last executing test programs:

27.463451431s ago: executing program 2 (id=319):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000030000000900010073797a30000000005c000000090a010400000000000000000300000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000023200011800e00010063"], 0xa4}}, 0x4)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/anycast6\x00')
close_range(r4, 0xffffffffffffffff, 0x2)
pipe2$9p(&(0x7f0000000040), 0x84000)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000200)={0xb, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0x1, 0x56d6, 0x6, 0x9, 0xf016, 0x100, "1f"}}, 0x119)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x9, 0x4010, r4, 0x8000000)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000080)={0x100000011, @multicast2, 0x0, 0x0, 'lc\x00', 0x0, 0x85, 0x4000069}, 0x2c)

27.223034792s ago: executing program 2 (id=324):
r0 = getpid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_pidfd_open(r0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000004cc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000380)="a1", 0x1}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="0000000014"], 0x30, 0x40400d1}}], 0x1, 0x10)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0xc8800, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed00080001"], 0x2c}}, 0x40004)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc)
splice(r4, 0x0, r6, 0x0, 0x4ffe6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f0000000580)='kfree\x00', r9}, 0x9)
mount(0x0, &(0x7f0000001fc0)='./file0\x00', &(0x7f0000002000)='devtmpfs\x00', 0x0, &(0x7f0000002040)='dirsync')
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{0x0, 0x0, 0x0, 0x20}, {}]}, [{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {0x448eade7}, {0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0xfffffffe}, {}, {}, {0xfffffffc}, {}, {}, {}, {0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {0xd5, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x10}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x4}, {}, {0x4}, {0x0, 0xfffffffd}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x80000, 0xb}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
splice(r1, 0x0, r11, 0x0, 0x400000, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid\x00')
r12 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r12, &(0x7f0000000540)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
sendmmsg$inet(r12, &(0x7f00000023c0)=[{{&(0x7f0000002080)={0x2, 0x4e24, @local}, 0x10, &(0x7f00000021c0)=[{&(0x7f00000020c0)='MB', 0x2}], 0x1}}], 0x1, 0x4)

26.323567784s ago: executing program 2 (id=343):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8)
sendmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000000c0)="be", 0x1}], 0x1}}], 0x1, 0x24008094)
r2 = accept4$unix(r0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
recvfrom$unix(r2, &(0x7f0000000140)=""/263, 0x107, 0x2000000, 0x0, 0x0)

25.955393075s ago: executing program 2 (id=349):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000057db00d40080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x3, 0xffff, 0x0, 0x0, 0xfffffffa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x40000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffe}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, <r3=>0xffffffffffffffff}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
mkdir(&(0x7f0000000400)='./file0\x00', 0x100)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r6}, 0x10)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000280))
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x44000, 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20000840, 0x0, 0x0)

25.777001126s ago: executing program 2 (id=355):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000050c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = memfd_secret(0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x72, 0x141601)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, 0x0)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
ftruncate(r1, 0x51a9497)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@gettfilter={0x24}, 0x24}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = fcntl$getown(r1, 0x9)
getpgid(r8)
r9 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r6, &(0x7f00000003c0)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000050400aeff0f608e222b6933d100", @ANYRES32=r10, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
gettid()
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@bridge_delneigh={0x28, 0x1c, 0x63, 0x0, 0x0, {0x7, 0x0, 0x0, r10, 0x80, 0xbe}, [@NDA_LLADDR={0xa, 0x2, @random="63ccc7696324"}]}, 0x28}}, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x21, 0x9643, 0x0, 0x4, 0x20004, r1, 0x101, '\x00', r10, r1, 0x3, 0x4, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$nl_route(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001d"], 0x28}}, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES32], 0x5c}}, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r1)
socket$kcm(0x10, 0x2, 0x10)

25.716154866s ago: executing program 2 (id=358):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/ip_mr_vif\x00')
preadv(r1, &(0x7f0000000e80)=[{&(0x7f00000002c0)=""/208, 0xd0}], 0x1, 0xffffff7f, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x0, 0x10000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfff}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x10000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x34}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0)

25.713703556s ago: executing program 32 (id=358):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/ip_mr_vif\x00')
preadv(r1, &(0x7f0000000e80)=[{&(0x7f00000002c0)=""/208, 0xd0}], 0x1, 0xffffff7f, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x0, 0x10000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfff}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x10000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3, 0x0, 0x0, 0x34}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0)

12.323769175s ago: executing program 1 (id=520):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='bridge_slave_1\x00', 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x20420c, &(0x7f0000003240)=ANY=[], 0xc, 0x36d, &(0x7f0000001b00)="$eJzs3c9rM0UYwPEnaZI3ycvb5CCKgnSwF70sbfQsBmlBCFjaRmwFYdtuNGRNSjZUU8S2J6/i3ZPgofRmwUNB+w/04k0vInjrRfBgD+rK/ko2yaaNMW20/X7gJZOZeTY7O/OWZ9Pu7uXbn31Qq1haRW9JPK0kJiJyJZKXuARi/mvcLack7FBeevzbD8+vbZTTXoVaLq6/XFBKzc59++HHGb/b2SO5yL97+Wvhl4unL569/Gv9/aqlqpaqN1pKV1uNn1r6lmmonapV05RaMQ3dMlS1bhlNr/1rfztmY3e3rfT6zpPsbtOwLKXX26pmtFWroVrNttLf06t1pWmaepIV3KR8vLqqF8cM3p7wzuCWNJtFfUZEMgMt5eOp7BAAAJiq/vw/7qT04+T/mzJbKi2tKqdzN/8/eeG89fit01k//z9LReX/r/zobasn/3dOJ7r5f8M7P6jcnP9/If8g/x/MiB6WsfP//C3sDMYzlxqoivW8c/L/rP//13X0zsmCWyD/BwAAAAAAAAAAAAAAAAAAAADg/+DKtnO2beeC1+Bf9xIC/z3upWHz/0hE0s7s28z/fba2sSlp98I9Z47NT/fKe2Xv1e9wLiKmGH/a/Zy1EVx5pBx5+c488OMP9sozbkuxIlUnXhYlJ3l3PYXibXv5jdLSovL48Z3LlLLh+ILk5Klw/Dfu6nTiC73x/uen5MX5ULwmOfl+Wxpiyo4b2f38TxaVev3NUl98xu0nIj/f+aQAAAAAADBhmuqIPH/XtGHt3l1GihX3ayJDFiQnf0Sf3y9Enp8ncs8lpj16AAAAAAAeBqu9X9MlbjTdgmlGFTIytGkChURPTdK9J29E51RfTfK6Lc+ERjjq/qTEe4LJvx3Xl8FR7W1KOMMaGhX8IYWz450m/4kqUUdjhIL443FrYonxpyl2KO4COAw3xWWE8ET/zs85FSqy8/zQ7Rz5h6FTE3xtlIo6zu39mqwMbid+zUpIDtTYsfEWwDOff/V7ZJOMc+RfPfVXwEc3dz4yDftARpmUvoLzEYNNybv42QMAAADgbnWT/qDmtXBz+EEi4Yfl8Jt7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAm6FZu6ddXmPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+KvwMAAP//Conwtw==")
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000008000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
r3 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r3, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x6000)
io_setup(0x200, &(0x7f0000000140)=<r5=>0x0)
r6 = open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x39)
write$binfmt_script(r6, &(0x7f0000000080), 0x208e24b)
io_submit(r5, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r4, &(0x7f0000000000), 0x4000}])

11.592610826s ago: executing program 1 (id=533):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @private}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000380)=ANY=[@ANYBLOB="10000000000000000000000007"], 0x10}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}}, 0x0)

11.389022657s ago: executing program 1 (id=537):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r2, 0x0, 0x646}, 0x18)
timer_settime(0x0, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@newtaction={0xeb0, 0x30, 0xb, 0x70bd28, 0x0, {}, [{0xe9c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0xe50, 0x2, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x1}, [{0x0, 0x1}, {}, {0x0, 0x0, 0x8}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xc}, {0x0, 0x0, 0x0, 0x80}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x10}, {0x0, 0x0, 0x0, 0x4000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x0, 0x10000}, {0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x7fff}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x10000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x200}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {0x40}, {}, {}, {0x0, 0xfffffffd}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {0x5}, {}, {}, {0x0, 0x1}, {0x3}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x5}, {}, {0x4, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x6f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = add_key$keyring(&(0x7f00000001c0), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000340)="01000722625a900ede290f00015b097ead85847837353d2dbad05d", 0x1b, r5)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)

10.841946499s ago: executing program 1 (id=548):
r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file2\x00', 0x14d17, &(0x7f00000001c0)=ANY=[@ANYBLOB="756e686964652c68696465006e6f726f636b2c73657373696f6e3d3078303030303030013030303030303030312c686964652c63007b6865636b3d7374726963f4416e6f636fd689c91ceb036442a5e8b65659218425fff7286c15f6a62a2bbc4e30952aa22edafcc01c50d9545f6d70726573534d6e6f726f636b2c6368657f12106458668eb97fd25f742c696f636861727365743d69736f383835392d31332c63727566742c7065726d6928d7997c17d1c8704a54dc34229c72656374696f2c61756469742c004b32b19ac463afda9675ef356e50e2fb3d253ba1480f27afe645fded942f5957f2992896524e7731fa148037452b21c34c9918911ac37dff04099efbbf3c69c8fb9bdcda4683151bb24329a40b273da9bce1145213686d55a96caab752943c330423edc3876e0b859d57cd6d60dc5220aa1367c24de5e66343c128db17391d25b7aa35001e68df726f9ca1e0bfab6993329f0318602f3c51a28ed0858da3e3c47e95de50cbd34e68dd8517f1b4e1eeab0000000000e7b4ea43ef9e4d817aae8e0d2e71215bc0127620b046361adbde0b60bee63e91aa28d93cd8d79802966dbfacceffe6b1d302c5515d7323f7cca3f665a6964cba6cd16ae40bc68e94ac6b40bf96a55dcefd4024a5d7a848d08bdb5d8bb89b4c1968cf6ae0fd7858fa38b738c1ee6822f2cfdb30c3941199251d603d495ab6ce2ddb8e918e72b9171aaa287f2b19755bdc92109150850d5c14ec2ac32dee0122b28fcb3e88d5096d6352799c5f13f597695adfd21e644379e6a400000000000000000000000000fa41c3f14dca4ef03fed7e6466a4e2d4503979398731ee0fc7487e0b09466d841e2d8e64ed9e0d4333e6a79acee454fd", @ANYRES8=r0, @ANYRESOCT=0x0], 0x1, 0x67e, &(0x7f0000001600)="$eJzs3V1v29Ydx/Ef5SfFHYJiG4IgSJOTZAUcLFMouXFgZMCqUZTNTRIFUh5sYECRNXYRRE63JAMW3xS+2BPQvYHd9WK72IsYsOu9iu1uA4rtbsBuWPCQsiVbD1btJG3y/QStKPLPc/4kFf7BSDwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQ49Vct+yoEbQ2Ns1oXi0Km2OWZ63N6WY2cXNiv5KT/qdiURezWRe/fbj4Qvq/67qcvbusYvpS1N5bF96+963ZQm/9MQl9GZq2wafP9x7d73a3n5wgdkZTN/8qqXCCoDW/FcRh0Kyu+SaIQ7O6suLeXq/Hph40/Hgr7vhN40V+oRNGZsm7acqrq8vGL22FG621WrXh92be/V7FdVfMjxayAy2pFHvrQaMRtNZsTLo4jblrPv1pFuBXm8bsPOxuL09KMg0qnySoMimo4lYq5XKlUl65s3rnruvOHpvhphz3gI5FnPmHFl8zZ3fyBk6pkNb/fzpSQ0W1tKFNmaF/PNUUKVRzxPJcr/6/e9sf229//e9V+YvSD/LFl2Tr/5Xs3ZVR9X9ELkbGrjBsiTNi/nR/5vJWnuq59vRI99VVV9t6cgZtG5mrp23h12eSxz+SzOiINflqKVCsUIGaqto5Jp9jtKoVrcjVB1pXXbGM6grUkK9YW4rVkW8/UZ4i+aqqo1CRjJbk6aaMylrVqpZl5KukLYXaUEtrqqmq/yVJsqOHdr8vj9kK9YLKIwIW+oMqY1oaVf9/9kn2Oc3rv0v9f1Nln4OF/Cw2Lgb4Ckjy6/8pXX0x2QAAAAAAgBfBsf/67tjv7t+RlKgeNHz3VacFAAAAAADOkKNkQZflyP6kTe/I4fofAAAAAIDXjWPvsXMkLdof9TuHd0Kd5B8BZl5CigAAAAAA4JTsnf9X5qXEDlpxVc5U1/8AAAAAAOBr4Hd9Y+zP9sbYTXpf6xckxe0F56//WVA05+y3N7/j7FbTJdXdPObYLwA69UvO+XygXvsyL8m+8/zLTt5bPgjmwbiDn+9MGuvfiY4kMD/T38CIBJy055XZ/J0+1bVslWv5OPMP9gqyS7JeFutBwy95YeNeWdXq+ULH3+z88vHDX0nRwXbuPOxulz78uPvA5rKfztrfTRv9ZCCdwvCdcZjLMzvegr3nYtgWn1O91+XvW81Fx/br9rZ/RtXdQn9H4w7AYZ+/0fXsmF1fzGIX9w5G3E+3v5huf7lkD9nA1kdzzmEW5aNbPuxAjMiiaLO4kcXcWLqRvfTyS9spOMXvzkiV0vFjMJBFpT+LyfvC+e+xfTEui3xfLKdZ/C1taEQWy9NlceyIAMCrsnNYhewg5sfqbq889E5qX6ruTK7u7w9W92d/TBK7wow0m383MbaXotIz+pJj69C87Il19tKQM7qb15WiRpzR3VNUt7Svvxw+AylP+1gW/0+S5F7Z9vuHI1X1s3SFz0b2GzcqM+kuvP1s9+d2APzUR9sfbT+uVJZX3Pdc905Fc3Yz8pcZHc2U32wCAE7wjJ2JEc57upZFXHvw73ezqYGK982DnxSU9KE+VlcPdKv3CIGrw1td7PsZwq3sqlV9V63mwtv3zklHY8u6NfKqztbSvtjKQeyceqsMVurD2OUXfBQAAHi5rk+ow8Prf3Gg/t/SUhaxdGnodfdgLT/6hOBRseXJyb9/1nsDAIA3gx997ix2futEUdD+oLy6Wq521n0Thd6PTRTU1nwTtDp+5K1XW2u+aUdhJ/TChmlHWghqfmzijXY7jDqmHkamHcbBpn3yu8kf/R77zWqrE3hxu+FXY994YatTnZGpBbFn2hs/bATxuh/ZleO27wX1wKt2grBl4nAj8vySMbHv9wUGNb/VCepBOtky7ShoVqMt85OwsdH0Tc2PvShod8KsQduX1zFBqx5GTdtsScnUDzoEAOB19PT53qP73e72kzET+5ock0/MD2mQ75sBAPiKOSzXU6xUfIEJAQAAAAAAAAAAAAAAAAAAAACAY05y/99UE3PDbhaUDub84vyRtf6kYe04OuvEppkoTLtW75aIvUd/HxN87mBOb/f3x+y/tA381zekt+wcZXNmz76vc3ZvvLwD9/2dbI+OjEkXDl20cHAsZs/+r0M68fjPIxYlSZKMX31hcB/Oj9vAwYlZSU/mT3EIBk4TjJsBvIa+CAAA//9z/kFZ")
syz_clone3(&(0x7f0000000480)={0x148000400, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000feffffff09000000280003"], 0x3c}}, 0x40000)
syz_emit_ethernet(0x104e, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000186dd6000000010182b00fe80000000000000000000000000000bfe8000000000000000000000000000aa670000000000000021"], 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x10)
set_mempolicy(0x3, &(0x7f0000000140)=0x3, 0x8)
mount$9p_tcp(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

10.609742169s ago: executing program 1 (id=552):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x280, 0x0, 0x2a9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
semop(0x0, &(0x7f0000000380)=[{0x3, 0xffff}], 0x1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ed50000000f00000095"], &(0x7f0000000500)='GPL\x00', 0x6, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r3, 0x0, 0x4}, 0x18)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000100009b0000bf0feda623"], 0x14}}, 0x0)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r5, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x10050, &(0x7f0000000200)={[{@jqfmt_vfsv0}, {@nouid32}]}, 0xfe, 0x270, &(0x7f0000000cc0)="$eJzs3T9oJFUcB/Df7B/jJotEbQTxD4iIBkLsBJtYCQEJQURQISJiJYkQE+yyVjYWWqsEBJsgdsZWbIKNIlhFTRGbg7twxYUr7g7m2J1dbpNsuLv9N8fO5wPLvpf33ry3Yb9vl4WZCaCwZiNiMSLKETEXEdWISLo7PJs9ZtvVndr+akSavnk1afXL6pnOuJmIaETEKxGVTtvW3rtH1w9ef+HLzerzP+y9UxvX6+t2fHT4xsl3y1/8vPTy1p9/X15OYjHq7bbu1zFMSY+/VZKIx0Yx2QMiqeS9gsK7dS+dVj776Z9m7h+PiOda+a9GqR3ZrzYe+q0aL3170divr/z15BDXC+QgTavNz8BGmtZSoFhKEVGPpDQfEVm5VJqfz77D/1ueLn28vvHp3Efrm2sf5r1TAcNSb33Pn/pl5kz+L5Wz/AOTqx5x+NbK7n/N8kk579UAI9P9a/tT2VMz/3Pvb78Y8g+FI/9QXPIPxSX/MAH6zK78Q3ENkv+HR7QmYISm7hR9/sMEq3YKjZ7N8g/FJf8wob7vddbpafIPxdWdfwCgWNKpvM9ABvKS9/4DAAAAAAAAAAAAAAAAAACct1PbX+08xjXn799EHL8WEZVe85db9yPuXG18+lrSumNxR5ING8h7zwx4gAH9OLSzr2t9jXrk/2HN358/nh7NcT8/Xb3wn7O9FtFodl6oVM6//5L2+69/j96lvfrBgBPcp2Zmtrvqr7493vnPurmb7/xLBxG/NvefhV77TymeaD333n/q3ZdY7tMnNwY8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGNzOwAA//9nqGya")
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f00000002c0)={0x2, {0x2, 0x2, 0x6, 0x2, 0x7, 0x12}})
write$nci(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="6105010303030602046b7f06beacfe46fd18176db7d6e83b01ad"], 0x1a)

10.35456425s ago: executing program 1 (id=558):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c0000000000", @ANYRES8=0x0, @ANYRES32=r3], 0x30}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x3}, @IFLA_BR_MCAST_STATS_ENABLED={0x5, 0x2a, 0x1}]}}}]}, 0x44}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
syz_emit_ethernet(0x8a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaac4bc9cac968686dd600000000054060000000000000000000000ffff07000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50e2000090780000080a0000000000000000030a0000000000000000fe08f989e8e82b840502000b317275"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0)
setresuid(0xee01, 0x0, 0x0)
setfsuid(0xee01)
faccessat2(0xffffffffffffff9c, 0x0, 0x1, 0x100)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00<r\xe9\x9cD\x90\xce\xe1\xc5\x85=\\!\xbbQ\xde\xc3\xe3\x7f\xcf\x1f\x17G\xa6\x13\xae\x92 \x1c\xbf\xfa\xe8e\x8cD\"\xa3w')

10.35396424s ago: executing program 33 (id=558):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c0000000000", @ANYRES8=0x0, @ANYRES32=r3], 0x30}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x3}, @IFLA_BR_MCAST_STATS_ENABLED={0x5, 0x2a, 0x1}]}}}]}, 0x44}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
syz_emit_ethernet(0x8a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaac4bc9cac968686dd600000000054060000000000000000000000ffff07000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50e2000090780000080a0000000000000000030a0000000000000000fe08f989e8e82b840502000b317275"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0)
setresuid(0xee01, 0x0, 0x0)
setfsuid(0xee01)
faccessat2(0xffffffffffffff9c, 0x0, 0x1, 0x100)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x00<r\xe9\x9cD\x90\xce\xe1\xc5\x85=\\!\xbbQ\xde\xc3\xe3\x7f\xcf\x1f\x17G\xa6\x13\xae\x92 \x1c\xbf\xfa\xe8e\x8cD\"\xa3w')

2.333579634s ago: executing program 4 (id=702):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
fsopen(0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0a00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00c2ffdd39d2502a220000000000000000ff01000000000000000000cecff1bca00c2426ffb6f2e26c6d34883c1269d0591e63dae4fdff93a79d60630ae2ce11ae2010dcc829690d6e52b208e4eeb28a1cd6361bffa46369076da8e318d15cbd749722f4b517bfd3be"], 0x50)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x14, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xffffffffffffff70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) (async)
openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000180)='sched_switch\x00', r3, 0x0, 0x5}, 0x18)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181)
r4 = socket$netlink(0x10, 0x3, 0x4)
r5 = socket$packet(0x11, 0x4000000000002, 0x300)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @quote={{0x2}, 0x1}}], 0x1c) (async)
setsockopt$packet_int(r5, 0x107, 0x9, 0x0, 0x0) (async)
write(r4, 0x0, 0x0) (async)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0) (async)
socket$netlink(0x10, 0x3, 0x14) (async)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b0000000000000000000000008000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000000000000000000000000c28158299470a94ff500000000000000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x90) (async)
syz_clone(0xe0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000100020400bf050005001201", 0x2e}], 0x1}, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)

1.763516395s ago: executing program 4 (id=709):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x10002}, 0x18)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f00000000c0)='logon\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, r3)
ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000080)={0x0, 0x7f, 0x700})

1.756752035s ago: executing program 0 (id=710):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x202, 0x3, 0xffff, 0x0, 0x0, 0xfffffffa, 0xfffa, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0xfd, 0x0, 0x4, 0x3110, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x800000000003}, 0x1100, 0x5dd8, 0x3, 0xc, 0x5, 0x0, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffff7fff, 0xffffffffffffffff, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x4, &(0x7f0000001800)={{r1}, &(0x7f0000001780)=0x4, &(0x7f00000017c0)='%-010d \x00'}, 0x20)
r2 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)

1.701853575s ago: executing program 4 (id=712):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @private}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000380)=ANY=[@ANYBLOB="10000000000000000000000007"], 0x10}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}}, 0x0)

1.669460255s ago: executing program 0 (id=713):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x5, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000100)='kfree\x00', r0}, 0x18)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000f0400000000005f"], 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0200000004000000040000000100000080000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00LN\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="000000000100"/28], 0x48)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c00000003060101000000000000000000000000050001000700000021ecbd4ece9145cdfdfc54ed60f52b1f686e295d59ba4ad6e2cfe24a5e16b921216d795406034ac73bb0a2d28b465a4dcc6ddab5128c3e93518453a712209a51b5c017f11baa97042b32ed1376c9c34388fa3eb6176a5b55d624329f558a0fde747f2f49131e916a6346e96abbe39d61c66abaa56bae8d526e81500fae3d38adae0974d59ba40e853e6c86395986111b50e425ec4be03550338239de416bd9e8eddec0c8b2deafb03ebc95f1ff9b8718482a197e1ab70ae3f0a7322aea3da843ad808e13e98ea0"], 0x1c}}, 0x0)

1.582858446s ago: executing program 0 (id=715):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00101}]})
epoll_create1(0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000003c0)={<r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000300)={r3})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000004c0)={<r4=>0x0})
r5 = socket$key(0xf, 0x3, 0x2)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000000)={r4, 0x3, r5})
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000780), r1)
sendmsg$NL802154_CMD_SET_CCA_MODE(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="01002bbd7000ffdb58a30d00000008000100010000011efb69354809e5184a2033f3fe9ade345683767c45889822b1abb12a8ebcf7bb216a767fa3861e3c4a23fed48625a328123ef9840c9365b2f6efaa2c9b56262121cff7f6e2760daa1d6a218595518bfb139c1417dda1f2155a3d6306c634e9b13ebee00d3667c8a449c83a45dc556eff0c5ffc"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x14)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r8)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x14, r9, 0xbcaa9c0f86c3443d}, 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x9c, r9, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:hald_var_run_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:apt_var_cache_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x2e}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40000}, 0x40010)
r10 = socket(0x1d, 0x3, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x8205, &(0x7f0000000480)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x8}}, {@data_err_abort}, {@minixdf}, {@errors_remount}, {@abort}, {@noblock_validity}, {@barrier}, {@journal_dev={'journal_dev', 0x3d, 0xf35}}]}, 0x1, 0x618, &(0x7f0000000640)="$eJzs3c9rHG0dAPDvzCYxed9oWpFii2LAQwvS/KjFqqe2F3soWLAHEQ8NTVJDN21oUrC1YAoeFBREvIr04j/gXYpXbyKoN89CFYl4UOnKzM60a3Y32ebN7mwznw/M9plnZvd5vjv7dJ5nNs9OALU1nz2kEWcj4k4SMdexbTbaG+eL/fb+8exutiTRan3j70kkRV65/+vi3w+zhyRiOiJ+fz3ik43ucrefPL2/0my1fT9icWdza3H7ydOLG5sr99burT1YvvTly1eWvrJ8eflY4izjunHz65/5yQ++86X1PzQvJnE1bk9+bzX2xXFc5mM+XhchduZPRMSVLNHjfXnflCEkFdeDo2kUn8fJiDgTc9HI19rmYuPHlVYOGKpWI6IF1FSi/UNNlf2Acmw/jHHwOHt1rT0A6o5/on1tJKbzsdEHe0nHyKg93j11DOVnZfz32blfZEv0uQ4xcQzl9LP7PCI+3Sv+JK/bqfwqThZ/GmnH87L0UkRMFe/FYOP/ya6c+X3ro/78vUv8ncchi/9q8W+Wf/2I5VcdPwD19PJacSLfzdbenv+ynmHZ/4ke/Z/ZHueuo6j6/Ne//1ee76fza+Tpvn5Y1t+51fsluzo5f/nRjZ/1K7+z/5ctWfllX3AUXj2POLcv/h/mHb3kzfFPehz/bJc7A5bxtT/+7Ua/bVXH33oRcb7n+OdtjzZLLe5sbpV5+76fXFzfaK4ttR97lvGb3337V/3Krzr+7PhHn/HfQcc/y9sasIxf33qx2W/b7KHxp3+dSm7nqaki57srOzuPliOmkpvFLh35lw6uS7lP+RpZ/Bc+37v994q/KCo/0Lv/9270t/XN+3v99hv4+HcPnTKvWweHe6gs/tU+n//Djv9PByzjX996/Nl9WTNl4qD4Z7pfKtl95wgBAAAAAACgPtL8O9gkXXiTTtOFhfYc3k/FB2nz4fbOF9YfPn6wGnEh/3vIybT8pnuuvZ5k68vF38OW65f2rX8xIk5HxM8bM/n6wt2HzdWqgwcAAAAAAAAAAAAAAAAAAIAx8WEx/7+8T/U/G+35/wPZOTPk2gFDN8wbzAHjTfuH+srbf1p1LYAqOP9DfWn/UF/aP9SX9g/1pf1DfWn/UF/aP9SX9g8AAAAAJ9Lpz738cxIRu1+dyZfMVLFtstKaAcP27m18fij1AEavMdKnAePkzVf/pv9D7QzU//938eOAw68OUIGkV2beOWgd3Phf9nwmAAAAAAAAAAAAADAE58+a/w91lcZvq64CUJHuifxn9wac6Oc3AOA956f/ob4+0hjfBQI4EQ6bxT/db4P5/wAAAAAAAAAAAAAwMrP5kqQLxS1AZyNNFxYiPh4Rp2IyWd9ori1FxCci4k+NyY9l68tVVxoAAAAAAAAAAAAAAAAAAABOmO0nT++vNJtrjzoT/+nKOdmJ8i6o41KfzkQkoy90JiLGIfbhJCY6cpKI3ezIj0XFHm3HWFQjzatR8X9MAAAAAAAAAAAAAAAAAABQQx1zj3s798sR1wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARu/t/f+PnkgOeZ2qYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k//CwAA//9vNjw9")
pipe2(0x0, 0x800)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[])
r11 = socket$inet6_sctp(0xa, 0x3, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r11, 0x84, 0x6b, 0x0, 0x0)
r12 = openat$binfmt_register(0xffffff9c, 0x0, 0x1, 0x0)
write$binfmt_register(r12, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0}, 0x18)
timerfd_create(0x0, 0x0)
connect$inet6(r10, &(0x7f0000000040)={0xa, 0x4e24, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)

1.539893576s ago: executing program 3 (id=717):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="2100000000000000000000000000100000040000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000002000000000000"], 0x50)

1.538959746s ago: executing program 4 (id=718):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x29)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000b80)={r2, 0x4, {0x0, 0x0, 0x0, 0x76, 0x9, 0x0, 0x16, 0xe, 0x0, "9058f7a49a2ef7be29ad7edeeed49e82944837457a052b5ebdf622e8cc844a823c5d834ef5dfc31838f78939c52f351b600348c511fc59247f968c71ddb36eaa", "54a2b19bf8fdce13d7a64822b0708194d3b4078a4f1de78fc09300772a960ba1d24d3fd98a67ecd2219fba240861f8bc73c9d8f35b09f23941d316b9768b7451", "af2cdc3547c84364170da4ae9e58521fbbfe582b4ba9cc8a84cbab6eba0b4369", [0x5131, 0xab4]}})
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f0000000280), 0x1, 0x76a, &(0x7f0000001b00)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=")
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
fcntl$notify(r3, 0x402, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="440000000008010100000000000000000f01000314000480080001000000000208000240000007ff06000240910000000500030011000000090001"], 0x44}, 0x1, 0x0, 0x0, 0x4040004}, 0x4000080)
close_range(r3, 0xffffffffffffffff, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0/../file0\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000000)={[{@init_itable}, {@errors_remount}, {@norecovery}]}, 0x2, 0x44e, &(0x7f0000001640)="$eJzs289vFFUcAPDvTH+g/GpBooKoVWJs/NHSisrBi0YTDxhN9IDHui2EsFBDayKESDUGLyaGRM/Go4l/gTcvRj2ZeNW7ISHKBfRUM7MzsLvslm7Y7lb280kG3pv3Zud9O/Nm3szbDWBgTWT/JBHbI+L3iBirZRsrTNT+u371fOWfq+crSayuvv1Xkte7dvV8paxabretyEymEemnSbGTRktnz52cq1YXzhT56eVT708vnT337IlTc8cXji+cnj18+NBzMy++MPt8V+LM4rq276PF/Xtff/fSG5Wjl977+busvduL8vo4umUiC/zv1Vxz2RPd3lmf7ahLJ8N9bAgdGYqI7HCN5P1/LIbi5sEbi9c+6WvjgA2V3Zu2tC9eWQXuYkn0uwVAf5Q3+uz5t1x6NPTYFK68XHsAyuK+Xiy1kuFIi+ejkabn226aiIijK/9+nS2xQe8hAADqfV756kg802r8l8b9dfV2FnMo4xGxKyJ2R8R9EbGnrs4DEfFgh/tvnhq6dfyTXu7wIzuSjf9eKua2Gsd/aVllfKjI7cjjH0mOnaguHCz+JpMxsiXLz6yxjx9e/e2LdmX1479syfZfjgWLdlwebnpBNz+3PJcPSrvgyscR+4ZbxZ/cmAlIImJvROzr7KN3lokTT327v12l28e/hi7MM61+E/Fk7fivRFP8pWTt+cnpe6K6cHC6PCtu9cuvF99qt/87ir8LsuO/tfH8b64yntTP1y6Vq9d/Al7847O2zzTrPf/H67bJzv/R5J38ejRarPtwbnn5zEzEaHIkzzesn725bZkv62fxTx5o3f93F9tk8T8UEdlJ/HBEPBIRjxZtfywiHo+IA2vE/9Mr7cs2w/Gfb3n9u3H+Nx3/zhNDJ3/8vt3+13f8D+WpyWJNfv27jfU28E7+dgAAAPB/kebfgU/SqRvpNJ2aqn2Hf09sTauLS8tPH1v84PR87bvy4zGSlm+6xureh84kK8Un1vKzxbviojx/mborIr4cujcvn6osVuf7GzoMvG1t+n/mz6F+tw7YcK3m0WZH+9AQoOea+3/amL3wZi8bA/SU32vD4LpN/0971Q6g99z/YXC16v8XmvLmAuDu5P4Pg0v/h8Gl/8Pg0v9hIN3J7/olBjkR6aZohsQGJfp9ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiO/wIAAP//WpTuMw==")
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000), 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{}, 0x0, &(0x7f00000000c0)}, 0x20)
ioctl$EXT4_IOC_GET_ES_CACHE(r5, 0xc020662a, &(0x7f0000000a80)={0x2, 0x3, 0x6, 0x1d64, 0x3, 0x0, [{0x7, 0x9, 0x3f3a, '\x00', 0x1085}, {0x1, 0x1ff, 0x2, '\x00', 0x1182}, {0x7, 0xfffffffffffffffa, 0xf73d, '\x00', 0x40}]})
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538)

1.072962557s ago: executing program 3 (id=719):
r0 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYRES8=r0], 0x15)
dup(r1)
r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
close(r3)
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x2}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000040000000000000006000000950000000000000051b63d78ee1194c572850d1a3904ceac810b440158739f1109cccbbac9201287b0bef0925cd73b884324886a6502e367ece50f8d9ba7e47c8ba8b2c80a111ce098c073dc9164cc5d333376fd9ab02e80da745a96f86ec71f93e8724df5b56b1ba4029ae8fb2aa8be816a8a84f3"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r7, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r7, 0x84, 0x17, &(0x7f0000000380)=ANY=[@ANYRES32=0x0, @ANYBLOB="01"], 0x9)
sendto$inet6(r7, &(0x7f0000000000)="eb", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r7, 0x84, 0x19, &(0x7f0000000340)={0x0, 0x1}, 0x8)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r9, 0x201, 0x0, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x4004004)
r10 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r10, 0x10f, 0x87, &(0x7f0000000040)={0x42}, 0x10)
close_range(r5, 0xffffffffffffffff, 0x0)

1.021023777s ago: executing program 3 (id=720):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r3}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x1f0, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x250)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f00000003c0)={'wpan0\x00', <r4=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000400)={'wpan1\x00', <r5=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r1, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x78, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x8}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_LEVEL={0x14, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x7}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x5}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x9}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r5}]}, 0x78}, 0x1, 0x0, 0x0, 0xa081}, 0x4000000)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000cedc474ed3fa81ab5b8a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0)

1.015721487s ago: executing program 6 (id=721):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000003f02366e71d31e2e31852d2f0b4ab7a8"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pread64(r3, 0x0, 0x0, 0x365)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040), 0xfe, 0x4f2, &(0x7f0000000b00)="$eJzs3d9rHFsdAPDvTHbvbdpcN1d9uF6wLbaSFO0maWwbfKgKok8Ftb7XmGxDyCZbkk3bhKIp/gGCiAq+6JMvgn+AIP0TRCjou6gooq0++FAd2d3ZmKa7+UE3u97s5wMnc8782O85GebsnJlhJ4ChdTEiJiMiy7LsSkSU8vlpnmKnlRrrvXj+eKGRksiyO39LIsnntT/r7Xx6Lt/sTER87csR30xej7uxtb0yX61W1vPyVH01eZll21eXV+eXKkuVtdnZmRtzN+euz033pJ3jEXHri3/6wXd/9qVbv/r0w9/f/cvkt1oNbNnbjl5qNb3Y/F+0FSJi/SSCDUih2cKW6wOuCwAAB2uc7384Ij4REVeiFCPNszkAAADgNMk+NxYvk9b9PwAAAOB0SiNiLJK0nD/vOxZpWi63nuH9aJxNq7WN+qey0u71gvEopveWq5Xp/NmB8SgmjfJM/oxtu3xtX3k2It6NiO+XRpvl8kKtujjQKx8AAAAwPM7tG///s9Qa/wMAAACnzPigKwAAAACcOON/AAAAOP2M/wEAAOBU+8rt242Utd9/vfhga3Ol9uDqYmVjpby6uVBeqK3fLy/VakvN3+xbPezzqrXa/c/E2uajqXploz61sbV9d7W2uVa/u/zKK7ABAACAPnr3wtPfJRGx89nRNCKyZM+yYkQ2snflQv/rB5yc9Dgr//Hk6gH038igKwAMjFN6GF7FQVcAGLjD+oGuD+/8uvd1AQAATsbEx3bv/zdTw1v5smSgNQNOWn7/P3Gsw/Bx/x+Gl/t/MLyKB50BGBTAqZce4VB/8/v/WXasSgEAAD031kxJWs7HAWORpuVyxDvN1wIUk3vL1cp0RHwoIn5bKr7dKM80t0xcHgAAAAAAAAAAAAAAAAAAAAAAAACAI8qyJLIuRnfXAQAAAD7IItI/J/n7vyZKl8f2Xx94K/lXqTmNiIc/vvPDR/P1+vpMY/7fd+fXf5TPv9bvqxcAAABAJ+1xenscDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99OL544V26mfcv34hIsY7xS/Emeb0TBQj4uw/kijs2S6JiJEexN95EhHvdYqfNKoV43kt9sdPI2J0wPHP9SA+DLOnjf7n852OvzQuNqedj79Cnt5U9/4v3e3/Rrr0f+90+sD09VnvP/vFVNf4TyLeL3Tuf9rxky7xLx2xjd/4+vZ2t2XZTyMmOn7/JK/EmkoK96c2travLq/OL1WWKmuzszM35m7OXZ+bnrq3XK3kfzvG+N7Hf/mfg9p/tkv88UPaf/mI7f/3s0fPP9LKFvctKsZPsmzyUuf9/16X+O3vvk/mu7tRnmjnd1r5vc7//DfnLxzQ/sUu7T9s/08esf1XvvqdPxxxVQCgDza2tlfmq9XK+vEyScTOG2wuM1yZ0ehj0Pk4aJ32SWwf6vPtPNT/xS44dmZwfRIAAHAy/nfSP+iaAAAAAAAAAAAAAAAAAAAAwPA67GfAogc/J7Y/5s5gmgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKD/BgAA//+6ychX")
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r5 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r5, 0x101)
r6 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r6, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = accept4(r5, 0x0, 0x0, 0x0)
sendto(r7, &(0x7f0000000280)="5b9518c6bdc3f1457816e7fb2c329ebb44d8f1d1f11aa169b3e3", 0x1a, 0x8000, &(0x7f00000002c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'ghash-clmulni\x00'}, 0x80)
close(r4)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)

933.862568ms ago: executing program 5 (id=722):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b300000000000000000000000000000095000000000000006d0f6d8b6ea8a18e6e9b9b71e11c6d881a6c857807633ecef4ac79111efc70bcf789d95673087e9ace33f45b9264a27d08a40f62b888808c0f4d12f5cebf1c10a5aa2f727e47281d439b29647abdbf451dda5c4d217ad9feefd36963ba7c500020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
memfd_create(0x0, 0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x26, 0x1, 0x0, 0x0, "", [@nested={0x103, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8c"]}]}, 0x114}], 0x1}, 0x0)
ioperm(0x2, 0x8, 0x2)

933.281017ms ago: executing program 3 (id=723):
perf_event_open(&(0x7f0000000240)={0x5, 0x80, 0x0, 0x5, 0x0, 0x0, 0x0, 0x22, 0x90000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000000), 0x1}, 0x8224, 0x0, 0x0, 0x8, 0x5, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xf, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x1, 0x62000, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0, 0x3}, 0x100000, 0x0, 0x0, 0x9, 0x3, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100, 0x103) (async)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100, 0x103)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) (async)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x56}], 0xee01}, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], &(0x7f00000002c0)=""/203, 0xfffffffffffffe5f) (async)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], &(0x7f00000002c0)=""/203, 0xfffffffffffffe5f)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
io_setup(0x3, 0x0)
r0 = syz_socket_connect_nvme_tcp()
recvfrom$inet_nvme(r0, &(0x7f0000000040)=""/119, 0x77, 0x10000, &(0x7f00000000c0)=@isdn={0x22, 0x1, 0xb, 0x10, 0x9}, 0x80)
add_key(&(0x7f00000006c0)='.dead\x00', 0x0, 0x0, 0x0, 0xfffffffffffffff8)

652.878608ms ago: executing program 3 (id=724):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x40012020, 0x0) (fail_nth: 6)

613.005989ms ago: executing program 3 (id=725):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224"], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r3 = fcntl$dupfd(r2, 0x0, r2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x1e8, 0xc, 0x5002004a, 0xb, 0x310, 0xea02, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x248)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8)
r5 = socket(0x10, 0x3, 0x0)
readv(r5, &(0x7f0000002c80)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1)
sendmsg$nl_generic(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001e000503"], 0x24}, 0x1, 0x0, 0x0, 0x4a841}, 0x0) (async)
sendmsg$nl_generic(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001e000503"], 0x24}, 0x1, 0x0, 0x0, 0x4a841}, 0x0)
socket$key(0xf, 0x3, 0x2) (async)
r6 = socket$key(0xf, 0x3, 0x2)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) (async)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB="14000000100001000000ddffffff00000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0) (async)
sendmsg$NFT_BATCH(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB="14000000100001000000ddffffff00000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r9}, 0x4)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r10}, 0x10)
syz_usbip_server_init(0x7) (async)
syz_usbip_server_init(0x7)
sendmsg$NFT_MSG_GETOBJ(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000150a0102"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async)
sendmsg$NFT_MSG_GETOBJ(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000150a0102"], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000b2f17db98500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r11}, 0x10)
sendmsg$key(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02120000b8cca735a1644d666658816aa10200"/29], 0x10}}, 0x0)

527.230389ms ago: executing program 5 (id=726):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000023c0)=@updsa={0x13c, 0x1a, 0x1, 0x0, 0x0, {{@in=@loopback, @in6=@empty}, {@in6=@dev, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00', {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x13c}}, 0x0)

501.785049ms ago: executing program 5 (id=727):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000023c0)=@updsa={0x13c, 0x1a, 0x1, 0x0, 0x0, {{@in=@loopback, @in6=@empty}, {@in6=@dev, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00', {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x13c}}, 0x0)

447.012969ms ago: executing program 5 (id=728):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
r2 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r2, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @host}, 0x10)

330.87641ms ago: executing program 5 (id=729):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x120c480, &(0x7f0000000c80), 0x3, 0x4ea, &(0x7f0000000680)="$eJzs3d9rW20dAPDvSdu97dbX9tX3Yg7chk66oUva1W3Fi62C6NXAOe9rbdNSmjalSbe1DOnwDxDEX+iVV94I/gGC7E8QcaD3IqIM3SaooEZOetLVLukP1yZb8/nA0/M850e+z5M0T/Kc55ATQNe6GBGTEdETEVciYihb/2FE5NLM5lZK93vx/NFMmpKo1e79JYkkW9d4rCRbnskO64+Ir3454hvJ63Er6xuL06VScTUrF6pLK4XK+sbVhaXp+eJ8cXlyfOzGxM2J6xOjzar9z9r/0dZbX/zj97/90y/d+uVnH/x+6s+Xv5lWazDbtrMdB7F5wP22mt5Xfy4a/l6LWD1MsLdY+n/TW28hAADvgvQ7/kcj4pMR8fJHna4NAAAAcBxqtwfjX0lEDQAAADixcvVrYJNcPrsWYDByuXx+6xreD+N0rlSuVD8zV15bnt26VnY4+nJzC6XiaHat8HD0JWl5rJ5/Vb62qzweER9ExHeHBurl/Ey5NNvpkx8AAADQJc7sGv//bWhr/A8AAACcMMOdrgAAAABw7Iz/AQAA4ORrOf5PettbEQAAAOA4fOXOnTTVGve/nr2/vrZYvn91tlhZzC+tzeRnyqsr+flyeb7+m31L+z1eqVxe+Vwsrz0sVIuVaqGyvjG1VF5brk7V7+s9VXSfaAAAAGi/Dy48+V0SEZufH6in1Kls2/5j9Z5jrh1wnHKH2z05rnoA7ecTHLrXzgt8L7Tc61Rb6gK0l/l4YJ+B/ffqf29vlw952gAAAHgbjHz8Teb/zQfCu8xAHrqX+X/oXlvz/wOdrgbQAeb/ocu9t/8u/a02/Kr1MYnTgwAA8FYZrKckl8/mAgcjl8vnI96v3xagL5lbKBVHI+IjEfHbob730vJYpysNAAAAAAAAAAAAAAAAAAAAAAAAAO+YWi2JyRoAAABwkkXk/pRkN/IfGbo0uPv8wKnkH0P1ZUQ8+PG9HzycrlZXx9L1f91eX/1htv7a9mFJxGZ7T2QAAABAN2pxw+7GOL0xjgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAo/Ti+aOZRmpn3GdfiIjhZvF7o7++7I++iDj9MoneHcclEdFzBPE3H0fE2Wbxk7RaMZzVYnf8XEQMdDj+mSOID93sSdr/TDZ7/+XiYn3Z/P3Xm6U39exiq/4vt93/9cRvXjsu7f/eP2CMc09/XmgZ/3HEud7m/U8jfvKG/e/Xv7ax0Wpb7ScRI00/f5L/iVWoLq0UKusbVxeWpueL88Xl8fGxGxM3J65PjBbmFkrF7G/TGN/5xC/+s1f7T++O3xfb/e9e7b90wPb/++nD5x/bI/7lTzV//c/WAzWPnz73n84+B9LtI4385lZ+p/M/+/X5vdo/2+L53+/1v3zA9l+5+60/HHBXAKANKusbi9OlUnFVRkbm5GXuZm/0Qx/e4Y4JAAA4cq++9DfdnCRtrxEAAAAAAAAAAAAAAAAAAAB0n3b8CNnOeP2dayoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ7+GwAA//9n4NZt")

330.259729ms ago: executing program 5 (id=730):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xbe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x2})
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000004b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000340)='cpu\t&0&&\t')

273.45956ms ago: executing program 0 (id=731):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x201c448, &(0x7f0000000080)=ANY=[@ANYBLOB='map=acorn,utf8,session=0x0000000000000004,session=0x0000000000000056,map=normal,session=0x000000000000003d,unhide,norock,block=0x0000000000000400,map=off,session=0x0000000000000001,uid=', @ANYRESDEC=0x0, @ANYRES16=0x0, @ANYRESDEC=0x0, @ANYRESOCT=0x0], 0x1, 0xa82, &(0x7f0000000180)="$eJzs3c1vHGcZAPBnNrZju1WbtqEtUZtMUqV12+CsbZoo6oEm9jpx8QeyHamRQE3VOCiKRVEDUhshNZUQJyoqhJAACaEeOVUqB3pBORWOnDggQf8DVHFKETBoZnftXWc/Yndtp+X3s9Y7H8877/POzM7rXe/uG3yeZVlW3LY4f/63O5ksd58zUx+/9/47+e3tGzEQe+K55PcRgxGRRvT9pzhX+ienFhfmumzoasTFiLgZkUTE3qjetzHUNHcxkp/EvevzNyP5VTzaotjgJhtHVxn/13b7/AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLvS5FS5PJbE7Mz8+ZfS9oohwDusr2/uw2LU7+TDbtUmEUl+i8HB+lDfj+5fX/1w/utIPFade6w68vdgXL/n4X3PP9RXqpfvkNCOuPbm9auvrK6uvF6b35um/V0L7d32tDZvYGvFzlbmZ5YWZuZOn62kM0sL6akTJ8rHz00vpdMzUVm6sLRcmUsnFyunlxcW05HJp9OxU6cm0srohYXz82enRmcr9YUnvzJeLp9IXxz9RuX04tLC/PEXR5cmz83Mzs7Mny1i8tV5zMn8RPz6zHK6XDk9l6aXr6yuTHRLMg8aa7kmaQ4a77al8fL4+NjY+FCceO7UcyfL5b7agvGx+oLyBnFbxO6ftPTar+848nc9v37DZ1Cq9f8xGzMxH+fjpUhb/kzGVCzGQsy1WJesb6/e/x89XulYb2P/X+/lH11ffSCK/v9gFH9YHGzX/7fJtftPllXrabHuo5VNbOdavBnX42q8EquxGivx+pYzWv/5qHn+043r/51l2Ra2m+atPdS4D3qQ69moxHzMxFIsxEzMxeliSVpbksapOBEnohwvx7mYjqVIYzpmYjYqsRQXYimWo1KcUZOxGJU0YjkWYjHSGInJeDrSGItTMRQTkUYlRuNCLMT5mI+zMRWni61cjivFfp/okONa0NidBI13CLqtM/9s/X92N/4lyHbr+TUctiqr9f8DbQOy+tTI5I5lBQAAAPTSl/8U9+1/8I9/i+iPx4vX5adnZivl3U4LAAAA6KHi7XqP5Xf9WUQ8HkmL5/+lXUoOAAAA6IkkDtZeBRiOQ9Wp6ieh9oQ3AQAAAMAXRPH//4P53XA+dSiStW9CubjbuQEAAAC90f079rtGJINR+07L9FL1/lItovY9v8PTM7OV0cmF2efH4sniWwaKTxrctrU9EUl/8fGDZ+JwNerwcPV+uHmLg3nU2OjzY/FMHKk1ZOSJ/O6JkRaR49XIp6qRT3WInMgjAeCL7sjt/fGn2Sb7/2fiWDXi2IG+gYjoO9CiZy2v96x9u9FQAGDNkeL9/53G2GmOeKtWrrH//+r68//+2uqm/v/BuPzffOFKjMar8VqsxqU4VnzaoHjHQVO933y39prB2tsQynGsy6sB9dg/nyzFsS6vBww3DPRyrMsrAtXY+FbExPYeBADYYUfa9MPt+v8iIupvHKz2/8canv/H7c//14YWWvGRQgC4K6yNYN/TiWxP45LdbiMA0EwvDQAAAAAAAAAAAAAAAAAAAAAAAAAAAL3X06/9H9xi8b/XxvWrLsl6Px5B64mh2j6oL3lrU3vj7WtvXv9pRDSuKuWN2J6ci0x7u+VSD7aTRcROHa+dm4h9EVveq9Fq1UBEbHvyQ72o4tPaRPWxUep08TjfcS0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfA0nEnlbLSxF7I6IcEcd3Pqvtc2O3E9h5X2ucSW7FrXgj7tu9dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvphq3/9fiur9PdVF0VeKOBoRFyMi2+0ce+nWbifQI0NbLNfw/f/5MY8sib7qYY+kf3JqcWEuP/zF2A+lj997/51HmovvvdN6isDShsElajVsjP3NvfWpB4pSw1Mr165+77XvplNnohQDcWZ5enZq7uziC+tFHk4+iEijeqvL881vPzj6h3dbtPyDvKWtbax3utg5U7fX+0ir0p3r7eTK6sp4XtNy5aXl73/nyhsNqx6MwxFPjESMNNf07fzWpqbD0d+ptuST5EfJffHzuFgc/3xvJFmSH6L7i/YPXb6yujL66murl9rktC8ORcSliMGuOa3t6kPF9aSl4qwr9ee1loug/Nf+Lm1srXGMi+oWx9q04YHilBmutWGgqQ2lNnWm7dtQ7PCG/V6qTyTJxowmahkNRHNGD8WTLY50tjei/V54svORbi35JPlrci7+Ej9sGP+jlB//o9H+0dm8iSKy4UxpG1mqRhYtH29c8fLGyH/84o6ybzlMDZv146YHb6nh+l87Vj26HmVJx+tRQ40TbWps/bjYUOPGs6LUtuFFj7R/Q4na1adtoWqe+6tRTXmuV/SleDai70Cnq+JtvfWz7a8ozeVfaL16q4//XyYj8c+4YfwfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7pdE7Gm1vBRxNCL21efTiGwTm93bbkVpONlsij11Y+3X59z+4nepadnb3Yslt+JW9tZ2JQUAAAAAAADATjsz9fF777+T34r/x++5lWW1/++nEX0RsS/52VBMLS7MddlQf8TFiLiZTw+2C/pXVtW8NC8X967P34zI7t96kwCALv4XAAD//wIIc7g=")
setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000001080)={@broadcast, @rand_addr=0x64010100, @remote}, 0xc)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000034004000200035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a1a83", 0xd4}, {&(0x7f00000014c0)="5c9ebe30", 0x4}], 0x2}, 0x0)

270.15226ms ago: executing program 6 (id=732):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x71, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000ff9000/0x4000)=nil)
r1 = open(&(0x7f0000000080)='./file1\x00', 0x82840, 0x44)
pwritev2(r1, 0x0, 0x0, 0x1400, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYRES64=<r2=>0xffffffffffffffff], 0x0, 0x46, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
io_setup(0x30, 0x0)
r3 = socket$inet6(0xa, 0x3, 0xff)
r4 = dup2(r3, r3)
r5 = io_uring_setup(0x2237, &(0x7f0000000880)={0x0, 0xfffffffc, 0x400})
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r4, 0xe, &(0x7f0000000100)={0xfffffffe, 0x0, &(0x7f0000000040), 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r5, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000000), 0x0}, 0x20)
poll(0x0, 0x0, 0x7)
r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/vlan/vlan0\x00')
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r3, @ANYRESHEX=0x0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f0000000900)=ANY=[@ANYRESOCT, @ANYBLOB, @ANYRES32=r7, @ANYBLOB="e8875f743553689bdd745bfa148f259924f0bb884f11c821a7f9d32de1ad3cb0577d9c66480897799bdb0418d31147d12d98288644d929cdfcca8377448ea17da736a005b26cab2f8a174846fd3c1734fbf760060271e11b3bd46f8985f09814907c84eb81bc1ff7aab1d6ebe504a33dfa0916c29379009e07a05e2b5fac6925be06f24fabcc5f711a5a47cafe7a5de2b52d23bd40ac6491a1f407078187638ccef3c66d9e1dd7febdcc13906d670e094fc0000dd27ad0e2143e7abb13aed068b66bed380d9d5fb8aaf2", @ANYRESDEC=r2, @ANYRES8=r6, @ANYRESHEX=0x0], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r9 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x1, 0x1, @mcast1, 0x9}, 0x1c)
write$RDMA_USER_CM_CMD_BIND_IP(r4, &(0x7f00000000c0)={0x2, 0x28, 0xfa2c, {0xf5ff, {0xa, 0x4e24, 0x200, @mcast1, 0x3c}}}, 0x30)
r10 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
io_uring_setup(0x5, &(0x7f0000000440)={0x0, 0x9fbe, 0x400, 0x1, 0xfffffffb})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005000000", @ANYRES32, @ANYBLOB="000000001e424206457cd4304800000000003c00b0cfee275fdbb75111bcc7e13bbe09c14d42bec2899a1e11179266008f03d364e2fa983715c805218222e8ad92eeedc03d5e57f973422ade6849c7a9218530a6954bf8e3b5fa1993c7150dff8ff8a18c7e72eb273eb97035273ef95089903ee2c4ae5a2581e026d28b0656c508301d604ac7f2361fe14d431697b30e0fd1c4cb73eac7ee0038a522", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000380)={0x0, r10}, 0x8)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x4, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r11}, 0x10)
r12 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08123d000200080001400400446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)

188.06257ms ago: executing program 6 (id=733):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_icmp(0xa, 0x2, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1600000000000000040018000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000009a5d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r6 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r6, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e25, 0x0, @private1, 0xfff}, 0x1c)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="01000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x14, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000000300008500000086000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000040b70500000800000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
r8 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r8, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4)
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001440)=@newtaction={0x850, 0x31, 0x1, 0x0, 0x0, {}, [{0x83c, 0x1, [@m_police={0x838, 0x0, 0x0, 0x0, {{0xb}, {0x80c, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x4, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x3ff, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff1]}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x850}}, 0x0)
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r10}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

124.76351ms ago: executing program 4 (id=734):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x4c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x38, 0x1, [@m_tunnel_key={0x34, 0x1, 0x0, 0x0, {{0xf}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x4c}}, 0x0)

124.39749ms ago: executing program 6 (id=735):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x202, 0x3, 0xffff, 0x0, 0x0, 0xfffffffa, 0xfffa, 0x0, 0x0, 0x0, 0x10001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0xfd, 0x0, 0x4, 0x3110, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x800000000003}, 0x1100, 0x5dd8, 0x3, 0xc, 0x5, 0x0, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffff7fff, 0xffffffffffffffff, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x4, &(0x7f0000001800)={{r1}, &(0x7f0000001780)=0x4, &(0x7f00000017c0)='%-010d \x00'}, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)

123.94422ms ago: executing program 0 (id=736):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0xfff7ffffffffff76}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x201c448, &(0x7f0000000080)=ANY=[@ANYBLOB='map=acorn,utf8,session=0x0000000000000004,session=0x0000000000000056,map=normal,session=0x000000000000003d,unhide,norock,block=0x0000000000000400,map=off,session=0x0000000000000001,uid=', @ANYRESDEC=0x0, @ANYRES16=0x0, @ANYRESDEC=0x0, @ANYRESOCT=0x0], 0x1, 0xa82, &(0x7f0000000180)="$eJzs3c1vHGcZAPBnNrZju1WbtqEtUZtMUqV12+CsbZoo6oEm9jpx8QeyHamRQE3VOCiKRVEDUhshNZUQJyoqhJAACaEeOVUqB3pBORWOnDggQf8DVHFKETBoZnftXWc/Yndtp+X3s9Y7H8877/POzM7rXe/uG3yeZVlW3LY4f/63O5ksd58zUx+/9/47+e3tGzEQe+K55PcRgxGRRvT9pzhX+ienFhfmumzoasTFiLgZkUTE3qjetzHUNHcxkp/EvevzNyP5VTzaotjgJhtHVxn/13b7/AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLvS5FS5PJbE7Mz8+ZfS9oohwDusr2/uw2LU7+TDbtUmEUl+i8HB+lDfj+5fX/1w/utIPFade6w68vdgXL/n4X3PP9RXqpfvkNCOuPbm9auvrK6uvF6b35um/V0L7d32tDZvYGvFzlbmZ5YWZuZOn62kM0sL6akTJ8rHz00vpdMzUVm6sLRcmUsnFyunlxcW05HJp9OxU6cm0srohYXz82enRmcr9YUnvzJeLp9IXxz9RuX04tLC/PEXR5cmz83Mzs7Mny1i8tV5zMn8RPz6zHK6XDk9l6aXr6yuTHRLMg8aa7kmaQ4a77al8fL4+NjY+FCceO7UcyfL5b7agvGx+oLyBnFbxO6ftPTar+848nc9v37DZ1Cq9f8xGzMxH+fjpUhb/kzGVCzGQsy1WJesb6/e/x89XulYb2P/X+/lH11ffSCK/v9gFH9YHGzX/7fJtftPllXrabHuo5VNbOdavBnX42q8EquxGivx+pYzWv/5qHn+043r/51l2Ra2m+atPdS4D3qQ69moxHzMxFIsxEzMxeliSVpbksapOBEnohwvx7mYjqVIYzpmYjYqsRQXYimWo1KcUZOxGJU0YjkWYjHSGInJeDrSGItTMRQTkUYlRuNCLMT5mI+zMRWni61cjivFfp/okONa0NidBI13CLqtM/9s/X92N/4lyHbr+TUctiqr9f8DbQOy+tTI5I5lBQAAAPTSl/8U9+1/8I9/i+iPx4vX5adnZivl3U4LAAAA6KHi7XqP5Xf9WUQ8HkmL5/+lXUoOAAAA6IkkDtZeBRiOQ9Wp6ieh9oQ3AQAAAMAXRPH//4P53XA+dSiStW9CubjbuQEAAAC90f079rtGJINR+07L9FL1/lItovY9v8PTM7OV0cmF2efH4sniWwaKTxrctrU9EUl/8fGDZ+JwNerwcPV+uHmLg3nU2OjzY/FMHKk1ZOSJ/O6JkRaR49XIp6qRT3WInMgjAeCL7sjt/fGn2Sb7/2fiWDXi2IG+gYjoO9CiZy2v96x9u9FQAGDNkeL9/53G2GmOeKtWrrH//+r68//+2uqm/v/BuPzffOFKjMar8VqsxqU4VnzaoHjHQVO933y39prB2tsQynGsy6sB9dg/nyzFsS6vBww3DPRyrMsrAtXY+FbExPYeBADYYUfa9MPt+v8iIupvHKz2/8canv/H7c//14YWWvGRQgC4K6yNYN/TiWxP45LdbiMA0EwvDQAAAAAAAAAAAAAAAAAAAAAAAAAAAL3X06/9H9xi8b/XxvWrLsl6Px5B64mh2j6oL3lrU3vj7WtvXv9pRDSuKuWN2J6ci0x7u+VSD7aTRcROHa+dm4h9EVveq9Fq1UBEbHvyQ72o4tPaRPWxUep08TjfcS0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfA0nEnlbLSxF7I6IcEcd3Pqvtc2O3E9h5X2ucSW7FrXgj7tu9dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvphq3/9fiur9PdVF0VeKOBoRFyMi2+0ce+nWbifQI0NbLNfw/f/5MY8sib7qYY+kf3JqcWEuP/zF2A+lj997/51HmovvvdN6isDShsElajVsjP3NvfWpB4pSw1Mr165+77XvplNnohQDcWZ5enZq7uziC+tFHk4+iEijeqvL881vPzj6h3dbtPyDvKWtbax3utg5U7fX+0ir0p3r7eTK6sp4XtNy5aXl73/nyhsNqx6MwxFPjESMNNf07fzWpqbD0d+ptuST5EfJffHzuFgc/3xvJFmSH6L7i/YPXb6yujL66murl9rktC8ORcSliMGuOa3t6kPF9aSl4qwr9ee1loug/Nf+Lm1srXGMi+oWx9q04YHilBmutWGgqQ2lNnWm7dtQ7PCG/V6qTyTJxowmahkNRHNGD8WTLY50tjei/V54svORbi35JPlrci7+Ej9sGP+jlB//o9H+0dm8iSKy4UxpG1mqRhYtH29c8fLGyH/84o6ybzlMDZv146YHb6nh+l87Vj26HmVJx+tRQ40TbWps/bjYUOPGs6LUtuFFj7R/Q4na1adtoWqe+6tRTXmuV/SleDai70Cnq+JtvfWz7a8ozeVfaL16q4//XyYj8c+4YfwfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7pdE7Gm1vBRxNCL21efTiGwTm93bbkVpONlsij11Y+3X59z+4nepadnb3Yslt+JW9tZ2JQUAAAAAAADATjsz9fF777+T34r/x++5lWW1/++nEX0RsS/52VBMLS7MddlQf8TFiLiZTw+2C/pXVtW8NC8X967P34zI7t96kwCALv4XAAD//wIIc7g=")

83.28939ms ago: executing program 4 (id=737):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1900000004000001090000000400000000000000", @ANYRES32, @ANYBLOB="0300000000000400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000280)=r1}, 0x20)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x7f, 0x8d}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000000)=0x9)
pipe(&(0x7f0000002480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r2, 0x0, r6, 0x0, 0x7, 0x0)
write$P9_RWRITE(r6, &(0x7f0000000040)={0xb}, 0x11000)
write(r6, &(0x7f0000000140), 0x0)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@noinit_itable}, {@nobh}, {@acl}]}, 0x1, 0xb96, &(0x7f00000014c0)="$eJzs3M9vVNUeAPDvvZ2WQvtoeXl570FMbGJQo3EolGDCClwbNdGFS2o7JU2HH7Y1sQ2Lgnt1YYwLEsOfYOJeNq5MXOBC8S8gRmKIboDFmDs/yoTplFpmeqB8PsmZe86cmfv9fufC3HOTuQ3gmTVRPOQRByPiTBYx1nw+j4ihem84Yq3xunt3Ls0ULYta7d0/ssgi4u6dSzOtfWXN7UhzMBwRN97I4t+fdMZdWlldmK5WK4vN8ZHlcxePLK2svjZ/bvps5Wzl/PGp149PnZia6mGtty5+8NVzP7314pVrn06+/eX+H7I4FaPNufY6emUiJtY/k3aliJjudbBEBpr1tNeZlRImBADApvK2Ndx/YywG4sHibSy+/zlpcgAAAEBP1AYiagAAAMAul7n+BwAAgF2u9TuAu3cuzbRa2l8k7KzbpyNivFF/6/7mxkwp1urb4RiMiH1/ZtF+W2vWeNtjmygifftjpWjRp/uQN7N2OSL+v9Hxz+r1j9fv4u6sP4+IyR7En3ho/DTVf6oH8VPXD8Cz6frpxoms8/yXr69/YoPzX2mDc9d2pD7/tdZ/9zrWfw/qH+iy/ntnizEO3X/lRre59vXf+5/9OlvEL7aPVdQ/cPtyxKHSRvVn6/VnXeo/s8UYIzO3rnabK+ov6m21na6/di3icH0111l/S7bZ3yc6MjdfrUw2HjfY/8qJzeO3H/+iFfFb1wI7oTj++2J7x//iFmOM/+/3g93mHl1//ttQ9l69N9R85uPp5eXFoxFD2Zudzx/bPJfWa1r7KOp/+YXN//9vVH/xnbDW/ByKfz2Xm9tifOWhmCOHj32z/fr7q6h/dpvH//Mtxvj6u6sfdptLXT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT4c8IkYjy8vr/TwvlyNGIuI/sS+vXlhafnXuwkfnZ4u5iPEYzOfmq5XJiBhrjLNifLTefzA+9tB4KiIORMQXY3vr4/LMheps6uIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYNxIRo5Hl5YjII+KvsTwvl1NnBQAAAPTceOoEAAAAgL5z/Q8AAAC7X8f1fylNHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxaB56/fjOLiLWTe+utMNScG0yaGdBveeoEgGQGUicAJFNq69dqtVrCVIAd5hofyB4xP9x1Zk/PcwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgyfXSwes3s4hYO7m33gpDzbnBpJkB/ZanTgBIZmCzyWzn8gB2Xil1AkAyrvGBxlL/fq2hc3646zv39DMtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4wo/WW5eWIyOv9PC+XI/4VEeMxmM3NVyuTEbE/In4ZG9xTjI+mThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeW1pZXZiuViuLOjo6Ouud1N9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACksLSyujBdrVYWl1JnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKS2tLK6MF2tVhb72EldIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6fwdAAD//2kSD28=")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
read(r5, &(0x7f0000019440)=""/102391, 0x18ff7)
dup2(r2, r3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)

66.30118ms ago: executing program 6 (id=738):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket(0x2, 0x1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)={0x24, r6, 0x10ada85e65c25359, 0x0, 0x8000000, {{0x6b}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}]}]}, 0x24}}, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0xa00000000000000, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x20, 0x1, 0x990, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000e00], 0x0, 0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000766c616e300000000000000000000000736974300000000000000000000000007465716c3000000000000000000000000000000000000000000000000180c20000000000000000000000b8080000b808000030090000616d6f6e670000000000000000000000000000002000000000000000000000002008000000000000140400000c000000000000000a000000000000040000000000000000000000000000080000000000000000000000000000b085da05d603888318a0cce400000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000fdffffffff00000000000000000000e4ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000006fb7cd02b734bcce41ef6e95bd000000008000000000000000000000000000000000000000000000000000000000000000eeff3f000000008fc7660c490587b3ab213098a6767c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f8f0000000000000000dbd5a834b3ab2a0cc27081310000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000440a05000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000f18a0afe993500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4f016fa70c1255400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008c7f8f1b44f000000000feffffff00000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000062f75a00627f34dd71012eed00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e0ffffff00000000000000000000000000000000000000000000001b00000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000f200000000000000000000000000000000000000000000000000000000000000fffffff90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f2573bd04a330000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000ff7f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000cb33322c9c564ae5f8eef74d5aa7cc9c000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000003f7f1c00000000000000000000000000000000ecffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000afe96d981b6f119c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d3d2e85100000000000000000000000000000000000000000000000000844caab24e79bd260000000000000000000000000000000000000000005080000000000000000000000000000000010000a600a9e85725d89818472e65aba21d9bbc1b20e8331c6fd24a5aceaeefe102e42a013ac2c00eeb782c34eab997013e0506220c21a44cc58ff5bc83d5e4066c7700"/2448]}, 0xa08)
setsockopt(r2, 0x84, 0x81, &(0x7f00000002c0)="1ae96d0103010000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000040)=ANY=[], 0xffc9)
r8 = memfd_secret(0x80000)
ioctl$SCSI_IOCTL_DOORUNLOCK(r8, 0x5381)
fcntl$setlease(r8, 0x400, 0x2000000)

26.00352ms ago: executing program 6 (id=739):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks}, {@minixdf}]}, 0x1, 0x4ff, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvndhx0uwmu+wBEOwuuwsFVXUSdzda7QGWEwK0EmKPIHVD4kZR7DiKndKEHtIzVyQqcYIjfwDnnrhzQXDjUg5I/IhADRIHoxlPUje1m6hJ7Cj+fKTRvDdv6u97Tee9+pvEL4CR9XZE7EVEMSI+i4iZ7HouO+LjzpHc92T//vLB/v3lXLTbn/4zl7Yn16LrzySuZa9ZiogffifiJ7nn4zZ3dteXarXqVlafa9U355o7uzfX6kur1dXqRqWyuLA4/+GtDyrnNta36sWs9OXHf9j7xs+Sbk1nV7rHcZ46Qy8cxUmMR8T3LyLYEIxl4ykOuyO8lHxEvB4R76TP/0yMpV9NAOAqa7dnoj3TXQcArrp8mgPL5ctZLmA68vlyuZPDeyOm8rVGs3XjTmN7Y6WTK5uNQv7OWq06n+UKZ6OQS+oLaflpvXKsfisiXouIX0xMpvXycqO2Msz/+ADACLt2bP3/z0Rn/QcArrjSsDsAAAyc9R8ARo/1HwBGj/UfAEZPZ/2fHHY3AIAB8v4fAEaP9R8ARsoPPvkkOdoH2edfr9zd2V5v3L25Um2ul+vby+XlxtZmebXRWE0/s6d+0uvVGo3Nhfdj+97sNzebrbnmzu7temN7o3U7/Vzv29VCetfeAEYGAPTz2luP/pxLVuSPJtMjuvZyKAy1Z8BFyw+7A8DQjA27A8DQ2O0LRtcZ3uNLD8AV0WOL3meUev2CULvdbl9cl4ALdv0L8v8wqrry/34KGEaM/D+MLvl/GF3tdu60e/7HaW8EAC43OX6gz/f/X8/Ov82+OfDjleN3PLzIXgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDldrj/bznbC3w68vlyOeKViJiNQu7OWq06HxGvRsSfJgoTSX1hyH0GAM4q/7dctv/X9Zn3pp9pevPaUbEYET/91ae/vLfUam39MaKY+9fE4fXWw+x6ZfC9BwBOdrhOJ+dHXW/kn+zfXz48Btmfv387Ikqd+Af7xTg4ij8e4+m5FIWImPp3Lqt35LpyF2ex9yAiPt9r/LmYTnMgnZ1Pj8dPYr8y0Pj5Z+Ln07bOOfm7+Nw59AVGzaNk/vm41/OXj7fTc+/nv5TOUGeXzX/JSy0fpHPg0/iH899Yn/nv1DHe//13O6XJ59seRHxxPOIw9kHX/HMYP9cn/nunjP+XL735Tr+29q8jrkfv+N2x5lr1zbnmzu7NtfrSanW1ulGpLC4szn9464PKXJqjnuu/Gvzjoxuv9mtLxj/VJ37phPF/9ZTj/83/PvvRV14Q/+vv9oqfjzdeED9ZE792yvhLU78r9WtL4q/0Gf9JX/8bLw77vWJWePzX3ee2DQcAhqe5s7u+VKtVtxQULn8h+Sd7CbrRs/CtQcUqRu+mn7/beaaPNbXbLxWr34xxHlk34DI4eugj4r/D7gwAAAAAAAAAAAAAANDTIH5jadhjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Or6fwAAAP//sUPPoQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x107f62, 0x80)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x77c, &(0x7f0000001180)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2CYMWDCBYKerZdNttQs8mW7KY0IaBFBC+CigdBLz37o968+uOq/4UHsVRNixUPEpnNTrttdtNsmmSr+/nAJO/NzO6b776ZeW93HjMB9KzR9E8u4mBEfJBEDDfmJxExUE/1RxxfW+/GynIxnZJYXX3t96S+zvWV5WI0vSa1v5F5NCK+fzfiUG59udXFpZlCuVyab+THa7PnxquLS4fPzhamS9OluaMTk5NHjj1z7Oj2xfrnT0sHrnz48pNfHf/7nUcuv/9DEsfjQGNZcxzbZTRGG5/JQPoR3ual7S6sy5JubwBbkh6afWtHeRyM4eirpwCA/7O3ImIVAOgp/dp/AOg52e8A11eWi9nU3V8kdtfVFyNi71r82fXNtSX9jWt2e+vXQYeuJ7ddGUkiYmQbyh+NiM++eeOLdIodug4J0MrbFyPi9Mjo+vN/sm7MQqee2mDZnsb/0TvmO//B7vk27f8826r/l7vZ/4kW/Z/BFsfuVtz1+N+3DYVsIO3/Pd80tu1GU/wNI32N3AP1Pt9AcuZsuZSe2x6MiLEYGEzzE2vrthwGNXbtn2vtym/u//3x0Zufp+Wn/2+tkfu1f/D210wVaoV7jTtz9WLEY/2t4k9u1n/Spv97cpNlvPLce5+2W5bGn8abTevjj8bopJ2xeiniiZb1f6sqkw3HJ47Xd4fxbKdo4eufPxlqV35z/adTWn72XWA3pPU/tHH8I0nzeM1q52X8eGn4u3bL7h5/6/1/T/J6PZ31Iy4UarX5iYg9yavr5x+59dosn62fxj/2eOvjf6P9P/1OeHqT8fdf+e3Lrce/s9L4pzqq/84Tl2/M9LUrf3P1P1lPjTXmbOb8t9kNvJfPDgAAAAAAAAAAAAAAAAAAAAAAAAA2KxcRByLJ5W+mc7l8fu0Z3g/HUK5cqdYOnakszE1F/VnZIzGQy251Odx0P9SJxv3ws/yRO/JPR8RDEfHx4L4ku4/iVJdjBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM/jbP/0/9MtjtrQMAdszebm8AALDrtP8A0Hu0/wDQe7T/ANB7tP8A0Hu0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOywkydOpNPqXyvLxTQ/dX5xYaZy/vBUqTqTn10o5ouV+XP56UplulzKFyuzd3u/cqVybjLmFi6M10rV2nh1cenUbGVhrnbq7GxhunSqNLArUQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ6qLSzOFcrk0L7GFxOr9sRndT/Q1dqc7FyUR0ekbvhBdD6ezRHJ/bMY2J7p8YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4j/g3AAD//5EOHsI=")
r3 = inotify_init()
inotify_add_watch(r3, &(0x7f0000000040)='./file0\x00', 0x400017e)
chdir(&(0x7f0000000140)='./file0\x00')
r4 = open(&(0x7f0000000100)='.\x00', 0x48880, 0x20)
getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000006c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2, 0x4}}, 0x20)
pwritev2(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000240)={0x3920e, r0, 0x4, 0x0, 0x0, 0x3})
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks}, {@minixdf}]}, 0x1, 0x4ff, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvndhx0uwmu+wBEOwuuwsFVXUSdzda7QGWEwK0EmKPIHVD4kZR7DiKndKEHtIzVyQqcYIjfwDnnrhzQXDjUg5I/IhADRIHoxlPUje1m6hJ7Cj+fKTRvDdv6u97Tee9+pvEL4CR9XZE7EVEMSI+i4iZ7HouO+LjzpHc92T//vLB/v3lXLTbn/4zl7Yn16LrzySuZa9ZiogffifiJ7nn4zZ3dteXarXqVlafa9U355o7uzfX6kur1dXqRqWyuLA4/+GtDyrnNta36sWs9OXHf9j7xs+Sbk1nV7rHcZ46Qy8cxUmMR8T3LyLYEIxl4ykOuyO8lHxEvB4R76TP/0yMpV9NAOAqa7dnoj3TXQcArrp8mgPL5ctZLmA68vlyuZPDeyOm8rVGs3XjTmN7Y6WTK5uNQv7OWq06n+UKZ6OQS+oLaflpvXKsfisiXouIX0xMpvXycqO2Msz/+ADACLt2bP3/z0Rn/QcArrjSsDsAAAyc9R8ARo/1HwBGj/UfAEZPZ/2fHHY3AIAB8v4fAEaP9R8ARsoPPvkkOdoH2edfr9zd2V5v3L25Um2ul+vby+XlxtZmebXRWE0/s6d+0uvVGo3Nhfdj+97sNzebrbnmzu7temN7o3U7/Vzv29VCetfeAEYGAPTz2luP/pxLVuSPJtMjuvZyKAy1Z8BFyw+7A8DQjA27A8DQ2O0LRtcZ3uNLD8AV0WOL3meUev2CULvdbl9cl4ALdv0L8v8wqrry/34KGEaM/D+MLvl/GF3tdu60e/7HaW8EAC43OX6gz/f/X8/Ov82+OfDjleN3PLzIXgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDldrj/bznbC3w68vlyOeKViJiNQu7OWq06HxGvRsSfJgoTSX1hyH0GAM4q/7dctv/X9Zn3pp9pevPaUbEYET/91ae/vLfUam39MaKY+9fE4fXWw+x6ZfC9BwBOdrhOJ+dHXW/kn+zfXz48Btmfv387Ikqd+Af7xTg4ij8e4+m5FIWImPp3Lqt35LpyF2ex9yAiPt9r/LmYTnMgnZ1Pj8dPYr8y0Pj5Z+Ln07bOOfm7+Nw59AVGzaNk/vm41/OXj7fTc+/nv5TOUGeXzX/JSy0fpHPg0/iH899Yn/nv1DHe//13O6XJ59seRHxxPOIw9kHX/HMYP9cn/nunjP+XL735Tr+29q8jrkfv+N2x5lr1zbnmzu7NtfrSanW1ulGpLC4szn9464PKXJqjnuu/Gvzjoxuv9mtLxj/VJ37phPF/9ZTj/83/PvvRV14Q/+vv9oqfjzdeED9ZE792yvhLU78r9WtL4q/0Gf9JX/8bLw77vWJWePzX3ee2DQcAhqe5s7u+VKtVtxQULn8h+Sd7CbrRs/CtQcUqRu+mn7/beaaPNbXbLxWr34xxHlk34DI4eugj4r/D7gwAAAAAAAAAAAAAANDTIH5jadhjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Or6fwAAAP//sUPPoQ==") (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x107f62, 0x80) (async)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) (async)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x77c, &(0x7f0000001180)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2CYMWDCBYKerZdNttQs8mW7KY0IaBFBC+CigdBLz37o968+uOq/4UHsVRNixUPEpnNTrttdtNsmmSr+/nAJO/NzO6b776ZeW93HjMB9KzR9E8u4mBEfJBEDDfmJxExUE/1RxxfW+/GynIxnZJYXX3t96S+zvWV5WI0vSa1v5F5NCK+fzfiUG59udXFpZlCuVyab+THa7PnxquLS4fPzhamS9OluaMTk5NHjj1z7Oj2xfrnT0sHrnz48pNfHf/7nUcuv/9DEsfjQGNZcxzbZTRGG5/JQPoR3ual7S6sy5JubwBbkh6afWtHeRyM4eirpwCA/7O3ImIVAOgp/dp/AOg52e8A11eWi9nU3V8kdtfVFyNi71r82fXNtSX9jWt2e+vXQYeuJ7ddGUkiYmQbyh+NiM++eeOLdIodug4J0MrbFyPi9Mjo+vN/sm7MQqee2mDZnsb/0TvmO//B7vk27f8826r/l7vZ/4kW/Z/BFsfuVtz1+N+3DYVsIO3/Pd80tu1GU/wNI32N3AP1Pt9AcuZsuZSe2x6MiLEYGEzzE2vrthwGNXbtn2vtym/u//3x0Zufp+Wn/2+tkfu1f/D210wVaoV7jTtz9WLEY/2t4k9u1n/Spv97cpNlvPLce5+2W5bGn8abTevjj8bopJ2xeiniiZb1f6sqkw3HJ47Xd4fxbKdo4eufPxlqV35z/adTWn72XWA3pPU/tHH8I0nzeM1q52X8eGn4u3bL7h5/6/1/T/J6PZ31Iy4UarX5iYg9yavr5x+59dosn62fxj/2eOvjf6P9P/1OeHqT8fdf+e3Lrce/s9L4pzqq/84Tl2/M9LUrf3P1P1lPjTXmbOb8t9kNvJfPDgAAAAAAAAAAAAAAAAAAAAAAAAA2KxcRByLJ5W+mc7l8fu0Z3g/HUK5cqdYOnakszE1F/VnZIzGQy251Odx0P9SJxv3ws/yRO/JPR8RDEfHx4L4ku4/iVJdjBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM/jbP/0/9MtjtrQMAdszebm8AALDrtP8A0Hu0/wDQe7T/ANB7tP8A0Hu0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOywkydOpNPqXyvLxTQ/dX5xYaZy/vBUqTqTn10o5ouV+XP56UplulzKFyuzd3u/cqVybjLmFi6M10rV2nh1cenUbGVhrnbq7GxhunSqNLArUQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ6qLSzOFcrk0L7GFxOr9sRndT/Q1dqc7FyUR0ekbvhBdD6ezRHJ/bMY2J7p8YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4j/g3AAD//5EOHsI=") (async)
inotify_init() (async)
inotify_add_watch(r3, &(0x7f0000000040)='./file0\x00', 0x400017e) (async)
chdir(&(0x7f0000000140)='./file0\x00') (async)
open(&(0x7f0000000100)='.\x00', 0x48880, 0x20) (async)
getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000006c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2, 0x4}}, 0x20) (async)
pwritev2(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0) (async)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000240)={0x3920e, r0, 0x4, 0x0, 0x0, 0x3}) (async)

0s ago: executing program 0 (id=740):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000002c0)={0x0, 0x5, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x7fc, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}}, 0x0)

kernel console output (not intermixed with test programs):


[   53.059003][ T4677]  io_ring_ctx_alloc+0x595/0xcc0
[   53.064024][ T4677]  io_uring_create+0x40/0x6d0
[   53.068744][ T4677]  __se_sys_io_uring_setup+0x1d2/0x1e0
[   53.074324][ T4677]  __x64_sys_io_uring_setup+0x31/0x40
[   53.079744][ T4677]  x64_sys_call+0x270c/0x2dc0
[   53.084452][ T4677]  do_syscall_64+0xc9/0x1c0
[   53.088989][ T4677]  ? clear_bhb_loop+0x55/0xb0
[   53.093692][ T4677]  ? clear_bhb_loop+0x55/0xb0
[   53.098446][ T4677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.104479][ T4677] RIP: 0033:0x7f142b8eff19
[   53.108995][ T4677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   53.128678][ T4677] RSP: 002b:00007f1429f66fe8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[   53.137116][ T4677] RAX: ffffffffffffffda RBX: 00007f142bab5fa0 RCX: 00007f142b8eff19
[   53.145091][ T4677] RDX: 0000000020000140 RSI: 0000000020000080 RDI: 0000000000002ddd
[   53.153146][ T4677] RBP: 0000000020000080 R08: 0000000000000000 R09: 0000000020000140
[   53.161131][ T4677] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[   53.169114][ T4677] R13: 0000000020000240 R14: 0000000000002ddd R15: 0000000020000140
[   53.177128][ T4677]  </TASK>
[   53.182510][   T29] audit: type=1326 audit(1733948926.290:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4675 comm="syz.1.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f142b8eff53 code=0x7ffc0000
[   53.205787][   T29] audit: type=1326 audit(1733948926.290:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4675 comm="syz.1.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f142b8eff53 code=0x7ffc0000
[   53.229073][   T29] audit: type=1326 audit(1733948926.290:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4675 comm="syz.1.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f142b8ee92c code=0x7ffc0000
[   53.252234][   T29] audit: type=1326 audit(1733948926.290:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4675 comm="syz.1.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f142b8ee9cf code=0x7ffc0000
[   53.330978][ T4695] loop1: detected capacity change from 0 to 2048
[   53.412676][ T4703] loop1: detected capacity change from 0 to 1764
[   53.425243][ T4703] ISOFS: unable to read i-node block
[   53.430647][ T4703] isofs_fill_super: get root inode failed
[   53.453598][ T3466] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   53.464656][ T3466] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   53.474497][ T3466] bond0 (unregistering): Released all slaves
[   53.488093][ T4640] chnl_net:caif_netlink_parms(): no params data found
[   53.530311][ T3466] hsr_slave_0: left promiscuous mode
[   53.544748][ T3466] hsr_slave_1: left promiscuous mode
[   53.551091][ T3466] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   53.558563][ T3466] batman_adv: batadv0: Removing interface: batadv_slave_0
[   53.573206][ T3466] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   53.580821][ T3466] batman_adv: batadv0: Removing interface: batadv_slave_1
[   53.590938][ T3466] veth1_macvtap: left promiscuous mode
[   53.596643][ T3466] veth0_macvtap: left promiscuous mode
[   53.602559][ T3466] veth1_vlan: left promiscuous mode
[   53.607820][ T3466] veth0_vlan: left promiscuous mode
[   53.704481][ T4727] loop0: detected capacity change from 0 to 2048
[   53.717057][ T3466] team0 (unregistering): Port device team_slave_1 removed
[   53.729775][ T3466] team0 (unregistering): Port device team_slave_0 removed
[   53.814278][ T4734] loop0: detected capacity change from 0 to 512
[   53.826411][ T4736] loop1: detected capacity change from 0 to 256
[   53.834721][ T4640] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.841929][ T4640] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.849765][ T4640] bridge_slave_0: entered allmulticast mode
[   53.859454][ T4640] bridge_slave_0: entered promiscuous mode
[   53.869946][ T4734] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   53.880419][ T4640] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.887537][ T4640] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.894862][ T4734] EXT4-fs (loop0): orphan cleanup on readonly fs
[   53.899497][ T4640] bridge_slave_1: entered allmulticast mode
[   53.903528][ T4734] EXT4-fs warning (device loop0): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   53.909169][ T4640] bridge_slave_1: entered promiscuous mode
[   53.931501][ T4734] EXT4-fs (loop0): Cannot turn on quotas: error -117
[   53.940276][ T4734] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.383: bg 0: block 40: padding at end of block bitmap is not set
[   53.954903][ T4734] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   53.964919][ T4734] EXT4-fs (loop0): 1 truncate cleaned up
[   53.978873][ T4640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.996425][ T4640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.033051][ T4640] team0: Port device team_slave_0 added
[   54.039830][ T4640] team0: Port device team_slave_1 added
[   54.057156][ T4754] netlink: 'syz.1.386': attribute type 21 has an invalid length.
[   54.065279][ T4640] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.072292][ T4640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.098546][ T4640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.110404][ T4640] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.117378][ T4640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.143535][ T4640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.183155][ T4640] hsr_slave_0: entered promiscuous mode
[   54.196852][ T4640] hsr_slave_1: entered promiscuous mode
[   54.204316][ T4640] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   54.213313][ T4640] Cannot create hsr debugfs directory
[   54.222396][ T4754] lo speed is unknown, defaulting to 1000
[   54.224692][ T3466] IPVS: stop unused estimator thread 0...
[   54.233561][ T4754] lo speed is unknown, defaulting to 1000
[   54.322121][ T4766] netlink: 'syz.4.387': attribute type 21 has an invalid length.
[   54.329927][ T4766] __nla_validate_parse: 4 callbacks suppressed
[   54.329943][ T4766] netlink: 156 bytes leftover after parsing attributes in process `syz.4.387'.
[   54.371440][ T4766] lo speed is unknown, defaulting to 1000
[   54.393060][ T4758] loop1: detected capacity change from 0 to 128
[   54.396516][ T4766] lo speed is unknown, defaulting to 1000
[   54.416336][ T4640] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   54.423433][ T4758] vfat: Unknown parameter ''
[   54.431978][ T4640] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   54.440915][ T4640] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   54.469767][ T4640] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   54.550525][ T4640] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.557619][ T4640] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.565050][ T4640] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.572164][ T4640] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.611145][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.627766][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.743721][ T4640] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.755065][ T4766] loop4: detected capacity change from 0 to 128
[   54.765643][ T4766] vfat: Unknown parameter ''
[   54.785044][ T4793] syz.1.393[4793] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   54.785113][ T4793] syz.1.393[4793] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   54.802641][ T4640] 8021q: adding VLAN 0 to HW filter on device team0
[   54.826595][ T4793] syz.1.393[4793] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   54.836023][ T3466] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.854437][ T3466] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.960180][ T4803] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   54.960563][ T4776] loop4: detected capacity change from 0 to 8192
[   54.991421][ T3466] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.998558][ T3466] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.012342][ T4766] syz.4.387: attempt to access beyond end of device
[   55.012342][ T4766] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192
[   55.079727][ T4766] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[   55.087596][ T4766] FAT-fs (loop4): Filesystem has been set read-only
[   55.152044][ T4766] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[   55.187157][ T4766] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1)
[   55.195236][ T4818] futex_wake_op: syz.1.396 tries to shift op by -1; fix this program
[   55.230233][ T4640] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.614162][ T4855] loop4: detected capacity change from 0 to 1024
[   55.643789][ T4855] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   55.654042][ T4855] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   55.674250][ T4855] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   55.697168][ T4855] EXT4-fs error (device loop4): ext4_get_journal_inode:5809: inode #5: comm syz.4.397: unexpected bad inode w/o EXT4_IGET_BAD
[   55.721236][ T4865] blktrace: Concurrent blktraces are not allowed on sg0
[   55.738702][ T4855] EXT4-fs (loop4): no journal found
[   55.740630][ T4640] veth0_vlan: entered promiscuous mode
[   55.743945][ T4855] EXT4-fs (loop4): can't get journal size
[   55.767833][ T4865] netlink: 20 bytes leftover after parsing attributes in process `syz.0.398'.
[   55.778015][ T4640] veth1_vlan: entered promiscuous mode
[   55.828010][ T4640] veth0_macvtap: entered promiscuous mode
[   55.842721][ T4640] veth1_macvtap: entered promiscuous mode
[   55.866951][ T4640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   55.877451][ T4640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.887432][ T4640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   55.897915][ T4640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.907769][ T4640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   55.918317][ T4640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.928321][ T4640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   55.938844][ T4640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.966656][ T4640] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.978080][ T4640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   55.988700][ T4640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   55.998848][ T4640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   56.009480][ T4640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.019494][ T4640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   56.030043][ T4640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.039917][ T4640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   56.050397][ T4640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.081484][ T4640] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.089050][ T4874] netlink: 'syz.3.399': attribute type 21 has an invalid length.
[   56.096813][ T4874] netlink: 156 bytes leftover after parsing attributes in process `syz.3.399'.
[   56.114997][ T4878] netlink: 12 bytes leftover after parsing attributes in process `syz.1.400'.
[   56.124035][ T4878] netlink: 12 bytes leftover after parsing attributes in process `syz.1.400'.
[   56.149166][ T4640] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.157913][ T4640] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.166727][ T4640] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.175540][ T4640] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.209444][ T4884] lo speed is unknown, defaulting to 1000
[   56.227804][ T4884] lo speed is unknown, defaulting to 1000
[   56.353411][ T4898] loop5: detected capacity change from 0 to 256
[   56.356379][ T4896] loop1: detected capacity change from 0 to 128
[   56.367857][ T4901] loop4: detected capacity change from 0 to 2048
[   56.376369][ T4898] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   56.382328][ T4896] ext4: Unknown parameter 'nouser_xattr'
[   56.567251][ T4922] loop0: detected capacity change from 0 to 2048
[   56.577167][ T4874] loop3: detected capacity change from 0 to 128
[   56.608965][ T4874] vfat: Unknown parameter ''
[   56.691319][ T4924] 9pnet: Could not find request transport: r
[   56.716292][ T4929] 9pnet: Could not find request transport: r
[   56.841104][ T4942] loop0: detected capacity change from 0 to 1024
[   56.851462][ T4928] netlink: 96 bytes leftover after parsing attributes in process `syz.4.408'.
[   56.868924][ T4942] ext4: Unknown parameter 'noacl'
[   56.915526][ T4942] loop0: detected capacity change from 0 to 1024
[   56.991375][ T4948] 9pnet_fd: Insufficient options for proto=fd
[   57.030710][ T4952] loop5: detected capacity change from 0 to 1024
[   57.042724][ T4953] FAULT_INJECTION: forcing a failure.
[   57.042724][ T4953] name failslab, interval 1, probability 0, space 0, times 0
[   57.055461][ T4953] CPU: 0 UID: 0 PID: 4953 Comm: syz.4.417 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   57.066103][ T4953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   57.076165][ T4953] Call Trace:
[   57.079571][ T4953]  <TASK>
[   57.082503][ T4953]  dump_stack_lvl+0xf2/0x150
[   57.087195][ T4953]  dump_stack+0x15/0x1a
[   57.091408][ T4953]  should_fail_ex+0x223/0x230
[   57.096097][ T4953]  should_failslab+0x8f/0xb0
[   57.100706][ T4953]  kmem_cache_alloc_noprof+0x52/0x320
[   57.106158][ T4953]  ? skb_clone+0x154/0x1f0
[   57.110641][ T4953]  skb_clone+0x154/0x1f0
[   57.114961][ T4953]  nfnetlink_rcv+0x2de/0x15d0
[   57.119734][ T4953]  ? kmem_cache_free+0xdc/0x2d0
[   57.124656][ T4953]  ? nlmon_xmit+0x51/0x60
[   57.128995][ T4953]  ? __kfree_skb+0x102/0x150
[   57.133595][ T4953]  ? consume_skb+0x49/0x160
[   57.138132][ T4953]  ? nlmon_xmit+0x51/0x60
[   57.142559][ T4953]  ? dev_hard_start_xmit+0x3c1/0x3f0
[   57.147853][ T4953]  ? __dev_queue_xmit+0xb6e/0x2090
[   57.152975][ T4953]  ? ref_tracker_free+0x3a5/0x410
[   57.158053][ T4953]  ? __dev_queue_xmit+0x186/0x2090
[   57.163477][ T4953]  netlink_unicast+0x599/0x670
[   57.168265][ T4953]  netlink_sendmsg+0x5cc/0x6e0
[   57.173164][ T4953]  ? __pfx_netlink_sendmsg+0x10/0x10
[   57.178462][ T4953]  __sock_sendmsg+0x140/0x180
[   57.183190][ T4953]  ____sys_sendmsg+0x312/0x410
[   57.187966][ T4953]  __sys_sendmsg+0x19d/0x230
[   57.192852][ T4953]  __x64_sys_sendmsg+0x46/0x50
[   57.197636][ T4953]  x64_sys_call+0x2734/0x2dc0
[   57.202373][ T4953]  do_syscall_64+0xc9/0x1c0
[   57.206916][ T4953]  ? clear_bhb_loop+0x55/0xb0
[   57.211668][ T4953]  ? clear_bhb_loop+0x55/0xb0
[   57.216432][ T4953]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.222477][ T4953] RIP: 0033:0x7f663e2bff19
[   57.226897][ T4953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.246545][ T4953] RSP: 002b:00007f663c916058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   57.254964][ T4953] RAX: ffffffffffffffda RBX: 00007f663e486080 RCX: 00007f663e2bff19
[   57.262945][ T4953] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005
[   57.270994][ T4953] RBP: 00007f663c9160a0 R08: 0000000000000000 R09: 0000000000000000
[   57.278978][ T4953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.286960][ T4953] R13: 0000000000000000 R14: 00007f663e486080 R15: 00007ffe93566928
[   57.294944][ T4953]  </TASK>
[   57.299940][ T4952] EXT4-fs: Ignoring removed nomblk_io_submit option
[   57.324875][ T4955] loop3: detected capacity change from 0 to 512
[   57.345271][ T4958] FAULT_INJECTION: forcing a failure.
[   57.345271][ T4958] name failslab, interval 1, probability 0, space 0, times 0
[   57.349036][ T4955] EXT4-fs: inline encryption not supported
[   57.357952][ T4958] CPU: 0 UID: 0 PID: 4958 Comm: syz.0.420 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   57.374359][ T4958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   57.384443][ T4958] Call Trace:
[   57.387744][ T4958]  <TASK>
[   57.390718][ T4958]  dump_stack_lvl+0xf2/0x150
[   57.395424][ T4958]  dump_stack+0x15/0x1a
[   57.399634][ T4958]  should_fail_ex+0x223/0x230
[   57.404347][ T4958]  ? nfs_alloc_fhandle+0x2c/0x60
[   57.409334][ T4958]  should_failslab+0x8f/0xb0
[   57.414096][ T4958]  __kmalloc_cache_noprof+0x4e/0x320
[   57.419451][ T4958]  ? __kmalloc_cache_noprof+0x186/0x320
[   57.425091][ T4958]  nfs_alloc_fhandle+0x2c/0x60
[   57.429876][ T4958]  nfs_init_fs_context+0x4a/0x660
[   57.434996][ T4958]  ? __pfx_nfs_init_fs_context+0x10/0x10
[   57.440750][ T4958]  alloc_fs_context+0x3fb/0x4e0
[   57.445631][ T4958]  fs_context_for_mount+0x21/0x30
[   57.450724][ T4958]  do_new_mount+0xf3/0x690
[   57.455294][ T4958]  path_mount+0x49b/0xb30
[   57.459646][ T4958]  __se_sys_mount+0x27c/0x2d0
[   57.464527][ T4958]  __x64_sys_mount+0x67/0x80
[   57.469139][ T4958]  x64_sys_call+0x2c84/0x2dc0
[   57.473925][ T4958]  do_syscall_64+0xc9/0x1c0
[   57.478436][ T4958]  ? clear_bhb_loop+0x55/0xb0
[   57.483123][ T4958]  ? clear_bhb_loop+0x55/0xb0
[   57.487920][ T4958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.493838][ T4958] RIP: 0033:0x7fb7c754ff19
[   57.498258][ T4958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.518029][ T4958] RSP: 002b:00007fb7c5bc7058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   57.526452][ T4958] RAX: ffffffffffffffda RBX: 00007fb7c7715fa0 RCX: 00007fb7c754ff19
[   57.534457][ T4958] RDX: 00000000200000c0 RSI: 0000000020000240 RDI: 0000000000000000
[   57.542442][ T4958] RBP: 00007fb7c5bc70a0 R08: 0000000020000000 R09: 0000000000000000
[   57.550421][ T4958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.558557][ T4958] R13: 0000000000000000 R14: 00007fb7c7715fa0 R15: 00007ffce8939228
[   57.566809][ T4958]  </TASK>
[   57.598322][ T4967] loop4: detected capacity change from 0 to 2048
[   57.633043][ T4974] netlink: 'syz.0.423': attribute type 21 has an invalid length.
[   57.633079][ T4974] netlink: 156 bytes leftover after parsing attributes in process `syz.0.423'.
[   57.642303][ T4955] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   57.659496][   T29] kauditd_printk_skb: 198 callbacks suppressed
[   57.659514][   T29] audit: type=1326 audit(1733948930.760:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4954 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc8d006e880 code=0x7ffc0000
[   57.665857][ T4974] lo speed is unknown, defaulting to 1000
[   57.670965][   T29] audit: type=1326 audit(1733948930.760:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4954 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc8d006fb1b code=0x7ffc0000
[   57.677551][ T4974] lo speed is unknown, defaulting to 1000
[   57.700019][   T29] audit: type=1326 audit(1733948930.760:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4954 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc8d006eb7a code=0x7ffc0000
[   57.700058][   T29] audit: type=1326 audit(1733948930.760:1444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4954 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8d006ff19 code=0x7ffc0000
[   57.780091][   T29] audit: type=1326 audit(1733948930.760:1445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4954 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8d006ff19 code=0x7ffc0000
[   57.804996][   T29] audit: type=1326 audit(1733948930.920:1446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4954 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc8d006ff19 code=0x7ffc0000
[   57.915234][ T4988] netlink: 'syz.5.426': attribute type 8 has an invalid length.
[   57.951934][ T4991] loop4: detected capacity change from 0 to 1024
[   57.988628][ T4991] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   57.998688][ T4991] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   58.002435][ T4994] netlink: 24 bytes leftover after parsing attributes in process `syz.5.427'.
[   58.017408][ T4991] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   58.057328][   T29] audit: type=1400 audit(1733948931.160:1447): avc:  denied  { sys_chroot } for  pid=4996 comm="dhcpcd" capability=18  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[   58.078664][   T29] audit: type=1400 audit(1733948931.160:1448): avc:  denied  { setgid } for  pid=4996 comm="dhcpcd" capability=6  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[   58.099678][   T29] audit: type=1400 audit(1733948931.160:1449): avc:  denied  { setuid } for  pid=4996 comm="dhcpcd" capability=7  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[   58.109457][ T4974] loop0: detected capacity change from 0 to 128
[   58.120519][   T29] audit: type=1400 audit(1733948931.160:1450): avc:  denied  { setrlimit } for  pid=4996 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1
[   58.156215][ T4974] vfat: Unknown parameter ''
[   58.168546][ T4991] EXT4-fs error (device loop4): ext4_get_journal_inode:5809: inode #5: comm syz.4.425: unexpected bad inode w/o EXT4_IGET_BAD
[   58.184006][ T4991] EXT4-fs (loop4): no journal found
[   58.189453][ T4991] EXT4-fs (loop4): can't get journal size
[   58.359036][ T5016] netlink: 'syz.1.432': attribute type 1 has an invalid length.
[   58.445179][ T5023] loop4: detected capacity change from 0 to 1764
[   58.465675][ T5023] ISOFS: unable to read i-node block
[   58.466434][ T5031] loop1: detected capacity change from 0 to 1024
[   58.471038][ T5023] isofs_fill_super: get root inode failed
[   58.484661][ T5031] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   58.494609][ T5031] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   58.498820][ T5026] wireguard0: entered promiscuous mode
[   58.509744][ T5026] wireguard0: entered allmulticast mode
[   58.517334][ T5023] netlink: 'syz.4.435': attribute type 21 has an invalid length.
[   58.526173][ T5023] netlink: 132 bytes leftover after parsing attributes in process `syz.4.435'.
[   58.526467][ T5031] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   58.563975][ T5037] FAULT_INJECTION: forcing a failure.
[   58.563975][ T5037] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   58.568015][ T5031] EXT4-fs error (device loop1): ext4_get_journal_inode:5809: inode #5: comm syz.1.439: unexpected bad inode w/o EXT4_IGET_BAD
[   58.577095][ T5037] CPU: 1 UID: 0 PID: 5037 Comm: syz.4.440 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   58.591939][ T5031] EXT4-fs (loop1): no journal found
[   58.600697][ T5037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   58.600716][ T5037] Call Trace:
[   58.600723][ T5037]  <TASK>
[   58.600732][ T5037]  dump_stack_lvl+0xf2/0x150
[   58.600778][ T5037]  dump_stack+0x15/0x1a
[   58.605972][ T5031] EXT4-fs (loop1): can't get journal size
[   58.616018][ T5037]  should_fail_ex+0x223/0x230
[   58.616057][ T5037]  should_fail+0xb/0x10
[   58.616083][ T5037]  should_fail_usercopy+0x1a/0x20
[   58.651042][ T5037]  strncpy_from_user+0x25/0x210
[   58.655955][ T5037]  ? kmem_cache_alloc_noprof+0x18e/0x320
[   58.661604][ T5037]  ? getname_flags+0x81/0x3b0
[   58.666431][ T5037]  getname_flags+0xb0/0x3b0
[   58.670946][ T5037]  user_path_at+0x26/0x120
[   58.675519][ T5037]  __se_sys_mount+0x248/0x2d0
[   58.680260][ T5037]  __x64_sys_mount+0x67/0x80
[   58.684910][ T5037]  x64_sys_call+0x2c84/0x2dc0
[   58.689623][ T5037]  do_syscall_64+0xc9/0x1c0
[   58.694135][ T5037]  ? clear_bhb_loop+0x55/0xb0
[   58.698828][ T5037]  ? clear_bhb_loop+0x55/0xb0
[   58.703573][ T5037]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.709520][ T5037] RIP: 0033:0x7f663e2bff19
[   58.713944][ T5037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.733571][ T5037] RSP: 002b:00007f663c937058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   58.741998][ T5037] RAX: ffffffffffffffda RBX: 00007f663e485fa0 RCX: 00007f663e2bff19
[   58.749978][ T5037] RDX: 00000000200000c0 RSI: 0000000020000240 RDI: 0000000000000000
[   58.757958][ T5037] RBP: 00007f663c9370a0 R08: 0000000020000000 R09: 0000000000000000
[   58.765935][ T5037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.773915][ T5037] R13: 0000000000000000 R14: 00007f663e485fa0 R15: 00007ffe93566928
[   58.782063][ T5037]  </TASK>
[   58.836870][ T5043] loop3: detected capacity change from 0 to 1764
[   58.842906][ T5041] loop4: detected capacity change from 0 to 1764
[   58.850082][ T5043] ISOFS: unable to read i-node block
[   58.855546][ T5043] isofs_fill_super: get root inode failed
[   58.863187][ T5043] netlink: 'syz.3.441': attribute type 21 has an invalid length.
[   58.871099][ T5041] ISOFS: unable to read i-node block
[   58.871041][ T5043] netlink: 132 bytes leftover after parsing attributes in process `syz.3.441'.
[   58.876435][ T5041] isofs_fill_super: get root inode failed
[   58.912173][ T5041] netlink: 'syz.4.442': attribute type 21 has an invalid length.
[   59.002679][ T5053] loop4: detected capacity change from 0 to 1024
[   59.013356][ T5053] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   59.016713][ T5047] hub 6-0:1.0: USB hub found
[   59.023219][ T5053] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   59.039791][ T5053] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   59.054089][ T5047] hub 6-0:1.0: 8 ports detected
[   59.056522][ T5053] EXT4-fs error (device loop4): ext4_get_journal_inode:5809: inode #5: comm syz.4.446: unexpected bad inode w/o EXT4_IGET_BAD
[   59.073556][ T5053] EXT4-fs (loop4): no journal found
[   59.078823][ T5053] EXT4-fs (loop4): can't get journal size
[   59.099746][ T5063] netlink: 'syz.3.448': attribute type 1 has an invalid length.
[   59.143317][ T5065] netlink: 'syz.1.447': attribute type 21 has an invalid length.
[   59.166256][ T5065] lo speed is unknown, defaulting to 1000
[   59.174714][ T5065] lo speed is unknown, defaulting to 1000
[   59.281677][ T5074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.309720][ T5072] loop1: detected capacity change from 0 to 128
[   59.316373][ T5072] vfat: Unknown parameter ''
[   59.321473][ T5074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.386092][ T5065] loop1: detected capacity change from 0 to 8192
[   59.412608][ T5086] FAULT_INJECTION: forcing a failure.
[   59.412608][ T5086] name failslab, interval 1, probability 0, space 0, times 0
[   59.425362][ T5086] CPU: 0 UID: 0 PID: 5086 Comm: syz.3.456 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   59.427451][ T5065] syz.1.447: attempt to access beyond end of device
[   59.427451][ T5065] loop1: rw=0, sector=57847, nr_sectors = 1 limit=8192
[   59.435964][ T5086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   59.435980][ T5086] Call Trace:
[   59.435989][ T5086]  <TASK>
[   59.435998][ T5086]  dump_stack_lvl+0xf2/0x150
[   59.449676][ T5065] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000e1b1)
[   59.459382][ T5086]  dump_stack+0x15/0x1a
[   59.462689][ T5065] FAT-fs (loop1): Filesystem has been set read-only
[   59.465616][ T5086]  should_fail_ex+0x223/0x230
[   59.475537][ T5065] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000e1b1)
[   59.478018][ T5086]  should_failslab+0x8f/0xb0
[   59.482354][ T5065] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000e1b1)
[   59.488831][ T5086]  kmem_cache_alloc_node_noprof+0x59/0x320
[   59.488865][ T5086]  ? __alloc_skb+0x10b/0x310
[   59.488941][ T5086]  __alloc_skb+0x10b/0x310
[   59.488961][ T5086]  ? audit_log_start+0x34c/0x6b0
[   59.533731][ T5086]  audit_log_start+0x368/0x6b0
[   59.538525][ T5086]  audit_seccomp+0x4b/0x130
[   59.543037][ T5086]  __seccomp_filter+0x6fa/0x1180
[   59.548051][ T5086]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   59.553711][ T5086]  ? vfs_write+0x596/0x920
[   59.558309][ T5086]  ? __schedule+0x6fa/0x930
[   59.562893][ T5086]  __secure_computing+0x9f/0x1c0
[   59.567869][ T5086]  syscall_trace_enter+0xd1/0x1f0
[   59.573002][ T5086]  do_syscall_64+0xaa/0x1c0
[   59.577600][ T5086]  ? clear_bhb_loop+0x55/0xb0
[   59.582338][ T5086]  ? clear_bhb_loop+0x55/0xb0
[   59.587020][ T5086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.592937][ T5086] RIP: 0033:0x7fc8d006ff19
[   59.597354][ T5086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.617083][ T5086] RSP: 002b:00007fc8ce6e1058 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[   59.625600][ T5086] RAX: ffffffffffffffda RBX: 00007fc8d0235fa0 RCX: 00007fc8d006ff19
[   59.633637][ T5086] RDX: 000000000000006e RSI: 0000000020003000 RDI: 0000000000000004
[   59.641619][ T5086] RBP: 00007fc8ce6e10a0 R08: 0000000000000000 R09: 0000000000000000
[   59.649608][ T5086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   59.657623][ T5086] R13: 0000000000000000 R14: 00007fc8d0235fa0 R15: 00007fffc0451718
[   59.665607][ T5086]  </TASK>
[   59.738070][ T5082] vhci_hcd: invalid port number 13
[   59.743287][ T5082] vhci_hcd: default hub control req: 0014 v0000 i000d l0
[   59.755902][ T5080] loop4: detected capacity change from 0 to 1024
[   59.777923][ T5080] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   59.787859][ T5080] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   59.798392][ T5080] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   59.812797][ T5097] wireguard0: entered promiscuous mode
[   59.813748][ T5080] EXT4-fs error (device loop4): ext4_get_journal_inode:5809: inode #5: comm syz.4.450: unexpected bad inode w/o EXT4_IGET_BAD
[   59.818302][ T5097] wireguard0: entered allmulticast mode
[   59.832604][ T5080] EXT4-fs (loop4): no journal found
[   59.842965][ T5080] EXT4-fs (loop4): can't get journal size
[   59.875137][ T5105] netlink: 'syz.3.460': attribute type 1 has an invalid length.
[   59.964662][ T5112] capability: warning: `syz.0.463' uses 32-bit capabilities (legacy support in use)
[   59.976342][ T5110] loop3: detected capacity change from 0 to 128
[   59.986822][ T5112] loop0: detected capacity change from 0 to 2048
[   59.992910][ T5110] ext4 filesystem being mounted at /72/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   60.036236][ T5110] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[   60.042867][ T5110] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   60.050439][ T5110] vhci_hcd vhci_hcd.0: Device attached
[   60.080870][ T5118] lo speed is unknown, defaulting to 1000
[   60.086938][ T5118] lo speed is unknown, defaulting to 1000
[   60.110023][ T5122] loop5: detected capacity change from 0 to 512
[   60.122760][ T5122] EXT4-fs warning (device loop5): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   60.134414][ T5122] EXT4-fs warning (device loop5): dx_probe:881: Enable large directory feature to access it
[   60.144731][ T5122] EXT4-fs warning (device loop5): dx_probe:966: inode #2: comm syz.5.465: Corrupt directory, running e2fsck is recommended
[   60.149606][ T5124] EXT4-fs error (device loop3): ext4_validate_block_bitmap:423: comm syz.3.462: bg 0: bad block bitmap checksum
[   60.159994][ T5122] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117
[   60.211770][ T5122] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2240: inode #15: comm syz.5.465: corrupted in-inode xattr: invalid ea_ino
[   60.226915][ T5129] FAULT_INJECTION: forcing a failure.
[   60.226915][ T5129] name failslab, interval 1, probability 0, space 0, times 0
[   60.239879][ T5129] CPU: 0 UID: 0 PID: 5129 Comm: syz.0.467 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   60.250563][ T5129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   60.260638][ T5129] Call Trace:
[   60.263929][ T5129]  <TASK>
[   60.266876][ T5129]  dump_stack_lvl+0xf2/0x150
[   60.271499][ T5129]  dump_stack+0x15/0x1a
[   60.275676][ T5129]  should_fail_ex+0x223/0x230
[   60.280367][ T5129]  should_failslab+0x8f/0xb0
[   60.285021][ T5129]  __kmalloc_noprof+0xab/0x3f0
[   60.289795][ T5129]  ? genl_family_rcv_msg_attrs_parse+0x75/0x1a0
[   60.296132][ T5129]  genl_family_rcv_msg_attrs_parse+0x75/0x1a0
[   60.302219][ T5129]  ? ns_capable+0x7d/0xb0
[   60.306574][ T5129]  genl_rcv_msg+0x470/0x6c0
[   60.311119][ T5129]  ? __pfx_fou_nl_add_doit+0x10/0x10
[   60.316486][ T5129]  ? __dev_queue_xmit+0xb6e/0x2090
[   60.321663][ T5129]  ? ref_tracker_free+0x3a5/0x410
[   60.326700][ T5129]  ? __dev_queue_xmit+0x186/0x2090
[   60.331884][ T5129]  netlink_rcv_skb+0x12c/0x230
[   60.336657][ T5129]  ? __pfx_genl_rcv_msg+0x10/0x10
[   60.341708][ T5129]  genl_rcv+0x28/0x40
[   60.345738][ T5129]  netlink_unicast+0x599/0x670
[   60.350580][ T5129]  netlink_sendmsg+0x5cc/0x6e0
[   60.355364][ T5129]  ? __pfx_netlink_sendmsg+0x10/0x10
[   60.360790][ T5129]  __sock_sendmsg+0x140/0x180
[   60.365542][ T5129]  ____sys_sendmsg+0x312/0x410
[   60.370324][ T5129]  __sys_sendmsg+0x19d/0x230
[   60.374989][ T5129]  __x64_sys_sendmsg+0x46/0x50
[   60.379770][ T5129]  x64_sys_call+0x2734/0x2dc0
[   60.384456][ T5129]  do_syscall_64+0xc9/0x1c0
[   60.389017][ T5129]  ? clear_bhb_loop+0x55/0xb0
[   60.393727][ T5129]  ? clear_bhb_loop+0x55/0xb0
[   60.398474][ T5129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.404395][ T5129] RIP: 0033:0x7fb7c754ff19
[   60.408863][ T5129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.428486][ T5129] RSP: 002b:00007fb7c5bc7058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   60.436968][ T5129] RAX: ffffffffffffffda RBX: 00007fb7c7715fa0 RCX: 00007fb7c754ff19
[   60.444977][ T5129] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[   60.452954][ T5129] RBP: 00007fb7c5bc70a0 R08: 0000000000000000 R09: 0000000000000000
[   60.460934][ T5129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   60.468930][ T5129] R13: 0000000000000000 R14: 00007fb7c7715fa0 R15: 00007ffce8939228
[   60.477075][ T5129]  </TASK>
[   60.480896][    C0] Dead loop on virtual device ipvlan1, fix it urgently!
[   60.486203][ T5122] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.465: couldn't read orphan inode 15 (err -117)
[   60.488721][ T3377] vhci_hcd: vhci_device speed not set
[   60.527003][ T5134] __nla_validate_parse: 2 callbacks suppressed
[   60.527018][ T5134] netlink: 16 bytes leftover after parsing attributes in process `syz.0.468'.
[   60.558758][ T3377] usb 7-1: new full-speed USB device number 3 using vhci_hcd
[   60.636337][ T5134] loop0: detected capacity change from 0 to 1024
[   60.655374][ T5134] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   60.665797][ T5134] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal
[   60.685840][ T5134] loop0: detected capacity change from 0 to 1764
[   60.712056][ T5150] loop1: detected capacity change from 0 to 2048
[   60.756643][ T5156] FAULT_INJECTION: forcing a failure.
[   60.756643][ T5156] name failslab, interval 1, probability 0, space 0, times 0
[   60.769408][ T5156] CPU: 0 UID: 0 PID: 5156 Comm: syz.5.475 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   60.780054][ T5156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   60.790128][ T5156] Call Trace:
[   60.793487][ T5156]  <TASK>
[   60.796472][ T5156]  dump_stack_lvl+0xf2/0x150
[   60.801099][ T5156]  dump_stack+0x15/0x1a
[   60.805338][ T5156]  should_fail_ex+0x223/0x230
[   60.810033][ T5156]  should_failslab+0x8f/0xb0
[   60.814738][ T5156]  __kmalloc_noprof+0xab/0x3f0
[   60.819518][ T5156]  ? security_sb_alloc+0x47/0x110
[   60.824736][ T5156]  security_sb_alloc+0x47/0x110
[   60.829645][ T5156]  alloc_super+0x108/0x5a0
[   60.834107][ T5156]  ? __pfx_set_anon_super_fc+0x10/0x10
[   60.839692][ T5156]  sget_fc+0x259/0x670
[   60.843774][ T5156]  ? __pfx_set_anon_super_fc+0x10/0x10
[   60.849312][ T5156]  ? __pfx_mqueue_fill_super+0x10/0x10
[   60.854851][ T5156]  get_tree_nodev+0x28/0xf0
[   60.859474][ T5156]  mqueue_get_tree+0x6b/0x90
[   60.864097][ T5156]  vfs_get_tree+0x56/0x1e0
[   60.868591][ T5156]  fc_mount+0x16/0x70
[   60.872679][ T5156]  mq_init_ns+0x253/0x300
[   60.877101][ T5156]  copy_ipcs+0x218/0x3b0
[   60.881365][ T5156]  create_new_namespaces+0x135/0x430
[   60.886888][ T5156]  ? security_capable+0x81/0x90
[   60.891782][ T5156]  unshare_nsproxy_namespaces+0xe6/0x120
[   60.897470][ T5156]  ksys_unshare+0x3c9/0x6e0
[   60.902001][ T5156]  __x64_sys_unshare+0x1f/0x30
[   60.906800][ T5156]  x64_sys_call+0x1a3e/0x2dc0
[   60.911577][ T5156]  do_syscall_64+0xc9/0x1c0
[   60.916158][ T5156]  ? clear_bhb_loop+0x55/0xb0
[   60.920896][ T5156]  ? clear_bhb_loop+0x55/0xb0
[   60.925583][ T5156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.931503][ T5156] RIP: 0033:0x7f0fe859ff19
[   60.935923][ T5156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.955617][ T5156] RSP: 002b:00007f0fe6c11058 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[   60.964049][ T5156] RAX: ffffffffffffffda RBX: 00007f0fe8765fa0 RCX: 00007f0fe859ff19
[   60.972085][ T5156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000068040200
[   60.980115][ T5156] RBP: 00007f0fe6c110a0 R08: 0000000000000000 R09: 0000000000000000
[   60.988277][ T5156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   60.996253][ T5156] R13: 0000000000000000 R14: 00007f0fe8765fa0 R15: 00007ffefa2a0318
[   61.004236][ T5156]  </TASK>
[   61.035595][ T5158] loop0: detected capacity change from 0 to 128
[   61.058028][ T5154] loop4: detected capacity change from 0 to 1764
[   61.081151][ T5154] ISOFS: unable to read i-node block
[   61.086478][ T5154] isofs_fill_super: get root inode failed
[   61.092238][ T5160] netlink: 'syz.5.478': attribute type 8 has an invalid length.
[   61.104253][ T5162] netlink: 148 bytes leftover after parsing attributes in process `syz.1.479'.
[   61.114501][ T5119] vhci_hcd: connection closed
[   61.115451][   T11] vhci_hcd: stop threads
[   61.123295][ T5162] loop1: detected capacity change from 0 to 512
[   61.126221][   T11] vhci_hcd: release socket
[   61.136437][   T11] vhci_hcd: disconnect device
[   61.147731][ T5162] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   61.171486][ T5162] loop1: detected capacity change from 0 to 256
[   61.182138][ T5166] wireguard0: entered promiscuous mode
[   61.187637][ T5166] wireguard0: entered allmulticast mode
[   61.218949][ T5169] loop0: detected capacity change from 0 to 1024
[   61.221105][ T5162] FAT-fs (loop1): Directory bread(block 64) failed
[   61.257865][ T5162] FAT-fs (loop1): Directory bread(block 65) failed
[   61.264518][ T5162] FAT-fs (loop1): Directory bread(block 66) failed
[   61.271199][ T5162] FAT-fs (loop1): Directory bread(block 67) failed
[   61.277980][ T5162] FAT-fs (loop1): Directory bread(block 68) failed
[   61.285053][ T5162] FAT-fs (loop1): Directory bread(block 69) failed
[   61.291708][ T5162] FAT-fs (loop1): Directory bread(block 70) failed
[   61.298244][ T5162] FAT-fs (loop1): Directory bread(block 71) failed
[   61.304825][ T5162] FAT-fs (loop1): Directory bread(block 72) failed
[   61.311399][ T5162] FAT-fs (loop1): Directory bread(block 73) failed
[   61.368375][ T5180] netlink: 'syz.4.486': attribute type 8 has an invalid length.
[   61.371123][ T5176] loop0: detected capacity change from 0 to 512
[   61.417929][ T5176] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   61.429588][ T5176] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it
[   61.440216][ T5176] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.484: Corrupt directory, running e2fsck is recommended
[   61.453387][ T5176] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[   61.455474][ T5187] netlink: 28 bytes leftover after parsing attributes in process `syz.1.489'.
[   61.474537][ T5176] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.484: corrupted in-inode xattr: invalid ea_ino
[   61.488285][ T5176] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.484: couldn't read orphan inode 15 (err -117)
[   61.613034][ T5203] loop1: detected capacity change from 0 to 1024
[   61.620171][ T5203] EXT4-fs: Ignoring removed mblk_io_submit option
[   61.671290][ T5203] FAULT_INJECTION: forcing a failure.
[   61.671290][ T5203] name failslab, interval 1, probability 0, space 0, times 0
[   61.684140][ T5203] CPU: 0 UID: 0 PID: 5203 Comm: syz.1.494 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   61.694833][ T5203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   61.704940][ T5203] Call Trace:
[   61.708231][ T5203]  <TASK>
[   61.711182][ T5203]  dump_stack_lvl+0xf2/0x150
[   61.715802][ T5203]  dump_stack+0x15/0x1a
[   61.720020][ T5203]  should_fail_ex+0x223/0x230
[   61.724773][ T5203]  should_failslab+0x8f/0xb0
[   61.729438][ T5203]  __kmalloc_noprof+0xab/0x3f0
[   61.734217][ T5203]  ? ext4_find_extent+0x172/0x7c0
[   61.739296][ T5203]  ext4_find_extent+0x172/0x7c0
[   61.744163][ T5203]  ext4_ext_map_blocks+0x11f/0x35c0
[   61.749377][ T5203]  ? probe_sched_wakeup+0x81/0xa0
[   61.754425][ T5203]  ? ttwu_do_activate+0x206/0x240
[   61.759527][ T5203]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[   61.765386][ T5203]  ? try_to_wake_up+0x35e/0x570
[   61.770317][ T5203]  ? ___slab_alloc+0x2b7/0x980
[   61.775123][ T5203]  ? down_read+0x171/0x4b0
[   61.779627][ T5203]  ext4_map_query_blocks+0x71/0x180
[   61.784856][ T5203]  ext4_map_blocks+0x23c/0xd20
[   61.789672][ T5203]  ? get_partial_node+0x2ca/0x310
[   61.794729][ T5203]  ? xas_load+0x3ae/0x3d0
[   61.799224][ T5203]  ? xa_load+0xb9/0xe0
[   61.803320][ T5203]  ext4_getblk+0x11f/0x530
[   61.807766][ T5203]  ext4_bread_batch+0x5b/0x360
[   61.812610][ T5203]  __ext4_find_entry+0xa1d/0x1090
[   61.817658][ T5203]  ? d_alloc_parallel+0xbf0/0xc60
[   61.822734][ T5203]  ext4_lookup+0xba/0x390
[   61.827090][ T5203]  __lookup_slow+0x184/0x250
[   61.831698][ T5203]  lookup_slow+0x3c/0x60
[   61.835965][ T5203]  walk_component+0x1f5/0x230
[   61.840653][ T5203]  ? path_lookupat+0xfd/0x2b0
[   61.845392][ T5203]  path_lookupat+0x10a/0x2b0
[   61.850079][ T5203]  filename_lookup+0x150/0x340
[   61.854994][ T5203]  filename_setxattr+0x59/0x2a0
[   61.859873][ T5203]  path_setxattrat+0x284/0x310
[   61.864682][ T5203]  __x64_sys_lsetxattr+0x71/0x90
[   61.869646][ T5203]  x64_sys_call+0x29c8/0x2dc0
[   61.874413][ T5203]  do_syscall_64+0xc9/0x1c0
[   61.878927][ T5203]  ? clear_bhb_loop+0x55/0xb0
[   61.883722][ T5203]  ? clear_bhb_loop+0x55/0xb0
[   61.888416][ T5203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.894363][ T5203] RIP: 0033:0x7f142b8eff19
[   61.898783][ T5203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.918553][ T5203] RSP: 002b:00007f1429f67058 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[   61.926992][ T5203] RAX: ffffffffffffffda RBX: 00007f142bab5fa0 RCX: 00007f142b8eff19
[   61.934985][ T5203] RDX: 0000000020000500 RSI: 00000000200003c0 RDI: 0000000020000000
[   61.942971][ T5203] RBP: 00007f1429f670a0 R08: 0000000000000000 R09: 0000000000000000
[   61.950990][ T5203] R10: 0000000000000024 R11: 0000000000000246 R12: 0000000000000001
[   61.959022][ T5203] R13: 0000000000000000 R14: 00007f142bab5fa0 R15: 00007ffc7d10e008
[   61.967060][ T5203]  </TASK>
[   62.013535][ T5214] loop4: detected capacity change from 0 to 1024
[   62.022377][ T5214] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   62.032191][ T5214] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   62.043483][ T5214] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   62.054593][ T5214] EXT4-fs error (device loop4): ext4_get_journal_inode:5809: inode #5: comm syz.4.498: unexpected bad inode w/o EXT4_IGET_BAD
[   62.073394][ T5222] netlink: 8 bytes leftover after parsing attributes in process `syz.1.499'.
[   62.092068][ T5214] EXT4-fs (loop4): no journal found
[   62.097320][ T5214] EXT4-fs (loop4): can't get journal size
[   62.120921][ T5225] loop5: detected capacity change from 0 to 512
[   62.180469][ T5236] loop4: detected capacity change from 0 to 128
[   62.200574][ T5236] ext4 filesystem being mounted at /117/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   62.255009][ T5243] loop1: detected capacity change from 0 to 128
[   62.258023][ T5244] loop3: detected capacity change from 0 to 2048
[   62.275476][ T5246] futex_wake_op: syz.5.508 tries to shift op by -1; fix this program
[   62.300924][ T5244]  loop3: p1 p2 p3 < > p4 < p5 p6 >
[   62.306193][ T5244] loop3: partition table partially beyond EOD, truncated
[   62.316934][ T5244] loop3: p1 size 33024 extends beyond EOD, truncated
[   62.322631][ T5249] loop5: detected capacity change from 0 to 1024
[   62.325497][ T5244] loop3: p2 start 16908804 is beyond EOD, truncated
[   62.336803][ T5244] loop3: p3 start 4284289 is beyond EOD, truncated
[   62.345697][ T5244] loop3: p5 size 33024 extends beyond EOD, truncated
[   62.353263][ T5244] loop3: p6 start 16908804 is beyond EOD, truncated
[   62.380170][ T5252] wireguard1: entered promiscuous mode
[   62.385809][ T5252] wireguard1: entered allmulticast mode
[   62.392012][ T5249] EXT4-fs: Ignoring removed bh option
[   62.500225][ T5262] loop5: detected capacity change from 0 to 512
[   62.526704][ T5262] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   62.548965][ T5266] loop0: detected capacity change from 0 to 1024
[   62.556460][ T5266] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   62.566450][ T5266] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   62.577864][ T5266] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   62.590799][ T5266] EXT4-fs error (device loop0): ext4_get_journal_inode:5809: inode #5: comm syz.0.514: unexpected bad inode w/o EXT4_IGET_BAD
[   62.604233][ T5266] EXT4-fs (loop0): no journal found
[   62.609636][ T5266] EXT4-fs (loop0): can't get journal size
[   62.634780][ T5276] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.513: bg 0: block 255: padding at end of block bitmap is not set
[   62.678419][ T5274] FAULT_INJECTION: forcing a failure.
[   62.678419][ T5274] name failslab, interval 1, probability 0, space 0, times 0
[   62.691182][ T5274] CPU: 1 UID: 0 PID: 5274 Comm: syz.4.517 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   62.701847][ T5274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   62.711941][ T5274] Call Trace:
[   62.715229][ T5274]  <TASK>
[   62.718302][ T5274]  dump_stack_lvl+0xf2/0x150
[   62.722953][ T5274]  dump_stack+0x15/0x1a
[   62.727225][ T5274]  should_fail_ex+0x223/0x230
[   62.731951][ T5274]  ? tipc_nametbl_lookup_mcast_sockets+0x387/0x6a0
[   62.738515][ T5274]  should_failslab+0x8f/0xb0
[   62.743143][ T5274]  __kmalloc_cache_noprof+0x4e/0x320
[   62.748465][ T5274]  tipc_nametbl_lookup_mcast_sockets+0x387/0x6a0
[   62.754846][ T5274]  tipc_sk_mcast_rcv+0x370/0x900
[   62.759853][ T5274]  tipc_mcast_xmit+0xb58/0xca0
[   62.764679][ T5274]  ? _raw_spin_unlock_bh+0x36/0x40
[   62.769859][ T5274]  ? lock_sock_nested+0x10f/0x140
[   62.774925][ T5274]  tipc_send_group_bcast+0x5eb/0x6c0
[   62.780270][ T5274]  ? __pfx_woken_wake_function+0x10/0x10
[   62.786045][ T5274]  __tipc_sendmsg+0x1a9/0x1c40
[   62.790934][ T5274]  ? selinux_socket_sendmsg+0x185/0x1c0
[   62.796574][ T5274]  ? _raw_spin_unlock_bh+0x36/0x40
[   62.801779][ T5274]  ? lock_sock_nested+0x10f/0x140
[   62.806833][ T5274]  ? __pfx_tipc_sendmsg+0x10/0x10
[   62.811890][ T5274]  tipc_sendmsg+0x3e/0x60
[   62.816332][ T5274]  __sock_sendmsg+0x140/0x180
[   62.821095][ T5274]  ____sys_sendmsg+0x312/0x410
[   62.825889][ T5274]  __sys_sendmsg+0x19d/0x230
[   62.830579][ T5274]  __x64_sys_sendmsg+0x46/0x50
[   62.835372][ T5274]  x64_sys_call+0x2734/0x2dc0
[   62.840126][ T5274]  do_syscall_64+0xc9/0x1c0
[   62.844826][ T5274]  ? clear_bhb_loop+0x55/0xb0
[   62.849555][ T5274]  ? clear_bhb_loop+0x55/0xb0
[   62.854273][ T5274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.860254][ T5274] RIP: 0033:0x7f663e2bff19
[   62.864756][ T5274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   62.884399][ T5274] RSP: 002b:00007f663c937058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   62.892932][ T5274] RAX: ffffffffffffffda RBX: 00007f663e485fa0 RCX: 00007f663e2bff19
[   62.900992][ T5274] RDX: 0000000000008000 RSI: 0000000020000280 RDI: 0000000000000006
[   62.909037][ T5274] RBP: 00007f663c9370a0 R08: 0000000000000000 R09: 0000000000000000
[   62.917037][ T5274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   62.925038][ T5274] R13: 0000000000000000 R14: 00007f663e485fa0 R15: 00007ffe93566928
[   62.933059][ T5274]  </TASK>
[   65.669870][ T3377] usb 7-1: enqueue for inactive port 0
[   65.675729][ T3377] usb 7-1: enqueue for inactive port 0
[   65.779288][ T3377] vhci_hcd: vhci_device speed not set
[   65.863757][ T5291] loop1: detected capacity change from 0 to 128
[   65.874980][ T5295] loop5: detected capacity change from 0 to 2048
[   65.905392][   T29] kauditd_printk_skb: 464 callbacks suppressed
[   65.905411][   T29] audit: type=1400 audit(1733948939.010:1913): avc:  denied  { getopt } for  pid=5296 comm="syz.3.523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   65.962421][   T29] audit: type=1400 audit(1733948939.010:1914): avc:  denied  { ioctl } for  pid=5293 comm="syz.4.522" path="mnt:[4026532372]" dev="nsfs" ino=4026532372 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   65.987266][   T29] audit: type=1400 audit(1733948939.050:1915): avc:  denied  { append } for  pid=5296 comm="syz.3.523" name="001" dev="devtmpfs" ino=147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   66.010152][   T29] audit: type=1400 audit(1733948939.050:1916): avc:  denied  { execute_no_trans } for  pid=5296 comm="syz.3.523" path="/76/file0" dev="tmpfs" ino=428 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   66.045172][ T5302] loop3: detected capacity change from 0 to 512
[   66.062453][ T5302] EXT4-fs: Ignoring removed orlov option
[   66.064431][ T5306] syz.1.520: attempt to access beyond end of device
[   66.064431][ T5306] loop1: rw=34817, sector=97, nr_sectors = 32 limit=128
[   66.069037][ T5302] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   66.106945][ T5312] loop4: detected capacity change from 0 to 512
[   66.132862][ T5312] EXT4-fs warning (device loop4): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   66.144498][ T5312] EXT4-fs warning (device loop4): dx_probe:881: Enable large directory feature to access it
[   66.154688][ T5312] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.529: Corrupt directory, running e2fsck is recommended
[   66.168621][ T5312] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[   66.176629][ T5302] EXT4-fs (loop3): 1 orphan inode deleted
[   66.177141][ T5312] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.529: corrupted in-inode xattr: invalid ea_ino
[   66.182702][ T5302] EXT4-fs (loop3): 1 truncate cleaned up
[   66.186736][ T5302] FAULT_INJECTION: forcing a failure.
[   66.186736][ T5302] name failslab, interval 1, probability 0, space 0, times 0
[   66.204044][ T5312] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.529: couldn't read orphan inode 15 (err -117)
[   66.214410][ T5302] CPU: 1 UID: 0 PID: 5302 Comm: syz.3.525 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   66.236737][ T5302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   66.246918][ T5302] Call Trace:
[   66.250208][ T5302]  <TASK>
[   66.253202][ T5302]  dump_stack_lvl+0xf2/0x150
[   66.257888][ T5302]  dump_stack+0x15/0x1a
[   66.262068][ T5302]  should_fail_ex+0x223/0x230
[   66.266814][ T5302]  ? nl80211_dump_wiphy_parse+0x4c/0x2e0
[   66.272498][ T5302]  should_failslab+0x8f/0xb0
[   66.277164][ T5302]  __kmalloc_cache_noprof+0x4e/0x320
[   66.282461][ T5302]  nl80211_dump_wiphy_parse+0x4c/0x2e0
[   66.288054][ T5302]  ? nlmon_xmit+0x51/0x60
[   66.292504][ T5302]  nl80211_dump_interface+0xc5/0x490
[   66.297810][ T5302]  ? __kmalloc_node_track_caller_noprof+0x1e4/0x410
[   66.304421][ T5302]  ? __alloc_skb+0x1b5/0x310
[   66.309194][ T5302]  genl_dumpit+0xa4/0x100
[   66.313545][ T5302]  netlink_dump+0x398/0x7e0
[   66.318205][ T5302]  __netlink_dump_start+0x433/0x520
[   66.323483][ T5302]  genl_rcv_msg+0x4e5/0x6c0
[   66.328031][ T5302]  ? __pfx_nl80211_dump_interface+0x10/0x10
[   66.333982][ T5302]  ? __pfx_genl_start+0x10/0x10
[   66.338939][ T5302]  ? __pfx_genl_dumpit+0x10/0x10
[   66.343895][ T5302]  ? __pfx_genl_done+0x10/0x10
[   66.348682][ T5302]  netlink_rcv_skb+0x12c/0x230
[   66.353455][ T5302]  ? __pfx_genl_rcv_msg+0x10/0x10
[   66.358627][ T5302]  genl_rcv+0x28/0x40
[   66.362627][ T5302]  netlink_unicast+0x599/0x670
[   66.367403][ T5302]  netlink_sendmsg+0x5cc/0x6e0
[   66.372229][ T5302]  ? __pfx_netlink_sendmsg+0x10/0x10
[   66.377553][ T5302]  __sock_sendmsg+0x140/0x180
[   66.382505][ T5302]  ____sys_sendmsg+0x312/0x410
[   66.387355][ T5302]  __sys_sendmsg+0x19d/0x230
[   66.392023][ T5302]  __x64_sys_sendmsg+0x46/0x50
[   66.396825][ T5302]  x64_sys_call+0x2734/0x2dc0
[   66.401511][ T5302]  do_syscall_64+0xc9/0x1c0
[   66.406029][ T5302]  ? clear_bhb_loop+0x55/0xb0
[   66.410721][ T5302]  ? clear_bhb_loop+0x55/0xb0
[   66.415437][ T5302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.421423][ T5302] RIP: 0033:0x7fc8d006ff19
[   66.425845][ T5302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.445632][ T5302] RSP: 002b:00007fc8ce6e1058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   66.454056][ T5302] RAX: ffffffffffffffda RBX: 00007fc8d0235fa0 RCX: 00007fc8d006ff19
[   66.462266][ T5302] RDX: 0000000000000040 RSI: 0000000020000240 RDI: 0000000000000005
[   66.470255][ T5302] RBP: 00007fc8ce6e10a0 R08: 0000000000000000 R09: 0000000000000000
[   66.478232][ T5302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.486212][ T5302] R13: 0000000000000000 R14: 00007fc8d0235fa0 R15: 00007fffc0451718
[   66.494269][ T5302]  </TASK>
[   66.522867][   T29] audit: type=1400 audit(1733948939.630:1917): avc:  denied  { write } for  pid=5319 comm="syz.5.532" path="socket:[10026]" dev="sockfs" ino=10026 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   66.548020][   T29] audit: type=1400 audit(1733948939.650:1918): avc:  denied  { write } for  pid=5319 comm="syz.5.532" name="event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   66.559199][    C0] hrtimer: interrupt took 27439 ns
[   66.571254][   T29] audit: type=1400 audit(1733948939.650:1919): avc:  denied  { open } for  pid=5319 comm="syz.5.532" path="/dev/input/event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   66.600423][   T29] audit: type=1400 audit(1733948939.650:1920): avc:  denied  { ioctl } for  pid=5319 comm="syz.5.532" path="/dev/input/event2" dev="devtmpfs" ino=245 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   66.613932][ T5316] SELinux:  policydb version 0 does not match my version range 15-33
[   66.625954][   T29] audit: type=1400 audit(1733948939.710:1921): avc:  denied  { load_policy } for  pid=5315 comm="syz.0.531" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   66.683077][ T5326] loop5: detected capacity change from 0 to 2048
[   66.724563][ T5316] SELinux: failed to load policy
[   66.750429][   T29] audit: type=1400 audit(1733948939.850:1922): avc:  denied  { create } for  pid=5332 comm="syz.4.538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   66.757315][ T5330] lo speed is unknown, defaulting to 1000
[   66.790631][ T5337] loop3: detected capacity change from 0 to 512
[   66.806190][ T5330] lo speed is unknown, defaulting to 1000
[   66.842027][ T5337] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.844587][ T5339] netlink: 32 bytes leftover after parsing attributes in process `syz.5.539'.
[   66.883065][ T5349] FAULT_INJECTION: forcing a failure.
[   66.883065][ T5349] name failslab, interval 1, probability 0, space 0, times 0
[   66.895820][ T5349] CPU: 1 UID: 0 PID: 5349 Comm: syz.0.541 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   66.906510][ T5349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   66.916712][ T5349] Call Trace:
[   66.920014][ T5349]  <TASK>
[   66.923011][ T5349]  dump_stack_lvl+0xf2/0x150
[   66.927728][ T5349]  dump_stack+0x15/0x1a
[   66.931909][ T5349]  should_fail_ex+0x223/0x230
[   66.936640][ T5349]  should_failslab+0x8f/0xb0
[   66.941277][ T5349]  __kmalloc_node_track_caller_noprof+0xa8/0x410
[   66.947633][ T5349]  ? sidtab_sid2str_get+0xb8/0x140
[   66.952776][ T5349]  kmemdup_noprof+0x2a/0x60
[   66.957376][ T5349]  sidtab_sid2str_get+0xb8/0x140
[   66.962389][ T5349]  security_sid_to_context_core+0x1eb/0x2f0
[   66.968354][ T5349]  security_sid_to_context+0x27/0x30
[   66.973747][ T5349]  selinux_lsmprop_to_secctx+0x2c/0x40
[   66.979296][ T5349]  security_lsmprop_to_secctx+0x4a/0x90
[   66.984873][ T5349]  audit_log_task_context+0x93/0x1c0
[   66.990265][ T5349]  audit_log_task+0xf9/0x1c0
[   66.994873][ T5349]  audit_seccomp+0x68/0x130
[   66.999389][ T5349]  __seccomp_filter+0x6fa/0x1180
[   67.004361][ T5349]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   67.010089][ T5349]  ? vfs_write+0x596/0x920
[   67.014526][ T5349]  ? __schedule+0x6fa/0x930
[   67.019068][ T5349]  __secure_computing+0x9f/0x1c0
[   67.024054][ T5349]  syscall_trace_enter+0xd1/0x1f0
[   67.029161][ T5349]  do_syscall_64+0xaa/0x1c0
[   67.033673][ T5349]  ? clear_bhb_loop+0x55/0xb0
[   67.038362][ T5349]  ? clear_bhb_loop+0x55/0xb0
[   67.043050][ T5349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.049108][ T5349] RIP: 0033:0x7fb7c754ff19
[   67.053605][ T5349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.073245][ T5349] RSP: 002b:00007fb7c5bc7058 EFLAGS: 00000246 ORIG_RAX: 0000000000000083
[   67.081751][ T5349] RAX: ffffffffffffffda RBX: 00007fb7c7715fa0 RCX: 00007fb7c754ff19
[   67.089744][ T5349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   67.097725][ T5349] RBP: 00007fb7c5bc70a0 R08: 0000000000000000 R09: 0000000000000000
[   67.105768][ T5349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   67.113892][ T5349] R13: 0000000000000000 R14: 00007fb7c7715fa0 R15: 00007ffce8939228
[   67.121901][ T5349]  </TASK>
[   67.157310][ T5353] futex_wake_op: syz.5.542 tries to shift op by -1; fix this program
[   67.172897][ T5358] loop0: detected capacity change from 0 to 512
[   67.204072][ T5358] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[   67.246679][ T5358] loop0: detected capacity change from 0 to 1024
[   67.254912][ T3514] EXT4-fs unmount: 44 callbacks suppressed
[   67.254930][ T3514] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.285104][ T5358] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.296525][ T5373] loop3: detected capacity change from 0 to 1764
[   67.305253][ T5373] ISOFS: unable to read i-node block
[   67.309887][ T5370] loop1: detected capacity change from 0 to 164
[   67.310671][ T5373] isofs_fill_super: get root inode failed
[   67.340732][ T5374] loop5: detected capacity change from 0 to 2048
[   67.347580][ T5374] ext4: Unknown parameter 'func'
[   67.404184][ T5370] lo speed is unknown, defaulting to 1000
[   67.412793][ T5376] iso9660: Corrupted directory entry in block 4 of inode 1792
[   67.421433][ T5370] lo speed is unknown, defaulting to 1000
[   67.484469][ T5387] loop5: detected capacity change from 0 to 256
[   67.486473][ T3298] iso9660: Corrupted directory entry in block 4 of inode 1792
[   67.506672][ T5387] FAT-fs (loop5): Directory bread(block 64) failed
[   67.512029][ T3298] iso9660: Corrupted directory entry in block 3 of inode 1856
[   67.521488][ T5387] FAT-fs (loop5): Directory bread(block 65) failed
[   67.528848][ T3298] VFS: Lookup of '' in iso9660 loop1 would have caused loop
[   67.533977][ T5387] FAT-fs (loop5): Directory bread(block 66) failed
[   67.536591][ T3298] VFS: Lookup of '' in iso9660 loop1 would have caused loop
[   67.560217][ T5387] FAT-fs (loop5): Directory bread(block 67) failed
[   67.566966][ T5387] FAT-fs (loop5): Directory bread(block 68) failed
[   67.573824][ T5387] FAT-fs (loop5): Directory bread(block 69) failed
[   67.580780][ T5387] FAT-fs (loop5): Directory bread(block 70) failed
[   67.590641][ T5387] FAT-fs (loop5): Directory bread(block 71) failed
[   67.598316][ T5387] FAT-fs (loop5): Directory bread(block 72) failed
[   67.606653][ T5387] FAT-fs (loop5): Directory bread(block 73) failed
[   67.626537][ T5387] syz.5.551: attempt to access beyond end of device
[   67.626537][ T5387] loop5: rw=0, sector=1768, nr_sectors = 4 limit=256
[   67.671601][ T5395] futex_wake_op: syz.5.556 tries to shift op by -1; fix this program
[   67.680570][ T5393] lo speed is unknown, defaulting to 1000
[   67.686832][ T5393] lo speed is unknown, defaulting to 1000
[   67.719158][ T5396] loop3: detected capacity change from 0 to 512
[   67.738561][ T5398] netlink: 'syz.5.557': attribute type 21 has an invalid length.
[   67.746368][ T5398] netlink: 156 bytes leftover after parsing attributes in process `syz.5.557'.
[   67.793134][ T5396] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.814662][ T5396] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.818968][ T5398] lo speed is unknown, defaulting to 1000
[   67.831373][ T5398] lo speed is unknown, defaulting to 1000
[   67.939280][ T3514] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.969644][ T5358] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[   67.970838][ T5398] loop5: detected capacity change from 0 to 128
[   67.984933][ T5358] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 1 with error 28
[   67.991161][ T5398] vfat: Unknown parameter ''
[   68.003232][ T5358] EXT4-fs (loop0): This should not happen!! Data will be lost
[   68.003232][ T5358] 
[   68.017660][ T5358] EXT4-fs (loop0): Total free blocks count 0
[   68.023707][ T5358] EXT4-fs (loop0): Free/Dirty block details
[   68.029663][ T5358] EXT4-fs (loop0): free_blocks=68451041280
[   68.035487][ T5358] EXT4-fs (loop0): dirty_blocks=16
[   68.040731][ T5358] EXT4-fs (loop0): Block reservation details
[   68.046727][ T5358] EXT4-fs (loop0): i_reserved_data_blocks=1
[   68.054424][ T5398] loop5: detected capacity change from 0 to 8192
[   68.128975][ T5415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.137690][ T5419] FAULT_INJECTION: forcing a failure.
[   68.137690][ T5419] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   68.140150][ T5398] syz.5.557: attempt to access beyond end of device
[   68.140150][ T5398] loop5: rw=0, sector=57847, nr_sectors = 1 limit=8192
[   68.150858][ T5419] CPU: 1 UID: 0 PID: 5419 Comm: syz.3.560 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   68.174718][ T5419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   68.176175][ T5415] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.184829][ T5419] Call Trace:
[   68.184843][ T5419]  <TASK>
[   68.184853][ T5419]  dump_stack_lvl+0xf2/0x150
[   68.194050][ T5398] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[   68.195871][ T5419]  dump_stack+0x15/0x1a
[   68.198856][ T5398] FAT-fs (loop5): Filesystem has been set read-only
[   68.203422][ T5419]  should_fail_ex+0x223/0x230
[   68.215462][ T5402] lo speed is unknown, defaulting to 1000
[   68.221939][ T5419]  should_fail+0xb/0x10
[   68.236706][ T5419]  should_fail_usercopy+0x1a/0x20
[   68.241083][ T5402] lo speed is unknown, defaulting to 1000
[   68.241774][ T5419]  strncpy_from_user+0x25/0x210
[   68.247895][ T5398] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[   68.252394][ T5419]  strncpy_from_bpfptr+0x38/0x60
[   68.262925][ T5398] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1)
[   68.265162][ T5419]  bpf_prog_load+0x868/0x1070
[   68.277763][ T5419]  ? __rcu_read_unlock+0x4e/0x70
[   68.282758][ T5419]  __sys_bpf+0x463/0x7a0
[   68.287094][ T5419]  __x64_sys_bpf+0x43/0x50
[   68.291592][ T5419]  x64_sys_call+0x2914/0x2dc0
[   68.296294][ T5419]  do_syscall_64+0xc9/0x1c0
[   68.300889][ T5419]  ? clear_bhb_loop+0x55/0xb0
[   68.305607][ T5419]  ? clear_bhb_loop+0x55/0xb0
[   68.310362][ T5419]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.316453][ T5419] RIP: 0033:0x7fc8d006ff19
[   68.320893][ T5419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.340696][ T5419] RSP: 002b:00007fc8ce6e1058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   68.349152][ T5419] RAX: ffffffffffffffda RBX: 00007fc8d0235fa0 RCX: 00007fc8d006ff19
[   68.357149][ T5419] RDX: 0000000000000080 RSI: 0000000020000180 RDI: 0000000000000005
[   68.365243][ T5419] RBP: 00007fc8ce6e10a0 R08: 0000000000000000 R09: 0000000000000000
[   68.373231][ T5419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.381277][ T5419] R13: 0000000000000000 R14: 00007fc8d0235fa0 R15: 00007fffc0451718
[   68.389311][ T5419]  </TASK>
[   68.396231][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.465196][ T5402] chnl_net:caif_netlink_parms(): no params data found
[   68.492515][ T5433] lo speed is unknown, defaulting to 1000
[   68.512754][ T5433] lo speed is unknown, defaulting to 1000
[   68.552220][ T5438] loop0: detected capacity change from 0 to 1764
[   68.565662][ T5438] ISOFS: unable to read i-node block
[   68.571088][ T5438] isofs_fill_super: get root inode failed
[   68.598110][ T5438] netlink: 'syz.0.562': attribute type 21 has an invalid length.
[   68.606039][ T5438] netlink: 132 bytes leftover after parsing attributes in process `syz.0.562'.
[   68.642554][ T5450] loop0: detected capacity change from 0 to 2048
[   68.651516][ T5402] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.658691][ T5402] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.668784][ T5402] bridge_slave_0: entered allmulticast mode
[   68.675404][ T5402] bridge_slave_0: entered promiscuous mode
[   68.711357][ T5402] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.718679][ T5402] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.729182][ T5455] netlink: 24 bytes leftover after parsing attributes in process `syz.0.570'.
[   68.739290][ T5402] bridge_slave_1: entered allmulticast mode
[   68.746031][ T5402] bridge_slave_1: entered promiscuous mode
[   68.763582][ T5456] netlink: 'syz.3.569': attribute type 16 has an invalid length.
[   68.771466][ T5456] netlink: 'syz.3.569': attribute type 17 has an invalid length.
[   68.796023][ T5402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.797882][ T5460] loop5: detected capacity change from 0 to 1764
[   68.810997][ T5402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.844160][ T5460] ISOFS: unable to read i-node block
[   68.849553][ T5460] isofs_fill_super: get root inode failed
[   68.893099][ T5456] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   68.927486][ T5461] Cannot find set identified by id 0 to match
[   68.936296][ T5463] netlink: 'syz.3.569': attribute type 10 has an invalid length.
[   68.983019][ T5463] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   69.003634][ T5481] loop5: detected capacity change from 0 to 512
[   69.012502][ T5402] team0: Port device team_slave_0 added
[   69.019110][ T5481] EXT4-fs: Ignoring removed orlov option
[   69.019343][ T5402] team0: Port device team_slave_1 added
[   69.033240][ T5481] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   69.053755][ T5402] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.060870][ T5402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.086878][ T5402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.103529][ T5495] SELinux:  Context Ü is not valid (left unmapped).
[   69.108172][ T5481] EXT4-fs (loop5): orphan cleanup on readonly fs
[   69.118022][ T5402] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.125100][ T5402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.126382][ T5495] loop3: detected capacity change from 0 to 2048
[   69.151169][ T5402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.160974][ T5481] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.576: bg 0: block 248: padding at end of block bitmap is not set
[   69.188390][ T5481] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.576: Failed to acquire dquot type 1
[   69.206523][ T5402] hsr_slave_0: entered promiscuous mode
[   69.213101][ T5481] EXT4-fs (loop5): 1 truncate cleaned up
[   69.217577][ T5495] loop3: detected capacity change from 0 to 512
[   69.225875][ T5495] EXT4-fs: Ignoring removed orlov option
[   69.226129][ T5481] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   69.244332][ T5402] hsr_slave_1: entered promiscuous mode
[   69.249625][ T5495] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   69.258578][ T5402] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   69.266289][ T5402] Cannot create hsr debugfs directory
[   69.266533][ T5495] EXT4-fs (loop3): orphan cleanup on readonly fs
[   69.280035][ T5495] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.577: bg 0: block 248: padding at end of block bitmap is not set
[   69.296171][ T5495] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.577: Failed to acquire dquot type 1
[   69.296288][ T4640] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.307972][ T5495] EXT4-fs (loop3): 1 truncate cleaned up
[   69.326196][ T5495] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   69.386887][ T5495] EXT4-fs: Ignoring removed orlov option
[   69.403115][ T5495] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   69.414341][ T5495] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[   69.438350][ T5495] EXT4-fs error (device loop3): __ext4_remount:6749: comm syz.3.577: Abort forced by user
[   69.455680][ T5495] EXT4-fs (loop3): Remounting filesystem read-only
[   69.462342][ T5495] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[   69.474818][ T5402] netdevsim netdevsim6 netdevsim0: renamed from eth0
[   69.487100][ T5402] netdevsim netdevsim6 netdevsim1: renamed from eth1
[   69.496143][ T5402] netdevsim netdevsim6 netdevsim2: renamed from eth2
[   69.504338][ T5495] ext4 filesystem being remounted at /88/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   69.525264][ T5495] xt_hashlimit: max too large, truncated to 1048576
[   69.525677][ T5402] netdevsim netdevsim6 netdevsim3: renamed from eth3
[   69.570321][ T3514] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.593062][ T5523] futex_wake_op: syz.3.581 tries to shift op by -1; fix this program
[   69.602042][ T5521] smc: net device bond0 applied user defined pnetid SYZ0
[   69.620644][ T5521] smc: net device bond0 erased user defined pnetid SYZ0
[   69.635136][ T5402] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.676773][ T5402] 8021q: adding VLAN 0 to HW filter on device team0
[   69.699725][  T333] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.706808][  T333] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.732540][  T333] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.739772][  T333] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.758025][ T5532] netlink: 24 bytes leftover after parsing attributes in process `syz.4.586'.
[   69.773735][ T5535] loop3: detected capacity change from 0 to 128
[   69.821384][ T5402] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   69.821894][ T5535] syz.3.587: attempt to access beyond end of device
[   69.821894][ T5535] loop3: rw=34817, sector=97, nr_sectors = 32 limit=128
[   69.901768][ T5402] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.921680][ T5542] loop5: detected capacity change from 0 to 2048
[   69.967236][ T5552] futex_wake_op: syz.3.592 tries to shift op by -1; fix this program
[   69.990566][ T5555] lo speed is unknown, defaulting to 1000
[   70.014932][ T5550] loop4: detected capacity change from 0 to 2048
[   70.019714][ T5555] lo speed is unknown, defaulting to 1000
[   70.033176][ T5561] loop5: detected capacity change from 0 to 1024
[   70.071545][ T5566] loop0: detected capacity change from 0 to 512
[   70.102923][ T5561] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.153270][ T5566] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.188232][ T5580] FAULT_INJECTION: forcing a failure.
[   70.188232][ T5580] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   70.194104][ T5566] ext4 filesystem being mounted at /128/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.201369][ T5580] CPU: 1 UID: 0 PID: 5580 Comm: syz.3.597 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   70.222439][ T5580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   70.232524][ T5580] Call Trace:
[   70.235896][ T5580]  <TASK>
[   70.238884][ T5580]  dump_stack_lvl+0xf2/0x150
[   70.243536][ T5580]  dump_stack+0x15/0x1a
[   70.247738][ T5580]  should_fail_ex+0x223/0x230
[   70.252505][ T5580]  should_fail+0xb/0x10
[   70.256680][ T5580]  should_fail_usercopy+0x1a/0x20
[   70.261796][ T5580]  _copy_from_user+0x1e/0xb0
[   70.266428][ T5580]  copy_msghdr_from_user+0x54/0x2a0
[   70.271654][ T5580]  ? __fget_files+0x17c/0x1c0
[   70.276469][ T5580]  do_recvmmsg+0x256/0x6d0
[   70.280917][ T5580]  __x64_sys_recvmmsg+0xe2/0x170
[   70.285911][ T5580]  x64_sys_call+0x2a9a/0x2dc0
[   70.290598][ T5580]  do_syscall_64+0xc9/0x1c0
[   70.295109][ T5580]  ? clear_bhb_loop+0x55/0xb0
[   70.299795][ T5580]  ? clear_bhb_loop+0x55/0xb0
[   70.304482][ T5580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.310440][ T5580] RIP: 0033:0x7fc8d006ff19
[   70.314875][ T5580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.334502][ T5580] RSP: 002b:00007fc8ce6e1058 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   70.342927][ T5580] RAX: ffffffffffffffda RBX: 00007fc8d0235fa0 RCX: 00007fc8d006ff19
[   70.350908][ T5580] RDX: 0000000000000001 RSI: 0000000020002cc0 RDI: 0000000000000007
[   70.358997][ T5580] RBP: 00007fc8ce6e10a0 R08: 0000000000000000 R09: 0000000000000000
[   70.367025][ T5580] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[   70.375009][ T5580] R13: 0000000000000000 R14: 00007fc8d0235fa0 R15: 00007fffc0451718
[   70.383002][ T5580]  </TASK>
[   70.393480][ T5555] FAULT_INJECTION: forcing a failure.
[   70.393480][ T5555] name failslab, interval 1, probability 0, space 0, times 0
[   70.406201][ T5555] CPU: 0 UID: 0 PID: 5555 Comm: syz.0.593 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   70.416942][ T5555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   70.427029][ T5555] Call Trace:
[   70.430333][ T5555]  <TASK>
[   70.433283][ T5555]  dump_stack_lvl+0xf2/0x150
[   70.437903][ T5555]  dump_stack+0x15/0x1a
[   70.442344][ T5555]  should_fail_ex+0x223/0x230
[   70.447103][ T5555]  should_failslab+0x8f/0xb0
[   70.451719][ T5555]  __kmalloc_node_noprof+0xad/0x410
[   70.457106][ T5555]  ? __kvmalloc_node_noprof+0x72/0x170
[   70.462673][ T5555]  ? __rcu_read_unlock+0x4e/0x70
[   70.467675][ T5555]  __kvmalloc_node_noprof+0x72/0x170
[   70.472980][ T5555]  xt_alloc_entry_offsets+0x47/0x50
[   70.478224][ T5555]  translate_table+0xa3/0x1040
[   70.483014][ T5555]  ? __memcg_slab_post_alloc_hook+0x510/0x660
[   70.489119][ T5555]  ? _copy_from_user+0x8d/0xb0
[   70.493970][ T5555]  do_ip6t_set_ctl+0x7cc/0x8c0
[   70.498756][ T5555]  ? kstrtouint+0x77/0xc0
[   70.503167][ T5555]  nf_setsockopt+0x195/0x1b0
[   70.507886][ T5555]  ipv6_setsockopt+0x10f/0x130
[   70.512670][ T5555]  tcp_setsockopt+0x93/0xb0
[   70.517240][ T5555]  sock_common_setsockopt+0x64/0x80
[   70.522526][ T5555]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   70.528445][ T5555]  __sys_setsockopt+0x187/0x200
[   70.533373][ T5555]  __x64_sys_setsockopt+0x66/0x80
[   70.538446][ T5555]  x64_sys_call+0x282e/0x2dc0
[   70.543132][ T5555]  do_syscall_64+0xc9/0x1c0
[   70.547715][ T5555]  ? clear_bhb_loop+0x55/0xb0
[   70.552399][ T5555]  ? clear_bhb_loop+0x55/0xb0
[   70.557166][ T5555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   70.563110][ T5555] RIP: 0033:0x7fb7c754ff19
[   70.567540][ T5555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   70.587207][ T5555] RSP: 002b:00007fb7c5bc7058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   70.595627][ T5555] RAX: ffffffffffffffda RBX: 00007fb7c7715fa0 RCX: 00007fb7c754ff19
[   70.603640][ T5555] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000008
[   70.611640][ T5555] RBP: 00007fb7c5bc70a0 R08: 0000000000000458 R09: 0000000000000000
[   70.619616][ T5555] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[   70.627593][ T5555] R13: 0000000000000000 R14: 00007fb7c7715fa0 R15: 00007ffce8939228
[   70.635576][ T5555]  </TASK>
[   70.690139][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.744985][ T5601] loop3: detected capacity change from 0 to 1024
[   70.765994][ T5402] veth0_vlan: entered promiscuous mode
[   70.773467][ T5601] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.788975][ T5586] netlink: 24 bytes leftover after parsing attributes in process `syz.4.598'.
[   70.818416][ T5402] veth1_vlan: entered promiscuous mode
[   70.852706][ T5402] veth0_macvtap: entered promiscuous mode
[   70.857947][ T5613] loop0: detected capacity change from 0 to 1024
[   70.875415][ T5613] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   70.885296][ T5613] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   70.892002][ T5402] veth1_macvtap: entered promiscuous mode
[   70.901202][ T5613] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   70.920322][ T4640] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.930121][ T5613] EXT4-fs error (device loop0): ext4_get_journal_inode:5809: inode #5: comm syz.0.599: unexpected bad inode w/o EXT4_IGET_BAD
[   70.931605][ T3514] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.950980][ T5613] EXT4-fs (loop0): no journal found
[   70.956264][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   70.957348][ T5613] EXT4-fs (loop0): can't get journal size
[   70.967830][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   70.967846][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   70.978468][   T29] kauditd_printk_skb: 68 callbacks suppressed
[   70.978488][   T29] audit: type=1400 audit(1733948944.060:1986): avc:  denied  { ioctl } for  pid=5615 comm="syz.4.603" path="socket:[12504]" dev="sockfs" ino=12504 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   70.983458][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.000949][   T29] audit: type=1400 audit(1733948944.110:1987): avc:  denied  { create } for  pid=5615 comm="syz.4.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   71.024699][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   71.035282][ T5613] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   71.053895][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.053920][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   71.068615][   T29] audit: type=1400 audit(1733948944.180:1988): avc:  denied  { bind } for  pid=5615 comm="syz.4.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   71.076760][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.088555][   T29] audit: type=1400 audit(1733948944.200:1989): avc:  denied  { setopt } for  pid=5615 comm="syz.4.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   71.096939][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   71.156073][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.158466][   T29] audit: type=1326 audit(1733948944.230:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c754ff19 code=0x7ffc0000
[   71.167113][ T5402] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.189187][   T29] audit: type=1326 audit(1733948944.230:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c754ff19 code=0x7ffc0000
[   71.197517][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   71.219680][   T29] audit: type=1326 audit(1733948944.230:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb7c754ff19 code=0x7ffc0000
[   71.230084][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.230098][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   71.253362][   T29] audit: type=1326 audit(1733948944.230:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c754ff19 code=0x7ffc0000
[   71.263165][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.263180][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   71.273601][   T29] audit: type=1326 audit(1733948944.230:1994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c754ff19 code=0x7ffc0000
[   71.297231][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.297250][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   71.297264][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.307082][   T29] audit: type=1326 audit(1733948944.230:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5605 comm="syz.0.599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb7c754ff19 code=0x7ffc0000
[   71.317492][ T5402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   71.317510][ T5402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   71.415748][ T5402] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.429272][ T5402] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.438030][ T5402] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.446804][ T5402] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.455552][ T5402] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.481228][ T5629] loop3: detected capacity change from 0 to 164
[   71.493262][ T5628] futex_wake_op: syz.5.604 tries to shift op by -1; fix this program
[   71.518202][ T5629] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[   71.547768][ T5629] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[   71.576177][ T5629] iso9660: Corrupted directory entry in block 4 of inode 1792
[   71.646005][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.696908][ T5654] loop5: detected capacity change from 0 to 128
[   71.724922][ T5657] netlink: 'syz.0.611': attribute type 21 has an invalid length.
[   71.732742][ T5657] netlink: 156 bytes leftover after parsing attributes in process `syz.0.611'.
[   71.742970][ T5659] loop4: detected capacity change from 0 to 2048
[   71.746307][ T5650] loop6: detected capacity change from 0 to 1764
[   71.764965][ T5654] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   71.785767][ T5654] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   71.802962][ T5650] ISOFS: unable to read i-node block
[   71.808387][ T5650] isofs_fill_super: get root inode failed
[   71.826399][ T5657] lo speed is unknown, defaulting to 1000
[   71.832881][ T5657] lo speed is unknown, defaulting to 1000
[   71.840497][ T5654] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   71.893328][ T5650] netlink: 'syz.6.559': attribute type 21 has an invalid length.
[   71.903690][ T5650] netlink: 132 bytes leftover after parsing attributes in process `syz.6.559'.
[   72.064079][ T5687] futex_wake_op: syz.4.616 tries to shift op by -1; fix this program
[   72.087171][ T5694] FAULT_INJECTION: forcing a failure.
[   72.087171][ T5694] name failslab, interval 1, probability 0, space 0, times 0
[   72.099901][ T5694] CPU: 0 UID: 0 PID: 5694 Comm: +}[@ Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   72.110088][ T5694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   72.120173][ T5694] Call Trace:
[   72.123473][ T5694]  <TASK>
[   72.126422][ T5694]  dump_stack_lvl+0xf2/0x150
[   72.131169][ T5694]  dump_stack+0x15/0x1a
[   72.135364][ T5694]  should_fail_ex+0x223/0x230
[   72.140140][ T5694]  should_failslab+0x8f/0xb0
[   72.144829][ T5694]  __kmalloc_node_noprof+0xad/0x410
[   72.150077][ T5694]  ? qdisc_alloc+0x65/0x450
[   72.154614][ T5694]  qdisc_alloc+0x65/0x450
[   72.159084][ T5694]  qdisc_create+0xe5/0xae0
[   72.163670][ T5694]  ? __nla_parse+0x40/0x60
[   72.168191][ T5694]  tc_modify_qdisc+0x65f/0x1050
[   72.173129][ T5694]  ? ns_capable+0x7d/0xb0
[   72.177497][ T5694]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   72.182922][ T5694]  rtnetlink_rcv_msg+0x6aa/0x710
[   72.187900][ T5694]  ? ref_tracker_free+0x3a5/0x410
[   72.192951][ T5694]  ? __dev_queue_xmit+0x186/0x2090
[   72.198128][ T5694]  netlink_rcv_skb+0x12c/0x230
[   72.203010][ T5694]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   72.208512][ T5694]  rtnetlink_rcv+0x1c/0x30
[   72.212969][ T5694]  netlink_unicast+0x599/0x670
[   72.218076][ T5694]  netlink_sendmsg+0x5cc/0x6e0
[   72.222884][ T5694]  ? __pfx_netlink_sendmsg+0x10/0x10
[   72.228198][ T5694]  __sock_sendmsg+0x140/0x180
[   72.232979][ T5694]  ____sys_sendmsg+0x312/0x410
[   72.237780][ T5694]  __sys_sendmsg+0x19d/0x230
[   72.242453][ T5694]  __x64_sys_sendmsg+0x46/0x50
[   72.247775][ T5694]  x64_sys_call+0x2734/0x2dc0
[   72.252630][ T5694]  do_syscall_64+0xc9/0x1c0
[   72.256616][ T5665] loop0: detected capacity change from 0 to 128
[   72.257158][ T5694]  ? clear_bhb_loop+0x55/0xb0
[   72.268244][ T5694]  ? clear_bhb_loop+0x55/0xb0
[   72.272959][ T5694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.278928][ T5694] RIP: 0033:0x7f0fe859ff19
[   72.283422][ T5694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.284495][ T5704] loop4: detected capacity change from 0 to 2048
[   72.303094][ T5694] RSP: 002b:00007f0fe6c11058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   72.303125][ T5694] RAX: ffffffffffffffda RBX: 00007f0fe8765fa0 RCX: 00007f0fe859ff19
[   72.303141][ T5694] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000006
[   72.303159][ T5694] RBP: 00007f0fe6c110a0 R08: 0000000000000000 R09: 0000000000000000
[   72.309996][ T5665] vfat: Unknown parameter ''
[   72.317921][ T5694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.354733][ T5694] R13: 0000000000000000 R14: 00007f0fe8765fa0 R15: 00007ffefa2a0318
[   72.362726][ T5694]  </TASK>
[   72.389831][ T5711] loop3: detected capacity change from 0 to 128
[   72.396322][ T5711] EXT4-fs: Ignoring removed nobh option
[   72.429068][ T5711] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   72.451953][ T5717] loop6: detected capacity change from 0 to 1024
[   72.471961][ T5657] loop0: detected capacity change from 0 to 8192
[   72.492209][ T5711] ext4 filesystem being mounted at /102/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   72.498782][ T5717] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[   72.512466][ T5717] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[   72.525153][ T5717] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   72.536665][ T5717] EXT4-fs error (device loop6): ext4_get_journal_inode:5809: inode #5: comm syz.6.621: unexpected bad inode w/o EXT4_IGET_BAD
[   72.550372][ T5717] EXT4-fs (loop6): no journal found
[   72.555634][ T5717] EXT4-fs (loop6): can't get journal size
[   72.579390][ T5657] syz.0.611: attempt to access beyond end of device
[   72.579390][ T5657] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[   72.593342][ T5717] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   72.621516][ T5657] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[   72.629584][ T5657] FAT-fs (loop0): Filesystem has been set read-only
[   72.647833][ T5731] loop5: detected capacity change from 0 to 1764
[   72.664125][ T5732] loop4: detected capacity change from 0 to 128
[   72.695640][ T5657] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[   72.698131][ T5711] ebtables: ebtables: counters copy to user failed while replacing table
[   72.705441][ T5731] ISOFS: unable to read i-node block
[   72.717446][ T5731] isofs_fill_super: get root inode failed
[   72.733575][ T5657] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1)
[   72.737142][ T5731] netlink: 'syz.5.628': attribute type 21 has an invalid length.
[   72.749400][ T5731] netlink: 132 bytes leftover after parsing attributes in process `syz.5.628'.
[   72.788738][ T5739] loop5: detected capacity change from 0 to 512
[   72.796471][ T5739] EXT4-fs: Ignoring removed orlov option
[   72.802403][ T5739] EXT4-fs: Ignoring removed oldalloc option
[   72.812627][ T5739] ext4: Bad value for 'stripe'
[   72.863225][ T3514] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   72.874424][ T5402] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.895164][ T5732] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   72.989230][ T5754] FAULT_INJECTION: forcing a failure.
[   72.989230][ T5754] name failslab, interval 1, probability 0, space 0, times 0
[   73.001940][ T5754] CPU: 0 UID: 0 PID: 5754 Comm: syz.6.631 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   73.006330][ T5752] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   73.012602][ T5754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   73.012622][ T5754] Call Trace:
[   73.012630][ T5754]  <TASK>
[   73.012639][ T5754]  dump_stack_lvl+0xf2/0x150
[   73.040632][ T5754]  dump_stack+0x15/0x1a
[   73.044840][ T5754]  should_fail_ex+0x223/0x230
[   73.049606][ T5754]  should_failslab+0x8f/0xb0
[   73.054271][ T5754]  kmem_cache_alloc_noprof+0x52/0x320
[   73.059756][ T5754]  ? dup_fd+0x3a/0x6a0
[   73.063873][ T5754]  dup_fd+0x3a/0x6a0
[   73.067864][ T5754]  ? avc_has_perm+0xd4/0x160
[   73.072543][ T5754]  copy_files+0x98/0xe0
[   73.076776][ T5754]  copy_process+0xcbf/0x1f90
[   73.079908][ T5732] ext4 filesystem being mounted at /145/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   73.081388][ T5754]  kernel_clone+0x167/0x5e0
[   73.095718][ T5732] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   73.096143][ T5754]  ? vfs_write+0x596/0x920
[   73.109524][ T5754]  __x64_sys_clone+0xe8/0x120
[   73.114377][ T5754]  x64_sys_call+0x2d7e/0x2dc0
[   73.119094][ T5754]  do_syscall_64+0xc9/0x1c0
[   73.123655][ T5754]  ? clear_bhb_loop+0x55/0xb0
[   73.128351][ T5754]  ? clear_bhb_loop+0x55/0xb0
[   73.133083][ T5754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.139034][ T5754] RIP: 0033:0x7f84697cff19
[   73.143459][ T5754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.163095][ T5754] RSP: 002b:00007f8467e41008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[   73.171534][ T5754] RAX: ffffffffffffffda RBX: 00007f8469995fa0 RCX: 00007f84697cff19
[   73.179542][ T5754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000c0126080
[   73.187527][ T5754] RBP: 00007f8467e410a0 R08: 0000000000000000 R09: 0000000000000000
[   73.195529][ T5754] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[   73.203512][ T5754] R13: 0000000000000000 R14: 00007f8469995fa0 R15: 00007ffea3ed6078
[   73.211581][ T5754]  </TASK>
[   73.222712][ T5758] wireguard1: entered promiscuous mode
[   73.228301][ T5758] wireguard1: entered allmulticast mode
[   73.231561][ T5762] loop5: detected capacity change from 0 to 1764
[   73.258056][ T5766] futex_wake_op: syz.3.636 tries to shift op by -1; fix this program
[   73.296798][ T5770] loop6: detected capacity change from 0 to 2048
[   73.308656][ T5762] ISOFS: unable to read i-node block
[   73.314024][ T5762] isofs_fill_super: get root inode failed
[   73.357915][ T5774] loop5: detected capacity change from 0 to 2048
[   73.408775][ T5774] loop5: detected capacity change from 0 to 512
[   73.430468][ T5774] xt_hashlimit: max too large, truncated to 1048576
[   73.474750][ T5786] netlink: 72 bytes leftover after parsing attributes in process `syz.4.642'.
[   73.492790][ T5788] loop6: detected capacity change from 0 to 128
[   73.511028][ T5788] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   73.525567][ T5788] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   73.536984][ T5797] netlink: 60 bytes leftover after parsing attributes in process `syz.4.642'.
[   73.546326][ T5786] netlink: 60 bytes leftover after parsing attributes in process `syz.4.642'.
[   73.557930][ T5788] EXT4-fs (loop6): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 ro. Quota mode: none.
[   73.569909][ T5786] netlink: 96 bytes leftover after parsing attributes in process `syz.4.642'.
[   73.587168][ T5788] lo speed is unknown, defaulting to 1000
[   73.593509][ T5788] lo speed is unknown, defaulting to 1000
[   73.704452][ T5811] loop4: detected capacity change from 0 to 1764
[   73.712194][ T5811] ISOFS: unable to read i-node block
[   73.717585][ T5811] isofs_fill_super: get root inode failed
[   73.820361][ T5402] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   73.963674][ T5830] loop6: detected capacity change from 0 to 1764
[   73.970918][ T5830] ISOFS: unable to read i-node block
[   73.976367][ T5830] isofs_fill_super: get root inode failed
[   73.985854][ T5830] netlink: 'syz.6.656': attribute type 21 has an invalid length.
[   73.993882][ T5830] netlink: 132 bytes leftover after parsing attributes in process `syz.6.656'.
[   74.030259][ T5834] sctp: [Deprecated]: syz.4.651 (pid 5834) Use of int in maxseg socket option.
[   74.030259][ T5834] Use struct sctp_assoc_value instead
[   74.061327][ T5838] FAULT_INJECTION: forcing a failure.
[   74.061327][ T5838] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   74.074523][ T5838] CPU: 0 UID: 0 PID: 5838 Comm: syz.6.659 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   74.085132][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   74.095223][ T5838] Call Trace:
[   74.098523][ T5838]  <TASK>
[   74.101461][ T5838]  dump_stack_lvl+0xf2/0x150
[   74.106081][ T5838]  dump_stack+0x15/0x1a
[   74.110269][ T5838]  should_fail_ex+0x223/0x230
[   74.115008][ T5838]  should_fail+0xb/0x10
[   74.119226][ T5838]  should_fail_usercopy+0x1a/0x20
[   74.124302][ T5838]  copy_page_from_iter_atomic+0x228/0xf80
[   74.130108][ T5838]  ? shmem_write_begin+0xa2/0x180
[   74.135145][ T5838]  ? shmem_write_begin+0xda/0x180
[   74.140202][ T5838]  generic_perform_write+0x2f1/0x4a0
[   74.145516][ T5838]  shmem_file_write_iter+0xc2/0xe0
[   74.150685][ T5838]  do_iter_readv_writev+0x394/0x450
[   74.155959][ T5838]  vfs_writev+0x2d4/0x880
[   74.160316][ T5838]  ? proc_fail_nth_write+0x12a/0x150
[   74.165689][ T5838]  __se_sys_pwritev2+0x100/0x1c0
[   74.170642][ T5838]  __x64_sys_pwritev2+0x78/0x90
[   74.175519][ T5838]  x64_sys_call+0x2afe/0x2dc0
[   74.180318][ T5838]  do_syscall_64+0xc9/0x1c0
[   74.184841][ T5838]  ? clear_bhb_loop+0x55/0xb0
[   74.189522][ T5838]  ? clear_bhb_loop+0x55/0xb0
[   74.194367][ T5838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.200377][ T5838] RIP: 0033:0x7f84697cff19
[   74.204903][ T5838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.224710][ T5838] RSP: 002b:00007f8467e41058 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   74.233147][ T5838] RAX: ffffffffffffffda RBX: 00007f8469995fa0 RCX: 00007f84697cff19
[   74.241118][ T5838] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000003
[   74.249094][ T5838] RBP: 00007f8467e410a0 R08: 0000000000000000 R09: 0000000000000003
[   74.257071][ T5838] R10: 0000000000001200 R11: 0000000000000246 R12: 0000000000000001
[   74.265122][ T5838] R13: 0000000000000000 R14: 00007f8469995fa0 R15: 00007ffea3ed6078
[   74.273106][ T5838]  </TASK>
[   74.305396][ T5841] loop6: detected capacity change from 0 to 512
[   74.315223][ T5841] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[   74.326720][ T5841] EXT4-fs (loop6): 1 truncate cleaned up
[   74.332809][ T5841] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.350961][ T5841] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.395257][ T5848] loop4: detected capacity change from 0 to 164
[   74.422710][ T5848] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[   74.438347][ T5848] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[   74.447436][ T5848] iso9660: Corrupted directory entry in block 4 of inode 1792
[   74.477969][ T5850] netlink: 'syz.5.663': attribute type 1 has an invalid length.
[   74.495884][ T5850] 8021q: adding VLAN 0 to HW filter on device bond1
[   74.507761][ T5855] wireguard0: entered promiscuous mode
[   74.513357][ T5855] wireguard0: entered allmulticast mode
[   74.743411][ T5866] FAULT_INJECTION: forcing a failure.
[   74.743411][ T5866] name failslab, interval 1, probability 0, space 0, times 0
[   74.756130][ T5866] CPU: 0 UID: 0 PID: 5866 Comm: syz.0.667 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   74.766798][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   74.776915][ T5866] Call Trace:
[   74.780240][ T5866]  <TASK>
[   74.783240][ T5866]  dump_stack_lvl+0xf2/0x150
[   74.788120][ T5866]  dump_stack+0x15/0x1a
[   74.792389][ T5866]  should_fail_ex+0x223/0x230
[   74.797111][ T5866]  ? call_usermodehelper_setup+0x72/0x190
[   74.802940][ T5866]  should_failslab+0x8f/0xb0
[   74.807663][ T5866]  __kmalloc_cache_noprof+0x4e/0x320
[   74.812988][ T5866]  call_usermodehelper_setup+0x72/0x190
[   74.818574][ T5866]  ? __pfx_free_modprobe_argv+0x10/0x10
[   74.824170][ T5866]  __request_module+0x25a/0x3e0
[   74.829106][ T5866]  ? strcmp+0x21/0x50
[   74.833120][ T5866]  ? crypto_alg_mod_lookup+0x87/0x530
[   74.838586][ T5866]  crypto_alg_mod_lookup+0xa5/0x530
[   74.843875][ T5866]  crypto_find_alg+0x62/0x70
[   74.848609][ T5866]  crypto_type_has_alg+0x2c/0x60
[   74.853681][ T5866]  crypto_has_ahash+0x29/0x40
[   74.853911][ T5872] loop3: detected capacity change from 0 to 2048
[   74.858425][ T5866]  xfrm_aalg_get_byid+0x247/0x2a0
[   74.858467][ T5866]  pfkey_add+0x7ac/0x1300
[   74.858501][ T5866]  pfkey_sendmsg+0x6f9/0x970
[   74.858544][ T5866]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   74.858567][ T5866]  __sock_sendmsg+0x140/0x180
[   74.888715][ T5866]  ____sys_sendmsg+0x312/0x410
[   74.893555][ T5866]  __sys_sendmsg+0x19d/0x230
[   74.898231][ T5866]  __x64_sys_sendmsg+0x46/0x50
[   74.903077][ T5866]  x64_sys_call+0x2734/0x2dc0
[   74.907772][ T5866]  do_syscall_64+0xc9/0x1c0
[   74.912331][ T5866]  ? clear_bhb_loop+0x55/0xb0
[   74.917116][ T5866]  ? clear_bhb_loop+0x55/0xb0
[   74.921811][ T5866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.927832][ T5866] RIP: 0033:0x7fb7c754ff19
[   74.932268][ T5866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.952074][ T5866] RSP: 002b:00007fb7c5bc7058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   74.960514][ T5866] RAX: ffffffffffffffda RBX: 00007fb7c7715fa0 RCX: 00007fb7c754ff19
[   74.968627][ T5866] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000005
[   74.976616][ T5866] RBP: 00007fb7c5bc70a0 R08: 0000000000000000 R09: 0000000000000000
[   74.984600][ T5866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.992577][ T5866] R13: 0000000000000000 R14: 00007fb7c7715fa0 R15: 00007ffce8939228
[   75.000564][ T5866]  </TASK>
[   75.029572][ T5872] loop3: detected capacity change from 0 to 512
[   75.058322][ T5872] xt_hashlimit: max too large, truncated to 1048576
[   75.191617][ T5895] loop5: detected capacity change from 0 to 2048
[   75.245663][ T5900] loop3: detected capacity change from 0 to 512
[   75.281064][ T5900] EXT4-fs (loop3): too many log groups per flexible block group
[   75.288890][ T5900] EXT4-fs (loop3): failed to initialize mballoc (-12)
[   75.298372][ T5900] EXT4-fs (loop3): mount failed
[   75.311712][ T5907] loop5: detected capacity change from 0 to 164
[   75.325166][ T5904] pim6reg1: entered promiscuous mode
[   75.330553][ T5904] pim6reg1: entered allmulticast mode
[   75.338304][ T5907] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[   75.367352][ T5913] netlink: 108 bytes leftover after parsing attributes in process `syz.4.683'.
[   75.386861][ T5913] netlink: 108 bytes leftover after parsing attributes in process `syz.4.683'.
[   75.394070][ T5907] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[   75.396036][ T5913] netlink: 84 bytes leftover after parsing attributes in process `syz.4.683'.
[   75.405936][ T5907] iso9660: Corrupted directory entry in block 4 of inode 1792
[   75.454159][ T5913] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   75.610282][ T5937] hsr_slave_1 (unregistering): left promiscuous mode
[   75.625454][ T5941] loop5: detected capacity change from 0 to 1024
[   75.641655][ T5941] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.828273][ T5963] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   75.835852][ T5963] batman_adv: batadv0: Removing interface: batadv_slave_0
[   75.876584][ T5963] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   75.884117][ T5963] batman_adv: batadv0: Removing interface: batadv_slave_1
[   75.920040][ T5964] FAULT_INJECTION: forcing a failure.
[   75.920040][ T5964] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   75.933254][ T5964] CPU: 1 UID: 0 PID: 5964 Comm: syz.0.701 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   75.943882][ T5964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   75.953980][ T5964] Call Trace:
[   75.957287][ T5964]  <TASK>
[   75.960270][ T5964]  dump_stack_lvl+0xf2/0x150
[   75.964032][ T5985] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[   75.964916][ T5964]  dump_stack+0x15/0x1a
[   75.964963][ T5964]  should_fail_ex+0x223/0x230
[   75.983121][ T5985] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 16384 with max blocks 1 with error 28
[   75.983842][ T5964]  should_fail+0xb/0x10
[   75.988589][ T5985] EXT4-fs (loop5): This should not happen!! Data will be lost
[   75.988589][ T5985] 
[   76.000985][ T5964]  should_fail_usercopy+0x1a/0x20
[   76.001026][ T5964]  _copy_from_user+0x1e/0xb0
[   76.001128][ T5964]  kstrtouint_from_user+0x76/0xe0
[   76.001155][ T5964]  ? 0xffffffff81000000
[   76.001173][ T5964]  ? selinux_file_permission+0x22a/0x360
[   76.005316][ T5985] EXT4-fs (loop5): Total free blocks count 0
[   76.005334][ T5985] EXT4-fs (loop5): Free/Dirty block details
[   76.005346][ T5985] EXT4-fs (loop5): free_blocks=68451041280
[   76.005359][ T5985] EXT4-fs (loop5): dirty_blocks=16
[   76.005371][ T5985] EXT4-fs (loop5): Block reservation details
[   76.005382][ T5985] EXT4-fs (loop5): i_reserved_data_blocks=1
[   76.015003][ T5964]  proc_fail_nth_write+0x4f/0x150
[   76.015123][ T5964]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   76.015161][ T5964]  vfs_write+0x281/0x920
[   76.089308][ T5964]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   76.094942][ T5964]  ? __fget_files+0x17c/0x1c0
[   76.099658][ T5964]  ksys_write+0xe8/0x1b0
[   76.103919][ T5964]  __x64_sys_write+0x42/0x50
[   76.108526][ T5964]  x64_sys_call+0x287e/0x2dc0
[   76.113243][ T5964]  do_syscall_64+0xc9/0x1c0
[   76.117800][ T5964]  ? clear_bhb_loop+0x55/0xb0
[   76.122487][ T5964]  ? clear_bhb_loop+0x55/0xb0
[   76.127175][ T5964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.133133][ T5964] RIP: 0033:0x7fb7c754e9cf
[   76.137557][ T5964] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   76.157247][ T5964] RSP: 002b:00007fb7c5bc7050 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   76.165780][ T5964] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb7c754e9cf
[   76.173758][ T5964] RDX: 0000000000000001 RSI: 00007fb7c5bc70b0 RDI: 0000000000000005
[   76.181749][ T5964] RBP: 00007fb7c5bc70a0 R08: 0000000000000000 R09: 0000000000000000
[   76.189727][ T5964] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[   76.197709][ T5964] R13: 0000000000000000 R14: 00007fb7c7715fa0 R15: 00007ffce8939228
[   76.205693][ T5964]  </TASK>
[   76.265602][ T5993] loop0: detected capacity change from 0 to 2048
[   76.450362][ T6015] loop6: detected capacity change from 0 to 256
[   76.500139][   T29] kauditd_printk_skb: 115 callbacks suppressed
[   76.500158][   T29] audit: type=1400 audit(1733948949.590:2111): avc:  denied  { ioctl } for  pid=6014 comm="syz.6.711" path="socket:[12238]" dev="sockfs" ino=12238 ioctlcmd=0x48d2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   76.556878][ T4640] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.608254][   T29] audit: type=1326 audit(1733948949.710:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6028 comm="syz.5.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fe859ff19 code=0x7ffc0000
[   76.634941][ T6029] FAULT_INJECTION: forcing a failure.
[   76.634941][ T6029] name failslab, interval 1, probability 0, space 0, times 0
[   76.647764][ T6029] CPU: 0 UID: 0 PID: 6029 Comm: syz.5.716 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   76.658393][ T6029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   76.668496][ T6029] Call Trace:
[   76.671876][ T6029]  <TASK>
[   76.674837][ T6029]  dump_stack_lvl+0xf2/0x150
[   76.679481][ T6029]  dump_stack+0x15/0x1a
[   76.683682][ T6029]  should_fail_ex+0x223/0x230
[   76.688489][ T6029]  should_failslab+0x8f/0xb0
[   76.693149][ T6029]  __kmalloc_node_track_caller_noprof+0xa8/0x410
[   76.698649][   T29] audit: type=1326 audit(1733948949.740:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6028 comm="syz.5.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0fe859ff19 code=0x7ffc0000
[   76.699574][ T6029]  ? sidtab_sid2str_get+0xb8/0x140
[   76.722887][   T29] audit: type=1326 audit(1733948949.740:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6028 comm="syz.5.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0fe859e880 code=0x7ffc0000
[   76.727938][ T6029]  kmemdup_noprof+0x2a/0x60
[   76.751214][   T29] audit: type=1326 audit(1733948949.740:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6028 comm="syz.5.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0fe859e9cf code=0x7ffc0000
[   76.755672][ T6029]  sidtab_sid2str_get+0xb8/0x140
[   76.778798][   T29] audit: type=1326 audit(1733948949.740:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6028 comm="syz.5.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f0fe859ff19 code=0x7ffc0000
[   76.783700][ T6029]  security_sid_to_context_core+0x1eb/0x2f0
[   76.806957][   T29] audit: type=1326 audit(1733948949.760:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6022 comm="syz.0.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7c754ff19 code=0x7fc00000
[   76.812822][ T6029]  security_sid_to_context+0x27/0x30
[   76.812870][ T6029]  selinux_lsmprop_to_secctx+0x2c/0x40
[   76.812900][ T6029]  security_lsmprop_to_secctx+0x4a/0x90
[   76.812942][ T6029]  audit_log_task_context+0x93/0x1c0
[   76.812984][ T6029]  audit_log_task+0xf9/0x1c0
[   76.813017][ T6029]  audit_seccomp+0x68/0x130
[   76.813116][ T6029]  __seccomp_filter+0x6fa/0x1180
[   76.813156][ T6029]  ? __alloc_pages_noprof+0x194/0x340
[   76.813206][ T6029]  ? __rcu_read_unlock+0x4e/0x70
[   76.813241][ T6029]  ? __mod_node_page_state+0x1c/0x80
[   76.813271][ T6029]  __secure_computing+0x9f/0x1c0
[   76.813346][ T6029]  syscall_trace_enter+0xd1/0x1f0
[   76.836770][   T29] audit: type=1400 audit(1733948949.760:2119): avc:  denied  { read } for  pid=6022 comm="syz.0.715" path="socket:[12273]" dev="sockfs" ino=12273 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   76.841917][ T6029]  ? fpregs_assert_state_consistent+0x83/0xa0
[   76.847374][   T29] audit: type=1326 audit(1733948949.760:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6022 comm="syz.0.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fb7c754ff19 code=0x7fc00000
[   76.852905][ T6029]  do_syscall_64+0xaa/0x1c0
[   76.890298][ T6026] loop4: detected capacity change from 0 to 2048
[   76.892828][ T6029]  ? clear_bhb_loop+0x55/0xb0
[   76.892856][ T6029]  ? clear_bhb_loop+0x55/0xb0
[   76.892876][ T6029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.919385][ T6035] tipc: Started in network mode
[   76.920910][ T6029] RIP: 0033:0x7f0fe859e92c
[   76.920937][ T6029] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   76.927007][ T6035] tipc: Node identity 4, cluster identity 4711
[   76.950252][ T6029] RSP: 002b:00007f0fe6c11050 EFLAGS: 00000246
[   76.954786][ T6035] tipc: Node number set to 4
[   76.961098][ T6029]  ORIG_RAX: 0000000000000000
[   76.961111][ T6029] RAX: ffffffffffffffda RBX: 00007f0fe8765fa0 RCX: 00007f0fe859e92c
[   76.961128][ T6029] RDX: 000000000000000f RSI: 00007f0fe6c110b0 RDI: 0000000000000003
[   76.967874][ T6036] loop0: detected capacity change from 0 to 1024
[   76.970454][ T6029] RBP: 00007f0fe6c110a0 R08: 0000000000000000 R09: 0000000000000000
[   76.998380][ T6026] loop4: detected capacity change from 0 to 512
[   77.005291][ T6029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   77.005313][ T6029] R13: 0000000000000000 R14: 00007f0fe8765fa0 R15: 00007ffefa2a0318
[   77.005339][ T6029]  </TASK>
[   77.036833][ T6026] EXT4-fs: Ignoring removed orlov option
[   77.042944][ T6029] audit: error in audit_log_task_context
[   77.064750][ T6036] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   77.107177][ T6026] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   77.156121][ T6042] loop6: detected capacity change from 0 to 512
[   77.156514][ T6032] can: request_module (can-proto-0) failed.
[   77.174637][ T6044] netlink: 'syz.5.722': attribute type 1 has an invalid length.
[   77.182398][ T6044] __nla_validate_parse: 4 callbacks suppressed
[   77.182415][ T6044] netlink: 224 bytes leftover after parsing attributes in process `syz.5.722'.
[   77.207836][ T6036] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   77.219554][ T6036] EXT4-fs (loop0): orphan cleanup on readonly fs
[   77.224445][ T6026] EXT4-fs (loop4): orphan cleanup on readonly fs
[   77.233807][ T6036] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5837: Corrupt filesystem
[   77.233887][ T6042] EXT4-fs (loop6): revision level too high, forcing read-only mode
[   77.252778][ T6036] EXT4-fs (loop0): Remounting filesystem read-only
[   77.264688][ T6026] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.718: bg 0: block 248: padding at end of block bitmap is not set
[   77.268636][ T6036] EXT4-fs (loop0): 1 orphan inode deleted
[   77.285126][ T6052] FAULT_INJECTION: forcing a failure.
[   77.285126][ T6052] name failslab, interval 1, probability 0, space 0, times 0
[   77.285155][ T6052] CPU: 0 UID: 0 PID: 6052 Comm: syz.3.724 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   77.308434][ T6052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   77.318519][ T6052] Call Trace:
[   77.321823][ T6052]  <TASK>
[   77.324772][ T6052]  dump_stack_lvl+0xf2/0x150
[   77.329406][ T6052]  dump_stack+0x15/0x1a
[   77.333676][ T6052]  should_fail_ex+0x223/0x230
[   77.338494][ T6052]  should_failslab+0x8f/0xb0
[   77.343139][ T6052]  kmem_cache_alloc_noprof+0x52/0x320
[   77.348549][ T6052]  ? audit_log_start+0x34c/0x6b0
[   77.353530][ T6052]  audit_log_start+0x34c/0x6b0
[   77.358341][ T6052]  audit_seccomp+0x4b/0x130
[   77.362883][ T6052]  __seccomp_filter+0x6fa/0x1180
[   77.367932][ T6052]  __secure_computing+0x9f/0x1c0
[   77.372968][ T6052]  syscall_trace_enter+0xd1/0x1f0
[   77.378109][ T6052]  ? fpregs_assert_state_consistent+0x83/0xa0
[   77.378977][ T6042] EXT4-fs (loop6): orphan cleanup on readonly fs
[   77.384210][ T6052]  do_syscall_64+0xaa/0x1c0
[   77.384238][ T6052]  ? clear_bhb_loop+0x55/0xb0
[   77.384263][ T6052]  ? clear_bhb_loop+0x55/0xb0
[   77.391453][ T6042] EXT4-fs warning (device loop6): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   77.395092][ T6052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.407920][ T6026] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.718: Failed to acquire dquot type 1
[   77.419011][ T6052] RIP: 0033:0x7fc8d006e92c
[   77.419040][ T6052] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   77.419063][ T6052] RSP: 002b:00007fc8ce6e1050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   77.419086][ T6052] RAX: ffffffffffffffda RBX: 00007fc8d0235fa0 RCX: 00007fc8d006e92c
[   77.419121][ T6052] RDX: 000000000000000f RSI: 00007fc8ce6e10b0 RDI: 0000000000000007
[   77.439682][ T6036] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   77.440566][ T6052] RBP: 00007fc8ce6e10a0 R08: 0000000000000000 R09: 0000000000000000
[   77.440583][ T6052] R10: 0000000040012020 R11: 0000000000000246 R12: 0000000000000001
[   77.460550][ T6036] SELinux: (dev loop0, type ext4) getxattr errno 5
[   77.468770][ T6052] R13: 0000000000000000 R14: 00007fc8d0235fa0 R15: 00007fffc0451718
[   77.468800][ T6052]  </TASK>
[   77.477024][ T6026] EXT4-fs (loop4): 1 truncate cleaned up
[   77.490254][ T6036] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.546423][ T6026] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   77.569926][ T6056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   77.594516][ T6056] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   77.602526][ T6042] EXT4-fs (loop6): Cannot turn on quotas: error -117
[   77.612800][ T6026] EXT4-fs: Ignoring removed orlov option
[   77.625263][ T6042] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.721: bg 0: block 40: padding at end of block bitmap is not set
[   77.628634][ T6026] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   77.654558][ T6042] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   77.664383][ T6026] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[   77.675660][ T6056] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   77.689006][ T6059] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   77.708663][ T6042] EXT4-fs (loop6): 1 truncate cleaned up
[   77.717001][ T6042] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   77.749759][ T6026] EXT4-fs error (device loop4): __ext4_remount:6749: comm syz.4.718: Abort forced by user
[   77.761833][ T6068] loop5: detected capacity change from 0 to 512
[   77.769005][ T6068] EXT4-fs (loop5): Invalid log block size: 20
[   77.777427][ T6042] dccp_close: ABORT with 26 bytes unread
[   77.792768][ T6026] EXT4-fs (loop4): Remounting filesystem read-only
[   77.799445][ T6026] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[   77.814540][ T6026] ext4 filesystem being remounted at /160/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   77.852335][ T5402] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.901072][ T6072] loop0: detected capacity change from 0 to 1764
[   77.918655][ T6072] ISOFS: unable to read i-node block
[   77.924084][ T6072] isofs_fill_super: get root inode failed
[   77.948341][ T6072] netlink: 'syz.0.731': attribute type 21 has an invalid length.
[   77.963260][ T6072] netlink: 132 bytes leftover after parsing attributes in process `syz.0.731'.
[   77.977246][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.006204][ T6078] netlink: 24 bytes leftover after parsing attributes in process `syz.6.735'.
[   78.037169][ T6081] loop0: detected capacity change from 0 to 1764
[   78.067314][ T6081] ISOFS: unable to read i-node block
[   78.067831][ T6085] ebt_among: dst integrity fail: 101
[   78.072689][ T6081] isofs_fill_super: get root inode failed
[   78.106304][ T6088] loop6: detected capacity change from 0 to 512
[   78.123748][ T6088] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.136557][ T6088] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   78.139772][ T6092] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   78.162603][ T6088] EXT4-fs error (device loop6): ext4_ext_check_inode:524: inode #12: comm syz.6.739: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[   78.180928][ T6088] EXT4-fs error (device loop6): ext4_ext_check_inode:524: inode #12: comm syz.6.739: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[   78.204463][ T6088] ==================================================================
[   78.212599][ T6088] BUG: KCSAN: data-race in call_rcu / mtree_range_walk
[   78.219463][ T6088] 
[   78.221778][ T6088] write to 0xffff888108b68810 of 8 bytes by task 6087 on cpu 0:
[   78.229415][ T6088]  call_rcu+0x3b/0x430
[   78.233493][ T6088]  mas_wmb_replace+0xcc0/0x14d0
[   78.238364][ T6088]  mas_wr_store_entry+0x1681/0x2d10
[   78.243602][ T6088]  mas_store_prealloc+0x6bf/0x960
[   78.248672][ T6088]  __mmap_region+0xdca/0x13f0
[   78.253368][ T6088]  mmap_region+0x164/0x1e0
[   78.257813][ T6088]  do_mmap+0x718/0xb60
[   78.261982][ T6088]  vm_mmap_pgoff+0x133/0x290
[   78.266584][ T6088]  ksys_mmap_pgoff+0xd0/0x330
[   78.271284][ T6088]  x64_sys_call+0x1940/0x2dc0
[   78.275962][ T6088]  do_syscall_64+0xc9/0x1c0
[   78.280465][ T6088]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.286454][ T6088] 
[   78.288804][ T6088] read to 0xffff888108b68810 of 8 bytes by task 6088 on cpu 1:
[   78.296360][ T6088]  mtree_range_walk+0x1b4/0x460
[   78.301224][ T6088]  mas_walk+0x16e/0x320
[   78.305388][ T6088]  lock_vma_under_rcu+0x95/0x260
[   78.310328][ T6088]  exc_page_fault+0x150/0x650
[   78.315012][ T6088]  asm_exc_page_fault+0x26/0x30
[   78.319896][ T6088] 
[   78.322215][ T6088] value changed: 0x00007f8469249fff -> 0xffffffff852d99d0
[   78.329323][ T6088] 
[   78.331675][ T6088] Reported by Kernel Concurrency Sanitizer on:
[   78.337837][ T6088] CPU: 1 UID: 0 PID: 6088 Comm: syz.6.739 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[   78.348426][ T6088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   78.358505][ T6088] ==================================================================
[   78.383950][ T5402] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.385264][ T6097] loop4: detected capacity change from 0 to 4096
[   78.399724][ T6097] EXT4-fs: Ignoring removed nobh option
[   78.407897][ T6097] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.421836][ T6097] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.737: Failed to acquire dquot type 1
[   78.500478][ T3297] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz-executor: Failed to acquire dquot type 1
[   78.522692][ T3297] bond0: (slave syz_tun): Releasing backup interface
[   78.569945][ T3297] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.581683][   T50] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.631302][   T50] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.691042][   T50] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.753064][   T50] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.838741][   T50] bridge_slave_1: left allmulticast mode
[   78.844517][   T50] bridge_slave_1: left promiscuous mode
[   78.850357][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.860589][   T50] bridge_slave_0: left allmulticast mode
[   78.866278][   T50] bridge_slave_0: left promiscuous mode
[   78.872093][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.970694][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   78.981683][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   78.992965][   T50] bond0 (unregistering): (slave macvlan1): Releasing backup interface
[   79.001570][   T50] veth1_vlan: left allmulticast mode
[   79.008121][   T50] bond0 (unregistering): Released all slaves
[   79.018858][   T50] bond1 (unregistering): (slave veth3): Releasing active interface
[   79.027932][   T50] bond1 (unregistering): Released all slaves
[   79.079349][   T50] hsr_slave_0: left promiscuous mode
[   79.090647][   T50] hsr_slave_1: left promiscuous mode
[   79.117606][   T50] veth1_macvtap: left promiscuous mode
[   79.123175][   T50] veth0_macvtap: left promiscuous mode
[   79.128738][   T50] veth1_vlan: left promiscuous mode
[   79.133995][   T50] veth0_vlan: left promiscuous mode
[   79.236218][   T50] team0 (unregistering): Port device team_slave_1 removed
[   79.248190][   T50] team0 (unregistering): Port device team_slave_0 removed
[   79.289191][    T9] lo speed is unknown, defaulting to 1000