaf4449d9d526062bf6d6e79d5567ad5748cbae0f0f985a79f246ff234542788adc4f5dd33d4e2b149a68dfc3f9018098540444ea2d8fb3b07015ad4064019525d8040ededb1717c814cd06e6bc09a0f4b9149c37bcec0af10d7f6288b6b256e27fb11e5cb79e4698c5f5e3714e4e8dd1129953c824ecbf11a25edf09476bf548289bf24ee429912d93febbddf9fe976a8fc6cf8cee0cdd1b7684dbb8fd3b2e1c32fbfb1f511b8e96c6a1a97eac1482a853e7be0bd4c4754cea9cd65a47deea6f4562fffb3bac43d4bb76bee25b1e9cd317a2424f5c5360cac56"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000900000000000000002000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x3, @empty, 0x1}, 0x1c)
listen(0xffffffffffffffff, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x2000000, 0x0, 0x0, 0xf, "ff00f7000000000000000000af88008300"})
r3 = syz_open_pts(r0, 0x141601)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
write(r3, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0xfffffffc, 0x0, 0x0, "682341f2fd71a6a76177920ea7e60c0ac7a4a5"})

615.970297ms ago: executing program 4 (id=9058):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x8, &(0x7f0000000140), 0x5, 0x4c9, &(0x7f0000000540)="$eJzs3ctrW1caAPBPUuzYjmfymGFIMjAJZCDzIJYfDLFnBoZZzcwiMExgNjOQurbippYtY8lpbLJw2l0WXZSWFkoX3fcv6KZZNRRK1y3dli5KSpu60AcFFV1JiR+So6aO1Pj+fqDo3HNv9J0j8R1fnXuvbgCpdbr2TyZiOCLei4jD9cWtG5yuP23cvT5Te2SiWr34WSbZrrbc3LT5/w5FxHpEDETEf/4R8WRmZ9zy6tr8dLFYWG4s5ysLS/ny6tq5KwvTc4W5wuLY5PmpqcnRifGpPevrzeefvnnhzX/1v/HVc3duv/D2W7VmDTfWbe7HXqp3vS+Obqo7EBF/fRTBeiDX6M9grxvCQ6l9fr+IiDNJ/h+OXPJpAmlQrVar31UPtlu9XgX2rWyyD5zJjkREvZzNjozU9+F/GUPZYqlc+ePl0sribH1f+Uj0ZS9fKRZGG98VjkRfprY8lpTvL49vW56ISPaBX8wNJssjM6XibHeHOmCbQ9vy/8tcPf+BlPCVH9JL/kN6yX9IL/kP6SX/Ib3kP6SX/If0kv+QXvIf0kv+Q3rtlv/9XWwH0FX/vnCh9qg2r3+fvbq6Ml+6em62UJ4fWViZGZkpLS+NzJVKc8k1OwsPer1iqbQ09qdYuZavFMqVfHl17dJCaWWxcim5rv9Soa8rvQI6cfTUrQ8yEbH+58HkEZv+5MtV2N+q1Uz0+hpkoDdyvR6AgJ4x9Q/p9QO+47f9kTDg8dbiJ3q3GGhd/bdYehStAboh2+sGAD1z9oTjf5BW5v8hvcz/Q3rZxwcecv4/zP/D48v8P6TXcJv7f/1s0727RiPi5xHxfq7vYPNeX8B+kP0k09j/P3v4t8Pb1/Znvk4OEfRHxDOvXnz52nSlsjxWq/98sFlfeaVRP96L9gOdauZpM48BgPTauHt9pvnoZtxP/14/CWFn/AONucmB5Bjl0EZmy7kKmT06d2H9RkQcbxU/07jfef3Ix9BGbkf8Y43nTP0lkvYeSO6b3p34JzbF/82m+CeTLb79ke8M7H+3auPPaKv8yyY5Hffyb+v4M7xH5060H/+y98a/XJvx71SHMZ567dmP28a/EXGyZfxmvIEk1vb4tbad7TD+nf//91ft1lVfr79Oq/hNtVK+srCUL6+unUt+R26usDg2eX5qanJ0Ynwqn8xR55sz1Tv95fi7t3fr/1Cb+PX+ftiy/7W633fY/29+/c7/Tu8S/3dnWn/+x5Ln1u//YET8ocP4X4x/9ES7dbX4s236n90lfq1uosP45Zf+6dphAPgJKa+uzU8Xi4VlBQUFhXuFB40c690ZoIBH5n7S97olAAAAAAAAAAAAQKe6cTpxr/sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAffB8AAP//WQzY+g==")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_open_dev$usbmon(&(0x7f0000000280), 0xda0f, 0x8440)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002600)=@newlink={0x34, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r4}, 0x10)
sendmsg$unix(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmmsg(r3, &(0x7f0000001140), 0x700, 0x2, 0x0)
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)

371.363748ms ago: executing program 4 (id=9059):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000000)=0x13)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f00000002c0)={0x6, 0x8001})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x1}})
write(r0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000580)=ANY=[@ANYRESHEX=r2, @ANYRES16=r5, @ANYRES64=r3, @ANYRES32=r5, @ANYRESDEC=r0, @ANYRES64, @ANYRESDEC=r6, @ANYRESOCT=r6], &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x7)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'macvlan0\x00'})
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0x53)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r10 = io_uring_setup(0x2375, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS2(r10, 0xf, &(0x7f0000000440)={0x2, 0x0, 0x0, &(0x7f0000000540)=[{0x0}, {0x0}], 0x0}, 0x20)
r11 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r11, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r10, 0x10, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001940)=[{0x0}, {0x0}], &(0x7f0000001980)=[0x0, 0x1f], 0x2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r9}, 0x10)
sendmsg$NFT_BATCH(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e6430"], 0x4b0}, 0x1, 0x0, 0x0, 0x44}, 0x0)

171.621269ms ago: executing program 1 (id=9060):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./bus\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x36c, &(0x7f00000023c0)="$eJzs3c9rK1UUwPGTNMlL8nhNFqIoSC++jW6GNroWg7wHQsBHXyO2gjBtJxoyJmUmVCNi25Vbce9KcFG6s+CioP0HunGnGxHcdSO4sAt1ZH4lk2SSpjE1vvb7gZKbe++Z3Jt7C2fSTub87c8/aNRsraa3JZlVkhARuRApSlJCieAx6ZUzErUvL939/cfnH69Xs36Felhee7mklFpc+u7DT3JBt5M7clZ89/y30q9nT589e/732vt1W9Vt1Wy1la42Wz+39U3TUNt1u6Ep9cg0dNtQ9aZtWH77N8FxzNbOTkfpze17+R3LsG2lNzuqYXRUu6XaVkfp7+n1ptI0Td3Lyzjpsa23RfVwdVUvTxm8NePB4JpYlqMviEhuqKV6OJcBAQCAuRrM/5NuSj9N/r8hi5XKg1Xldu7l/0cvnLbvvnW8GOT/J5m4/P+Vn/xj9eX/7ulEL/9v+ecHtcvz/y9lovzfN5wR3S5T5//FaxgMprOUGapK9D2zrLKeD35/PQfvHC17BfJ/AAAAAAAAAAAAAAAAAAAAAACeBBeOU3AcpxA+hj+9SwiC57iRsiPW/47b5q6+w/rfZI/XNyTrXbjnrrH52W51t+o/Bh1ORcQU4y9nkLs3wiuPlKso35t7QfzebnXBaynXpO7Gy4oUpOjtp0i84zx8o/JgRfmC+O5lSvlofEkK8lQ0/ltvd7rxpf744PUz8uL9SLwmBflhS1piyrYX2Xv9T1eUev3NykB8zusnIr/854sCAAAAAMCMaaor9vxd00a1+98yUq55HxMZsiwF+TP+/H459vw8VXguNe/ZAwAAAABwO9idjxu6JA3LK5hmXCEnI5viC7mrdE711aRFJLZzZqAmPe7IC5EZTjgMPSP+HUyuNNOYwlfhu3qVqPAfKdyBd5uCO6rIdOMJ5+/VJFLTTsc0E/vibYD9aFNSJghPDQ5+ya1QsZ3vjzzOQTCRbk34sVFmxPssj4aPkxyzE9JDNU5iug3wzBdf//Fv90+v8OpxsAM+urzzgWk4ezLJogwU3JcYbuL2OAAAAMAN1Ev6w5rXos3RG4lEb5bDX+4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJihmXxR2SWFec8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+L/4JwAA//94DPMO")
r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x8, 0x7fff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
io_setup(0x200, &(0x7f0000000140)=<r5=>0x0)
r6 = open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x0)
write$binfmt_script(r6, &(0x7f0000000080), 0x208e24b)
io_submit(r5, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r3, &(0x7f0000000000), 0x77000, 0xfff0}])

37.4232ms ago: executing program 0 (id=9061):
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001f40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r2}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r3, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r5, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f00000003c0)={0x0, 0x0, 0x1, "a9"}, 0x9)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r0, &(0x7f0000000480)="0c268a927f1f65a8974895abeaf401000000000000c3a9d425a38676758044ab4ea639b322da72f7bbfe7511bf766bec2bc22600"/67, 0x994b6e03113064ae, 0xce9d32186c4c8c5, 0x0, 0x2)
r6 = socket$l2tp(0x2, 0x2, 0x73)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4000, @loopback}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f00000058c0)=[{{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000004780)=""/4107, 0x100b}], 0x1}}, {{&(0x7f0000000300)=@qipcrtr, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000640)=""/204, 0xcc}, {&(0x7f0000000800)=""/220, 0xdc}, {&(0x7f00000010c0)=""/72, 0x48}, {&(0x7f0000001300)=""/159, 0x9f}, {&(0x7f0000000280)=""/27, 0x1b}, {&(0x7f00000009c0)=""/142, 0x8e}], 0x6, &(0x7f0000000500)=""/82, 0x52}, 0xc}, {{&(0x7f0000000b80)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000001140)=[{&(0x7f0000000400)=""/11, 0xb}, {&(0x7f00000005c0)=""/21, 0x15}, {&(0x7f0000000c00)=""/238, 0xee}, {&(0x7f0000000d00)=""/255, 0xff}, {&(0x7f0000000e00)=""/97, 0x61}, {&(0x7f0000000740)=""/44, 0x2c}, {&(0x7f0000000e80)=""/175, 0xaf}, {&(0x7f0000000f40)=""/199, 0xc7}, {&(0x7f0000001040)=""/16, 0x10}], 0x9, &(0x7f0000001080)=""/1, 0x1}, 0xc9}, {{&(0x7f0000000900)=@tipc=@id, 0x80, &(0x7f0000000980)=[{&(0x7f00000013c0)=""/248, 0xf8}], 0x1, &(0x7f0000000b00)=""/80, 0x50}, 0x218}, {{&(0x7f00000014c0)=@alg, 0x80, &(0x7f0000001880)=[{&(0x7f0000001540)=""/149, 0x95}, {&(0x7f0000001600)=""/162, 0xa2}, {&(0x7f00000016c0)=""/249, 0xf9}, {&(0x7f00000017c0)=""/10, 0xa}, {&(0x7f0000001800)=""/72, 0x48}], 0x5, &(0x7f0000001900)=""/159, 0x9f}, 0x3e1c}, {{&(0x7f00000019c0)=@ieee802154, 0x80, &(0x7f0000001bc0)=[{&(0x7f0000001b00)=""/156, 0x9c}, {&(0x7f0000002000)=""/4096, 0x1000}], 0x2, &(0x7f0000001c00)=""/67, 0x43}, 0x2}, {{0x0, 0x0, &(0x7f00000032c0)=[{&(0x7f0000001d80)=""/193, 0xc1}, {&(0x7f0000001e80)=""/26, 0x1a}, {&(0x7f0000003100)=""/244, 0xf4}, {&(0x7f0000001ec0)=""/20, 0x14}], 0x4, &(0x7f0000001f00)=""/30, 0x1e}, 0x80}, {{&(0x7f0000003340), 0x80, &(0x7f0000004680)=[{&(0x7f00000033c0)=""/59, 0x3b}, {&(0x7f0000003400)}, {&(0x7f0000003440)}, {&(0x7f0000003480)=""/135, 0x87}, {&(0x7f0000003540)=""/236, 0xec}, {&(0x7f0000003640)=""/42, 0x2a}, {&(0x7f0000003680)=""/4096, 0x1000}], 0x7, &(0x7f00000057c0)=""/248, 0xf8}, 0x81}], 0x8, 0x0, 0x0)
connect$inet(r6, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x8404, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1fffffff, 0x0, 0x0, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

0s ago: executing program 1 (id=9062):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000faffffffb703000008400000b70600000000feff850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000040), &(0x7f0000000080)=0x8)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x2f, 0xca, 0x10, 0x5, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x42}, 0x700, 0x0, 0x100000, 0x401}})
r4 = syz_open_dev$sg(&(0x7f0000000440), 0x0, 0x2001)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000040)=ANY=[])
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000280)={0x0, 0xfe, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}}, 0x0)

kernel console output (not intermixed with test programs):

pen!! Data will be lost
[  527.687389][T26054] 
[  527.721881][   T29] audit: type=1326 audit(527.706:25696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26068 comm="syz.3.8360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2752be819 code=0x7ffc0000
[  527.766954][T26069] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8360'.
[  527.806092][T26071] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  527.892988][T26077] loop0: detected capacity change from 0 to 4096
[  527.893591][T26080] pim6reg1: entered promiscuous mode
[  527.904961][T26080] pim6reg1: entered allmulticast mode
[  527.936432][T26061] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  528.449015][T26096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  528.457602][T26096] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  528.470039][T26096] loop4: detected capacity change from 0 to 512
[  528.487579][T26096] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  528.495691][T26096] System zones: 0-2, 18-18, 34-34
[  528.501577][T26096] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.8370: bg 0: block 248: padding at end of block bitmap is not set
[  528.518357][T26096] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.8370: Failed to acquire dquot type 1
[  528.531034][T26096] EXT4-fs (loop4): 1 truncate cleaned up
[  528.577529][T26105] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8373'.
[  528.686584][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  528.764722][T26127] loop0: detected capacity change from 0 to 2048
[  528.786866][T26127] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.8383: bg 0: block 234: padding at end of block bitmap is not set
[  528.801546][T26127] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 117
[  528.813949][T26127] EXT4-fs (loop0): This should not happen!! Data will be lost
[  528.813949][T26127] 
[  528.901606][T26132] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  528.916901][T26134] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8385'.
[  529.069534][T26146] loop1: detected capacity change from 0 to 128
[  529.077197][T26146] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  529.130916][T26146] syz.1.8390: attempt to access beyond end of device
[  529.130916][T26146] loop1: rw=2049, sector=216, nr_sectors = 1 limit=128
[  529.144544][T26146] Buffer I/O error on dev loop1, logical block 216, lost async page write
[  529.155353][T26146] syz.1.8390: attempt to access beyond end of device
[  529.155353][T26146] loop1: rw=2049, sector=217, nr_sectors = 824 limit=128
[  529.599112][T26155] loop4: detected capacity change from 0 to 512
[  529.726627][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  529.776438][T26165] loop0: detected capacity change from 0 to 2048
[  529.835281][   T51] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  529.837363][T26170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  529.862725][T26165]  loop0: p1 < > p4
[  529.863483][T26165] loop0: p4 size 8388608 extends beyond EOD, truncated
[  529.891813][T26170] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  529.914467][T26172] ALSA: seq fatal error: cannot create timer (-16)
[  529.949133][T26180] ALSA: seq fatal error: cannot create timer (-16)
[  529.970232][T26183] loop3: detected capacity change from 0 to 2048
[  529.992988][T26183] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.8405: bg 0: block 234: padding at end of block bitmap is not set
[  530.009621][T26183] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 117
[  530.022216][T26183] EXT4-fs (loop3): This should not happen!! Data will be lost
[  530.022216][T26183] 
[  530.047584][T21040] EXT4-fs unmount: 44 callbacks suppressed
[  530.047605][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.098671][T26176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  530.125829][T26176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  530.153873][T26176] loop1: detected capacity change from 0 to 512
[  530.163970][T26195] loop3: detected capacity change from 0 to 128
[  530.172109][T26195] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  530.225581][T26195] syz.3.8407: attempt to access beyond end of device
[  530.225581][T26195] loop3: rw=2049, sector=216, nr_sectors = 1 limit=128
[  530.239089][T26195] Buffer I/O error on dev loop3, logical block 216, lost async page write
[  530.249577][T26195] syz.3.8407: attempt to access beyond end of device
[  530.249577][T26195] loop3: rw=2049, sector=217, nr_sectors = 824 limit=128
[  530.382692][T26176] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  530.391238][T26176] System zones: 0-2, 18-18, 34-34
[  530.398402][T26176] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.8402: bg 0: block 248: padding at end of block bitmap is not set
[  530.416438][T26176] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.8402: Failed to acquire dquot type 1
[  530.432195][T26176] EXT4-fs (loop1): 1 truncate cleaned up
[  530.439092][T26176] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  530.548193][T26200] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  530.704308][T26206] loop4: detected capacity change from 0 to 512
[  530.728651][T26206] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  530.766585][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  530.819706][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.821825][T26210] __nla_validate_parse: 1 callbacks suppressed
[  530.821910][T26210] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8412'.
[  530.877238][T26212] loop4: detected capacity change from 0 to 2048
[  530.890451][T26212] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  530.939966][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  530.982149][ T3336] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  531.015279][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  531.410130][T26237] loop3: detected capacity change from 0 to 128
[  531.749590][T26237] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  531.789260][T26234] syz.3.8421: attempt to access beyond end of device
[  531.789260][T26234] loop3: rw=2049, sector=216, nr_sectors = 1 limit=128
[  531.802750][T26234] Buffer I/O error on dev loop3, logical block 216, lost async page write
[  531.806562][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  531.812522][T26234] syz.3.8421: attempt to access beyond end of device
[  531.812522][T26234] loop3: rw=2049, sector=217, nr_sectors = 824 limit=128
[  531.825992][T26233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  531.833153][T26236] loop0: detected capacity change from 0 to 128
[  531.842423][T26233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  531.855631][T26236] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  531.966140][T26243] ALSA: seq fatal error: cannot create timer (-16)
[  531.992948][T26245] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8424'.
[  532.168708][   T29] kauditd_printk_skb: 345 callbacks suppressed
[  532.168724][   T29] audit: type=1400 audit(532.156:26038): avc:  denied  { relabelfrom } for  pid=26246 comm="syz.1.8425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  532.194405][   T29] audit: type=1400 audit(532.156:26039): avc:  denied  { relabelto } for  pid=26246 comm="syz.1.8425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  532.215577][   T11] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  532.250289][T26253] ALSA: seq fatal error: cannot create timer (-16)
[  532.321186][T26257] FAULT_INJECTION: forcing a failure.
[  532.321186][T26257] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  532.334283][T26257] CPU: 1 UID: 0 PID: 26257 Comm: syz.1.8427 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  532.344717][T26257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  532.354874][T26257] Call Trace:
[  532.358176][T26257]  <TASK>
[  532.361129][T26257]  dump_stack_lvl+0xf2/0x150
[  532.365768][T26257]  dump_stack+0x15/0x20
[  532.368557][T26259] loop3: detected capacity change from 0 to 4096
[  532.370014][T26257]  should_fail_ex+0x223/0x230
[  532.381105][T26257]  should_fail+0xb/0x10
[  532.385287][T26257]  should_fail_usercopy+0x1a/0x20
[  532.390425][T26257]  _copy_from_user+0x1e/0xb0
[  532.395055][T26257]  get_user_ifreq+0x8c/0x160
[  532.399663][T26257]  sock_do_ioctl+0xc6/0x260
[  532.404206][T26257]  sock_ioctl+0x46a/0x640
[  532.408602][T26257]  ? __pfx_sock_ioctl+0x10/0x10
[  532.413469][T26257]  __se_sys_ioctl+0xc9/0x140
[  532.418150][T26257]  __x64_sys_ioctl+0x43/0x50
[  532.422852][T26257]  x64_sys_call+0x1690/0x2dc0
[  532.427627][T26257]  do_syscall_64+0xc9/0x1c0
[  532.432190][T26257]  ? clear_bhb_loop+0x55/0xb0
[  532.436963][T26257]  ? clear_bhb_loop+0x55/0xb0
[  532.441720][T26257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.447704][T26257] RIP: 0033:0x7fbcb092e819
[  532.452188][T26257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.471832][T26257] RSP: 002b:00007fbcaefa1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  532.480327][T26257] RAX: ffffffffffffffda RBX: 00007fbcb0ae5fa0 RCX: 00007fbcb092e819
[  532.488335][T26257] RDX: 0000000020000080 RSI: 0000000000008943 RDI: 0000000000000008
[  532.496323][T26257] RBP: 00007fbcaefa1090 R08: 0000000000000000 R09: 0000000000000000
[  532.504333][T26257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.512317][T26257] R13: 0000000000000000 R14: 00007fbcb0ae5fa0 R15: 00007ffe777bd638
[  532.520362][T26257]  </TASK>
[  532.544415][T26262] FAULT_INJECTION: forcing a failure.
[  532.544415][T26262] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  532.557562][T26262] CPU: 0 UID: 0 PID: 26262 Comm: syz.4.8430 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  532.568007][T26262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  532.578112][T26262] Call Trace:
[  532.581432][T26262]  <TASK>
[  532.584442][T26262]  dump_stack_lvl+0xf2/0x150
[  532.589075][T26262]  dump_stack+0x15/0x20
[  532.593336][T26262]  should_fail_ex+0x223/0x230
[  532.598087][T26262]  should_fail+0xb/0x10
[  532.602274][T26262]  should_fail_usercopy+0x1a/0x20
[  532.607456][T26262]  _copy_from_user+0x1e/0xb0
[  532.612109][T26262]  copy_msghdr_from_user+0x54/0x2a0
[  532.617338][T26262]  ? __fget_files+0x17c/0x1c0
[  532.622096][T26262]  __sys_sendmsg+0x13e/0x230
[  532.626744][T26262]  __x64_sys_sendmsg+0x46/0x50
[  532.631530][T26262]  x64_sys_call+0x2734/0x2dc0
[  532.636313][T26262]  do_syscall_64+0xc9/0x1c0
[  532.640895][T26262]  ? clear_bhb_loop+0x55/0xb0
[  532.645610][T26262]  ? clear_bhb_loop+0x55/0xb0
[  532.650437][T26262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.656510][T26262] RIP: 0033:0x7f54465ee819
[  532.660936][T26262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.680606][T26262] RSP: 002b:00007f5444c67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  532.684600][T26259] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  532.689094][T26262] RAX: ffffffffffffffda RBX: 00007f54467a5fa0 RCX: 00007f54465ee819
[  532.689113][T26262] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[  532.689130][T26262] RBP: 00007f5444c67090 R08: 0000000000000000 R09: 0000000000000000
[  532.725590][T26262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  532.733644][T26262] R13: 0000000000000000 R14: 00007f54467a5fa0 R15: 00007ffe5cc874a8
[  532.741618][T26262]  </TASK>
[  532.745024][T21711] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  532.792101][   T29] audit: type=1326 audit(532.776:26040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26268 comm="syz.0.8428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c4df1e819 code=0x7ffc0000
[  532.817775][   T29] audit: type=1326 audit(532.776:26041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26268 comm="syz.0.8428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c4df1e819 code=0x7ffc0000
[  532.840879][   T29] audit: type=1326 audit(532.776:26042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26268 comm="syz.0.8428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f0c4df1e819 code=0x7ffc0000
[  532.863895][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  532.870924][   T29] audit: type=1326 audit(532.776:26043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26268 comm="syz.0.8428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c4df1e819 code=0x7ffc0000
[  532.875989][T26277] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8435'.
[  532.910037][   T29] audit: type=1326 audit(532.836:26044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26273 comm="syz.2.8434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  532.933607][   T29] audit: type=1326 audit(532.836:26045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26273 comm="syz.2.8434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  532.956686][   T29] audit: type=1326 audit(532.836:26046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26266 comm="syz.1.8432" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbcb092e819 code=0x0
[  532.979227][   T29] audit: type=1326 audit(532.836:26047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26273 comm="syz.2.8434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  533.006307][T26281] loop4: detected capacity change from 0 to 128
[  533.033418][T26281] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  533.091724][T26281] syz.4.8433: attempt to access beyond end of device
[  533.091724][T26281] loop4: rw=2049, sector=216, nr_sectors = 1 limit=128
[  533.105291][T26281] Buffer I/O error on dev loop4, logical block 216, lost async page write
[  533.115639][T26281] syz.4.8433: attempt to access beyond end of device
[  533.115639][T26281] loop4: rw=2049, sector=217, nr_sectors = 824 limit=128
[  533.142743][T26280] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  533.247180][T26286] loop0: detected capacity change from 0 to 256
[  533.254378][T26286] vfat: Bad value for 'time_offset'
[  533.629247][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  533.715284][T26288] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8436'.
[  533.886579][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  533.986800][T16300] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  534.135419][T26322] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8448'.
[  534.344639][T26332] loop0: detected capacity change from 0 to 512
[  534.379690][T26332] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  534.472076][T18301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  534.485631][T26344] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  534.926578][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  535.158961][T26351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  535.182834][T26351] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  535.227839][T26366] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  535.243836][T26367] loop1: detected capacity change from 0 to 128
[  535.255170][T26367] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  535.296310][T26369] pim6reg1: entered promiscuous mode
[  535.301812][T26369] pim6reg1: entered allmulticast mode
[  535.326203][T26371] pim6reg1: entered promiscuous mode
[  535.332555][T26371] pim6reg1: entered allmulticast mode
[  535.561108][T26381] loop3: detected capacity change from 0 to 128
[  535.570853][T26381] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  535.637388][T26381] syz.3.8469: attempt to access beyond end of device
[  535.637388][T26381] loop3: rw=2049, sector=216, nr_sectors = 1 limit=128
[  535.650874][T26381] Buffer I/O error on dev loop3, logical block 216, lost async page write
[  535.661625][T26381] syz.3.8469: attempt to access beyond end of device
[  535.661625][T26381] loop3: rw=2049, sector=217, nr_sectors = 824 limit=128
[  535.967234][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  536.410383][T26399] pim6reg1: entered promiscuous mode
[  536.415725][T26399] pim6reg1: entered allmulticast mode
[  536.491040][T21711] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  536.535126][T26405] loop1: detected capacity change from 0 to 512
[  536.546103][T26402] batman_adv: batadv0: Adding interface: dummy0
[  536.552460][T26402] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.580040][T26405] EXT4-fs: Ignoring removed nobh option
[  536.585692][T26405] EXT4-fs: Ignoring removed nobh option
[  536.594121][T26405] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  536.614737][T26405] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.8473: invalid indirect mapped block 2683928664 (level 1)
[  536.631692][T26402] batman_adv: batadv0: Interface activated: dummy0
[  536.644786][T26405] EXT4-fs (loop1): 1 truncate cleaned up
[  536.650979][   T11] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  536.666172][T26405] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  536.694460][T26416] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8483'.
[  536.700048][T26414] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  536.744644][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  536.940634][T26418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  536.949766][T26418] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  536.960990][T26425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  536.983204][T26418] loop0: detected capacity change from 0 to 512
[  536.995756][T26425] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  537.006564][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  537.047539][T26418] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  537.076149][T26418] System zones: 0-2, 18-18, 34-34
[  537.083797][T26429] loop4: detected capacity change from 0 to 512
[  537.091084][T26418] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.8484: bg 0: block 248: padding at end of block bitmap is not set
[  537.116220][T26429] EXT4-fs: Mount option(s) incompatible with ext3
[  537.133945][T26418] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.8484: Failed to acquire dquot type 1
[  537.164007][T26418] EXT4-fs (loop0): 1 truncate cleaned up
[  537.279184][T26418] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  537.449490][T26436] loop1: detected capacity change from 0 to 1024
[  537.456162][T26436] EXT4-fs: Ignoring removed nobh option
[  537.468236][T26436] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  537.503263][   T29] kauditd_printk_skb: 152 callbacks suppressed
[  537.503281][   T29] audit: type=1326 audit(537.486:26198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26435 comm="syz.1.8487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcb092e819 code=0x7ffc0000
[  537.532661][   T29] audit: type=1326 audit(537.486:26199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26435 comm="syz.1.8487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcb092e819 code=0x7ffc0000
[  537.555752][   T29] audit: type=1326 audit(537.486:26200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26435 comm="syz.1.8487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbcb092e819 code=0x7ffc0000
[  537.578767][   T29] audit: type=1326 audit(537.486:26201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26435 comm="syz.1.8487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcb092e819 code=0x7ffc0000
[  537.601810][   T29] audit: type=1326 audit(537.486:26202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26435 comm="syz.1.8487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcb092e819 code=0x7ffc0000
[  537.624876][   T29] audit: type=1326 audit(537.486:26203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26435 comm="syz.1.8487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbcb092e819 code=0x7ffc0000
[  537.647972][   T29] audit: type=1326 audit(537.516:26204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26435 comm="syz.1.8487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcb092e819 code=0x7ffc0000
[  537.652741][T26443] pim6reg1: entered promiscuous mode
[  537.671118][   T29] audit: type=1326 audit(537.516:26205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26435 comm="syz.1.8487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcb092e819 code=0x7ffc0000
[  537.671161][   T29] audit: type=1326 audit(537.516:26206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26435 comm="syz.1.8487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbcb092e819 code=0x7ffc0000
[  537.676460][T26443] pim6reg1: entered allmulticast mode
[  537.699579][   T29] audit: type=1326 audit(537.516:26207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26435 comm="syz.1.8487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcb092e819 code=0x7ffc0000
[  537.753557][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  537.778958][T26445] loop1: detected capacity change from 0 to 2048
[  537.789997][T26445] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  537.805995][T26445] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.8492: bg 0: block 234: padding at end of block bitmap is not set
[  537.823061][T26445] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 117
[  537.835529][T26445] EXT4-fs (loop1): This should not happen!! Data will be lost
[  537.835529][T26445] 
[  537.859813][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  537.931670][T26459] loop4: detected capacity change from 0 to 512
[  537.939865][T26459] EXT4-fs: Ignoring removed nobh option
[  537.945457][T26459] EXT4-fs: Ignoring removed nobh option
[  537.955424][T26459] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  537.956802][T18301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  537.974968][T26463] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  537.975614][T26459] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.8497: invalid indirect mapped block 2683928664 (level 1)
[  538.018807][T26459] EXT4-fs (loop4): 1 truncate cleaned up
[  538.028941][T26467] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  538.031629][T26459] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  538.046555][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  538.055587][T26469] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8499'.
[  538.069184][T26465] ALSA: seq fatal error: cannot create timer (-16)
[  538.109801][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  538.132379][T26472] pim6reg1: entered promiscuous mode
[  538.137822][T26472] pim6reg1: entered allmulticast mode
[  538.188243][T26480] loop4: detected capacity change from 0 to 512
[  538.209044][T26480] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  538.238045][T26487] loop3: detected capacity change from 0 to 512
[  538.255420][T26487] EXT4-fs: Mount option(s) incompatible with ext3
[  538.318706][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  538.425556][T26500] loop4: detected capacity change from 0 to 4096
[  538.436343][T26500] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  538.545293][T26505] batman_adv: batadv0: Adding interface: dummy0
[  538.551697][T26505] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.608022][T26505] batman_adv: batadv0: Interface activated: dummy0
[  538.820911][T26518] pim6reg1: entered promiscuous mode
[  538.826286][T26518] pim6reg1: entered allmulticast mode
[  538.996121][T26529] loop1: detected capacity change from 0 to 512
[  539.010175][T26529] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  539.062808][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.086615][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  539.122201][T26536] loop3: detected capacity change from 0 to 4096
[  539.131101][T26536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  539.220130][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.250815][T26549] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  539.265635][T26548] loop0: detected capacity change from 0 to 2048
[  539.290474][T26548] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  539.314514][T26548] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.8529: bg 0: block 234: padding at end of block bitmap is not set
[  539.329433][T26548] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 117
[  539.333831][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.341825][T26548] EXT4-fs (loop0): This should not happen!! Data will be lost
[  539.341825][T26548] 
[  539.364703][T18301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.430916][T26556] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  539.475176][T26560] ALSA: seq fatal error: cannot create timer (-16)
[  539.581624][T26565] loop0: detected capacity change from 0 to 512
[  539.608485][T26565] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  539.648287][T18301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  539.668788][T26569] loop0: detected capacity change from 0 to 512
[  539.675675][T26569] EXT4-fs: Mount option(s) incompatible with ext3
[  540.126566][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  540.262397][T26593] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8542'.
[  540.275691][T26593] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8542'.
[  540.631601][T26602] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  540.727844][T26613] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  540.759383][T26611] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8548'.
[  540.837756][T26617] loop1: detected capacity change from 0 to 2048
[  540.865820][T26617] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  540.925979][T26617] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.8549: bg 0: block 234: padding at end of block bitmap is not set
[  540.953657][T26617] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 117
[  540.966147][T26617] EXT4-fs (loop1): This should not happen!! Data will be lost
[  540.966147][T26617] 
[  541.009692][T26625] loop0: detected capacity change from 0 to 2048
[  541.023751][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  541.036475][T26630] loop3: detected capacity change from 0 to 2048
[  541.036941][T26625] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  541.056767][T26628] ALSA: seq fatal error: cannot create timer (-16)
[  541.069051][T26625] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.8552: bg 0: block 234: padding at end of block bitmap is not set
[  541.084789][T26625] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 117
[  541.097474][T26625] EXT4-fs (loop0): This should not happen!! Data will be lost
[  541.097474][T26625] 
[  541.114885][T26630] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  541.141957][T18301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  541.162409][T26630] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.8554: bg 0: block 234: padding at end of block bitmap is not set
[  541.176872][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  541.185093][T26630] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 117
[  541.197538][T26630] EXT4-fs (loop3): This should not happen!! Data will be lost
[  541.197538][T26630] 
[  541.229398][T26646] loop0: detected capacity change from 0 to 512
[  541.300429][T26646] EXT4-fs: Mount option(s) incompatible with ext3
[  541.309304][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  541.490535][T26656] ALSA: seq fatal error: cannot create timer (-16)
[  541.532012][T26660] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8560'.
[  541.992767][T26667] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  542.206548][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  542.457879][T26695] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  542.496799][T26697] pim6reg1: entered promiscuous mode
[  542.502160][T26697] pim6reg1: entered allmulticast mode
[  542.560998][   T29] kauditd_printk_skb: 277 callbacks suppressed
[  542.561015][   T29] audit: type=1400 audit(542.546:26485): avc:  denied  { map_read map_write } for  pid=26696 comm="syz.3.8572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  542.591186][   T29] audit: type=1326 audit(542.576:26486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26696 comm="syz.3.8572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2752be819 code=0x7ffc0000
[  542.621789][   T29] audit: type=1326 audit(542.596:26487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26696 comm="syz.3.8572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2752be819 code=0x7ffc0000
[  542.649853][T26694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  542.659708][   T29] audit: type=1400 audit(542.636:26488): avc:  denied  { ioctl } for  pid=26693 comm="syz.0.8571" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  542.687059][T26694] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  542.698708][   T29] audit: type=1400 audit(542.686:26489): avc:  denied  { read write } for  pid=26699 comm="syz.3.8573" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  542.722371][   T29] audit: type=1400 audit(542.686:26490): avc:  denied  { open } for  pid=26699 comm="syz.3.8573" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  542.745923][   T29] audit: type=1400 audit(542.686:26491): avc:  denied  { ioctl } for  pid=26699 comm="syz.3.8573" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x5393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  542.776578][   T29] audit: type=1400 audit(542.756:26492): avc:  denied  { create } for  pid=26699 comm="syz.3.8573" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  542.797477][   T29] audit: type=1400 audit(542.756:26493): avc:  denied  { map } for  pid=26699 comm="syz.3.8573" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=86711 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  542.801490][T26694] loop0: detected capacity change from 0 to 512
[  542.821315][   T29] audit: type=1400 audit(542.756:26494): avc:  denied  { read write } for  pid=26699 comm="syz.3.8573" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=86711 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  542.872517][T26694] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  542.881768][T26694] System zones: 0-2, 18-18, 34-34
[  542.899534][T26694] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.8571: bg 0: block 248: padding at end of block bitmap is not set
[  542.914707][T26694] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.8571: Failed to acquire dquot type 1
[  542.981497][T26694] EXT4-fs (loop0): 1 truncate cleaned up
[  543.023659][T26694] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  543.064172][T26716] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8577'.
[  543.101213][T26724] loop4: detected capacity change from 0 to 512
[  543.116337][T26725] loop3: detected capacity change from 0 to 4096
[  543.125073][T26725] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  543.141510][T26724] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  543.197694][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  543.246614][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  543.256368][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  543.289469][T26732] pim6reg1: entered promiscuous mode
[  543.294822][T26732] pim6reg1: entered allmulticast mode
[  543.362214][T26736] loop3: detected capacity change from 0 to 512
[  543.378351][T26736] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  543.431740][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  543.593210][T26754] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8589'.
[  543.613973][T18301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  543.741311][T26771] loop4: detected capacity change from 0 to 2048
[  543.759906][T26776] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  543.769395][T26771] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  543.786349][T26771] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.8595: bg 0: block 234: padding at end of block bitmap is not set
[  543.800945][T26771] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 117
[  543.813484][T26771] EXT4-fs (loop4): This should not happen!! Data will be lost
[  543.813484][T26771] 
[  543.837636][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  543.959770][T26775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  543.968791][T26775] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  543.983991][T26775] loop1: detected capacity change from 0 to 512
[  544.000396][T26775] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  544.008812][T26775] System zones: 0-2, 18-18, 34-34
[  544.014783][T26775] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.8597: bg 0: block 248: padding at end of block bitmap is not set
[  544.031499][T26775] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.8597: Failed to acquire dquot type 1
[  544.043677][T26775] EXT4-fs (loop1): 1 truncate cleaned up
[  544.051815][T26775] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  544.108771][T26787] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  544.119706][T26787] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  544.132338][T26787] loop4: detected capacity change from 0 to 512
[  544.159676][T26787] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  544.168197][T26787] System zones: 0-2, 18-18, 34-34
[  544.174343][T26787] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.8601: bg 0: block 248: padding at end of block bitmap is not set
[  544.191496][T26787] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.8601: Failed to acquire dquot type 1
[  544.204823][T26787] EXT4-fs (loop4): 1 truncate cleaned up
[  544.212504][T26787] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  544.286580][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  544.328584][T26803] loop3: detected capacity change from 0 to 512
[  544.338308][T26803] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  544.376905][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  544.533048][T26820] loop3: detected capacity change from 0 to 128
[  544.549412][T26820] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  544.589154][T26820] syz.3.8611: attempt to access beyond end of device
[  544.589154][T26820] loop3: rw=2049, sector=216, nr_sectors = 1 limit=128
[  544.602768][T26820] Buffer I/O error on dev loop3, logical block 216, lost async page write
[  544.616652][T26820] syz.3.8611: attempt to access beyond end of device
[  544.616652][T26820] loop3: rw=2049, sector=217, nr_sectors = 824 limit=128
[  544.674340][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  544.709032][   T51] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  544.805941][T26829] loop3: detected capacity change from 0 to 512
[  544.845449][T26829] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  544.904945][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  544.925076][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  545.132586][T26846] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  545.208840][T26853] loop4: detected capacity change from 0 to 1764
[  545.326571][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  545.341239][T26861] loop4: detected capacity change from 0 to 128
[  545.348944][T26861] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  545.399378][T26861] syz.4.8625: attempt to access beyond end of device
[  545.399378][T26861] loop4: rw=2049, sector=216, nr_sectors = 1 limit=128
[  545.412969][T26861] Buffer I/O error on dev loop4, logical block 216, lost async page write
[  545.423519][T26861] syz.4.8625: attempt to access beyond end of device
[  545.423519][T26861] loop4: rw=2049, sector=217, nr_sectors = 824 limit=128
[  545.934981][T26874] ALSA: seq fatal error: cannot create timer (-16)
[  546.366604][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  546.449794][T26893] loop0: detected capacity change from 0 to 128
[  546.892760][T26893] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  546.922709][T26894] loop3: detected capacity change from 0 to 128
[  546.987298][T26894] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  546.998185][T26891] syz.0.8636: attempt to access beyond end of device
[  546.998185][T26891] loop0: rw=2049, sector=216, nr_sectors = 1 limit=128
[  547.011700][T26891] Buffer I/O error on dev loop0, logical block 216, lost async page write
[  547.021374][T26891] syz.0.8636: attempt to access beyond end of device
[  547.021374][T26891] loop0: rw=2049, sector=217, nr_sectors = 824 limit=128
[  547.050707][T26897] netlink: 'syz.2.8637': attribute type 4 has an invalid length.
[  547.058974][   T51] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  547.075579][T26897] netlink: 'syz.2.8637': attribute type 4 has an invalid length.
[  547.198641][T26903] ALSA: seq fatal error: cannot create timer (-16)
[  547.314133][T26911] loop1: detected capacity change from 0 to 128
[  547.321564][T26911] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  547.353241][T26911] syz.1.8643: attempt to access beyond end of device
[  547.353241][T26911] loop1: rw=2049, sector=216, nr_sectors = 1 limit=128
[  547.366827][T26911] Buffer I/O error on dev loop1, logical block 216, lost async page write
[  547.376462][T26911] syz.1.8643: attempt to access beyond end of device
[  547.376462][T26911] loop1: rw=2049, sector=217, nr_sectors = 824 limit=128
[  547.406575][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  547.511605][   T28] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  547.534639][T21719] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  547.570153][   T29] kauditd_printk_skb: 238 callbacks suppressed
[  547.570251][   T29] audit: type=1400 audit(547.556:26727): avc:  denied  { create } for  pid=26915 comm="syz.0.8639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  547.599612][   T29] audit: type=1400 audit(547.566:26728): avc:  denied  { recv } for  pid=26912 comm="syz.1.8643" saddr=10.128.0.163 src=30030 daddr=10.128.0.65 dest=47828 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  547.635383][   T29] audit: type=1400 audit(547.616:26729): avc:  denied  { write } for  pid=26915 comm="syz.0.8639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  547.660818][   T29] audit: type=1400 audit(547.646:26730): avc:  denied  { create } for  pid=26915 comm="syz.0.8639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  547.684187][   T29] audit: type=1400 audit(547.676:26731): avc:  denied  { create } for  pid=26917 comm="syz.1.8644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  547.707025][   T29] audit: type=1400 audit(547.696:26732): avc:  denied  { setopt } for  pid=26915 comm="syz.0.8639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  547.726250][   T29] audit: type=1400 audit(547.696:26733): avc:  denied  { getopt } for  pid=26915 comm="syz.0.8639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  547.749693][   T29] audit: type=1400 audit(547.696:26734): avc:  denied  { connect } for  pid=26915 comm="syz.0.8639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  547.768936][   T29] audit: type=1400 audit(547.696:26735): avc:  denied  { name_connect } for  pid=26915 comm="syz.0.8639" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  547.795960][   T29] audit: type=1400 audit(547.786:26736): avc:  denied  { setopt } for  pid=26917 comm="syz.1.8644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  547.861118][T26921] FAULT_INJECTION: forcing a failure.
[  547.861118][T26921] name failslab, interval 1, probability 0, space 0, times 0
[  547.873828][T26921] CPU: 0 UID: 0 PID: 26921 Comm: syz.1.8645 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  547.884266][T26921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  547.894343][T26921] Call Trace:
[  547.897700][T26921]  <TASK>
[  547.900642][T26921]  dump_stack_lvl+0xf2/0x150
[  547.905526][T26921]  dump_stack+0x15/0x20
[  547.909711][T26921]  should_fail_ex+0x223/0x230
[  547.914413][T26921]  ? tcf_action_init_1+0x121/0x490
[  547.919785][T26921]  should_failslab+0x8f/0xb0
[  547.924470][T26921]  __kmalloc_cache_noprof+0x4b/0x2a0
[  547.929790][T26921]  tcf_action_init_1+0x121/0x490
[  547.934814][T26921]  ? tc_action_load_ops+0x1a9/0x410
[  547.940538][T26921]  tcf_action_init+0x1cc/0x610
[  547.945413][T26921]  ? is_reg64+0xda/0x290
[  547.949751][T26921]  tc_ctl_action+0x292/0x840
[  547.954406][T26921]  ? __pfx_tc_ctl_action+0x10/0x10
[  547.959560][T26921]  rtnetlink_rcv_msg+0x6aa/0x710
[  547.964583][T26921]  ? ref_tracker_free+0x3a5/0x410
[  547.969672][T26921]  ? __dev_queue_xmit+0x186/0x2090
[  547.974889][T26921]  ? ref_tracker_alloc+0x1f5/0x2f0
[  547.980078][T26921]  netlink_rcv_skb+0x12c/0x230
[  547.984896][T26921]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  547.990376][T26921]  rtnetlink_rcv+0x1c/0x30
[  547.994863][T26921]  netlink_unicast+0x599/0x670
[  547.999649][T26921]  netlink_sendmsg+0x5cc/0x6e0
[  548.004441][T26921]  ? __pfx_netlink_sendmsg+0x10/0x10
[  548.009757][T26921]  __sock_sendmsg+0x140/0x180
[  548.014506][T26921]  ____sys_sendmsg+0x312/0x410
[  548.019375][T26921]  __sys_sendmsg+0x19d/0x230
[  548.023993][T26921]  __x64_sys_sendmsg+0x46/0x50
[  548.028787][T26921]  x64_sys_call+0x2734/0x2dc0
[  548.033484][T26921]  do_syscall_64+0xc9/0x1c0
[  548.038013][T26921]  ? clear_bhb_loop+0x55/0xb0
[  548.042733][T26921]  ? clear_bhb_loop+0x55/0xb0
[  548.047447][T26921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.053370][T26921] RIP: 0033:0x7fbcb092e819
[  548.057790][T26921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  548.077584][T26921] RSP: 002b:00007fbcaefa1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  548.086023][T26921] RAX: ffffffffffffffda RBX: 00007fbcb0ae5fa0 RCX: 00007fbcb092e819
[  548.094002][T26921] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  548.102019][T26921] RBP: 00007fbcaefa1090 R08: 0000000000000000 R09: 0000000000000000
[  548.109994][T26921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  548.117971][T26921] R13: 0000000000000000 R14: 00007fbcb0ae5fa0 R15: 00007ffe777bd638
[  548.125994][T26921]  </TASK>
[  548.149798][T26925] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  548.368088][T26937] batman_adv: batadv0: Interface deactivated: dummy0
[  548.374895][T26937] batman_adv: batadv0: Removing interface: dummy0
[  548.437684][T26944] loop0: detected capacity change from 0 to 512
[  548.446551][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  548.474031][T26944] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  548.534131][   T28] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  548.544106][T18301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  548.559109][T26940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  548.568121][T26940] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  548.580947][T26940] loop4: detected capacity change from 0 to 512
[  548.599550][T26940] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  548.607984][T26940] System zones: 0-2, 18-18, 34-34
[  548.614006][T26940] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.8653: bg 0: block 248: padding at end of block bitmap is not set
[  548.631222][T26940] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.8653: Failed to acquire dquot type 1
[  548.643465][T26940] EXT4-fs (loop4): 1 truncate cleaned up
[  548.652148][T26940] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  549.020857][T26963] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  549.185484][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  549.267180][T26976] loop4: detected capacity change from 0 to 128
[  549.275294][T26976] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  549.486567][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  549.596012][T26978] loop1: detected capacity change from 0 to 512
[  549.699610][T26978] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  549.724733][T21719] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  549.822209][T26989] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  549.936097][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  550.060115][T27003] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  550.353241][T27010] loop0: detected capacity change from 0 to 512
[  550.381645][T27010] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  550.526565][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  550.585323][T27023] loop3: detected capacity change from 0 to 512
[  550.594098][T27023] EXT4-fs: Ignoring removed nobh option
[  550.599793][T27023] EXT4-fs: Ignoring removed nobh option
[  550.610211][T27023] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  550.680353][T27023] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.8677: invalid indirect mapped block 2683928664 (level 1)
[  550.698876][T27023] EXT4-fs (loop3): 1 truncate cleaned up
[  550.888303][T27025] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  551.566577][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  552.127968][T27039] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8682'.
[  552.235834][T27045] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8685'.
[  552.339910][T27055] ALSA: seq fatal error: cannot create timer (-16)
[  552.606607][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  552.616990][T27070] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8695'.
[  552.656837][   T29] kauditd_printk_skb: 266 callbacks suppressed
[  552.656855][   T29] audit: type=1326 audit(552.646:27001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27073 comm="syz.2.8696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  552.692028][   T29] audit: type=1326 audit(552.676:27002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27073 comm="syz.2.8696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  552.692083][   T29] audit: type=1326 audit(552.676:27003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27073 comm="syz.2.8696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  552.699918][T27065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.715154][   T29] audit: type=1326 audit(552.676:27004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27073 comm="syz.2.8696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  552.769747][   T29] audit: type=1326 audit(552.676:27005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27073 comm="syz.2.8696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  552.784477][T27076] ALSA: seq fatal error: cannot create timer (-16)
[  552.792780][   T29] audit: type=1326 audit(552.676:27006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27073 comm="syz.2.8696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  552.792814][   T29] audit: type=1326 audit(552.676:27007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27073 comm="syz.2.8696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  552.819557][T27065] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.822357][   T29] audit: type=1326 audit(552.676:27008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27073 comm="syz.2.8696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  552.876103][   T29] audit: type=1326 audit(552.676:27009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27073 comm="syz.2.8696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  552.876140][   T29] audit: type=1326 audit(552.676:27010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27073 comm="syz.2.8696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f684766e819 code=0x7ffc0000
[  552.919825][T27065] loop1: detected capacity change from 0 to 512
[  552.939170][T27065] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  552.939237][T27065] System zones: 0-2, 18-18, 34-34
[  552.940073][T27065] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.8693: bg 0: block 248: padding at end of block bitmap is not set
[  552.940269][T27065] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.8693: Failed to acquire dquot type 1
[  552.940917][T27065] EXT4-fs (loop1): 1 truncate cleaned up
[  553.038129][T27088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8699'.
[  553.391881][T27106] loop3: detected capacity change from 0 to 128
[  553.646571][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  553.788213][T27106] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  553.835167][T27106] syz.3.8706: attempt to access beyond end of device
[  553.835167][T27106] loop3: rw=2049, sector=216, nr_sectors = 1 limit=128
[  553.848613][T27106] Buffer I/O error on dev loop3, logical block 216, lost async page write
[  553.858310][T27106] syz.3.8706: attempt to access beyond end of device
[  553.858310][T27106] loop3: rw=2049, sector=217, nr_sectors = 824 limit=128
[  554.329013][T27115] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8710'.
[  554.347413][T27095] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  554.594843][ T3336] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  554.629471][T27123] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8707'.
[  554.686578][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  555.055247][T27127] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  555.374705][T27147] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8722'.
[  555.491393][T27154] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  555.609502][T27158] netlink: 'syz.3.8727': attribute type 4 has an invalid length.
[  555.625102][T27158] netlink: 'syz.3.8727': attribute type 4 has an invalid length.
[  555.726544][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  556.584713][T27161] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  556.726393][T27177] loop3: detected capacity change from 0 to 512
[  556.752617][T27177] EXT4-fs: Mount option(s) incompatible with ext3
[  556.766575][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  556.827533][T27172] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  557.184041][T27185] batman_adv: batadv0: Adding interface: dummy0
[  557.190431][T27185] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  557.278538][T27185] batman_adv: batadv0: Interface activated: dummy0
[  557.290637][T27190] netlink: 'syz.1.8737': attribute type 4 has an invalid length.
[  557.301095][T27190] netlink: 'syz.1.8737': attribute type 4 has an invalid length.
[  557.627105][T27200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  557.635959][T27200] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  557.661100][T27200] loop4: detected capacity change from 0 to 512
[  557.669930][   T29] kauditd_printk_skb: 192 callbacks suppressed
[  557.669952][   T29] audit: type=1400 audit(557.656:27201): avc:  denied  { create } for  pid=27211 comm="syz.0.8748" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  557.700630][T27200] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  557.706634][   T29] audit: type=1400 audit(557.656:27202): avc:  denied  { map } for  pid=27211 comm="syz.0.8748" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=87819 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  557.717152][T27200] System zones: 0-2, 18-18, 34-34
[  557.733023][   T29] audit: type=1400 audit(557.656:27203): avc:  denied  { read write } for  pid=27211 comm="syz.0.8748" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=87819 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  557.762704][   T29] audit: type=1400 audit(557.706:27204): avc:  denied  { read } for  pid=27209 comm="syz.3.8747" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  557.787240][T27200] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.8742: bg 0: block 248: padding at end of block bitmap is not set
[  557.804386][T27200] Quota error (device loop4): write_blk: dquota write failed
[  557.806561][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  557.811858][T27200] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  557.828917][T27200] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.8742: Failed to acquire dquot type 1
[  557.848014][T27221] loop0: detected capacity change from 0 to 512
[  557.848303][T27200] EXT4-fs (loop4): 1 truncate cleaned up
[  557.854724][T27221] EXT4-fs: Ignoring removed nobh option
[  557.860824][   T29] audit: type=1400 audit(557.856:27205): avc:  denied  { mount } for  pid=27199 comm="syz.4.8742" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  557.865619][T27221] EXT4-fs: Ignoring removed nobh option
[  557.895977][T27221] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  557.904298][T27221] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.8749: invalid indirect mapped block 2683928664 (level 1)
[  557.918961][T27221] EXT4-fs (loop0): 1 truncate cleaned up
[  557.956298][   T29] audit: type=1400 audit(557.936:27206): avc:  denied  { unmount } for  pid=18301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  558.089032][T27233] loop1: detected capacity change from 0 to 4096
[  558.102481][   T29] audit: type=1400 audit(558.086:27207): avc:  denied  { watch watch_reads } for  pid=27232 comm="syz.1.8754" path="/569/file1" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  558.299914][T27237] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  558.387116][T27241] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8756'.
[  558.487656][   T29] audit: type=1326 audit(558.476:27208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27244 comm="syz.4.8758" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  558.759358][T27257] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  558.846562][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  558.882312][T27263] loop0: detected capacity change from 0 to 4096
[  559.222847][T27284] ALSA: seq fatal error: cannot create timer (-16)
[  559.345165][T27279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  559.365594][T27279] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  559.393270][T27294] FAULT_INJECTION: forcing a failure.
[  559.393270][T27294] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  559.404099][T27279] loop1: detected capacity change from 0 to 512
[  559.406673][T27294] CPU: 0 UID: 0 PID: 27294 Comm: syz.2.8777 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  559.423200][T27294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  559.433334][T27294] Call Trace:
[  559.436643][T27294]  <TASK>
[  559.439579][T27294]  dump_stack_lvl+0xf2/0x150
[  559.444283][T27294]  dump_stack+0x15/0x20
[  559.448527][T27294]  should_fail_ex+0x223/0x230
[  559.453257][T27294]  should_fail_alloc_page+0xfd/0x110
[  559.458611][T27294]  __alloc_pages_noprof+0x109/0x340
[  559.464261][T27294]  alloc_pages_mpol_noprof+0xb1/0x1e0
[  559.470110][T27294]  vma_alloc_folio_noprof+0x1a0/0x2f0
[  559.475631][T27294]  handle_mm_fault+0xdd7/0x2ac0
[  559.480510][T27294]  exc_page_fault+0x3b9/0x650
[  559.485203][T27294]  asm_exc_page_fault+0x26/0x30
[  559.490163][T27294] RIP: 0033:0x7f6847531853
[  559.494603][T27294] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  559.514242][T27294] RSP: 002b:00007f6845ce64a0 EFLAGS: 00010202
[  559.520348][T27294] RAX: 0000000000004000 RBX: 00007f6845ce6540 RCX: 00007f683d8c7000
[  559.528503][T27294] RDX: 00007f6845ce66e0 RSI: 0000000000000005 RDI: 00007f6845ce65e0
[  559.536522][T27294] RBP: 00000000000000a4 R08: 0000000000000008 R09: 00000000000000ba
[  559.544558][T27294] R10: 00000000000000c6 R11: 00007f6845ce6540 R12: 0000000000000001
[  559.552583][T27294] R13: 00007f68476f5fa0 R14: 00000000000000f8 R15: 00007f6845ce65e0
[  559.560569][T27294]  </TASK>
[  559.563637][T27294] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  559.581290][T27281] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  559.589892][T27279] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  559.597962][T27279] System zones: 0-2, 18-18, 34-34
[  559.605091][T27279] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.8772: bg 0: block 248: padding at end of block bitmap is not set
[  559.622391][T27279] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.8772: Failed to acquire dquot type 1
[  559.634561][T27279] EXT4-fs (loop1): 1 truncate cleaned up
[  559.643849][T27298] FAULT_INJECTION: forcing a failure.
[  559.643849][T27298] name failslab, interval 1, probability 0, space 0, times 0
[  559.656627][T27298] CPU: 1 UID: 0 PID: 27298 Comm: syz.4.8778 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  559.667466][T27298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  559.677578][T27298] Call Trace:
[  559.680886][T27298]  <TASK>
[  559.683883][T27298]  dump_stack_lvl+0xf2/0x150
[  559.688534][T27298]  dump_stack+0x15/0x20
[  559.692740][T27298]  should_fail_ex+0x223/0x230
[  559.697531][T27298]  ? skb_clone+0x154/0x1f0
[  559.702005][T27298]  should_failslab+0x8f/0xb0
[  559.706620][T27298]  kmem_cache_alloc_noprof+0x4c/0x290
[  559.712115][T27298]  skb_clone+0x154/0x1f0
[  559.716591][T27298]  __netlink_deliver_tap+0x2bd/0x4f0
[  559.721985][T27298]  netlink_unicast+0x64a/0x670
[  559.726982][T27298]  netlink_sendmsg+0x5cc/0x6e0
[  559.731771][T27298]  ? __pfx_netlink_sendmsg+0x10/0x10
[  559.737071][T27298]  __sock_sendmsg+0x140/0x180
[  559.742054][T27298]  ____sys_sendmsg+0x312/0x410
[  559.746842][T27298]  __sys_sendmsg+0x19d/0x230
[  559.751892][T27298]  __x64_sys_sendmsg+0x46/0x50
[  559.756665][T27298]  x64_sys_call+0x2734/0x2dc0
[  559.761356][T27298]  do_syscall_64+0xc9/0x1c0
[  559.765891][T27298]  ? clear_bhb_loop+0x55/0xb0
[  559.770627][T27298]  ? clear_bhb_loop+0x55/0xb0
[  559.775363][T27298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  559.781273][T27298] RIP: 0033:0x7f54465ee819
[  559.785762][T27298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  559.805376][T27298] RSP: 002b:00007f5444c67038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  559.813797][T27298] RAX: ffffffffffffffda RBX: 00007f54467a5fa0 RCX: 00007f54465ee819
[  559.821834][T27298] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004
[  559.829817][T27298] RBP: 00007f5444c67090 R08: 0000000000000000 R09: 0000000000000000
[  559.837796][T27298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  559.845778][T27298] R13: 0000000000000000 R14: 00007f54467a5fa0 R15: 00007ffe5cc874a8
[  559.853760][T27298]  </TASK>
[  559.858532][T27298] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8778'.
[  559.886544][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  559.994322][T27311] pim6reg1: entered promiscuous mode
[  559.999787][T27311] pim6reg1: entered allmulticast mode
[  560.072602][T27317] loop3: detected capacity change from 0 to 512
[  560.080398][T27317] EXT4-fs: Mount option(s) incompatible with ext3
[  560.174473][T27326] lo speed is unknown, defaulting to 1000
[  560.413136][T27332] lo speed is unknown, defaulting to 1000
[  560.451735][T18112] EXT4-fs unmount: 14 callbacks suppressed
[  560.451754][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  560.847046][T27347] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  560.923948][T27356] loop4: detected capacity change from 0 to 512
[  560.930401][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  560.961110][T27356] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  560.971439][T27354] batman_adv: batadv0: Adding interface: dummy0
[  560.979899][T27354] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  561.008000][T27356] SELinux: failure in selinux_parse_skb(), unable to parse packet
[  561.024740][T27354] batman_adv: batadv0: Interface activated: dummy0
[  561.074574][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  561.121369][T27364] loop3: detected capacity change from 0 to 4096
[  561.131333][T27364] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  561.182453][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  561.486272][T27397] loop1: detected capacity change from 0 to 512
[  561.493092][T27397] EXT4-fs: Ignoring removed nobh option
[  561.498923][T27397] EXT4-fs: Ignoring removed nobh option
[  561.507269][T27397] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  561.512494][T27401] netlink: 'syz.0.8814': attribute type 4 has an invalid length.
[  561.515554][T27397] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.8813: invalid indirect mapped block 2683928664 (level 1)
[  561.537719][T27397] EXT4-fs (loop1): 1 truncate cleaned up
[  561.539713][T27401] netlink: 'syz.0.8814': attribute type 4 has an invalid length.
[  561.543729][T27397] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  561.591839][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  561.652261][T27409] loop1: detected capacity change from 0 to 512
[  561.655026][T27411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  561.670347][T27411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  561.673777][T27409] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  561.693858][T27409] EXT4-fs (loop1): 1 truncate cleaned up
[  561.699993][T27409] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  561.899185][T27427] loop0: detected capacity change from 0 to 512
[  561.905939][T27427] EXT4-fs: Ignoring removed nobh option
[  561.911691][T27427] EXT4-fs: Ignoring removed nobh option
[  561.921232][T27427] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  561.930090][T27427] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.8825: invalid indirect mapped block 2683928664 (level 1)
[  561.947228][T27427] EXT4-fs (loop0): 1 truncate cleaned up
[  561.953407][T27427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  561.966590][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  561.980922][T18301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.003270][T27431] netlink: 'syz.0.8826': attribute type 4 has an invalid length.
[  562.013665][T27431] netlink: 'syz.0.8826': attribute type 4 has an invalid length.
[  562.028734][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  562.134281][T27442] loop3: detected capacity change from 0 to 128
[  562.147264][T27442] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  562.163283][T27447] FAULT_INJECTION: forcing a failure.
[  562.163283][T27447] name failslab, interval 1, probability 0, space 0, times 0
[  562.176016][T27447] CPU: 0 UID: 0 PID: 27447 Comm: syz.4.8833 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  562.186579][T27447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  562.196669][T27447] Call Trace:
[  562.199954][T27447]  <TASK>
[  562.202983][T27447]  dump_stack_lvl+0xf2/0x150
[  562.207602][T27447]  dump_stack+0x15/0x20
[  562.211782][T27447]  should_fail_ex+0x223/0x230
[  562.216548][T27447]  ? audit_log_d_path+0x96/0x250
[  562.221558][T27447]  should_failslab+0x8f/0xb0
[  562.226211][T27447]  __kmalloc_cache_noprof+0x4b/0x2a0
[  562.231523][T27447]  audit_log_d_path+0x96/0x250
[  562.236448][T27447]  ? __rcu_read_unlock+0x4e/0x70
[  562.241408][T27447]  audit_log_d_path_exe+0x42/0x70
[  562.246508][T27447]  audit_log_task+0x155/0x180
[  562.251274][T27447]  audit_seccomp+0x68/0x130
[  562.255798][T27447]  __seccomp_filter+0x6fa/0x1180
[  562.260748][T27447]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  562.266498][T27447]  ? vfs_write+0x596/0x920
[  562.271038][T27447]  __secure_computing+0x9f/0x1c0
[  562.276070][T27447]  syscall_trace_enter+0xd1/0x1f0
[  562.281129][T27447]  ? fpregs_assert_state_consistent+0x83/0xa0
[  562.287422][T27447]  do_syscall_64+0xaa/0x1c0
[  562.292030][T27447]  ? clear_bhb_loop+0x55/0xb0
[  562.296730][T27447]  ? clear_bhb_loop+0x55/0xb0
[  562.301481][T27447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.307478][T27447] RIP: 0033:0x7f54465ee819
[  562.311897][T27447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.331524][T27447] RSP: 002b:00007f5444c67038 EFLAGS: 00000246 ORIG_RAX: 000000000000014c
[  562.340112][T27447] RAX: ffffffffffffffda RBX: 00007f54467a5fa0 RCX: 00007f54465ee819
[  562.348166][T27447] RDX: 0000000000001000 RSI: 0000000000000000 RDI: ffffffffffffff9c
[  562.356155][T27447] RBP: 00007f5444c67090 R08: 0000000020000340 R09: 0000000000000000
[  562.364130][T27447] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000001
[  562.372352][T27447] R13: 0000000000000000 R14: 00007f54467a5fa0 R15: 00007ffe5cc874a8
[  562.380374][T27447]  </TASK>
[  562.455669][T27453] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  562.469332][T21040] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  562.495329][T27459] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8837'.
[  562.811066][T27465] netlink: 'syz.3.8839': attribute type 4 has an invalid length.
[  562.845800][T27461] loop4: detected capacity change from 0 to 4096
[  562.862981][T27465] netlink: 'syz.3.8839': attribute type 4 has an invalid length.
[  562.949001][T27461] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  563.006566][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  563.397683][T27475] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=27475 comm=syz.4.8836
[  563.428184][   T29] kauditd_printk_skb: 538 callbacks suppressed
[  563.428204][   T29] audit: type=1400 audit(563.386:27745): avc:  denied  { nlmsg_write } for  pid=27454 comm="syz.4.8836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  563.527578][   T29] audit: type=1400 audit(563.516:27746): avc:  denied  { create } for  pid=27492 comm="syz.0.8847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  563.561101][   T29] audit: type=1400 audit(563.546:27747): avc:  denied  { connect } for  pid=27492 comm="syz.0.8847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  563.585524][   T29] audit: type=1400 audit(563.546:27748): avc:  denied  { write } for  pid=27492 comm="syz.0.8847" path="socket:[90169]" dev="sockfs" ino=90169 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  563.637128][T27495] netlink: 76 bytes leftover after parsing attributes in process `syz.0.8847'.
[  563.654637][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  563.660102][   T29] audit: type=1400 audit(563.646:27749): avc:  denied  { write } for  pid=27486 comm="syz.2.8842" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  563.683150][T27496] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8842'.
[  563.745120][   T29] audit: type=1400 audit(563.726:27750): avc:  denied  { connect } for  pid=27497 comm="syz.0.8849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  563.764968][   T29] audit: type=1400 audit(563.726:27751): avc:  denied  { name_connect } for  pid=27497 comm="syz.0.8849" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  563.795193][   T29] audit: type=1400 audit(563.776:27752): avc:  denied  { read } for  pid=27497 comm="syz.0.8849" laddr=fe80::12 lport=33418 faddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  563.824259][   T29] audit: type=1326 audit(563.816:27753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27503 comm="syz.4.8850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  563.847786][   T29] audit: type=1326 audit(563.816:27754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27503 comm="syz.4.8850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  563.887629][T27498] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=27498 comm=syz.0.8849
[  564.046570][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  564.140004][T27508] lo speed is unknown, defaulting to 1000
[  564.211460][T27508] chnl_net:caif_netlink_parms(): no params data found
[  564.277521][T27522] loop1: detected capacity change from 0 to 128
[  564.338940][T27522] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  564.396803][T27522] syz.1.8852: attempt to access beyond end of device
[  564.396803][T27522] loop1: rw=2049, sector=216, nr_sectors = 1 limit=128
[  564.410261][T27522] Buffer I/O error on dev loop1, logical block 216, lost async page write
[  564.420818][T27522] syz.1.8852: attempt to access beyond end of device
[  564.420818][T27522] loop1: rw=2049, sector=217, nr_sectors = 824 limit=128
[  564.531757][T27508] bridge0: port 1(bridge_slave_0) entered blocking state
[  564.538937][T27508] bridge0: port 1(bridge_slave_0) entered disabled state
[  564.549207][T27508] bridge_slave_0: entered allmulticast mode
[  564.556385][T27508] bridge_slave_0: entered promiscuous mode
[  564.565977][T27508] bridge0: port 2(bridge_slave_1) entered blocking state
[  564.573200][T27508] bridge0: port 2(bridge_slave_1) entered disabled state
[  564.585041][T27508] bridge_slave_1: entered allmulticast mode
[  564.592651][T27508] bridge_slave_1: entered promiscuous mode
[  564.629009][T27508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  564.643556][T27508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  564.675340][T27508] team0: Port device team_slave_0 added
[  564.682916][T27508] team0: Port device team_slave_1 added
[  564.715883][T27508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  564.722889][T27508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.748952][T27508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  564.765204][T27508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  564.772260][T27508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.798307][T27508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  564.855544][T27508] hsr_slave_0: entered promiscuous mode
[  564.866368][T27508] hsr_slave_1: entered promiscuous mode
[  564.872699][T27508] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  564.882568][T27508] Cannot create hsr debugfs directory
[  564.972057][T27508] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  565.035287][T27508] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  565.086539][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  565.099871][T27508] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  565.109861][T27530] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  565.163434][   T51] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  565.176164][T27508] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  565.237011][T27508] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  565.249089][T27508] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  565.258015][T27508] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  565.267044][T27508] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  565.313501][T27508] 8021q: adding VLAN 0 to HW filter on device bond0
[  565.335436][T27508] 8021q: adding VLAN 0 to HW filter on device team0
[  565.352093][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.359203][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[  565.371440][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  565.378540][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  565.391518][T27545] loop1: detected capacity change from 0 to 128
[  565.405366][T27537] loop3: detected capacity change from 0 to 128
[  565.411448][T27545] EXT4-fs: Ignoring removed nobh option
[  565.433704][T27545] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  565.470590][T18112] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  565.472168][T27508] 8021q: adding VLAN 0 to HW filter on device batadv0
[  565.666319][T27566] loop3: detected capacity change from 0 to 128
[  565.674087][T27566] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  565.725738][T27566] syz.3.8863: attempt to access beyond end of device
[  565.725738][T27566] loop3: rw=2049, sector=216, nr_sectors = 1 limit=128
[  565.739317][T27566] Buffer I/O error on dev loop3, logical block 216, lost async page write
[  565.750278][T27566] syz.3.8863: attempt to access beyond end of device
[  565.750278][T27566] loop3: rw=2049, sector=217, nr_sectors = 824 limit=128
[  565.842438][T27508] veth0_vlan: entered promiscuous mode
[  565.853702][T27508] veth1_vlan: entered promiscuous mode
[  565.893813][T27508] veth0_macvtap: entered promiscuous mode
[  565.905598][T27508] veth1_macvtap: entered promiscuous mode
[  565.921055][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  565.931618][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  565.941515][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  565.952174][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  565.962124][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  565.972734][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  565.982592][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  565.993141][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.003073][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  566.013576][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.023498][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  566.033985][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.043852][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  566.054454][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.064319][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  566.074837][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.084720][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  566.095221][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.121026][T27508] batman_adv: batadv0: Interface activated: batadv_slave_0
[  566.126553][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  566.142257][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.152789][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.162670][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.173354][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.183229][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.193707][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.203624][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.214346][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.224471][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.234989][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.245021][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.255512][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.265394][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.275845][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.285678][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.296203][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.306159][T27508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  566.316687][T27508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  566.329771][T27508] batman_adv: batadv0: Interface activated: batadv_slave_1
[  566.342971][T27508] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  566.351913][T27508] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  566.360723][T27508] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  566.369469][T27508] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  566.475918][T27577] loop0: detected capacity change from 0 to 512
[  566.499299][T27577] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  566.617250][T27508] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  566.697334][T27585] program syz.2.8866 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  566.767537][   T28] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  566.818288][T27593] loop0: detected capacity change from 0 to 128
[  566.833726][T27593] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  566.867570][T27508] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  566.999150][T27571] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  567.166559][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  567.225170][T27603] loop3: detected capacity change from 0 to 128
[  567.281131][T27603] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  567.456792][T27607] ALSA: seq fatal error: cannot create timer (-16)
[  567.482869][   T11] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  567.924291][T27619] loop0: detected capacity change from 0 to 512
[  567.941047][T27619] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  568.023064][T27508] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  568.206599][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  568.231655][T27646] loop0: detected capacity change from 0 to 512
[  568.341322][T27646] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  568.394677][T27508] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  568.450867][   T29] kauditd_printk_skb: 168 callbacks suppressed
[  568.450886][   T29] audit: type=1326 audit(568.436:27923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27651 comm="syz.0.8893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99421de819 code=0x7ffc0000
[  568.480772][   T29] audit: type=1326 audit(568.436:27924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27651 comm="syz.0.8893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99421de819 code=0x7ffc0000
[  568.504782][   T29] audit: type=1326 audit(568.466:27925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27651 comm="syz.0.8893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99421de819 code=0x7ffc0000
[  568.527861][   T29] audit: type=1326 audit(568.466:27926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27651 comm="syz.0.8893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99421de819 code=0x7ffc0000
[  568.550849][   T29] audit: type=1326 audit(568.466:27927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27651 comm="syz.0.8893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99421de819 code=0x7ffc0000
[  568.573851][   T29] audit: type=1326 audit(568.486:27928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27651 comm="syz.0.8893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f99421de819 code=0x7ffc0000
[  568.591991][T27657] loop4: detected capacity change from 0 to 164
[  568.596810][   T29] audit: type=1326 audit(568.486:27929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27651 comm="syz.0.8893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99421de819 code=0x7ffc0000
[  568.596841][   T29] audit: type=1326 audit(568.486:27930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27651 comm="syz.0.8893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99421de819 code=0x7ffc0000
[  568.649578][   T29] audit: type=1326 audit(568.486:27931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27651 comm="syz.0.8893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f99421dd1b0 code=0x7ffc0000
[  568.675122][   T29] audit: type=1326 audit(568.486:27932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27651 comm="syz.0.8893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99421de819 code=0x7ffc0000
[  568.698948][T27657] ISOFS: unable to read i-node block
[  568.704377][T27657] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  569.025929][T27669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  569.034520][T27669] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  569.047371][T27669] loop1: detected capacity change from 0 to 512
[  569.083950][T27669] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  569.094957][T27669] System zones: 0-2, 18-18, 34-34
[  569.110100][T27669] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.8900: bg 0: block 248: padding at end of block bitmap is not set
[  569.140265][T27669] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.8900: Failed to acquire dquot type 1
[  569.163525][T27669] EXT4-fs (loop1): 1 truncate cleaned up
[  569.174145][T27669] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  569.246563][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  569.387393][T27680] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  569.629243][T27695] ALSA: seq fatal error: cannot create timer (-16)
[  569.750363][T18112] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  569.881915][T27701] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  570.282816][T27723] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8918'.
[  570.286607][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  570.336005][T27720] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  570.541452][T27734] ALSA: seq fatal error: cannot create timer (-16)
[  570.743403][T27748] loop0: detected capacity change from 0 to 128
[  570.797955][T27748] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  570.834959][T27748] syz.0.8928: attempt to access beyond end of device
[  570.834959][T27748] loop0: rw=2049, sector=216, nr_sectors = 1 limit=128
[  570.848733][T27748] Buffer I/O error on dev loop0, logical block 216, lost async page write
[  570.858293][T27748] syz.0.8928: attempt to access beyond end of device
[  570.858293][T27748] loop0: rw=2049, sector=217, nr_sectors = 824 limit=128
[  570.939277][T27752] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8929'.
[  570.974400][   T11] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  571.112181][T27763] loop0: detected capacity change from 0 to 512
[  571.121159][T27763] EXT4-fs: Mount option(s) incompatible with ext3
[  571.132527][T27758] ALSA: seq fatal error: cannot create timer (-16)
[  571.326587][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  571.453940][T27773] lo speed is unknown, defaulting to 1000
[  571.565179][T27773] chnl_net:caif_netlink_parms(): no params data found
[  571.622962][T27773] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.630188][T27773] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.646936][T27773] bridge_slave_0: entered allmulticast mode
[  571.653658][T27773] bridge_slave_0: entered promiscuous mode
[  571.675002][T27773] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.682182][T27773] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.707894][T27773] bridge_slave_1: entered allmulticast mode
[  571.723472][T27773] bridge_slave_1: entered promiscuous mode
[  571.775871][T27773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  571.809008][T27773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  571.856966][T27773] team0: Port device team_slave_0 added
[  571.871338][T27773] team0: Port device team_slave_1 added
[  571.873429][T27795] loop3: detected capacity change from 0 to 512
[  571.890788][T27773] batman_adv: batadv0: Adding interface: batadv_slave_0
[  571.897936][T27773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  571.923954][T27773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  571.942549][T27773] batman_adv: batadv0: Adding interface: batadv_slave_1
[  571.949596][T27773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  571.975669][T27773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  571.997321][T27795] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  572.024399][T27773] hsr_slave_0: entered promiscuous mode
[  572.040462][T27773] hsr_slave_1: entered promiscuous mode
[  572.050213][T27800] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8940'.
[  572.061797][T27773] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  572.069538][T27773] Cannot create hsr debugfs directory
[  572.121156][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  572.200596][T27773] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  572.222455][T27808] loop0: detected capacity change from 0 to 128
[  572.232063][T27808] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  572.248633][T27773] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  572.259723][T27508] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  572.284661][T27812] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8944'.
[  572.313598][T27773] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  572.336456][T27816] ALSA: seq fatal error: cannot create timer (-16)
[  572.360242][T27773] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  572.370667][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  572.423385][T27773] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  572.434198][T27773] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  572.443413][T27773] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  572.452638][T27773] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  572.504763][T27773] 8021q: adding VLAN 0 to HW filter on device bond0
[  572.525959][T27773] 8021q: adding VLAN 0 to HW filter on device team0
[  572.537602][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[  572.544774][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[  572.565559][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  572.572767][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  572.600425][T27835] netlink: 'syz.0.8953': attribute type 4 has an invalid length.
[  572.636356][T27841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8954'.
[  572.655112][T27773] 8021q: adding VLAN 0 to HW filter on device batadv0
[  572.696626][T27849] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10 sclass=netlink_route_socket pid=27849 comm=syz.0.8957
[  572.739838][T27854] ALSA: seq fatal error: cannot create timer (-16)
[  572.762813][T27773] veth0_vlan: entered promiscuous mode
[  572.777028][T27773] veth1_vlan: entered promiscuous mode
[  572.792874][T27773] veth0_macvtap: entered promiscuous mode
[  572.801291][T27773] veth1_macvtap: entered promiscuous mode
[  572.813508][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.824151][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.834185][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.844721][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.854608][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.865115][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.875011][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.885533][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.895581][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.895602][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.895649][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.895662][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.895674][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.895690][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.895754][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.895768][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.895780][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  572.895793][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  572.895806][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  573.007866][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.019013][T27773] batman_adv: batadv0: Interface activated: batadv_slave_0
[  573.026310][T27849] netlink: 'syz.0.8957': attribute type 29 has an invalid length.
[  573.034711][T27857] netlink: 'syz.0.8957': attribute type 29 has an invalid length.
[  573.056716][T27861] netlink: 'syz.0.8957': attribute type 29 has an invalid length.
[  573.065857][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.065881][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.065894][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.066037][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.066052][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.066070][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.066085][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.066101][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.066180][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.066220][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.066234][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.066252][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.066360][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.066377][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.066391][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.066409][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.066635][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.066653][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.066666][T27773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  573.066682][T27773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.068153][T27773] batman_adv: batadv0: Interface activated: batadv_slave_1
[  573.068405][T27864] netlink: 'syz.0.8957': attribute type 29 has an invalid length.
[  573.089158][T27773] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  573.089196][T27773] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  573.089226][T27773] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  573.089334][T27773] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  573.406570][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  573.461323][   T29] kauditd_printk_skb: 188 callbacks suppressed
[  573.461339][   T29] audit: type=1326 audit(573.456:28119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27867 comm="syz.3.8959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2752be819 code=0x7ffc0000
[  573.490643][   T29] audit: type=1326 audit(573.456:28120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27867 comm="syz.3.8959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff2752be819 code=0x7ffc0000
[  573.514295][T27877] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  573.523496][T27877] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  573.536905][T27877] loop1: detected capacity change from 0 to 512
[  573.552756][T27877] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  573.566836][T27877] System zones: 0-2, 18-18, 34-34
[  573.573141][T27877] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.8962: bg 0: block 248: padding at end of block bitmap is not set
[  573.575218][T27881] batman_adv: batadv0: Adding interface: dummy0
[  573.594034][T27881] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  573.627112][T27877] Quota error (device loop1): write_blk: dquota write failed
[  573.634646][T27877] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  573.644999][T27877] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.8962: Failed to acquire dquot type 1
[  573.664037][T27877] EXT4-fs (loop1): 1 truncate cleaned up
[  573.670205][T27877] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  573.677164][T27881] batman_adv: batadv0: Interface activated: dummy0
[  573.693375][T27891] netlink: 'syz.3.8966': attribute type 4 has an invalid length.
[  573.774779][T27883] loop4: detected capacity change from 0 to 128
[  573.781362][T27897] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  573.795889][T27883] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  573.830588][T27883] sg_write: data in/out 93/14 bytes for SCSI command 0x5-- guessing data in;
[  573.830588][T27883]    program syz.4.8964 not setting count and/or reply_len properly
[  573.852549][   T29] audit: type=1326 audit(573.836:28121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27882 comm="syz.4.8964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  573.877565][   T29] audit: type=1326 audit(573.836:28122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27882 comm="syz.4.8964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  573.900922][   T29] audit: type=1326 audit(573.836:28123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27882 comm="syz.4.8964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  573.924007][   T29] audit: type=1326 audit(573.836:28124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27882 comm="syz.4.8964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  573.947548][   T29] audit: type=1326 audit(573.866:28125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27882 comm="syz.4.8964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  573.970664][   T29] audit: type=1326 audit(573.866:28126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27882 comm="syz.4.8964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  573.975280][T27896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  574.002627][T27896] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  574.026651][T27896] loop0: detected capacity change from 0 to 512
[  574.040383][T27896] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  574.050491][T27896] System zones: 0-2, 18-18, 34-34
[  574.056355][T27896] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.8968: bg 0: block 248: padding at end of block bitmap is not set
[  574.056541][T27907] lo speed is unknown, defaulting to 1000
[  574.082740][T27896] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.8968: Failed to acquire dquot type 1
[  574.094924][T27896] EXT4-fs (loop0): 1 truncate cleaned up
[  574.097662][T27905] lo speed is unknown, defaulting to 1000
[  574.106931][T27896] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  574.236977][T27773] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  574.390754][T19294] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  574.446545][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  574.455360][T27919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  574.494519][T27919] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  574.522673][T27919] loop3: detected capacity change from 0 to 512
[  574.563771][T27934] loop4: detected capacity change from 0 to 512
[  574.571633][T27934] EXT4-fs: Mount option(s) incompatible with ext3
[  574.593620][T27919] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  574.602248][T27919] System zones: 0-2, 18-18, 34-34
[  574.610869][T27919] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.8977: bg 0: block 248: padding at end of block bitmap is not set
[  574.626399][T27919] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.8977: Failed to acquire dquot type 1
[  574.639515][T27919] EXT4-fs (loop3): 1 truncate cleaned up
[  574.645595][T27919] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  574.674189][T27508] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  574.711096][T27942] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  574.850357][T27954] loop0: detected capacity change from 0 to 128
[  574.873989][T27954] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  575.256368][T21040] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  575.417245][T27971] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8997'.
[  575.486583][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  575.594536][T27973] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  575.638013][T27982] ALSA: seq fatal error: cannot create timer (-16)
[  575.648671][T27982] bridge0: port 3(macvlan0) entered blocking state
[  575.655312][T27982] bridge0: port 3(macvlan0) entered disabled state
[  575.665344][T27982] macvlan0: entered allmulticast mode
[  575.671532][T27982] veth1_vlan: entered allmulticast mode
[  575.681847][T27982] macvlan0: entered promiscuous mode
[  575.688039][T27982] bridge0: port 3(macvlan0) entered blocking state
[  575.694703][T27982] bridge0: port 3(macvlan0) entered forwarding state
[  575.751807][T27988] loop0: detected capacity change from 0 to 256
[  575.767058][T27988] vfat: Bad value for 'time_offset'
[  576.011488][T27994] batman_adv: batadv0: Adding interface: dummy0
[  576.017951][T27994] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  576.046048][T27994] batman_adv: batadv0: Interface activated: dummy0
[  576.134640][T28001] ALSA: seq fatal error: cannot create timer (-16)
[  576.271481][T28004] loop4: detected capacity change from 0 to 128
[  576.347907][T28004] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  576.526574][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  576.944090][T28012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  576.952728][T28012] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  576.965320][T28012] loop1: detected capacity change from 0 to 512
[  576.981259][T28012] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  576.989661][T28012] System zones: 0-2, 18-18, 34-34
[  576.997228][T28012] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.9012: bg 0: block 248: padding at end of block bitmap is not set
[  577.013283][T28012] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.9012: Failed to acquire dquot type 1
[  577.025738][T28012] EXT4-fs (loop1): 1 truncate cleaned up
[  577.031947][T28012] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  577.207442][T28033] netlink: 'syz.0.9018': attribute type 4 has an invalid length.
[  577.268337][T28035] ALSA: seq fatal error: cannot create timer (-16)
[  577.294828][T28020] xt_hashlimit: overflow, try lower: 18446744073709551614/7
[  577.373142][T28041] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10 sclass=netlink_route_socket pid=28041 comm=syz.0.9021
[  577.411394][T28041] netlink: 'syz.0.9021': attribute type 29 has an invalid length.
[  577.426825][T28041] netlink: 'syz.0.9021': attribute type 29 has an invalid length.
[  577.566623][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  577.590270][T27773] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  577.713407][T28062] loop4: detected capacity change from 0 to 128
[  577.723058][T28062] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  577.766576][T28067] program syz.1.9032 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  578.002682][T28075] vhci_hcd: default hub control req: 4008 v0007 i0000 l0
[  578.026946][T19294] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  578.181374][T28088] loop0: detected capacity change from 0 to 512
[  578.198478][T28088] EXT4-fs: Ignoring removed nobh option
[  578.204218][T28088] EXT4-fs: Ignoring removed nobh option
[  578.362832][T28088] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  578.472966][   T29] kauditd_printk_skb: 49 callbacks suppressed
[  578.472981][   T29] audit: type=1326 audit(578.456:28170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28096 comm="syz.4.9044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  578.502562][T28088] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.9036: invalid indirect mapped block 2683928664 (level 1)
[  578.520658][   T29] audit: type=1326 audit(578.506:28171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28096 comm="syz.4.9044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  578.547758][   T29] audit: type=1326 audit(578.536:28172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28096 comm="syz.4.9044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  578.566372][T27773] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  578.570809][   T29] audit: type=1326 audit(578.536:28173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28096 comm="syz.4.9044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  578.581635][T27773] CPU: 0 UID: 0 PID: 27773 Comm: syz-executor Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  578.604715][   T29] audit: type=1326 audit(578.536:28174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28096 comm="syz.4.9044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  578.615244][T27773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  578.615262][T27773] Call Trace:
[  578.615272][T27773]  <TASK>
[  578.644348][   T29] audit: type=1326 audit(578.576:28175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28096 comm="syz.4.9044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  578.648316][T27773]  dump_stack_lvl+0xf2/0x150
[  578.648381][T27773]  dump_stack+0x15/0x20
[  578.651676][   T29] audit: type=1326 audit(578.576:28176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28096 comm="syz.4.9044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  578.654580][T27773]  dump_header+0x83/0x2d0
[  578.677507][   T29] audit: type=1326 audit(578.576:28177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28096 comm="syz.4.9044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  578.682133][T27773]  oom_kill_process+0x341/0x4c0
[  578.686269][   T29] audit: type=1326 audit(578.576:28178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28096 comm="syz.4.9044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  578.709247][T27773]  out_of_memory+0x9af/0xbe0
[  578.709289][T27773]  ? css_next_descendant_pre+0x11c/0x140
[  578.709318][T27773]  mem_cgroup_out_of_memory+0x13e/0x190
[  578.709346][T27773]  try_charge_memcg+0x508/0x7f0
[  578.709383][T27773]  charge_memcg+0x50/0xc0
[  578.709465][T27773]  __mem_cgroup_charge+0x29/0xb0
[  578.709544][T27773]  filemap_add_folio+0x53/0x1b0
[  578.709580][T27773]  __filemap_get_folio+0x2f1/0x5b0
[  578.709621][T27773]  filemap_fault+0x46d/0xb30
[  578.713992][   T29] audit: type=1326 audit(578.576:28179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28096 comm="syz.4.9044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54465ee819 code=0x7ffc0000
[  578.736941][T27773]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[  578.736991][T27773]  __do_fault+0xb6/0x200
[  578.737025][T27773]  handle_mm_fault+0xe98/0x2ac0
[  578.737066][T27773]  exc_page_fault+0x3b9/0x650
[  578.737100][T27773]  asm_exc_page_fault+0x26/0x30
[  578.737136][T27773] RIP: 0033:0x7fbdc27e41c4
[  578.737156][T27773] Code: db 34 b6 d7 82 de 1b 43 48 f7 a4 24 88 00 00 00 48 8b 05 df 15 e1 00 48 69 8c 24 80 00 00 00 e8 03 00 00 48 c1 ea 12 48 01 ca <8b> 48 08 39 4c 24 18 48 89 d0 4c 0f 45 ea 4c 29 f0 48 3b 05 c4 14
[  578.737179][T27773] RSP: 002b:00007ffcc6cad3e0 EFLAGS: 00010206
[  578.737199][T27773] RAX: 0000001b33820000 RBX: 0000000000000028 RCX: 000000000008d1d0
[  578.737223][T27773] RDX: 000000000008d3f6 RSI: 00007ffcc6cad460 RDI: 0000000000000001
[  578.737314][T27773] RBP: 00007ffcc6cad40c R08: 0000000020cc584c R09: 7fffffffffffffff
[  578.737331][T27773] R10: 00007fbdc3606038 R11: 0000000000000010 R12: 0000000000000032
[  578.737346][T27773] R13: 000000000008d0f6 R14: 000000000008d0d4 R15: 00007ffcc6cad460
[  578.927220][T27773]  </TASK>
[  578.930346][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  578.937570][T27773] memory: usage 307200kB, limit 307200kB, failcnt 352
[  578.944348][T27773] memory+swap: usage 307476kB, limit 9007199254740988kB, failcnt 0
[  578.952837][T27773] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0
[  578.960257][T27773] Memory cgroup stats for /syz1:
[  578.961030][T27773] cache 0
[  578.965648][T28088] EXT4-fs (loop0): 1 truncate cleaned up
[  578.966199][T27773] rss 0
[  578.966209][T27773] shmem 0
[  578.980625][T27773] mapped_file 0
[  578.984092][T27773] dirty 0
[  578.987070][T27773] writeback 0
[  578.990363][T27773] workingset_refault_anon 132
[  578.995148][T27773] workingset_refault_file 2903
[  578.999448][T28088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  578.999938][T27773] swap 303104
[  579.020225][T27773] swapcached 0
[  579.023599][T27773] pgpgin 1081321
[  579.027206][T27773] pgpgout 1081321
[  579.030899][T27773] pgfault 739861
[  579.034453][T27773] pgmajfault 133
[  579.038100][T27773] inactive_anon 0
[  579.041800][T27773] active_anon 0
[  579.045266][T27773] inactive_file 0
[  579.048929][T27773] active_file 0
[  579.052572][T27773] unevictable 0
[  579.056041][T27773] hierarchical_memory_limit 314572800
[  579.061455][T27773] hierarchical_memsw_limit 9223372036854771712
[  579.067726][T27773] total_cache 0
[  579.071225][T27773] total_rss 0
[  579.074602][T27773] total_shmem 0
[  579.078109][T27773] total_mapped_file 0
[  579.082110][T27773] total_dirty 0
[  579.085579][T27773] total_writeback 0
[  579.089440][T27773] total_workingset_refault_anon 132
[  579.094647][T27773] total_workingset_refault_file 2903
[  579.099964][T27773] total_swap 303104
[  579.103777][T27773] total_swapcached 0
[  579.107723][T27773] total_pgpgin 1081321
[  579.111800][T27773] total_pgpgout 1081321
[  579.116172][T27773] total_pgfault 739861
[  579.120276][T27773] total_pgmajfault 133
[  579.124399][T27773] total_inactive_anon 0
[  579.128600][T27773] total_active_anon 0
[  579.132644][T27773] total_inactive_file 0
[  579.136832][T27773] total_active_file 0
[  579.140820][T27773] total_unevictable 0
[  579.145244][T27773] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.9032,pid=28066,uid=0
[  579.160054][T27773] Memory cgroup out of memory: Killed process 28066 (syz.1.9032) total-vm:93132kB, anon-rss:592kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  579.165499][T28100] lo speed is unknown, defaulting to 1000
[  579.188100][T27508] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  579.428768][T28112] loop0: detected capacity change from 0 to 128
[  579.438090][T28112] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  579.468767][T28112] syz.0.9046: attempt to access beyond end of device
[  579.468767][T28112] loop0: rw=2049, sector=216, nr_sectors = 1 limit=128
[  579.482403][T28112] Buffer I/O error on dev loop0, logical block 216, lost async page write
[  579.492158][T28112] syz.0.9046: attempt to access beyond end of device
[  579.492158][T28112] loop0: rw=2049, sector=217, nr_sectors = 824 limit=128
[  579.614670][   T28] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  579.738172][T28119] loop1: detected capacity change from 0 to 256
[  579.744885][T28119] vfat: Bad value for 'time_offset'
[  579.966562][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  580.113282][T28132] loop3: detected capacity change from 0 to 512
[  580.121524][T28132] EXT4-fs: Mount option(s) incompatible with ext3
[  580.252360][T28136] loop4: detected capacity change from 0 to 512
[  580.297814][T28136] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  580.466283][T19294] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  580.502230][T28141] ALSA: seq fatal error: cannot create timer (-16)
[  580.687880][T28146] loop1: detected capacity change from 0 to 128
[  580.697274][T28146] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  580.730559][T28146] syz.1.9060: attempt to access beyond end of device
[  580.730559][T28146] loop1: rw=2049, sector=216, nr_sectors = 1 limit=128
[  580.744026][T28146] Buffer I/O error on dev loop1, logical block 216, lost async page write
[  580.753572][T28146] syz.1.9060: attempt to access beyond end of device
[  580.753572][T28146] loop1: rw=2049, sector=217, nr_sectors = 824 limit=128
[  580.849223][   T11] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1)
[  580.881930][T28152] program syz.1.9062 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  581.006672][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  581.473779][T28152] ==================================================================
[  581.481914][T28152] BUG: KCSAN: data-race in __filemap_remove_folio / folio_mapping
[  581.489754][T28152] 
[  581.492084][T28152] write to 0xffffea0004b97718 of 8 bytes by task 28147 on cpu 1:
[  581.499808][T28152]  __filemap_remove_folio+0x1ac/0x2c0
[  581.505200][T28152]  filemap_remove_folio+0x6b/0x1f0
[  581.510348][T28152]  truncate_inode_folio+0x42/0x50
[  581.515412][T28152]  shmem_undo_range+0x25b/0xa70
[  581.520276][T28152]  shmem_evict_inode+0x14d/0x530
[  581.525234][T28152]  evict+0x2f0/0x570
[  581.529161][T28152]  iput+0x42a/0x5b0
[  581.532992][T28152]  dentry_unlink_inode+0x24f/0x260
[  581.538127][T28152]  __dentry_kill+0x18b/0x4c0
[  581.542750][T28152]  dput+0x5c/0xd0
[  581.546408][T28152]  __fput+0x3fb/0x6d0
[  581.550417][T28152]  ____fput+0x1c/0x30
[  581.554428][T28152]  task_work_run+0x13a/0x1a0
[  581.559053][T28152]  do_exit+0x5dd/0x17f0
[  581.563224][T28152]  do_group_exit+0x102/0x150
[  581.567853][T28152]  get_signal+0xeb9/0x1000
[  581.572287][T28152]  arch_do_signal_or_restart+0x95/0x4b0
[  581.577866][T28152]  irqentry_exit_to_user_mode+0xa7/0x120
[  581.583548][T28152]  irqentry_exit+0x12/0x50
[  581.588087][T28152]  asm_exc_page_fault+0x26/0x30
[  581.592957][T28152] 
[  581.595369][T28152] read to 0xffffea0004b97718 of 8 bytes by task 28152 on cpu 0:
[  581.603003][T28152]  folio_mapping+0xa0/0x120
[  581.607516][T28152]  evict_folios+0x2479/0x3240
[  581.612210][T28152]  try_to_shrink_lruvec+0x5d2/0x750
[  581.617418][T28152]  shrink_lruvec+0x22d/0x1840
[  581.622112][T28152]  shrink_node+0x603/0x1d80
[  581.626620][T28152]  do_try_to_free_pages+0x3c6/0xc50
[  581.631837][T28152]  try_to_free_mem_cgroup_pages+0x1e3/0x490
[  581.637836][T28152]  try_charge_memcg+0x2bc/0x7f0
[  581.642704][T28152]  obj_cgroup_charge_pages+0xbd/0x1a0
[  581.648089][T28152]  __memcg_kmem_charge_page+0x9d/0x170
[  581.653563][T28152]  __alloc_pages_noprof+0x1bc/0x340
[  581.658776][T28152]  alloc_pages_mpol_noprof+0xb1/0x1e0
[  581.664162][T28152]  alloc_pages_noprof+0xe1/0x100
[  581.669113][T28152]  __vmalloc_node_range_noprof+0x6eb/0xe80
[  581.674930][T28152]  __kvmalloc_node_noprof+0x121/0x170
[  581.680400][T28152]  ip_set_alloc+0x1f/0x30
[  581.684741][T28152]  hash_netiface_create+0x273/0x730
[  581.689954][T28152]  ip_set_create+0x359/0x8a0
[  581.694575][T28152]  nfnetlink_rcv_msg+0x4a9/0x570
[  581.699524][T28152]  netlink_rcv_skb+0x12c/0x230
[  581.704296][T28152]  nfnetlink_rcv+0x16c/0x15d0
[  581.708989][T28152]  netlink_unicast+0x599/0x670
[  581.713756][T28152]  netlink_sendmsg+0x5cc/0x6e0
[  581.718537][T28152]  __sock_sendmsg+0x140/0x180
[  581.723225][T28152]  ____sys_sendmsg+0x312/0x410
[  581.727996][T28152]  __sys_sendmsg+0x19d/0x230
[  581.732593][T28152]  __x64_sys_sendmsg+0x46/0x50
[  581.737364][T28152]  x64_sys_call+0x2734/0x2dc0
[  581.742055][T28152]  do_syscall_64+0xc9/0x1c0
[  581.746589][T28152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.752506][T28152] 
[  581.754830][T28152] value changed: 0xffff88811348c1f0 -> 0x0000000000000000
[  581.761935][T28152] 
[  581.764254][T28152] Reported by Kernel Concurrency Sanitizer on:
[  581.770403][T28152] CPU: 0 UID: 0 PID: 28152 Comm: syz.1.9062 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0
[  581.780821][T28152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  581.790882][T28152] ==================================================================
[  582.034468][T28152] syz.1.9062 (28152) used greatest stack depth: 6080 bytes left
[  582.048968][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  583.086580][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  584.126572][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  584.337331][   T29] kauditd_printk_skb: 120 callbacks suppressed
[  584.337354][   T29] audit: type=1400 audit(584.326:28300): avc:  denied  { read } for  pid=3001 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  584.365391][   T29] audit: type=1400 audit(584.326:28301): avc:  denied  { search } for  pid=3001 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  584.386552][   T29] audit: type=1400 audit(584.326:28302): avc:  denied  { append } for  pid=3001 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  584.408409][   T29] audit: type=1400 audit(584.326:28303): avc:  denied  { open } for  pid=3001 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  584.430440][   T29] audit: type=1400 audit(584.326:28304): avc:  denied  { getattr } for  pid=3001 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  585.166582][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  586.206569][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  587.246573][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  588.286588][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  589.326614][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  590.366632][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  591.406601][    C0] IPVS: sh: UDP 224.0.0.2:0 - no destination available