last executing test programs:

2.457800423s ago: executing program 4 (id=357):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
connect(r0, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x1, 0x4, 0x1, 0x1, {0xa, 0x4e21, 0x16, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}}}, 0x80)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000800), r2)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r2, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x24, r3, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}}, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000004c0)={'wpan3\x00'})
sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f00000003c0), 0xc, &(0x7f0000000b80)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x804)
connect$inet(r4, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x10)
sendmmsg$inet(r4, &(0x7f00000045c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000280)="6464aa4712f30d62562fb844e3e5afdc3fc4bed00df46db22c92377032d4ce282f0e96eac5f0d43d784d8033cc09e3f5a6eec686581e8302aa830d4d068b6c3e54a7f32cfe4a3cc0d1652a7599a456a88d402e416bd481fcbd6afa0298e393755c1c280f48ce366aa6a402cdfce819db38fcdf6b5be9df0d417b50c1d8c5794e", 0x80}, {&(0x7f0000000300)="df", 0xfffffe61}], 0x2}}], 0x1, 0x40400c0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0x6, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000340), 0x1, 0x58c, &(0x7f00000005c0)="$eJzs3T1sG2UfAPD/neO3X3mbvtL7Si+oQwVIRarqJP2AwtSuiEqVOiCxlMhxoyhOHMUONFGGdK8QHRCgLmWDgRHEwIBYkFhYWUDMSBWNQGo6gJG/0jaxg1OaOI1/P+nse+45+/88d/4/9p3u5AD61rHaQxrxTERcSiKGHqobiGblscZ6qytL+fsrS/kkqtXLvyaRRMS9laV8a/2k+XwoIpYj4v8R8U024kS6MW55YXFqrFgszDXLw5Xp2eHywuLJyemxicJEYeb0y6+cPXfm7Oip0c6Nz26trzd+uvnuje9fu33z08+OLuffH0vifAw26x7ux5PU2CbZOL9u+ZntCNZDSa8bwGPJNPO8lkr/i6HINLO+nerQjjYN2GbVfRHVrUiWt7Q6sJslW8t/YM9o/Q6oHf+2pp38/XHnQuMApBZ3tTk1agYa5yZif/3Y5OBvySNHJrXjzSM72VD2pOXrETEyMLDx8580P3+Pb+RJNJBt9fWFxo7auP/TtfEn2ow/g61zp/9Qa/xb3TD+PYif6TD+Xeoyxh9v/vxRx/jXI55tGz9Zi5+0iZ9GxFtdxr/1xpfnOtVVP444Hu3jtySbnx8evjpZLIw0HtvG+Or40Vc36//BDvEb52z3179m2m3/2S77/8W3nz+3vEn8F5/ffP+32/4HIuK9LuP/594nr3equ3M9uVv7FbDV/V9bdrvL+C+dP/Zjh6oDXb4FAAAAAAAAAADQRlq/li1Jc2vzaZrLNe7h/W8cTIulcuXE1dL8zHjjmrcjkU1bV1oNNcpJrTzavB63VT61rnw60wyYOVAv5/Kl4niP+w4AAAAAAAAAAAAAAAAAAAC7xaF19///nqnf/7/+76qBvarzX34De538h/71aP4nPWsHsPN8/0Pfqsp/6F/yH/qX/If+Jf+hf8l/6F/yH/qX/AcAAAAAAAAAAAAAAAAAAAAAAAAAgG1x6eLF2lS9v7KUr5XHBxbmp0pvnxwvlKdy0/P5XL40N5ubKJUmioVcvjT9d+9XLJVmR2Jm/tpwpVCuDJcXFq9Ml+ZnKlcmp8cmClcK2R3pFQAAAAAAAAAAAAAAAAAAADxdButTkuYiIq3Pp2kuF/HviDgS2eTqZLEwEhGHI+KHTHZfrTza60YDAAAAAAAAAAAAAAAAAADAHlNeWJwaKxYLc30yM7BhyXedV46I5SfbjNo7bvlV2ea+2i3b8GmbObw7mvGUzfR4YAIAAAAAAAAAAAAAAAAAgD704Kbfbl/x5/Y2CAAAAAAAAAAAAAAAAAAAAPpS+ksSEbXp+NALg+tr/5WsZurPEfHOrcsfXBurVOZGa8vvri2vfNhcfqoX7Qe61crTVh4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5QXFqfGisXC3DbO9LqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/jrwAAAP//iG/XoQ==")
fsetxattr(r5, &(0x7f0000000200)=@random={'user.', ')&-\x00'}, &(0x7f0000000380)=':\x00', 0x2, 0x3)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r6, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r7 = open(&(0x7f0000000080)='./file1\x00', 0x40001, 0x0)
fallocate(r7, 0x8, 0x0, 0x10000)
sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0xa8, 0x30, 0x216822a75a8bdd29, 0xffe5, 0x0, {}, [{0x94, 0x1, [@m_connmark={0x34, 0x2, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x3, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x5, 0x2}}}}]}]}, 0xa8}}, 0x0)

2.174170593s ago: executing program 4 (id=362):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x7)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, 0x0, 0x0)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000001000370400"/20, @ANYRES32=r5, @ANYBLOB, @ANYRES64=r0], 0x3c}}, 0x0)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @broadcast}}}], 0x20}}], 0x1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7dff, 0xd002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20007, 0x4008}, 0x1080c0, 0x2, 0x0, 0x4, 0x7fffffff}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000b00)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYRES64=r6, @ANYRES64=r7, @ANYBLOB="13"], 0x20)

2.157264233s ago: executing program 2 (id=363):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r0 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYRESDEC=0x0, @ANYRESOCT=r0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000300)=ANY=[@ANYRESHEX], &(0x7f0000000240)='GPL\x00', 0xfffffff8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000440), 0x6, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
statx(0xffffffffffffffff, &(0x7f0000003e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6000, 0x40, 0x0)

2.137994554s ago: executing program 4 (id=365):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x49, &(0x7f0000000040), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=@base={0x21, 0x0, 0x0, 0x100000, 0x400, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2000000, 0x0, 0x200000000000000, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r2}, 0x10)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0xc0505350, &(0x7f0000000000)={{0x3, 0x4}, {0x1, 0x5}, 0x7, 0x0, 0x2})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mount$tmpfs(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x868080, &(0x7f0000000300)={[{@huge_never}, {@nr_inodes={'nr_inodes', 0x3d, [0x67]}}], [{@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@smackfsroot={'smackfsroot', 0x3d, 'kfree\x00'}}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
r4 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r5, 0x0, 0x0)
sendmsg$SMC_PNETID_DEL(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r4, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000060000000800000009"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r7, 0x0, 0xffffffffffffffff}, 0x18)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r8, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
connect$inet(r8, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r8, 0x6, 0x14, &(0x7f0000000180)=0x2, 0x4)
sendmmsg$inet(r8, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f00000001c0), 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000005c0)="b8", 0xfe49}, {&(0x7f0000000080)="61fc4777003a5456300750e99d9d0963"}], 0x1}}], 0x2, 0x4008440)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f00000050c0)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xe, 0x0, 0x7, 0x2000000, 0x9, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7fff, 0x6]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x40000001, 0x6, 0x8, 0x8, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa369, 0x0, 0x8, 0x0, 0x84, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd8, 0x0, 0x0, 0x0, 0x0, 0x6, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5f5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7e2, 0x0, 0x0, 0xd5, 0x7, 0x96e4, 0x0, 0x0, 0xa, 0x0, 0x3, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8, 0xfffffffd, 0x0, 0xf, 0xfffffffd, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x19, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb5f, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0x6, 0x3ff, 0x0, 0x0, 0x1000, 0x0, 0xa6, 0x80, 0x0, 0x0, 0x800, 0xfffff0e7, 0xfffffffd, 0xfff, 0x0, 0x0, 0x0, 0x1ff]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x6, 0x0, 0x0, 0x1, 0x4, {0x3, 0x0, 0x1, 0x2, 0x4, 0x4}, {0x5, 0x2, 0x80a0, 0x4, 0x6, 0x1}, 0x8, 0xc457, 0x40f4}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x400d4)

2.035488934s ago: executing program 2 (id=367):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$unix(0x1, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$isdn(0x22, 0x3, 0x23)
syz_clone3(&(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f00000009c0)=[0xffffffffffffffff], 0x1}, 0x58)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r6}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

1.942380624s ago: executing program 1 (id=368):
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0, 0xc}, 0x0, 0x3, 0xffff, 0x0, 0x0, 0xfffffffa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$key(r1, &(0x7f0000000140)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000005f80)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYRESOCT], 0x2000, 0x0)
perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0xfe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x18a}, 0x401a, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x2)
get_mempolicy(&(0x7f0000000040), &(0x7f0000000080), 0xd, &(0x7f0000feb000/0x12000)=nil, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80300, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x444, &(0x7f0000000ac0)=ANY=[@ANYBLOB="75746638006d61703d6f983c756661703d6e6f726d616c2c6909000000f2ff00003dda5de4d586f0df206d65656b416d6f64653d3078303030303010303071303030303030302c73657373696f6e3d307830faffffff30303030303030f4e4b4f82c6d61736b3d4d4159574b50be30c8486470722677b93165cfe6f62127553b2017754598752d977369672c7063723d303030303030303030303030303030303030332c64566e745f6d6561737572652c00000000000000006bbf4d6406b59dbc529c00000000000000fada265ab14119997600a2299d2c35a2efc1bf037787a0d801f26d335ef2ba9ac2423a358ccbb776b21e1d3b", @ANYRESDEC=0x0, @ANYRESHEX], 0xfe, 0x667, &(0x7f00000002c0)="$eJzs3U1v28gdx/EfZfmxQFC0xSIIsvFs0gUcNFUkeeOFkR7KUpTNrSQKJF3Yp0W6sRdB5GybpEDjy9aXPgDtG+htL3voiyjQc899Az0WWLS3Ar2oIClKskRZip+Sdr8fI9GI/JPzJ4fRhBY5FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkOXUyuWKpYbX2tk1kzm1wG+eMj9d27zupoW7U+uVrPiPlpZ0PZ10/TuD2e/Ef93WzfTdTS3FL0s6+sY733z47WIhW/6UhM5Cr7vCF6+Onj7qdPafn622rnWW5S7FWCYqzLDUltvyQt9r2luu8ULfbG5slO9v10NT9xpuuBdGbtM4gVuI/MCsOXdNZXNz3bilPX+ntVWzG2428cPvV8vlDfPRYq/5739UCp1tr9HwWltJTDw7jlnsHyGu3TTm4Elnf31aknFQZZag6rSgarlarVSq1crGg80HH5bLxbEJ5REaixgctG9P4+MqXdAnN3B+hbj//7slNbSklna0K5P746imQL6aE+b3ZP3/+/fdU+sd7v+zXv76YPYNJf3/rfTdrUn9/4RcjEyyQN4ca8L0s/280Csd6akeqaOO9vX8Yta7enEZXu7PllSUPIXy5akpW1tyZXpTjDa1oQ2V9bG2VVcoo7o8NeQq1J5CRXLVTNokkCtbkXwFMlqTo7syqmhTm1qXkauS9uRrRy1tqSZb/+52uwd6kuz39VNyVBZUmSWo2D8Gx4Mm9f8//Txd4vX6f/z/6R87M8QAb1y3d/4/2VzexNXLywgAAAAAAFw0K/ntu5V8d/+upK7qXsMtv+m0AAAAAADABUq++b8Zv8zHpXdlTTj/7159bgAAAAAA4GJYyT12lqSV5KJ+a3An1CwXAeTeHAAAAAAAAN4uyff/txakbjK02qqs1zr/BwAAAAAA/wN+OzTGfjEbY7ebfa1fkBS2F60//3NRwbx13N79rnVox3Psw17M2BUAUf2GVVQ6UG8yXu+CpOSd4960euMD9wbBtNKBfaWvDqaN9W8FIwkszGW/vshJ4NrRUAIbxd47/V7vpTHv9ep9fFRQMietZaXuNdyS4zceVmTb1wqRuxv94tmTX0pBfzsPnnT2S5981nmc5HIcTzo+jPP4/EQ6hWm5vEzGW0juucjb4mXVsyp/12quWEm95Wz752QfFoYrmm37f63bacztlfR15ShrAVm/6hUqpaTJBlufjA5hDbKojG55XkNMyGIpyeJOGnNn7U76kuWXtsLS9+akamm8DYLhLKrDWUzfF9a/xvbFlCziY2E9zuIv8YomZLH+elmMtQgAvCkHg14oGcR8fIz90X73LJ9y03v3H56s5eUfu+kNh3NSsffdRHoT4qR+RfEn+loatpCO4l68kfOJXu71K0ua8IlePkfvFtf1p8EzkHpp9+YU+1n8p9vtPqwk9f5hpFf9Il7gi4n1ho3qXLwL7788/FkyAH7s0/1P959Vq+sb5Q/K5QdVzSeb0Xuh7wEA5Jj+jJ2TEUuD/qzfd3/QP6t+/I/309KJfvdb/UsKSvpEn6mjx7qXPUJgNb/elaHLEO6Nn7XGscvSaGxF9yae1SV96VBstR87r2yRk/9fGMSuX3YzAABwpW5P6YdH+/+8c/d72Xn32o3c8+6TffnoE4InxVaueE8AAPD14QZfWSvRb6wg8NofVzY3K3a07ZrAd35sAq+25RqvFbmBs223tlzTDvzId/yGaQda9GpuaMKddtsPIlP3A9P2Q283efK76T36PXSbdivynLDdcO3QNY7fimwnMjUvdEx750cNL9x2g2ThsO06Xt1z7MjzWyb0l+W4JWNC1x0K9GpuK/LqXlxsmXbgNe1gz/zEb+w0XVNzQyfw2pGfrjCry2vV/aCZrLak7mkPOgQA4Gvjxaujp486nf3npxSOlRay69FOCV7IW+Eb3kQAADCCXhoAAAAAAAAAAAAAAAAAAAAAgLffLPf/nVrIbgrMpswrJ1jqT/n5tZnWbGkw5cu/nSvDMxQKo1N6I+12py/+17RQzItZjgsLkjrZ7h+OOb7QrVidKVhpoXjx+3BZyjsSLq3wg4OTx+FYTDwzd9Zivy2K5//nkFd49uWEWdOPqMWT+3DhtA08WShKer5wjia4+s8iAFfrvwEAAP//pJI9bA==")
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})

1.728591494s ago: executing program 1 (id=373):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x4}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x398, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x2c8, 0xffffffff, 0xffffffff, 0x2c8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0xff}, @private1={0xfc, 0x1, '\x00', 0x1}, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0x1c8, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x4, 0x4, 0x1, 'syz1\x00', 0x2}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x3f8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/diskstats\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000180)=""/128, 0x80}], 0x1, 0xffffffff, 0x0)

1.639223155s ago: executing program 1 (id=374):
syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000100)={[{@discard}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2a}}, {@stripe={'stripe', 0x3d, 0x8}}, {@journal_dev={'journal_dev', 0x3d, 0x5}}, {@dioread_nolock}]}, 0x4, 0x45b, &(0x7f00000010c0)="$eJzs281rHOUfAPDvTJL217dfYq0vfVGjVQy+JE1atQcvioIHBcFLPcYkLbXbRpoIthStIvUoBcGjeBT8CzzpRdST4FXvUijSi9XTyuzOdF+6u0nTTabNfj4w2eeZeWbn+c4zz+4z82QDGFjj2Z8kYmdE/B4Ro/Vsa4Hx+sv1axfm/rl2YS6JavWtv5Jaub+vXZgrihb77cgzE2lE+mkS+zscd+nc+VOzlcrC2Tw/tXz6vamlc+efPXl69sTCiYUzM0ePHjk8/cLzM8/1Jc57srru+3DxwN7X3r78xtyxy+/8/G1SxN8WR5+M99r4RLXa58OVa1dTOhlexQ5D61gZVi1rhqy5Rmr9fzSGotF4o/HqJ6VWDlhX1VyXzRerwCaWRNk1AMpRfNFn97/FsnGjj/Jdfal+A5TFfT1f6luGI83LjLTd3/bTeEQcu/jvV9kS6/McAgCgxffZ+OeZTuO/NO5vKvf/2FqbGxrL51J2R8S9EbEnIu6LqJV9ICIe7HSQHhMC7ZMkN49/0itrj25l2fjvxXxuq3X8V4z+Ymwoz+2qxT+SHD9ZWThUOycREzGyNctP9zjGD6/89nm3bc3jv2zJjl+MBfN6XBne2rrP/Ozy7O3E3OzqxxH7hjvFn9yYCUgiYm9E7FvjMU4+9c2BbttWjr+H1cwzraD6dcST9fa/GG3xF5Le85NT/4vKwqGp4qq42S+/Xnqz2/FvK/4+yNp/e8fr/0b8Y0nzfO3Srbx7vXdf+uOzrvc0k2u6/hsrtuSvH8wuL5+djtiSvF6vdPP6mca+Rb4on8U/cbBz/98djTOxPyKyi/ihiHg4Ih7Jo3s0Ih6LiIM9zsJPLz/+bq8zVHb7z7e1/1hrkbb2byS2RPuazomhUz9+1/qOjeTqPv+O1FIT+Zra59+XveNaTb1u9WoGAACAu1UaETsjSSdvpNN0crL+P/x7YntaWVxafvr44vtn5uu/ERiLkbR40jXa9Dx0Or+tL/IzbfnD+XPjL4a21fKTc4uV+bKDhwG3o0v/z/zpNxqw+fVhHg24S+n/MLj0fxhc+j8Mrg79f1sZ9QA2Xqfv/49KqAew8dr6v2k/GCDu/2Fw6f8wuJr7f1JiPYANtbQtVv6R/GZIVKvV6h1Qjc2TiPSOqEZ/Esk694KdZQd464myP5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6478AAAD//+Jk61o=")
socket$inet6(0xa, 0x6, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000400)=ANY=[], &(0x7f0000000980)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
shmget$private(0x0, 0x1000, 0x800, &(0x7f00002a2000/0x1000)=nil)
r2 = socket(0x2, 0x2, 0x0)
setsockopt$inet_opts(r2, 0x0, 0x3, &(0x7f00000002c0)="d5", 0x1)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
acct(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00')
acct(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r4 = accept(r3, &(0x7f00000001c0)=@xdp, &(0x7f0000000040)=0x80)
getsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000002c0), 0x10)
fsetxattr$security_capability(r3, &(0x7f0000000240), 0x0, 0x0, 0x0)

1.588837585s ago: executing program 0 (id=377):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$isdn(0x22, 0x3, 0x23)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)

1.588139535s ago: executing program 4 (id=378):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001c80)=ANY=[@ANYBLOB="bf16000000000000b7070000060000005070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24b8a4efc02d459d9e32a3aa81d36bb3019c13bd23212fb56f040026fb41f2db3b1639b7bbc9af171b856de734cfe3cafafefc40056bdc17487960007102fa9ea41d8123741c66be166992b2dcd72fa0fca047d41886d0d4d94f2f4e345c652fbc1626cca2a2ad35806150ae0209e62f51ee988e6e06c8cedf3ceb9fc404000000c588b277beee1cbf9b0a4def42d410f6accd3637110bec4e90a6341965c39e9ebab0e39622200e011ea661c45a3449abe802f5ab3e3101c0932ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0cd2b6d357b8000018ef4aafad197acc7dc1e95592c7276d54c685ceff7f000000000000491b8bc421f10ff565aa04498635748eda186872000007ce468ee23fd2f73902ebcfcf49822775985bf31b405b433a8acd715f5888b2007f00000000000000000100fb0000000000000000ff03000000000000b56780260ed652290f58fa64533500ebffffff00ca1276445432997f0000000000000008e75a89faff01210cce39bf405f1e846c12423a163b33e680846f26dc7add65873d9f87463ad6f7c2f3ee1a39244960b318778f2a047f6d0800000000000000e7a6520602a80d608df4d433623c850af895abba72bf14f6fbd7fbad2a436804eeae1de6d2c740cf0c0b74edbcb2d4b7746fa4bc5e32bd378af7c9136adf32ec7bf48cabecead649f96ea24c32872c490637c34360cb5d46ce680eeb80127eb23f9902519a693b85c6552051385e7e87a2db762cbb253fbd76b9117c1a11d18aa21a0c5f0c28999a639c0376678be35ffe99ff799a11d9b219c00c369a12bf8685b862d2000000bda1bae489bcef5ae59136aaacc59608f4d4e6067338b521eaf2e2465da053cfd5e95394e5520545364361d2c1465c5461a7c4174e5cd9c7976c9aa6342c5621dbc2dccedb5ab74e0b119252a23352fca272212d0c0104000014593d65d3f5e1e9b294669bcd2df061a4d6a835e40e7302f53f90da24cb256b34e95bca9c512f737486ecd037ce40d0a706a5b05e72f8c218366e321f9109ae4cf44b3b0104154a93394f42b4ab6125e0ba8b1a1d8c473852910b3cb7e8dc795ac01bad9a6b438b9db5f5c926940a3ac36daf2a9dc9d868ec11f51e08bc67a3d598039d328b4677229e8b587e8a00f1733adabd5d2837c084c164cf30010969c79a09ac7a9bffff5bc7e420baa9000cd49f77782205d3f6f4b6aa751f49a6b76e3d23635f1d33b906707563b8ec92dec767cc09fe993616b43382bfc81c823ba32f25738d863cf20181208e23ce19966e729a7b4eefa68554fa4ecadac05c8eac1b52dd528b124285a16da4d01b68e3fcb3d9a24e9d670500956702fe9be5d8207d426450ca622e8e0197270cbb947231baf36e0567c0f5de639c99bb71ca0e60d2decb185cddd74d4f00000000000000000000006ed429a657a8203f6542e9dd19d7a70431aefcb9f1b673512e25503c603f19fa4c39ee9b08aadd2c7555543837770a812207bc2be9c86f94282b325e3097438594670099106f0defa59616d3d18a4c8c04a45c204edfc4cefbd94c4c034dcbc90975b097ece2484b5287105335791eb3061ac500a6728677c72b5b76c18186d6f1a5c74aaddd22dc002fd4bd1bc3409e8d7144689c89f7a5e95fce153d4e9bf0fe0aaa3dfaa443c5081606fda5059146ef94586f5d1658ef0389734108a3af432c730175a7c6e3bb997ed39a0da7"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
ioctl$SCSI_IOCTL_STOP_UNIT(r3, 0x5319)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000047c0)=r2, 0x4)
write(r1, &(0x7f00000000c0)="240000005a001f021007f4f9002304000a04f51108000500020100020800038005000000", 0x24)
setsockopt$MRT6_DEL_MFC_PROXY(r1, 0x29, 0xd3, &(0x7f0000000280)={{0xa, 0x4e20, 0x7, @remote, 0xe42f}, {0xa, 0x4e22, 0x7, @dev={0xfe, 0x80, '\x00', 0x15}, 0x8}, 0x0, {[0x3, 0x97ac, 0x1, 0x2, 0x7, 0x100, 0x7, 0x7]}}, 0x5c)
write$UHID_DESTROY(0xffffffffffffffff, &(0x7f0000000080), 0x4)
r6 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
connect$qrtr(r1, &(0x7f0000000000)={0x2a, 0xffffffffffffffff, 0x7ffe}, 0xc)
ioctl$SG_GET_VERSION_NUM(r6, 0x2284, &(0x7f0000000080))
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x48)
openat$zero(0xffffffffffffff9c, &(0x7f0000000380), 0x2002, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000340)=0x1a)

1.241111926s ago: executing program 1 (id=379):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000040000000c"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00'})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000340)})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_clone3(0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
flock(r4, 0x5)
r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r5, 0x2)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f00000000c0))
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r8 = dup(r7)
sendmsg$inet(r8, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0x2}], 0x1, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}, @ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4, 0xf6, 0x3, 0x3}]}}}], 0x38}, 0x0)
r9 = socket$kcm(0xa, 0x2, 0x73)
setsockopt$sock_attach_bpf(r9, 0x29, 0x21, &(0x7f0000000080), 0x4)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='fd/3\x00')
sendmsg$kcm(r9, &(0x7f0000006900)={&(0x7f00000001c0)=@nl=@unspec={0x0, 0x0, 0xa00}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x3}, 0x0)

1.171232156s ago: executing program 0 (id=381):
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0xec, 0x7, 0x40, 0x7, 0x0, 0x0, 0x2005e, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x4}, 0x100987, 0x7ff, 0x7, 0x0, 0x81, 0x2, 0x5, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000180)={'team0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000300000008000100", @ANYRES32=r5], 0x58}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', <r7=>0x0})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000280)={'ip_vti0\x00', <r8=>0x0, 0x7800, 0x40, 0xfff, 0x7ff, {{0x21, 0x4, 0x0, 0x19, 0x84, 0x66, 0x0, 0x2, 0x29, 0x0, @multicast2, @empty, {[@timestamp_prespec={0x44, 0x4c, 0x4d, 0x3, 0x5, [{@rand_addr=0x64010102, 0x8}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, {@private=0xa010102, 0x9}, {@private=0xa010102, 0x7}, {@multicast1, 0xd}, {@dev={0xac, 0x14, 0x14, 0x44}, 0xb}, {@dev={0xac, 0x14, 0x14, 0xf}, 0x1}, {@loopback, 0x8d00}]}, @cipso={0x86, 0x20, 0x3, [{0x5, 0x11, "13d5e49b88933b182be5881456c358"}, {0x2, 0x9, "0cf7a7b89296ac"}]}, @end]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000140)={'team0\x00', <r9=>0x0})
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$inet6_udplite(0xa, 0x2, 0x88)
r12 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000080)={'ipvlan1\x00', <r13=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r12, 0x8916, &(0x7f0000000000)={@private2, 0x0, r13})
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="6c0000001000390400"/20, @ANYRES32=r13, @ANYBLOB="01"], 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, <r14=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000380)=0x14)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f00000007c0)={0x344, r3, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [{{0x8, 0x1, r7}, {0xf0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}]}}, {{0x8, 0x1, r9}, {0x230, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r13}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x5, 0x8, 0x9, 0x8001}, {0x5, 0x1, 0x78, 0x10}, {0x6, 0x8b, 0xfa}, {0x40, 0x3, 0x9, 0x4}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}]}, 0x344}, 0x1, 0x0, 0x0, 0x40001}, 0x4000)
r15 = syz_open_dev$ptys(0xc, 0x3, 0x0)
fcntl$dupfd(r15, 0x0, r2)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0xff05, 0x1, 0x25dfdbfc, {0x0, 0x0, 0x4a00, 0x0, 0x8001}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x57}}, 0x0)
r16 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r16, 0x0)

1.103467876s ago: executing program 4 (id=384):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
connect(r0, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x1, 0x4, 0x1, 0x1, {0xa, 0x4e21, 0x16, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}}}, 0x80)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000800), r3)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r3, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x24, r4, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}}, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000004c0)={'wpan3\x00', <r6=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f00000003c0), 0xc, &(0x7f0000000b80)={&(0x7f0000000500)={0x28, r4, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x804)
connect$inet(r5, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x10)
sendmmsg$inet(r5, &(0x7f00000045c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000280)="6464aa4712f30d62562fb844e3e5afdc3fc4bed00df46db22c92377032d4ce282f0e96eac5f0d43d784d8033cc09e3f5a6eec686581e8302aa830d4d068b6c3e54a7f32cfe4a3cc0d1652a7599a456a88d402e416bd481fcbd6afa0298e393755c1c280f48ce366aa6a402cdfce819db38fcdf6b5be9df0d417b50c1d8c5794e", 0x80}, {&(0x7f0000000300)="df", 0xfffffe61}], 0x2}}], 0x1, 0x40400c0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0x6, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000340), 0x1, 0x58c, &(0x7f00000005c0)="$eJzs3T1sG2UfAPD/neO3X3mbvtL7Si+oQwVIRarqJP2AwtSuiEqVOiCxlMhxoyhOHMUONFGGdK8QHRCgLmWDgRHEwIBYkFhYWUDMSBWNQGo6gJG/0jaxg1OaOI1/P+nse+45+/88d/4/9p3u5AD61rHaQxrxTERcSiKGHqobiGblscZ6qytL+fsrS/kkqtXLvyaRRMS9laV8a/2k+XwoIpYj4v8R8U024kS6MW55YXFqrFgszDXLw5Xp2eHywuLJyemxicJEYeb0y6+cPXfm7Oip0c6Nz26trzd+uvnuje9fu33z08+OLuffH0vifAw26x7ux5PU2CbZOL9u+ZntCNZDSa8bwGPJNPO8lkr/i6HINLO+nerQjjYN2GbVfRHVrUiWt7Q6sJslW8t/YM9o/Q6oHf+2pp38/XHnQuMApBZ3tTk1agYa5yZif/3Y5OBvySNHJrXjzSM72VD2pOXrETEyMLDx8580P3+Pb+RJNJBt9fWFxo7auP/TtfEn2ow/g61zp/9Qa/xb3TD+PYif6TD+Xeoyxh9v/vxRx/jXI55tGz9Zi5+0iZ9GxFtdxr/1xpfnOtVVP444Hu3jtySbnx8evjpZLIw0HtvG+Or40Vc36//BDvEb52z3179m2m3/2S77/8W3nz+3vEn8F5/ffP+32/4HIuK9LuP/594nr3equ3M9uVv7FbDV/V9bdrvL+C+dP/Zjh6oDXb4FAAAAAAAAAADQRlq/li1Jc2vzaZrLNe7h/W8cTIulcuXE1dL8zHjjmrcjkU1bV1oNNcpJrTzavB63VT61rnw60wyYOVAv5/Kl4niP+w4AAAAAAAAAAAAAAAAAAAC7xaF19///nqnf/7/+76qBvarzX34De538h/71aP4nPWsHsPN8/0Pfqsp/6F/yH/qX/If+Jf+hf8l/6F/yH/qX/AcAAAAAAAAAAAAAAAAAAAAAAAAAgG1x6eLF2lS9v7KUr5XHBxbmp0pvnxwvlKdy0/P5XL40N5ubKJUmioVcvjT9d+9XLJVmR2Jm/tpwpVCuDJcXFq9Ml+ZnKlcmp8cmClcK2R3pFQAAAAAAAAAAAAAAAAAAADxdButTkuYiIq3Pp2kuF/HviDgS2eTqZLEwEhGHI+KHTHZfrTza60YDAAAAAAAAAAAAAAAAAADAHlNeWJwaKxYLc30yM7BhyXedV46I5SfbjNo7bvlV2ea+2i3b8GmbObw7mvGUzfR4YAIAAAAAAAAAAAAAAAAAgD704Kbfbl/x5/Y2CAAAAAAAAAAAAAAAAAAAAPpS+ksSEbXp+NALg+tr/5WsZurPEfHOrcsfXBurVOZGa8vvri2vfNhcfqoX7Qe61crTVh4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5QXFqfGisXC3DbO9LqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/jrwAAAP//iG/XoQ==")
fsetxattr(r7, &(0x7f0000000200)=@random={'user.', ')&-\x00'}, &(0x7f0000000380)=':\x00', 0x2, 0x3)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r8, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r9 = open(&(0x7f0000000080)='./file1\x00', 0x40001, 0x0)
fallocate(r9, 0x8, 0x0, 0x10000)
sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0xa8, 0x30, 0x216822a75a8bdd29, 0xffe5, 0x0, {}, [{0x94, 0x1, [@m_connmark={0x34, 0x2, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x3, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x5, 0x2}}}}]}]}, 0xa8}}, 0x0)

988.584017ms ago: executing program 3 (id=386):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000bc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kfree\x00', r0}, 0x18)
r1 = shmget(0x1, 0x4000, 0x80, &(0x7f0000ffa000/0x4000)=nil)
shmctl$IPC_INFO(r1, 0x3, &(0x7f0000000080)=""/71)
r2 = epoll_create(0x3ff)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000240)={0xa0000000})
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000040))
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r4, 0x894b, &(0x7f0000000140))

912.724647ms ago: executing program 3 (id=387):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x7)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, 0x0, 0x0)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000001000370400"/20, @ANYRES32=r5, @ANYBLOB="0b120500000000001c0012800b000100", @ANYRES64=r0], 0x3c}}, 0x0)
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @broadcast}}}], 0x20}}], 0x1, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7dff, 0xd002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20007, 0x4008}, 0x1080c0, 0x2, 0x0, 0x4, 0x7fffffff}, 0x0, 0xafffffffffffffff, 0xffffffffffffffff, 0x9)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000b00)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYRES64=r6, @ANYRES64=r7, @ANYBLOB="13"], 0x20)

892.137437ms ago: executing program 4 (id=388):
r0 = socket$tipc(0x1e, 0x5, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x62000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100000, 0x0, 0x0, 0x6, 0x3, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x80a, &(0x7f00000003c0), 0x1, 0x796, &(0x7f0000000c40)="$eJzs3c9rHFUcAPDvbJImTauNINh6aU5aKN20NbYKghEPIlgo6Nk2bLYhZpMt2U1pQg4WEQQRtHgQ9OLZH/XmVfTs3+BFRFqqpsWKB1mZ/ZFs82OTtNls23w+MMn7zr7Je9+dnTdvM8NuALvWYPojE3EoIj5OIg7U1ycR0VMtdUeM1OrdWVzIpUsSlcqbfybVOrcXF3LRtE1qXz04GBE/vh9xNLO63dLc/ORooZCfqcdD5amLQ6W5+WMTU6Pj+fH89KkTw8MnTz9/+tT25fr3z/P7b3zy2rPfjvz73lPXPvopiZHYX3+sOY/tMhiD9eekJ30K7/LqdjfWYUmnO8A9SQ/NrtpRHofiQHRVSwDAoyw9/1cAgF0mcf4HgF2m8X+A24sLucbS2f9I7Kybr0REXy3/xvXN2iPd9Wt2fdXroP23k+iuXxGNbbzeNRgRX3z/9tfpEm26DgmwlnevRMT5gcHV43+y6p6FrTq+iTqDK2LjH+ycH9L5zwtrzf8yS/OfWJr/LOtd49i9F4MRe5rj1cd/5vqaG768DY3X538v1e5tSxNtmv8t3bQ20FWPHkuDwxExUcinY9vjEXEkenovTBTyJ1q0ceTWf7fWe6x5/vfX1Xe+SttPfy/XyFzv7r17m7HR8uj95Nzs5pWIp7uX7+27s2r876vOdVfu/3Td2VZ/+PBy8fUXP/h8vWpp/mm+jWV1/u1V+TLimVg7/4ak5f2JQ+nuP177uXYb3/36Wf967Tfv/3RJ22+8F9gJ6f7vb53/QNJ8v2Zpe9vfOP+1X/97kreq5cbgcXm0XJ45EbEneWP1+pPL2zbiRv00/1qmK/PPtHz9p+8Ez28yx+4bf3xz7/m3V5r/2Jb2/9YL1+5Mdq3X/ub2/3C1dKS+ZjPj32Y7eD/PHQAAAAAAAAAAAAAAAAAAAAAAAABsViYi9keSyS6VM5lstvYd3k9Gf6ZQLJWPXijOTo9F9buyB6In0/ioywO1OGl8/ulAU3xyRfxcRDwREZ/27q3G2VyxMNbp5AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgbt863/+f+r23070DANqmb8Mat/J3hZVKpdLG/gAA7bfx+R8AeNS0OP/v3cl+AAA7x/t/ANh9nP8BYPdx/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDNzp45ky6VfxYXcmk8dmludrJ46dhYvjSZnZrNZXPFmYvZ8WJxvJDP5opTG/29QrF4cTimZy8PlfOl8lBpbv7cVHF2unxuYmp0PH8u37MjWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA1pTm5idHC4X8zCNR+DAiHoButKOQxAPRjY4Ufjv2y8FWda5u8DIeeSCyeMgKnR6ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4O/wcAAP//PiglpQ==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
lseek(r2, 0x0, 0x4)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r3 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff0204000000000100000000000000000000000000000205", 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
r4 = openat$binfmt_format(0xffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
preadv(r4, &(0x7f0000001440)=[{0x0}, {&(0x7f0000000040)=""/4, 0x4}], 0x2, 0x83, 0x4)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f00000000c0)='./file0\x00', 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f0000000540)}, 0x20)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x80202, 0x0)
sendfile(r5, r5, 0x0, 0x40000f63c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)

859.397307ms ago: executing program 0 (id=389):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000100)={0x3, 0x2, 0x7, 0x1, 0x80, 0x2})

848.420848ms ago: executing program 3 (id=390):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x1410, 0x20, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x4000001)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2c, 0x4, 0x0, 0x0, "", [@nested={0x103, 0x0, 0x0, 0x1, [@typed={0xa, 0x5a, 0x0, 0x0, @str='wlan0\x00'}, @typed={0x14, 0x2, 0x0, 0x0, @ipv6=@loopback}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8c"]}]}, 0x114}], 0x1}, 0x20044000)

815.161967ms ago: executing program 0 (id=391):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$isdn(0x22, 0x3, 0x23)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)

655.521567ms ago: executing program 3 (id=392):
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0xec, 0x7, 0x40, 0x7, 0x0, 0x0, 0x2005e, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x4}, 0x100987, 0x7ff, 0x7, 0x0, 0x81, 0x2, 0x5, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0) (fail_nth: 7)

639.424108ms ago: executing program 2 (id=393):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = epoll_create1(0x0)
r2 = creat(0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000340)={'#! ', '\xe9\x1fq\x89Y\x1e\x923aK', [{0x20, ','}, {0x20, 'ext4\x00'}, {0x20, '\x00'}, {0x20, 'ext4\x00'}, {0x20, '(%'}, {0x20, '\x00'}, {0x20, ':@'}], 0xa, "dabd97b2a862e5e07bd0b2d995e0f1c39995e17151eda3b3bff1aedef43db1fbf08726e64f66c4f5c86fe23a8cd7e721b8a83f079b1e53d0059588691b5f767bc621c3ea458653da2df09c39d9cfb4322b5c3af0c5e9761cd111bf2a4869510f64d614a4dc42364ff3c8afda48aff3f1b2e8fa65b023bb45b62412"}, 0xa1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r2, &(0x7f00000005c0)="253754687c06d8f58187445ffe9858217350ae0bd72487386e5fed40000000f6b4ecc8a6356cee94d42a3c4dd5ca349e026febcc2c1ebe4115e66c050c2f7247149eba608ddbf64ffbc8b282129359e61be1972f2f6072457d4c7cb98443def118ac59a62d52b69007d04c019998cecc81724339b7286731d7a687f3bdeec32c7b78b1f007452ea6dad4bf1cd89f789de8994f49ccf46083685a63c5ae47b20f3b4aa06b601fc5aac8a0f41dca53cda9a75b2c75f1a0cf0a7ad2570506ac4277ce17d77c47b66dddb4efea72d981aa581effe5ef5fffea09a8117e4c93f96594ce8e94a4e6b4dd04f09ca7949674fe45762499efd91d0ea6f7936286f8f4b1318cfc80784232304903ce177440bbb21d7448fd49122fc04d834130a8a6402ebe559ad880e34c15bc693f181806164e7426a8fd05e10f3015c21802d579e8e2fa4e00000000007c8eb5c550309ef605634e4e98c617ec0be99b19f570c87c5f3bad1a8363cc95e687cd97398a319773d4fa15a840a1c11835b3d57a28cc85fcabb7cec96131b878ad8bfd1b82b5b6edd641d7adbd8438cad2c82198378bcca79fe4035ff0e0dfe5125330595d3f1a95116cd744476b7e00356893b8c9f4ac1e4084a6c977db5a6f9587eb1d81499001b6d2d70000000000000000", 0x1da)
write$qrtrtun(r2, &(0x7f0000000c00)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e8458e6f5f76e0e4e781bfca4c928c956321dd514877569805db6602f1584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26ce40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a6b657ff95930ea668649ad0003afe9a912179ce61631b3dab94642d2768f1f22299deb9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be71f412044b52b1ce32aac048cad9c413a8c19528dc1b432fe7f9fda7182a47243af427a76ede78aa5c6ef75ea1f48e2e9e9d203d4760a1ff6a0119b39a2458a050f9519d4bbd821684ef8356985e8f5b8d86346f428788fc374e7eaa0c2a2ef8478a13b4a56d0821201c37a0066fb9f5cc583005b9f71b67daa300311066bacbf43630a8388aff734a568a123a48ba1344a5500e5c6f8cef539617cd3970ffb873579a3b76bd52", 0x1e1)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c)
close_range(r1, 0xffffffffffffffff, 0x0)

616.937838ms ago: executing program 2 (id=394):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
clock_adjtime(0x720a408d29635043, &(0x7f0000000380)={0x5, 0x7, 0x7, 0x2, 0x4, 0x3ff, 0x9, 0x6, 0x0, 0x3, 0x3ff, 0x80000000, 0xf6, 0x80, 0x401, 0x0, 0xa6, 0x7ff, 0x4, 0x4, 0x80000001, 0x2, 0x48000000000000, 0x5, 0x1, 0x2})
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x21, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xff}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x4}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @jmp={0x5, 0x1, 0x5, 0x6, 0x4, 0x100, 0x1}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x200}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x60000000}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x3}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x80b, 0x2, &(0x7f0000000280)=""/2, 0x41100, 0x41, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000480)={0x0, 0x3, 0xd, 0x4}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f00000004c0)=[{0x2, 0x1, 0xe, 0x7}, {0x3, 0x1, 0x5, 0x6}, {0x3, 0x4, 0x7, 0x5}, {0x4, 0x4, 0xd, 0xa}, {0x0, 0x1, 0x4}, {0x1, 0x5, 0xa, 0x7}, {0x1, 0x3, 0x8, 0x1}], 0x10, 0x3, @void, @value}, 0x94)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
socket$pppl2tp(0x18, 0x1, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

325.682549ms ago: executing program 0 (id=395):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

325.308559ms ago: executing program 3 (id=396):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001c80)=ANY=[@ANYBLOB="bf16000000000000b7070000060000005070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f24b8a4efc02d459d9e32a3aa81d36bb3019c13bd23212fb56f040026fb41f2db3b1639b7bbc9af171b856de734cfe3cafafefc40056bdc17487960007102fa9ea41d8123741c66be166992b2dcd72fa0fca047d41886d0d4d94f2f4e345c652fbc1626cca2a2ad35806150ae0209e62f51ee988e6e06c8cedf3ceb9fc404000000c588b277beee1cbf9b0a4def42d410f6accd3637110bec4e90a6341965c39e9ebab0e39622200e011ea661c45a3449abe802f5ab3e3101c0932ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0cd2b6d357b8000018ef4aafad197acc7dc1e95592c7276d54c685ceff7f000000000000491b8bc421f10ff565aa04498635748eda186872000007ce468ee23fd2f73902ebcfcf49822775985bf31b405b433a8acd715f5888b2007f00000000000000000100fb0000000000000000ff03000000000000b56780260ed652290f58fa64533500ebffffff00ca1276445432997f0000000000000008e75a89faff01210cce39bf405f1e846c12423a163b33e680846f26dc7add65873d9f87463ad6f7c2f3ee1a39244960b318778f2a047f6d0800000000000000e7a6520602a80d608df4d433623c850af895abba72bf14f6fbd7fbad2a436804eeae1de6d2c740cf0c0b74edbcb2d4b7746fa4bc5e32bd378af7c9136adf32ec7bf48cabecead649f96ea24c32872c490637c34360cb5d46ce680eeb80127eb23f9902519a693b85c6552051385e7e87a2db762cbb253fbd76b9117c1a11d18aa21a0c5f0c28999a639c0376678be35ffe99ff799a11d9b219c00c369a12bf8685b862d2000000bda1bae489bcef5ae59136aaacc59608f4d4e6067338b521eaf2e2465da053cfd5e95394e5520545364361d2c1465c5461a7c4174e5cd9c7976c9aa6342c5621dbc2dccedb5ab74e0b119252a23352fca272212d0c0104000014593d65d3f5e1e9b294669bcd2df061a4d6a835e40e7302f53f90da24cb256b34e95bca9c512f737486ecd037ce40d0a706a5b05e72f8c218366e321f9109ae4cf44b3b0104154a93394f42b4ab6125e0ba8b1a1d8c473852910b3cb7e8dc795ac01bad9a6b438b9db5f5c926940a3ac36daf2a9dc9d868ec11f51e08bc67a3d598039d328b4677229e8b587e8a00f1733adabd5d2837c084c164cf30010969c79a09ac7a9bffff5bc7e420baa9000cd49f77782205d3f6f4b6aa751f49a6b76e3d23635f1d33b906707563b8ec92dec767cc09fe993616b43382bfc81c823ba32f25738d863cf20181208e23ce19966e729a7b4eefa68554fa4ecadac05c8eac1b52dd528b124285a16da4d01b68e3fcb3d9a24e9d670500956702fe9be5d8207d426450ca622e8e0197270cbb947231baf36e0567c0f5de639c99bb71ca0e60d2decb185cddd74d4f00000000000000000000006ed429a657a8203f6542e9dd19d7a70431aefcb9f1b673512e25503c603f19fa4c39ee9b08aadd2c7555543837770a812207bc2be9c86f94282b325e3097438594670099106f0defa59616d3d18a4c8c04a45c204edfc4cefbd94c4c034dcbc90975b097ece2484b5287105335791eb3061ac500a6728677c72b5b76c18186d6f1a5c74aaddd22dc002fd4bd1bc3409e8d7144689c89f7a5e95fce153d4e9bf0fe0aaa3dfaa443c5081606fda5059146ef94586f5d1658ef0389734108a3af432c730175a7c6e3bb997ed39a0da7"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
ioctl$SCSI_IOCTL_STOP_UNIT(r3, 0x5319)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000047c0)=r2, 0x4)
write(r1, &(0x7f00000000c0)="240000005a001f021007f4f9002304000a04f51108000500020100020800038005000000", 0x24)
setsockopt$MRT6_DEL_MFC_PROXY(r1, 0x29, 0xd3, &(0x7f0000000280)={{0xa, 0x4e20, 0x7, @remote, 0xe42f}, {0xa, 0x4e22, 0x7, @dev={0xfe, 0x80, '\x00', 0x15}, 0x8}, 0x0, {[0x3, 0x97ac, 0x1, 0x2, 0x7, 0x100, 0x7, 0x7]}}, 0x5c)
write$UHID_DESTROY(0xffffffffffffffff, &(0x7f0000000080), 0x4)
r6 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
connect$qrtr(r1, &(0x7f0000000000)={0x2a, 0xffffffffffffffff, 0x7ffe}, 0xc)
ioctl$SG_GET_VERSION_NUM(r6, 0x2284, &(0x7f0000000080))
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x48)
openat$zero(0xffffffffffffff9c, &(0x7f0000000380), 0x2002, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000340)=0x1a)

287.313579ms ago: executing program 0 (id=397):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000100)="08000000246837f73199aee6fdb9291b3091ec", 0x13}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c00170000000000120000f1850000007d000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f0000000000)={0x0, 0xfffffffffffffed7, &(0x7f0000006580)={&(0x7f0000000040)={0x24, 0x14, 0x211, 0x0, 0x0, {0x10, 0x3f}, [@INET_DIAG_REQ_BYTECODE={0xd, 0xfa, "56277f30c698950c00"}]}, 0x24}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="400000001000010400"/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="08000300", @ANYRES32, @ANYBLOB], 0x40}}, 0x0)
r4 = epoll_create1(0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000380), &(0x7f00000003c0)=r6}, 0x20)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r7, &(0x7f0000000100)={0x20000014})
ppoll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x1032}], 0x1, 0x0, 0x0, 0x0)
close_range(r4, r7, 0x0)

239.035309ms ago: executing program 1 (id=398):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES64=r2, @ANYRES32=r2, @ANYBLOB="4af8a0705ce82a7ce62f6485cf1e831ae2954e095f0dc869738168454d333a0c0b74ebf16b2621a9110d0426a80f6a8894f1d9ffd35b0e81b272122eaff5336ea7913608252ec436f1ed7d5a287bef5354e03e40b6546013d2e0c4aceb6257396f63572c8b87e3ac4ddb59bb43581d7ce5bd6fbf88993c45bd65947fdf99dec0b89482343ec554c3d35da3008b37f9b27ede25226246784e6af8bf87827c96521137d1a4e264e5543035457558de7fe56fe385e929f1b6c8b3d531690a0dae16c6f633f68f4b18cda7a4f4faac99097d076b55c112afe43a5b32666abdfb9010294cc56a96449c", @ANYRES64=0x0, @ANYRES16=r2], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES64=r2, @ANYRES32=r2, @ANYBLOB="4af8a0705ce82a7ce62f6485cf1e831ae2954e095f0dc869738168454d333a0c0b74ebf16b2621a9110d0426a80f6a8894f1d9ffd35b0e81b272122eaff5336ea7913608252ec436f1ed7d5a287bef5354e03e40b6546013d2e0c4aceb6257396f63572c8b87e3ac4ddb59bb43581d7ce5bd6fbf88993c45bd65947fdf99dec0b89482343ec554c3d35da3008b37f9b27ede25226246784e6af8bf87827c96521137d1a4e264e5543035457558de7fe56fe385e929f1b6c8b3d531690a0dae16c6f633f68f4b18cda7a4f4faac99097d076b55c112afe43a5b32666abdfb9010294cc56a96449c", @ANYRES64=0x0, @ANYRES16=r2], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = io_uring_setup(0x60f7, &(0x7f0000000a40)={0x0, 0x0, 0x40, 0x0, 0x3bd})
r5 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r5, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$tipc(0x1e, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000600)='fd/4\x00') (async)
r7 = syz_open_procfs(0x0, &(0x7f0000000600)='fd/4\x00')
write$binfmt_script(r7, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
r8 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
preadv(r8, &(0x7f0000000ac0)=[{&(0x7f0000000280)=""/8, 0x8}], 0x1, 0x0, 0x0) (async)
preadv(r8, &(0x7f0000000ac0)=[{&(0x7f0000000280)=""/8, 0x8}], 0x1, 0x0, 0x0)
socket$qrtr(0x2a, 0x2, 0x0) (async)
socket$qrtr(0x2a, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000100000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000100000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
listen(r5, 0x4)
close_range(r4, r5, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88) (async)
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @loopback}}) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @loopback}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000480)={'syztnl0\x00', 0x0})

203.088509ms ago: executing program 3 (id=399):
r0 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
lsm_get_self_attr(0x68, 0x0, &(0x7f0000000000), 0x0)
ioctl$EVIOCGEFFECTS(r1, 0x80044584, &(0x7f0000000180)=""/158)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (fail_nth: 2)

80.97505ms ago: executing program 1 (id=400):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
connect(r0, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x1, 0x4, 0x1, 0x1, {0xa, 0x4e21, 0x16, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}}}, 0x80)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000800), r3)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r3, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000ec0)={0x24, r4, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x24}}, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f00000004c0)={'wpan3\x00', <r6=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f00000003c0), 0xc, &(0x7f0000000b80)={&(0x7f0000000500)={0x28, r4, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x804)
connect$inet(r5, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x10)
sendmmsg$inet(r5, &(0x7f00000045c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000280)="6464aa4712f30d62562fb844e3e5afdc3fc4bed00df46db22c92377032d4ce282f0e96eac5f0d43d784d8033cc09e3f5a6eec686581e8302aa830d4d068b6c3e54a7f32cfe4a3cc0d1652a7599a456a88d402e416bd481fcbd6afa0298e393755c1c280f48ce366aa6a402cdfce819db38fcdf6b5be9df0d417b50c1d8c5794e", 0x80}, {&(0x7f0000000300)="df", 0xfffffe61}], 0x2}}], 0x1, 0x40400c0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0x6, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000340), 0x1, 0x58c, &(0x7f00000005c0)="$eJzs3T1sG2UfAPD/neO3X3mbvtL7Si+oQwVIRarqJP2AwtSuiEqVOiCxlMhxoyhOHMUONFGGdK8QHRCgLmWDgRHEwIBYkFhYWUDMSBWNQGo6gJG/0jaxg1OaOI1/P+nse+45+/88d/4/9p3u5AD61rHaQxrxTERcSiKGHqobiGblscZ6qytL+fsrS/kkqtXLvyaRRMS9laV8a/2k+XwoIpYj4v8R8U024kS6MW55YXFqrFgszDXLw5Xp2eHywuLJyemxicJEYeb0y6+cPXfm7Oip0c6Nz26trzd+uvnuje9fu33z08+OLuffH0vifAw26x7ux5PU2CbZOL9u+ZntCNZDSa8bwGPJNPO8lkr/i6HINLO+nerQjjYN2GbVfRHVrUiWt7Q6sJslW8t/YM9o/Q6oHf+2pp38/XHnQuMApBZ3tTk1agYa5yZif/3Y5OBvySNHJrXjzSM72VD2pOXrETEyMLDx8580P3+Pb+RJNJBt9fWFxo7auP/TtfEn2ow/g61zp/9Qa/xb3TD+PYif6TD+Xeoyxh9v/vxRx/jXI55tGz9Zi5+0iZ9GxFtdxr/1xpfnOtVVP444Hu3jtySbnx8evjpZLIw0HtvG+Or40Vc36//BDvEb52z3179m2m3/2S77/8W3nz+3vEn8F5/ffP+32/4HIuK9LuP/594nr3equ3M9uVv7FbDV/V9bdrvL+C+dP/Zjh6oDXb4FAAAAAAAAAADQRlq/li1Jc2vzaZrLNe7h/W8cTIulcuXE1dL8zHjjmrcjkU1bV1oNNcpJrTzavB63VT61rnw60wyYOVAv5/Kl4niP+w4AAAAAAAAAAAAAAAAAAAC7xaF19///nqnf/7/+76qBvarzX34De538h/71aP4nPWsHsPN8/0Pfqsp/6F/yH/qX/If+Jf+hf8l/6F/yH/qX/AcAAAAAAAAAAAAAAAAAAAAAAAAAgG1x6eLF2lS9v7KUr5XHBxbmp0pvnxwvlKdy0/P5XL40N5ubKJUmioVcvjT9d+9XLJVmR2Jm/tpwpVCuDJcXFq9Ml+ZnKlcmp8cmClcK2R3pFQAAAAAAAAAAAAAAAAAAADxdButTkuYiIq3Pp2kuF/HviDgS2eTqZLEwEhGHI+KHTHZfrTza60YDAAAAAAAAAAAAAAAAAADAHlNeWJwaKxYLc30yM7BhyXedV46I5SfbjNo7bvlV2ea+2i3b8GmbObw7mvGUzfR4YAIAAAAAAAAAAAAAAAAAgD704Kbfbl/x5/Y2CAAAAAAAAAAAAAAAAAAAAPpS+ksSEbXp+NALg+tr/5WsZurPEfHOrcsfXBurVOZGa8vvri2vfNhcfqoX7Qe61crTVh4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5QXFqfGisXC3DbO9LqPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/jrwAAAP//iG/XoQ==")
fsetxattr(r7, &(0x7f0000000200)=@random={'user.', ')&-\x00'}, &(0x7f0000000380)=':\x00', 0x2, 0x3)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r8, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r9 = open(&(0x7f0000000080)='./file1\x00', 0x40001, 0x0)
fallocate(r9, 0x8, 0x0, 0x10000)
sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0xa8, 0x30, 0x216822a75a8bdd29, 0xffe5, 0x0, {}, [{0x94, 0x1, [@m_connmark={0x34, 0x2, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x30, 0x3, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x5, 0x2}}}}]}]}, 0xa8}}, 0x0)

65.332919ms ago: executing program 2 (id=401):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000100)={0x3, 0x2, 0x7, 0x1, 0x80, 0x2})

0s ago: executing program 2 (id=402):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x2, &(0x7f0000000100)=@raw=[@ldst={0x1, 0x0, 0x4, 0x0, 0x1}, @jmp={0x5, 0x0, 0x9}], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840)='\x00\x00\x00\x00\x00\x00\x00\x00\x00*\x00\x00', 0xc, r3)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000880)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@remote, 0x0, 0x1}, {@in=@private=0xa010102, 0x0, 0x32}, @in6=@mcast2, {}, {0x8001}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x4c, 0x2, {{'ecb(cipher_null)\x00'}, 0x20, "c502dbf9"}}]}, 0x13c}}, 0x0)

0s ago: executing program 3 (id=403):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) (async)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
r4 = dup3(r3, r2, 0x0)
sendmsg$key(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="02130000050000000000000000000000030008"], 0x28}}, 0x0)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r6=>0x0})
connect$can_bcm(r5, &(0x7f0000000300)={0x1d, r6}, 0x10) (async, rerun: 64)
sendmsg$can_bcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) (async, rerun: 64)
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280), 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x6, 0x0, 0x1, 0x3, '\x00', r6, r7, 0x0, 0x1, 0x4, 0x0, @void, @value, @void, @value}, 0x50) (async)
syz_emit_ethernet(0x86, &(0x7f0000000c40)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b88ef", 0x50, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "bdd7c3", 0x0, 0x33, 0x0, @loopback, @empty, [@hopopts={0x4, 0x2, '\x00', [@hao={0xc9, 0x10, @loopback}]}]}}}}}}}, 0x0) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r10}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

kernel console output (not intermixed with test programs):

ered promiscuous mode
[   31.411499][ T3302] veth1_vlan: entered promiscuous mode
[   31.428600][ T3304] veth0_vlan: entered promiscuous mode
[   31.436032][ T3297] veth0_vlan: entered promiscuous mode
[   31.441792][ T3304] veth1_vlan: entered promiscuous mode
[   31.448091][ T3298] veth1_macvtap: entered promiscuous mode
[   31.455043][ T3296] veth1_macvtap: entered promiscuous mode
[   31.476113][ T3297] veth1_vlan: entered promiscuous mode
[   31.483191][ T3302] veth0_macvtap: entered promiscuous mode
[   31.493120][ T3296] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.508209][ T3296] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.518578][ T3298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.529091][ T3298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.539609][ T3298] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.548082][ T3298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.558582][ T3298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.569176][ T3298] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.577528][ T3297] veth0_macvtap: entered promiscuous mode
[   31.586318][ T3298] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.595066][ T3298] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.603827][ T3298] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.612603][ T3298] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.623806][ T3302] veth1_macvtap: entered promiscuous mode
[   31.633525][ T3296] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.642332][ T3296] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.651173][ T3296] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.660145][ T3296] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.672568][ T3297] veth1_macvtap: entered promiscuous mode
[   31.688692][ T3304] veth0_macvtap: entered promiscuous mode
[   31.702910][ T3302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.713652][ T3302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.723628][ T3302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.734193][ T3302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.745116][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.756048][   T29] kauditd_printk_skb: 18 callbacks suppressed
[   31.756064][   T29] audit: type=1400 audit(1734239240.592:110): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/root/syzkaller.wDYbqV/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   31.773003][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.797186][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.807089][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.817579][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.827453][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.837946][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.847897][   T29] audit: type=1400 audit(1734239240.592:111): avc:  denied  { mount } for  pid=3296 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   31.856427][ T3297] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.869932][   T29] audit: type=1400 audit(1734239240.592:112): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/root/syzkaller.wDYbqV/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   31.890559][ T3304] veth1_macvtap: entered promiscuous mode
[   31.902399][   T29] audit: type=1400 audit(1734239240.592:113): avc:  denied  { mount } for  pid=3296 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   31.930061][   T29] audit: type=1400 audit(1734239240.592:114): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/root/syzkaller.wDYbqV/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   31.956734][   T29] audit: type=1400 audit(1734239240.592:115): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/root/syzkaller.wDYbqV/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4535 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   31.984310][   T29] audit: type=1400 audit(1734239240.592:116): avc:  denied  { unmount } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   32.004797][   T29] audit: type=1400 audit(1734239240.682:117): avc:  denied  { mounton } for  pid=3296 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=502 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   32.027689][   T29] audit: type=1400 audit(1734239240.692:118): avc:  denied  { mount } for  pid=3296 comm="syz-executor" name="/" dev="gadgetfs" ino=4537 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   32.052264][ T3302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.060087][ T3296] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   32.062750][ T3302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.087130][ T3302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.097563][ T3302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.108617][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.116998][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.127594][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.137549][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.148162][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.158043][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.168566][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.179210][ T3297] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.188695][ T3297] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.197637][ T3297] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.206538][ T3297] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.215300][ T3297] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.231024][   T29] audit: type=1400 audit(1734239241.052:119): avc:  denied  { read write } for  pid=3296 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   32.241277][ T3438] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   32.268591][ T3302] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.277408][ T3302] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.286217][ T3302] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.294993][ T3302] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.317297][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.327780][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.337681][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.348273][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.358108][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.368670][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.378538][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   32.389136][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.400162][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.417499][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.428097][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.438427][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.448899][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.452213][ T3438] loop3: detected capacity change from 0 to 764
[   32.458748][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.475454][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.475474][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.495760][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.506936][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.530792][    T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[   32.549608][    T8] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   32.566387][ T3304] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.575182][ T3304] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.583964][ T3304] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.592757][ T3304] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.690926][ T3455] dccp_xmit_packet: Payload too large (65475) for featneg.
[   32.722023][ T3455] veth0_virt_wifi: entered promiscuous mode
[   32.729981][ T3455] veth0_virt_wifi: left promiscuous mode
[   32.741751][ T3459] syz.1.2 uses obsolete (PF_INET,SOCK_PACKET)
[   32.771867][ T3462] loop3: detected capacity change from 0 to 512
[   32.779748][ T3462] EXT4-fs: Ignoring removed oldalloc option
[   32.804868][    C1] hrtimer: interrupt took 34743 ns
[   32.834772][ T3466] netlink: 'syz.0.11': attribute type 39 has an invalid length.
[   32.843892][ T3462] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   32.857104][ T3462] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   32.877033][ T3462] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   32.900797][ T3462] EXT4-fs (loop3): 1 truncate cleaned up
[   32.909467][ T3462] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.929222][ T3464] loop4: detected capacity change from 0 to 1024
[   32.964750][ T3475] netlink: 'syz.1.13': attribute type 10 has an invalid length.
[   32.973051][ T3464] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities
[   32.986384][ T3475] team0: Failed to send options change via netlink (err -105)
[   32.993963][ T3475] team0: Port device netdevsim1 added
[   33.017259][ T3475] netlink: 'syz.1.13': attribute type 10 has an invalid length.
[   33.025515][   T93] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   33.036459][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.063030][ T3475] team0: Failed to send options change via netlink (err -105)
[   33.075013][ T3475] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   33.095041][ T3475] team0: Port device netdevsim1 removed
[   33.103094][ T3475] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   33.146894][ T3476] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5'.
[   33.155754][ T3476] netlink: 228 bytes leftover after parsing attributes in process `syz.4.5'.
[   33.184775][ T3483] loop3: detected capacity change from 0 to 1024
[   33.203508][ T3483] =======================================================
[   33.203508][ T3483] WARNING: The mand mount option has been deprecated and
[   33.203508][ T3483]          and is ignored by this kernel. Remove the mand
[   33.203508][ T3483]          option from the mount to silence this warning.
[   33.203508][ T3483] =======================================================
[   33.212733][ T3476] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5'.
[   33.296161][ T3483] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.313901][ T3488] loop1: detected capacity change from 0 to 512
[   33.324917][ T3483] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   33.345786][ T3488] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   33.368721][ T3478] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.14: bg 0: block 393: padding at end of block bitmap is not set
[   33.384850][ T3478] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   33.387831][ T3488] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002]
[   33.397399][ T3478] EXT4-fs (loop3): This should not happen!! Data will be lost
[   33.397399][ T3478] 
[   33.425975][ T3478] syz.3.14 (3478) used greatest stack depth: 9784 bytes left
[   33.433089][ T3488] System zones: 1-12
[   33.443948][ T3488] EXT4-fs (loop1): orphan cleanup on readonly fs
[   33.456060][ T3488] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.16: bg 0: block 361: padding at end of block bitmap is not set
[   33.501632][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.506877][ T3488] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   33.541244][ T3488] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #11: comm syz.1.16: attempt to clear invalid blocks 33619980 len 1
[   33.573895][ T3488] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.16: invalid indirect mapped block 1811939328 (level 0)
[   33.589340][ T3488] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.16: invalid indirect mapped block 2 (level 2)
[   33.600868][ T3494] loop3: detected capacity change from 0 to 1024
[   33.612736][ T3488] EXT4-fs (loop1): 1 truncate cleaned up
[   33.625013][ T3488] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[   33.754894][ T3494] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.767225][ T3494] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   33.780897][ T3494] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.17: bg 0: block 393: padding at end of block bitmap is not set
[   33.830085][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[   33.844743][ T3494] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   33.857232][ T3494] EXT4-fs (loop3): This should not happen!! Data will be lost
[   33.857232][ T3494] 
[   33.929441][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.040522][ T3514] loop3: detected capacity change from 0 to 1024
[   34.089571][ T3514] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.099920][ T3525] loop4: detected capacity change from 0 to 512
[   34.125263][ T3514] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   34.157413][ T3525] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   34.164249][ T3514] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.22: bg 0: block 393: padding at end of block bitmap is not set
[   34.196396][ T3514] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   34.208914][ T3514] EXT4-fs (loop3): This should not happen!! Data will be lost
[   34.208914][ T3514] 
[   34.239228][ T3525] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002]
[   34.254765][ T3525] System zones: 1-12
[   34.264192][ T3525] EXT4-fs (loop4): orphan cleanup on readonly fs
[   34.277294][ T3525] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.27: bg 0: block 361: padding at end of block bitmap is not set
[   34.299613][ T3525] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   34.299969][ T3533] dccp_xmit_packet: Payload too large (65475) for featneg.
[   34.308966][ T3525] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #11: comm syz.4.27: attempt to clear invalid blocks 33619980 len 1
[   34.344695][ T3525] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.27: invalid indirect mapped block 1811939328 (level 0)
[   34.358786][ T3525] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.27: invalid indirect mapped block 2 (level 2)
[   34.374051][ T3525] EXT4-fs (loop4): 1 truncate cleaned up
[   34.380166][ T3525] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[   34.396889][ T3535] loop0: detected capacity change from 0 to 512
[   34.403527][ T3535] EXT4-fs: Ignoring removed oldalloc option
[   34.422749][ T3533] veth0_virt_wifi: entered promiscuous mode
[   34.435422][ T3535] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   34.437040][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.458696][ T3533] veth0_virt_wifi: left promiscuous mode
[   34.466081][ T3535] EXT4-fs (loop0): 1 truncate cleaned up
[   34.484180][ T3535] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.490978][ T3539] netlink: 'syz.2.33': attribute type 39 has an invalid length.
[   34.500376][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[   34.548970][ T3543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.34'.
[   34.557893][ T3543] netlink: 12 bytes leftover after parsing attributes in process `syz.4.34'.
[   34.562477][ T3541] loop3: detected capacity change from 0 to 2048
[   34.580913][ T3302] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.604559][ T3547] netlink: 8 bytes leftover after parsing attributes in process `syz.0.35'.
[   34.606354][ T3541]  loop3: p1 < > p4
[   34.613378][ T3547] netlink: 12 bytes leftover after parsing attributes in process `syz.0.35'.
[   34.636481][ T3541] loop3: p4 size 8388608 extends beyond EOD, truncated
[   34.653785][ T3550] loop4: detected capacity change from 0 to 512
[   34.662341][ T3550] EXT4-fs: Ignoring removed oldalloc option
[   34.676777][ T3550] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   34.696948][ T2999]  loop3: p1 < > p4
[   34.697295][ T3553] loop1: detected capacity change from 0 to 2048
[   34.701229][ T2999] loop3: p4 size 8388608 extends beyond EOD, truncated
[   34.738660][ T3550] EXT4-fs (loop4): 1 truncate cleaned up
[   34.763863][ T3550] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.787862][ T3560] FAULT_INJECTION: forcing a failure.
[   34.787862][ T3560] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   34.801205][ T3560] CPU: 1 UID: 0 PID: 3560 Comm: syz.3.39 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   34.811746][ T3560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   34.821909][ T3560] Call Trace:
[   34.825276][ T3560]  <TASK>
[   34.828229][ T3560]  dump_stack_lvl+0xf2/0x150
[   34.832856][ T3560]  dump_stack+0x15/0x1a
[   34.837028][ T3560]  should_fail_ex+0x223/0x230
[   34.841735][ T3560]  should_fail_alloc_page+0xfd/0x110
[   34.847071][ T3560]  __alloc_pages_noprof+0x109/0x340
[   34.852417][ T3560]  alloc_pages_mpol_noprof+0xb1/0x1e0
[   34.857883][ T3560]  alloc_pages_noprof+0xe1/0x100
[   34.862832][ T3560]  pte_alloc_one+0x31/0x110
[   34.867354][ T3560]  __pte_alloc+0x33/0x2a0
[   34.871797][ T3560]  handle_mm_fault+0x1b4a/0x2ac0
[   34.876806][ T3560]  exc_page_fault+0x3b9/0x650
[   34.881583][ T3560]  asm_exc_page_fault+0x26/0x30
[   34.886466][ T3560] RIP: 0033:0x7f9e33fc8c46
[   34.890891][ T3560] Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01
[   34.910510][ T3560] RSP: 002b:00007f9e327764a0 EFLAGS: 00010246
[   34.916584][ T3560] RAX: 0000000000000001 RBX: 00007f9e32776540 RCX: 0000000000000101
[   34.924560][ T3560] RDX: 0000000000000030 RSI: 0000000000000001 RDI: 00007f9e327765e0
[   34.932537][ T3560] RBP: 0000000000000102 R08: 00007f9e2a357000 R09: 0000000000000000
[   34.940513][ T3560] R10: 0000000000000000 R11: 00007f9e32776550 R12: 0000000000000001
[   34.948510][ T3560] R13: 00007f9e34198f60 R14: 0000000000000000 R15: 00007f9e327765e0
[   34.956500][ T3560]  </TASK>
[   34.959725][ T3560] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   34.964891][ T3553] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.984639][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.986022][ T3553] EXT4-fs error (device loop1): ext4_find_extent:938: inode #2: comm syz.1.37: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   35.024050][ T3560] loop3: detected capacity change from 0 to 512
[   35.035209][ T3555] loop0: detected capacity change from 0 to 512
[   35.042520][ T3446] udevd[3446]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   35.044094][ T3553] EXT4-fs error (device loop1): ext4_find_extent:938: inode #2: comm syz.1.37: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   35.053753][ T3557] udevd[3557]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   35.091157][ T3557] udevd[3557]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   35.103452][ T3446] udevd[3446]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   35.118274][ T3555] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.132408][ T3553] EXT4-fs error (device loop1): ext4_find_extent:938: inode #2: comm syz.1.37: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   35.144869][ T3555] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   35.160100][ T3553] EXT4-fs error (device loop1): ext4_find_extent:938: inode #2: comm syz.1.37: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   35.183277][ T3560] EXT4-fs (loop3): too many log groups per flexible block group
[   35.191109][ T3560] EXT4-fs (loop3): failed to initialize mballoc (-12)
[   35.199461][ T3560] EXT4-fs (loop3): mount failed
[   35.205429][ T3555] netlink: 160 bytes leftover after parsing attributes in process `syz.0.38'.
[   35.242004][ T3572] netlink: 8 bytes leftover after parsing attributes in process `syz.2.42'.
[   35.250881][ T3572] netlink: 4 bytes leftover after parsing attributes in process `syz.2.42'.
[   35.279979][ T3576] loop4: detected capacity change from 0 to 2048
[   35.303661][ T3572] wireguard0: entered promiscuous mode
[   35.309218][ T3572] wireguard0: entered allmulticast mode
[   35.310312][ T3557]  loop4: p1 < > p4
[   35.320855][ T3557] loop4: p4 size 8388608 extends beyond EOD, truncated
[   35.323497][ T3579] capability: warning: `syz.3.44' uses 32-bit capabilities (legacy support in use)
[   35.346308][ T3576]  loop4: p1 < > p4
[   35.351399][ T3302] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.361773][ T3576] loop4: p4 size 8388608 extends beyond EOD, truncated
[   35.398516][ T3581] netlink: 'syz.0.45': attribute type 10 has an invalid length.
[   35.444150][ T3583] loop3: detected capacity change from 0 to 512
[   35.458437][ T3586] netlink: 'syz.0.45': attribute type 10 has an invalid length.
[   35.468095][ T3585] loop4: detected capacity change from 0 to 512
[   35.474183][ T3581] team0: Failed to send options change via netlink (err -105)
[   35.481882][ T3581] team0: Port device netdevsim1 added
[   35.492025][   T11] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   35.505207][ T3586] team0: Failed to send options change via netlink (err -105)
[   35.506381][ T3585] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[   35.515211][ T3586] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   35.535134][ T3586] team0: Port device netdevsim1 removed
[   35.542899][ T3585] EXT4-fs (loop4): invalid journal inode
[   35.546226][ T3446] udevd[3446]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   35.548630][ T3585] EXT4-fs (loop4): can't get journal size
[   35.559703][ T3557] udevd[3557]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   35.566033][ T3586] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   35.583507][ T3583] EXT4-fs (loop3): too many log groups per flexible block group
[   35.591317][ T3583] EXT4-fs (loop3): failed to initialize mballoc (-12)
[   35.591839][ T3585] EXT4-fs (loop4): 1 truncate cleaned up
[   35.600202][ T3446] udevd[3446]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   35.604195][ T3585] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.616212][ T3557] udevd[3557]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   35.625963][ T3583] EXT4-fs (loop3): mount failed
[   35.749375][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.776614][ T3594] loop0: detected capacity change from 0 to 512
[   35.785598][ T3594] EXT4-fs: Mount option(s) incompatible with ext2
[   35.800962][ T3598] syz.1.49[3598] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.801023][ T3598] syz.1.49[3598] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.814714][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.881105][ T3598] syz.1.49[3598] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.881157][ T3599] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   35.908694][ T3596] 0ªX¹¦À: renamed from caif0
[   35.917852][ T3596] 0ªX¹¦À: entered allmulticast mode
[   35.923086][ T3596] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[   35.962449][ T3598] sd 0:0:1:0: device reset
[   36.002526][ T3603] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   36.012018][ T3596] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   36.022352][ T3603] Zero length message leads to an empty skb
[   36.030044][ T3601] dccp_xmit_packet: Payload too large (65475) for featneg.
[   36.061109][ T3596] vhci_hcd: invalid port number 23
[   36.100814][ T3601] veth0_virt_wifi: entered promiscuous mode
[   36.132576][ T3601] veth0_virt_wifi: left promiscuous mode
[   36.191944][ T3619] loop2: detected capacity change from 0 to 512
[   36.200097][ T3619] EXT4-fs: Ignoring removed oldalloc option
[   36.207772][ T3619] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   36.247751][ T3621] loop1: detected capacity change from 0 to 2048
[   36.250255][ T3619] EXT4-fs (loop2): 1 truncate cleaned up
[   36.260369][ T3619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.291099][ T3621] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.313347][ T3621] EXT4-fs error (device loop1): ext4_find_extent:938: inode #2: comm syz.1.60: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   36.355849][ T3621] EXT4-fs error (device loop1): ext4_find_extent:938: inode #2: comm syz.1.60: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   36.429966][ T3640] EXT4-fs error (device loop1): ext4_find_extent:938: inode #2: comm syz.1.60: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   36.459454][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.466561][ T3621] EXT4-fs error (device loop1): ext4_find_extent:938: inode #2: comm syz.1.60: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   36.610071][ T3655] dccp_xmit_packet: Payload too large (65475) for featneg.
[   36.632449][ T3655] veth0_virt_wifi: entered promiscuous mode
[   36.638846][ T3650] loop3: detected capacity change from 0 to 2048
[   36.651362][ T3652] loop2: detected capacity change from 0 to 1024
[   36.667331][ T3655] veth0_virt_wifi: left promiscuous mode
[   36.676324][ T3650] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.690104][ T3652] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.705119][ T3652] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   36.707276][ T3650] EXT4-fs error (device loop3): ext4_find_extent:938: inode #2: comm syz.3.71: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   36.719234][ T3652] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.72: bg 0: block 393: padding at end of block bitmap is not set
[   36.749520][ T3652] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   36.757882][ T3650] EXT4-fs error (device loop3): ext4_find_extent:938: inode #2: comm syz.3.71: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   36.762009][ T3652] EXT4-fs (loop2): This should not happen!! Data will be lost
[   36.762009][ T3652] 
[   36.789158][   T29] kauditd_printk_skb: 509 callbacks suppressed
[   36.789175][   T29] audit: type=1326 audit(1734239245.622:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3653 comm="syz.4.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36a05d19 code=0x7ffc0000
[   36.826833][   T29] audit: type=1326 audit(1734239245.622:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3653 comm="syz.4.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed36a05d19 code=0x7ffc0000
[   36.852137][ T3650] EXT4-fs error (device loop3): ext4_find_extent:938: inode #2: comm syz.3.71: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   36.905289][ T3665] EXT4-fs error (device loop3): ext4_find_extent:938: inode #2: comm syz.3.71: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   36.936555][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.965797][ T3671] loop2: detected capacity change from 0 to 512
[   36.972422][ T3671] EXT4-fs: Ignoring removed oldalloc option
[   37.008952][ T3673] netlink: 'syz.0.78': attribute type 10 has an invalid length.
[   37.017004][   T29] audit: type=1400 audit(1734239245.842:631): avc:  denied  { create } for  pid=3668 comm="syz.4.76" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   37.036787][   T29] audit: type=1400 audit(1734239245.842:632): avc:  denied  { bind } for  pid=3672 comm="syz.0.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   37.054988][ T3671] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   37.056878][   T29] audit: type=1400 audit(1734239245.842:633): avc:  denied  { setopt } for  pid=3672 comm="syz.0.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   37.091335][ T3675] netlink: 'syz.0.78': attribute type 10 has an invalid length.
[   37.103031][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.116018][ T3671] EXT4-fs (loop2): 1 truncate cleaned up
[   37.122048][ T3671] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.151501][ T3673] bond0: (slave netdevsim1): Releasing backup interface
[   37.173896][   T29] audit: type=1400 audit(1734239246.002:634): avc:  denied  { read } for  pid=2981 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   37.195897][   T29] audit: type=1400 audit(1734239246.002:635): avc:  denied  { search } for  pid=2981 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   37.217498][   T29] audit: type=1400 audit(1734239246.002:636): avc:  denied  { append } for  pid=2981 comm="syslogd" name="messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   37.239751][   T29] audit: type=1400 audit(1734239246.002:637): avc:  denied  { open } for  pid=2981 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   37.262666][   T29] audit: type=1400 audit(1734239246.002:638): avc:  denied  { getattr } for  pid=2981 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   37.305340][ T3673] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   37.332697][ T3673] team0: Failed to send options change via netlink (err -105)
[   37.340259][ T3673] team0: Port device netdevsim1 added
[   37.349645][ T3683] loop4: detected capacity change from 0 to 512
[   37.357990][ T3683] EXT4-fs: Ignoring removed oldalloc option
[   37.370871][ T3683] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   37.381222][ T3675] team0: Failed to send options change via netlink (err -105)
[   37.393480][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.406169][ T3683] EXT4-fs (loop4): 1 truncate cleaned up
[   37.411953][ T3675] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   37.449792][ T3675] team0: Port device netdevsim1 removed
[   37.460119][ T3683] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.480107][ T3675] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   37.504917][ T3686] loop2: detected capacity change from 0 to 512
[   37.556187][ T3686] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 4294967295)!
[   37.567245][ T3686] EXT4-fs (loop2): group descriptors corrupted!
[   37.596518][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.615854][ T3692] bond0: entered promiscuous mode
[   37.621017][ T3692] bond_slave_0: entered promiscuous mode
[   37.626889][ T3692] bond_slave_1: entered promiscuous mode
[   37.631431][ T3694] raw_sendmsg: syz.1.87 forgot to set AF_INET. Fix it!
[   37.666974][ T3696] dccp_xmit_packet: Payload too large (65475) for featneg.
[   37.685049][ T3696] veth0_virt_wifi: entered promiscuous mode
[   37.692775][ T3696] veth0_virt_wifi: left promiscuous mode
[   37.700496][ T3694] loop1: detected capacity change from 0 to 8192
[   37.702421][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.749729][ T3702] dccp_xmit_packet: Payload too large (65475) for featneg.
[   37.798454][ T3707] loop3: detected capacity change from 0 to 1024
[   37.802543][ T3702] veth0_virt_wifi: entered promiscuous mode
[   37.826419][ T3702] veth0_virt_wifi: left promiscuous mode
[   37.846144][ T3707] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.872297][ T3707] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   37.900331][ T3718] loop0: detected capacity change from 0 to 512
[   37.908703][ T3723] syz.1.95[3723] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   37.908895][ T3723] syz.1.95[3723] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   37.926305][ T3718] EXT4-fs: Ignoring removed oldalloc option
[   37.931549][ T3723] syz.1.95[3723] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   37.949304][ T3699] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.88: bg 0: block 393: padding at end of block bitmap is not set
[   37.966558][ T3723] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   37.985267][ T3725] xt_hashlimit: max too large, truncated to 1048576
[   37.998459][ T3718] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   38.012018][ T3723] sd 0:0:1:0: device reset
[   38.017936][ T3718] EXT4-fs (loop0): 1 truncate cleaned up
[   38.024239][ T3718] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.036802][ T3699] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   38.049554][ T3699] EXT4-fs (loop3): This should not happen!! Data will be lost
[   38.049554][ T3699] 
[   38.123518][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.141671][ T3302] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.200082][ T3734] FAULT_INJECTION: forcing a failure.
[   38.200082][ T3734] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   38.213668][ T3734] CPU: 0 UID: 0 PID: 3734 Comm: syz.3.99 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   38.224244][ T3734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   38.234321][ T3734] Call Trace:
[   38.237620][ T3734]  <TASK>
[   38.240567][ T3734]  dump_stack_lvl+0xf2/0x150
[   38.245235][ T3734]  dump_stack+0x15/0x1a
[   38.249434][ T3734]  should_fail_ex+0x223/0x230
[   38.254218][ T3734]  should_fail_alloc_page+0xfd/0x110
[   38.259542][ T3734]  __alloc_pages_noprof+0x109/0x340
[   38.264784][ T3734]  alloc_pages_mpol_noprof+0xb1/0x1e0
[   38.270249][ T3734]  vma_alloc_folio_noprof+0x1a0/0x2f0
[   38.275701][ T3734]  handle_mm_fault+0xdd7/0x2ac0
[   38.280595][ T3734]  exc_page_fault+0x296/0x650
[   38.285331][ T3734]  asm_exc_page_fault+0x26/0x30
[   38.290276][ T3734] RIP: 0010:rep_movs_alternative+0x33/0x70
[   38.296119][ T3734] Code: 40 83 f9 08 73 21 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb
[   38.315756][ T3734] RSP: 0018:ffffc9000178fe68 EFLAGS: 00050216
[   38.321853][ T3734] RAX: 0000000000000000 RBX: 00000000200023a0 RCX: 0000000000000020
[   38.329864][ T3734] RDX: 0000000000000000 RSI: ffffc9000178fec0 RDI: 0000000020002380
[   38.337900][ T3734] RBP: 0000000000000000 R08: 0000000080000000 R09: 0000000000000000
[   38.345891][ T3734] R10: 0001c9000178fec0 R11: 0001c9000178fedf R12: 0000000000000020
[   38.353896][ T3734] R13: 00007ffffffff000 R14: 0000000020002380 R15: ffffc9000178fec0
[   38.361931][ T3734]  _copy_to_user+0x7c/0xa0
[   38.366388][ T3734]  __x64_sys_getitimer+0xec/0x130
[   38.371513][ T3734]  x64_sys_call+0x2ad6/0x2dc0
[   38.376266][ T3734]  do_syscall_64+0xc9/0x1c0
[   38.380884][ T3734]  ? clear_bhb_loop+0x55/0xb0
[   38.385634][ T3734]  ? clear_bhb_loop+0x55/0xb0
[   38.390334][ T3734]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   38.396420][ T3734] RIP: 0033:0x7f9e34105d19
[   38.400849][ T3734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   38.420580][ T3734] RSP: 002b:00007f9e32777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000024
[   38.429084][ T3734] RAX: ffffffffffffffda RBX: 00007f9e342f5fa0 RCX: 00007f9e34105d19
[   38.437147][ T3734] RDX: 0000000000000000 RSI: 0000000020002380 RDI: 0000000000000000
[   38.445207][ T3734] RBP: 00007f9e32777090 R08: 0000000000000000 R09: 0000000000000000
[   38.453225][ T3734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   38.461297][ T3734] R13: 0000000000000000 R14: 00007f9e342f5fa0 R15: 00007fff9c82ee58
[   38.469291][ T3734]  </TASK>
[   38.486032][ T3736] loop0: detected capacity change from 0 to 128
[   38.506362][ T3736] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   38.539842][ T3736] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   38.635163][ T3742] netlink: 'syz.3.103': attribute type 5 has an invalid length.
[   38.642873][ T3742] __nla_validate_parse: 7 callbacks suppressed
[   38.642884][ T3742] netlink: 12 bytes leftover after parsing attributes in process `syz.3.103'.
[   38.688143][ T3302] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   38.736057][ T3744] dccp_xmit_packet: Payload too large (65475) for featneg.
[   38.779050][ T3744] veth0_virt_wifi: entered promiscuous mode
[   38.784932][ T3746] FAULT_INJECTION: forcing a failure.
[   38.784932][ T3746] name failslab, interval 1, probability 0, space 0, times 0
[   38.797662][ T3746] CPU: 0 UID: 0 PID: 3746 Comm: syz.3.105 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   38.808265][ T3746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   38.818367][ T3746] Call Trace:
[   38.821648][ T3746]  <TASK>
[   38.824586][ T3746]  dump_stack_lvl+0xf2/0x150
[   38.829200][ T3746]  dump_stack+0x15/0x1a
[   38.833385][ T3746]  should_fail_ex+0x223/0x230
[   38.838131][ T3746]  should_failslab+0x8f/0xb0
[   38.842805][ T3746]  kmem_cache_alloc_noprof+0x52/0x320
[   38.848201][ T3746]  ? mas_alloc_nodes+0x1e3/0x490
[   38.853239][ T3746]  mas_alloc_nodes+0x1e3/0x490
[   38.858020][ T3746]  mas_preallocate+0x44a/0x650
[   38.862798][ T3746]  __split_vma+0x244/0x6a0
[   38.867233][ T3746]  vma_modify+0xd3/0x1e0
[   38.871490][ T3746]  vma_modify_flags+0xf1/0x120
[   38.876266][ T3746]  mlock_fixup+0x113/0x450
[   38.880702][ T3746]  apply_vma_lock_flags+0x194/0x240
[   38.885936][ T3746]  do_mlock+0x35b/0x510
[   38.890158][ T3746]  ? fput+0x1c4/0x200
[   38.894152][ T3746]  ? ksys_write+0x176/0x1b0
[   38.898671][ T3746]  __x64_sys_mlock2+0x72/0x90
[   38.903401][ T3746]  x64_sys_call+0x971/0x2dc0
[   38.908057][ T3746]  do_syscall_64+0xc9/0x1c0
[   38.912632][ T3746]  ? clear_bhb_loop+0x55/0xb0
[   38.917317][ T3746]  ? clear_bhb_loop+0x55/0xb0
[   38.921999][ T3746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   38.927913][ T3746] RIP: 0033:0x7f9e34105d19
[   38.932333][ T3746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   38.951947][ T3746] RSP: 002b:00007f9e32777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000145
[   38.960476][ T3746] RAX: ffffffffffffffda RBX: 00007f9e342f5fa0 RCX: 00007f9e34105d19
[   38.968452][ T3746] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020627000
[   38.976456][ T3746] RBP: 00007f9e32777090 R08: 0000000000000000 R09: 0000000000000000
[   38.984502][ T3746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   38.992562][ T3746] R13: 0000000000000001 R14: 00007f9e342f5fa0 R15: 00007fff9c82ee58
[   39.000542][ T3746]  </TASK>
[   39.054552][ T3744] veth0_virt_wifi: left promiscuous mode
[   39.105796][ T3753] loop1: detected capacity change from 0 to 128
[   39.124068][ T3756] IPVS: set_ctl: invalid protocol: 8 172.20.20.187:20003
[   39.150188][ T3757] syz.2.109[3757] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   39.150329][ T3757] syz.2.109[3757] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   39.151779][ T3753] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   39.167044][ T3757] syz.2.109[3757] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   39.189368][ T3757] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   39.197753][ T3759] loop0: detected capacity change from 0 to 512
[   39.201472][ T3757] sd 0:0:1:0: device reset
[   39.219850][ T3753] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.224167][ T3759] EXT4-fs: Ignoring removed oldalloc option
[   39.256760][ T3759] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   39.276831][ T3759] EXT4-fs (loop0): 1 truncate cleaned up
[   39.285698][ T3762] loop3: detected capacity change from 0 to 1024
[   39.308888][ T3759] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.360173][ T3297] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   39.362317][ T3762] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.383786][ T3302] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.404252][ T3762] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.441595][ T3773] netlink: 'syz.0.116': attribute type 10 has an invalid length.
[   39.451838][ T3762] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.112: bg 0: block 393: padding at end of block bitmap is not set
[   39.478648][ T3773] bond0: (slave netdevsim1): Releasing backup interface
[   39.495978][ T3762] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   39.502900][ T3776] loop1: detected capacity change from 0 to 1024
[   39.508424][ T3762] EXT4-fs (loop3): This should not happen!! Data will be lost
[   39.508424][ T3762] 
[   39.524830][ T3777] netlink: 'syz.0.116': attribute type 10 has an invalid length.
[   39.544303][ T3773] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   39.554891][ T3776] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.571255][ T3773] team0: Failed to send options change via netlink (err -105)
[   39.578811][ T3773] team0: Port device netdevsim1 added
[   39.606369][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.655385][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.690168][ T3784] loop1: detected capacity change from 0 to 1024
[   39.697191][ T3789] FAULT_INJECTION: forcing a failure.
[   39.697191][ T3789] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   39.710474][ T3789] CPU: 1 UID: 0 PID: 3789 Comm: syz.4.114 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   39.721140][ T3789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   39.731224][ T3789] Call Trace:
[   39.734538][ T3789]  <TASK>
[   39.737480][ T3789]  dump_stack_lvl+0xf2/0x150
[   39.742102][ T3789]  dump_stack+0x15/0x1a
[   39.746360][ T3789]  should_fail_ex+0x223/0x230
[   39.751114][ T3789]  should_fail_alloc_page+0xfd/0x110
[   39.756489][ T3789]  __alloc_pages_noprof+0x109/0x340
[   39.761735][ T3789]  alloc_pages_mpol_noprof+0xb1/0x1e0
[   39.767162][ T3789]  alloc_pages_noprof+0xe1/0x100
[   39.772137][ T3789]  pte_alloc_one+0x31/0x110
[   39.776673][ T3789]  __pte_alloc+0x33/0x2a0
[   39.781068][ T3789]  handle_mm_fault+0x1b4a/0x2ac0
[   39.786041][ T3789]  exc_page_fault+0x3b9/0x650
[   39.790748][ T3789]  asm_exc_page_fault+0x26/0x30
[   39.795650][ T3789] RIP: 0033:0x7fed368c8c46
[   39.800142][ T3789] Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01
[   39.819815][ T3789] RSP: 002b:00007fed350764a0 EFLAGS: 00010246
[   39.825898][ T3789] RAX: 0000000000000001 RBX: 00007fed35076540 RCX: 0000000000000101
[   39.833874][ T3789] RDX: 0000000000000030 RSI: 0000000000000001 RDI: 00007fed350765e0
[   39.841871][ T3789] RBP: 0000000000000102 R08: 00007fed2cc57000 R09: 0000000000000000
[   39.849850][ T3789] R10: 0000000000000000 R11: 00007fed35076550 R12: 0000000000000001
[   39.857828][ T3789] R13: 00007fed36a98f60 R14: 0000000000000000 R15: 00007fed350765e0
[   39.865811][ T3789]  </TASK>
[   39.868993][ T3789] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   39.871670][ T3777] team0: Failed to send options change via netlink (err -105)
[   39.884084][ T3777] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   39.887049][ T3790] loop3: detected capacity change from 0 to 1024
[   39.893961][ T3777] team0: Port device netdevsim1 removed
[   39.907846][ T3777] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   39.917788][ T3784] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.920481][ T3789] loop4: detected capacity change from 0 to 512
[   39.938580][ T3784] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.963114][ T3784] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.118: bg 0: block 393: padding at end of block bitmap is not set
[   39.992519][ T3784] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   39.995789][ T3790] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.005018][ T3784] EXT4-fs (loop1): This should not happen!! Data will be lost
[   40.005018][ T3784] 
[   40.023467][ T3789] EXT4-fs (loop4): too many log groups per flexible block group
[   40.034698][ T3789] EXT4-fs (loop4): failed to initialize mballoc (-12)
[   40.041879][ T3789] EXT4-fs (loop4): mount failed
[   40.082872][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.093665][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.112915][ T3808] FAULT_INJECTION: forcing a failure.
[   40.112915][ T3808] name failslab, interval 1, probability 0, space 0, times 0
[   40.125618][ T3808] CPU: 1 UID: 0 PID: 3808 Comm: syz.4.126 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   40.127246][ T3811] loop2: detected capacity change from 0 to 1024
[   40.136291][ T3808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   40.136309][ T3808] Call Trace:
[   40.136318][ T3808]  <TASK>
[   40.136327][ T3808]  dump_stack_lvl+0xf2/0x150
[   40.154427][ T3812] loop0: detected capacity change from 0 to 512
[   40.156009][ T3808]  dump_stack+0x15/0x1a
[   40.156050][ T3808]  should_fail_ex+0x223/0x230
[   40.156085][ T3808]  should_failslab+0x8f/0xb0
[   40.159344][ T3812] EXT4-fs: Ignoring removed oldalloc option
[   40.163579][ T3808]  __kmalloc_noprof+0xab/0x3f0
[   40.163609][ T3808]  ? security_prepare_creds+0x53/0x120
[   40.170173][ T3812] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   40.173973][ T3808]  security_prepare_creds+0x53/0x120
[   40.180330][ T3812] EXT4-fs (loop0): 1 truncate cleaned up
[   40.183204][ T3808]  prepare_creds+0x346/0x480
[   40.191093][ T3812] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.193863][ T3808]  selinux_lsm_setattr+0x198/0x640
[   40.242324][ T3808]  selinux_setprocattr+0x4e/0x70
[   40.247292][ T3808]  security_setprocattr+0x198/0x1c0
[   40.252543][ T3808]  proc_pid_attr_write+0x1e7/0x220
[   40.257680][ T3808]  ? __pfx_proc_pid_attr_write+0x10/0x10
[   40.263366][ T3808]  vfs_write+0x281/0x920
[   40.267713][ T3808]  ? __fget_files+0x17c/0x1c0
[   40.272428][ T3808]  ksys_write+0xe8/0x1b0
[   40.276712][ T3808]  __x64_sys_write+0x42/0x50
[   40.281328][ T3808]  x64_sys_call+0x287e/0x2dc0
[   40.286105][ T3808]  do_syscall_64+0xc9/0x1c0
[   40.290635][ T3808]  ? clear_bhb_loop+0x55/0xb0
[   40.295381][ T3808]  ? clear_bhb_loop+0x55/0xb0
[   40.300119][ T3808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.306038][ T3808] RIP: 0033:0x7fed36a05d19
[   40.310528][ T3808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   40.330150][ T3808] RSP: 002b:00007fed35077038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   40.338623][ T3808] RAX: ffffffffffffffda RBX: 00007fed36bf5fa0 RCX: 00007fed36a05d19
[   40.346598][ T3808] RDX: 000000000000001d RSI: 0000000020000100 RDI: 0000000000000003
[   40.354668][ T3808] RBP: 00007fed35077090 R08: 0000000000000000 R09: 0000000000000000
[   40.362642][ T3808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   40.370625][ T3808] R13: 0000000000000000 R14: 00007fed36bf5fa0 R15: 00007ffddaf50328
[   40.378680][ T3808]  </TASK>
[   40.393045][ T3811] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.408420][ T3302] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.430542][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.488444][ T3825] syz.3.124[3825] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   40.493048][ T3825] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   40.560681][ T3825] sd 0:0:1:0: device reset
[   40.619694][ T3837] loop0: detected capacity change from 0 to 512
[   40.656508][ T3837] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   40.668246][ T3839] netlink: 16 bytes leftover after parsing attributes in process `syz.3.137'.
[   40.677205][ T3839] netlink: 16 bytes leftover after parsing attributes in process `syz.3.137'.
[   40.722827][ T3837] EXT4-fs error (device loop0): ext4_orphan_get:1389: inode #15: comm syz.0.136: iget: bad extended attribute block 19
[   40.761750][ T3837] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.136: couldn't read orphan inode 15 (err -117)
[   40.779282][ T3845] loop4: detected capacity change from 0 to 512
[   40.786543][ T3841] FAULT_INJECTION: forcing a failure.
[   40.786543][ T3841] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   40.789579][ T3845] EXT4-fs: Ignoring removed oldalloc option
[   40.799674][ T3841] CPU: 1 UID: 0 PID: 3841 Comm: syz.2.138 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   40.814464][ T3845] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   40.816108][ T3841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   40.816125][ T3841] Call Trace:
[   40.816133][ T3841]  <TASK>
[   40.816143][ T3841]  dump_stack_lvl+0xf2/0x150
[   40.816187][ T3841]  dump_stack+0x15/0x1a
[   40.816242][ T3841]  should_fail_ex+0x223/0x230
[   40.816274][ T3841]  should_fail+0xb/0x10
[   40.816297][ T3841]  should_fail_usercopy+0x1a/0x20
[   40.827486][ T3837] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.836157][ T3841]  _copy_to_iter+0xd5/0xd00
[   40.870195][ T3845] EXT4-fs (loop4): 1 truncate cleaned up
[   40.877487][ T3841]  get_random_bytes_user+0x112/0x260
[   40.877530][ T3841]  ? import_ubuf+0xec/0x130
[   40.882518][ T3845] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.887641][ T3841]  __x64_sys_getrandom+0xb5/0x190
[   40.887675][ T3841]  x64_sys_call+0x118a/0x2dc0
[   40.919779][ T3841]  do_syscall_64+0xc9/0x1c0
[   40.924389][ T3841]  ? clear_bhb_loop+0x55/0xb0
[   40.929137][ T3841]  ? clear_bhb_loop+0x55/0xb0
[   40.933934][ T3841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.939926][ T3841] RIP: 0033:0x7fe1b3755d19
[   40.944353][ T3841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   40.964239][ T3841] RSP: 002b:00007fe1b1dc7038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e
[   40.972664][ T3841] RAX: ffffffffffffffda RBX: 00007fe1b3945fa0 RCX: 00007fe1b3755d19
[   40.980659][ T3841] RDX: 0000000000000000 RSI: 00000000ffffff9a RDI: 0000000020000240
[   40.988708][ T3841] RBP: 00007fe1b1dc7090 R08: 0000000000000000 R09: 0000000000000000
[   40.996826][ T3841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   41.004802][ T3841] R13: 0000000000000000 R14: 00007fe1b3945fa0 R15: 00007ffc85a656a8
[   41.012830][ T3841]  </TASK>
[   41.052947][ T3302] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.067523][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.125200][ T3852] loop3: detected capacity change from 0 to 1024
[   41.150632][ T3852] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.187053][ T3867] FAULT_INJECTION: forcing a failure.
[   41.187053][ T3867] name failslab, interval 1, probability 0, space 0, times 0
[   41.188638][ T3852] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.199889][ T3867] CPU: 1 UID: 0 PID: 3867 Comm: syz.1.145 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   41.220886][ T3867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   41.230969][ T3867] Call Trace:
[   41.234259][ T3867]  <TASK>
[   41.237201][ T3867]  dump_stack_lvl+0xf2/0x150
[   41.241907][ T3867]  dump_stack+0x15/0x1a
[   41.246095][ T3867]  should_fail_ex+0x223/0x230
[   41.250792][ T3867]  should_failslab+0x8f/0xb0
[   41.255479][ T3867]  kmem_cache_alloc_lru_noprof+0x57/0x320
[   41.261240][ T3867]  ? alloc_inode+0x6a/0x160
[   41.265779][ T3867]  alloc_inode+0x6a/0x160
[   41.270206][ T3867]  new_inode_pseudo+0x15/0x20
[   41.274912][ T3867]  alloc_anon_inode+0x1e/0x170
[   41.279728][ T3867]  aio_setup_ring+0x96/0x6a0
[   41.284397][ T3867]  ioctx_alloc+0x2b2/0x4c0
[   41.288892][ T3867]  __se_sys_io_setup+0x6b/0x1b0
[   41.293892][ T3867]  __x64_sys_io_setup+0x31/0x40
[   41.298759][ T3867]  x64_sys_call+0x160f/0x2dc0
[   41.303446][ T3867]  do_syscall_64+0xc9/0x1c0
[   41.307975][ T3867]  ? clear_bhb_loop+0x55/0xb0
[   41.312659][ T3867]  ? clear_bhb_loop+0x55/0xb0
[   41.317467][ T3867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.323469][ T3867] RIP: 0033:0x7faefeab5d19
[   41.327895][ T3867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.347598][ T3867] RSP: 002b:00007faefd121038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[   41.356094][ T3867] RAX: ffffffffffffffda RBX: 00007faefeca5fa0 RCX: 00007faefeab5d19
[   41.364072][ T3867] RDX: 0000000000000000 RSI: 0000000020000680 RDI: 0000000000002004
[   41.372062][ T3867] RBP: 00007faefd121090 R08: 0000000000000000 R09: 0000000000000000
[   41.380102][ T3867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   41.388076][ T3867] R13: 0000000000000000 R14: 00007faefeca5fa0 R15: 00007ffd0429da88
[   41.396061][ T3867]  </TASK>
[   41.426198][ T3852] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.142: bg 0: block 393: padding at end of block bitmap is not set
[   41.483371][ T3877] netlink: 'syz.2.150': attribute type 10 has an invalid length.
[   41.494286][ T3852] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   41.506736][ T3852] EXT4-fs (loop3): This should not happen!! Data will be lost
[   41.506736][ T3852] 
[   41.519381][ T3877] team0: Failed to send options change via netlink (err -105)
[   41.527016][ T3877] team0: Port device netdevsim1 added
[   41.539848][ T3883] netlink: 'syz.2.150': attribute type 10 has an invalid length.
[   41.556159][ T3883] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   41.567639][ T3883] team0: Failed to send options change via netlink (err -105)
[   41.575258][ T3883] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   41.585974][ T3883] team0: Port device netdevsim1 removed
[   41.596064][ T3883] netdevsim netdevsim2 netdevsim1: entered promiscuous mode
[   41.603706][ T3883] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   41.633136][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.699594][ T3897] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   41.708528][ T3897] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   41.716573][ T3902] FAULT_INJECTION: forcing a failure.
[   41.716573][ T3902] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   41.717445][ T3897] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   41.730337][ T3902] CPU: 0 UID: 0 PID: 3902 Comm: syz.3.160 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   41.730372][ T3902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   41.730388][ T3902] Call Trace:
[   41.730396][ T3902]  <TASK>
[   41.739183][ T3897] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   41.749614][ T3902]  dump_stack_lvl+0xf2/0x150
[   41.762134][ T3897] vxlan0: entered promiscuous mode
[   41.762995][ T3902]  dump_stack+0x15/0x1a
[   41.766061][ T3897] vxlan0: entered allmulticast mode
[   41.774585][ T3902]  should_fail_ex+0x223/0x230
[   41.774623][ T3902]  should_fail+0xb/0x10
[   41.774653][ T3902]  should_fail_usercopy+0x1a/0x20
[   41.792755][ T3892] loop2: detected capacity change from 0 to 1024
[   41.793818][ T3902]  _copy_from_iter+0xd5/0xd00
[   41.818766][ T3902]  ? kmalloc_reserve+0x16e/0x190
[   41.823735][ T3902]  ? __build_skb_around+0x196/0x1f0
[   41.824110][ T3892] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.828963][ T3902]  ? __alloc_skb+0x21f/0x310
[   41.828991][ T3902]  ? __virt_addr_valid+0x1ed/0x250
[   41.829034][ T3902]  ? __check_object_size+0x364/0x520
[   41.842696][ T3892] ext4 filesystem being mounted at /31/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.845636][ T3902]  netlink_sendmsg+0x460/0x6e0
[   41.845681][ T3902]  ? __pfx_netlink_sendmsg+0x10/0x10
[   41.862917][ T3892] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.158: bg 0: block 393: padding at end of block bitmap is not set
[   41.866366][ T3902]  __sock_sendmsg+0x140/0x180
[   41.871641][ T3892] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 65 with error 117
[   41.876437][ T3902]  ____sys_sendmsg+0x312/0x410
[   41.876490][ T3902]  __sys_sendmsg+0x19d/0x230
[   41.876553][ T3902]  __x64_sys_sendmsg+0x46/0x50
[   41.891033][ T3892] EXT4-fs (loop2): This should not happen!! Data will be lost
[   41.891033][ T3892] 
[   41.895339][ T3902]  x64_sys_call+0x2734/0x2dc0
[   41.895371][ T3902]  do_syscall_64+0xc9/0x1c0
[   41.940893][ T3902]  ? clear_bhb_loop+0x55/0xb0
[   41.945594][ T3902]  ? clear_bhb_loop+0x55/0xb0
[   41.950422][ T3902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.956419][ T3902] RIP: 0033:0x7f9e34105d19
[   41.960889][ T3902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.980534][ T3902] RSP: 002b:00007f9e32777038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   41.988986][ T3902] RAX: ffffffffffffffda RBX: 00007f9e342f5fa0 RCX: 00007f9e34105d19
[   41.996968][ T3902] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[   42.004944][ T3902] RBP: 00007f9e32777090 R08: 0000000000000000 R09: 0000000000000000
[   42.012938][ T3902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   42.020925][ T3902] R13: 0000000000000000 R14: 00007f9e342f5fa0 R15: 00007fff9c82ee58
[   42.028913][ T3902]  </TASK>
[   42.034351][ T3897] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   42.043368][ T3897] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   42.052412][ T3897] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   42.061626][ T3897] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   42.079705][   T29] kauditd_printk_skb: 314 callbacks suppressed
[   42.079769][   T29] audit: type=1400 audit(1734239250.912:953): avc:  denied  { read write } for  pid=3905 comm="syz.3.161" name="uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   42.096470][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.114741][   T29] audit: type=1400 audit(1734239250.922:954): avc:  denied  { open } for  pid=3905 comm="syz.3.161" path="/dev/uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   42.117022][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.147711][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.147740][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.147763][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.147785][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.147845][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.147921][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.147942][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.147967][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148042][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148063][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148084][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148104][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148128][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148153][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148176][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148229][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148249][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148270][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148295][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148320][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148392][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148418][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148441][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148465][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148489][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148512][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148536][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148586][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148607][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148627][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148657][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148682][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148733][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148782][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148803][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148828][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148854][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148879][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148926][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148951][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.148997][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149018][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149093][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149114][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149155][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149178][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149200][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149224][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149251][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149344][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149400][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149427][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.149530][ T3375] hid-generic 5913:0803:0000.0002: unknown main item tag 0x0
[   42.162973][ T3375] hid-generic 5913:0803:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   42.163462][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.258976][ T3915] IPv6: Can't replace route, no match found
[   42.260259][ T3915] netlink: 16 bytes leftover after parsing attributes in process `syz.2.165'.
[   42.260810][   T29] audit: type=1326 audit(1734239251.092:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b3755d19 code=0x7ffc0000
[   42.262239][   T29] audit: type=1326 audit(1734239251.092:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1b3755d19 code=0x7ffc0000
[   42.262347][   T29] audit: type=1326 audit(1734239251.092:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b3755d19 code=0x7ffc0000
[   42.262377][   T29] audit: type=1326 audit(1734239251.092:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe1b3755d19 code=0x7ffc0000
[   42.262404][   T29] audit: type=1326 audit(1734239251.092:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b3755d19 code=0x7ffc0000
[   42.262509][   T29] audit: type=1326 audit(1734239251.092:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe1b3755d19 code=0x7ffc0000
[   42.262543][   T29] audit: type=1326 audit(1734239251.092:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b3755d19 code=0x7ffc0000
[   42.262579][   T29] audit: type=1326 audit(1734239251.092:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3914 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe1b3755d19 code=0x7ffc0000
[   42.302918][ T3917] netlink: 32 bytes leftover after parsing attributes in process `syz.4.166'.
[   42.899143][ T3927] netlink: 'syz.0.169': attribute type 10 has an invalid length.
[   42.910133][ T3927] bond0: (slave netdevsim1): Releasing backup interface
[   42.939336][ T3927] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   42.960982][ T3927] team0: Failed to send options change via netlink (err -105)
[   42.963096][ T3929] loop3: detected capacity change from 0 to 512
[   42.968555][ T3927] team0: Port device netdevsim1 added
[   42.986710][ T3931] netlink: 'syz.0.169': attribute type 10 has an invalid length.
[   42.999456][ T3929] EXT4-fs: Mount option(s) incompatible with ext2
[   43.018954][ T3931] team0: Failed to send options change via netlink (err -105)
[   43.026609][ T3931] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   43.031125][ T3929] Process accounting resumed
[   43.035975][ T3931] team0: Port device netdevsim1 removed
[   43.040311][ T3929] kernel write not supported for file /asound/timers (pid: 3929 comm: syz.3.170)
[   43.052240][ T3931] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   43.176758][ T3937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.167'.
[   43.274449][ T3940] loop0: detected capacity change from 0 to 512
[   43.355631][ T3942] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3942 comm=syz.4.173
[   43.374175][ T3940] EXT4-fs: Ignoring removed oldalloc option
[   43.423204][ T3940] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   43.578766][ T3940] EXT4-fs (loop0): 1 truncate cleaned up
[   43.588746][ T3940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.667220][ T3302] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.775028][ T3963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   43.783503][ T3963] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   43.816790][ T3963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   43.834187][ T3963] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   43.895832][ T3967] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3967 comm=syz.2.186
[   44.062334][ T3979] netlink: 'syz.4.190': attribute type 10 has an invalid length.
[   44.123013][ T3979] team0: Failed to send options change via netlink (err -105)
[   44.130563][ T3979] team0: Port device netdevsim1 added
[   44.141144][ T3983] netlink: 'syz.4.190': attribute type 10 has an invalid length.
[   44.150027][   T50] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   44.162580][ T3984] netlink: 'syz.2.189': attribute type 10 has an invalid length.
[   44.186409][ T3983] team0: Failed to send options change via netlink (err -105)
[   44.209213][ T3983] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   44.219767][ T3983] team0: Port device netdevsim1 removed
[   44.228017][ T3983] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   44.252782][ T3981] netlink: 'syz.2.189': attribute type 10 has an invalid length.
[   44.315518][ T3984] bond0: (slave netdevsim1): Releasing backup interface
[   44.322999][ T3984] netdevsim netdevsim2 netdevsim1: left promiscuous mode
[   44.349226][ T3984] team0: Port device netdevsim1 added
[   44.420157][ T3981] team0: Port device netdevsim1 removed
[   44.427518][ T3981] netdevsim netdevsim2 netdevsim1: entered promiscuous mode
[   44.437278][ T3981] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   44.450208][ T3990] loop4: detected capacity change from 0 to 512
[   44.458888][ T3990] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   44.494222][ T3990] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.522918][ T3990] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.676774][ T3990] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.881313][ T3970] loop1: detected capacity change from 0 to 512
[   44.952869][ T4006] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pid=4006 comm=syz.0.198
[   44.972165][ T3970] EXT4-fs (loop1): too many log groups per flexible block group
[   44.980010][ T3970] EXT4-fs (loop1): failed to initialize mballoc (-12)
[   45.074676][ T3970] EXT4-fs (loop1): mount failed
[   45.170461][ T4018] sctp: [Deprecated]: syz.4.203 (pid 4018) Use of int in maxseg socket option.
[   45.170461][ T4018] Use struct sctp_assoc_value instead
[   45.171211][ T4022] netlink: 'syz.0.205': attribute type 10 has an invalid length.
[   45.203085][ T4020] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4020 comm=syz.2.204
[   45.225602][ T4025] netlink: 'syz.0.205': attribute type 10 has an invalid length.
[   45.244271][ T4022] bond0: (slave netdevsim1): Releasing backup interface
[   45.266794][ T4022] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   45.297564][ T4022] team0: Failed to send options change via netlink (err -105)
[   45.305179][ T4022] team0: Port device netdevsim1 added
[   45.325100][ T4025] team0: Failed to send options change via netlink (err -105)
[   45.364620][ T4025] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   45.394396][ T4025] team0: Port device netdevsim1 removed
[   45.411750][ T4025] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   45.497530][ T4041] loop1: detected capacity change from 0 to 512
[   45.524715][ T4041] EXT4-fs: Ignoring removed oldalloc option
[   45.534410][ T4044] 9pnet_fd: Insufficient options for proto=fd
[   45.638579][ T4041] EXT4-fs error (device loop1): ext4_xattr_inode_iget:436: comm syz.1.211: Parent and EA inode have the same ino 15
[   45.679460][ T4041] EXT4-fs (loop1): Remounting filesystem read-only
[   45.687003][ T4041] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -5)
[   45.697280][ T4041] EXT4-fs (loop1): 1 orphan inode deleted
[   45.703431][ T4041] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.717472][ T4041] SELinux: (dev loop1, type ext4) getxattr errno 5
[   45.758488][ T4041] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.852408][ T4059] loop2: detected capacity change from 0 to 736
[   45.863100][ T4059] iso9660: Bad value for 'mode'
[   45.905835][ T4060] bpf_get_probe_write_proto: 2 callbacks suppressed
[   45.905854][ T4060] syz.3.218[4060] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   45.913801][ T4060] syz.3.218[4060] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   45.926478][ T4060] syz.3.218[4060] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   45.954432][ T4060] netlink: 'syz.3.218': attribute type 29 has an invalid length.
[   46.030386][ T4064] sctp: [Deprecated]: syz.3.218 (pid 4064) Use of int in maxseg socket option.
[   46.030386][ T4064] Use struct sctp_assoc_value instead
[   46.044844][ T4061] mmap: syz.1.211 (4061) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   46.261148][ T4066] loop4: detected capacity change from 0 to 1024
[   46.288077][ T4072] netlink: 20 bytes leftover after parsing attributes in process `syz.3.222'.
[   46.297983][ T4066] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.314051][ T4066] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   46.406346][ T4066] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.221: bg 0: block 393: padding at end of block bitmap is not set
[   46.411250][ T4084] netlink: 32 bytes leftover after parsing attributes in process `syz.1.225'.
[   46.429459][ T4077] loop3: detected capacity change from 0 to 1024
[   46.446387][ T4066] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   46.458841][ T4066] EXT4-fs (loop4): This should not happen!! Data will be lost
[   46.458841][ T4066] 
[   46.470147][ T4077] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.483175][ T4077] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   46.509272][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.519724][ T4077] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.224: bg 0: block 393: padding at end of block bitmap is not set
[   46.559081][ T4077] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   46.571612][ T4077] EXT4-fs (loop3): This should not happen!! Data will be lost
[   46.571612][ T4077] 
[   46.599950][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.750409][ T4099] FAULT_INJECTION: forcing a failure.
[   46.750409][ T4099] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   46.763528][ T4099] CPU: 0 UID: 0 PID: 4099 Comm: syz.3.227 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   46.774204][ T4099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   46.784333][ T4099] Call Trace:
[   46.787633][ T4099]  <TASK>
[   46.790573][ T4099]  dump_stack_lvl+0xf2/0x150
[   46.795210][ T4099]  dump_stack+0x15/0x1a
[   46.799452][ T4099]  should_fail_ex+0x223/0x230
[   46.804147][ T4099]  should_fail+0xb/0x10
[   46.808344][ T4099]  should_fail_usercopy+0x1a/0x20
[   46.813453][ T4099]  _copy_from_user+0x1e/0xb0
[   46.818083][ T4099]  __se_sys_memfd_create+0x26b/0x5c0
[   46.818758][ T4100] syz.2.230[4100] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   46.823388][ T4099]  __x64_sys_memfd_create+0x31/0x40
[   46.823631][ T4100] syz.2.230[4100] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   46.834606][ T4099]  x64_sys_call+0x2d4c/0x2dc0
[   46.834637][ T4099]  do_syscall_64+0xc9/0x1c0
[   46.834662][ T4099]  ? clear_bhb_loop+0x55/0xb0
[   46.865071][ T4099]  ? clear_bhb_loop+0x55/0xb0
[   46.869837][ T4099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   46.875806][ T4099] RIP: 0033:0x7f9e34105d19
[   46.880235][ T4099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   46.899863][ T4099] RSP: 002b:00007f9e32776e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   46.908294][ T4099] RAX: ffffffffffffffda RBX: 000000000000055a RCX: 00007f9e34105d19
[   46.916281][ T4099] RDX: 00007f9e32776ef0 RSI: 0000000000000000 RDI: 00007f9e34182381
[   46.924279][ T4099] RBP: 0000000020000ac0 R08: 00007f9e32776bb7 R09: 00007f9e32776e40
[   46.925251][ T4100] syz.2.230[4100] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   46.932257][ T4099] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000500
[   46.951493][ T4099] R13: 00007f9e32776ef0 R14: 00007f9e32776eb0 R15: 0000000020000080
[   46.959508][ T4099]  </TASK>
[   46.968255][ T4101] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   47.027312][ T4108] FAULT_INJECTION: forcing a failure.
[   47.027312][ T4108] name failslab, interval 1, probability 0, space 0, times 0
[   47.040081][ T4108] CPU: 0 UID: 0 PID: 4108 Comm: syz.3.232 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   47.050850][ T4108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   47.054704][ T4100] sd 0:0:1:0: device reset
[   47.060914][ T4108] Call Trace:
[   47.060925][ T4108]  <TASK>
[   47.060935][ T4108]  dump_stack_lvl+0xf2/0x150
[   47.067268][ T4111] random: crng reseeded on system resumption
[   47.068624][ T4108]  dump_stack+0x15/0x1a
[   47.086348][ T4108]  should_fail_ex+0x223/0x230
[   47.091065][ T4108]  should_failslab+0x8f/0xb0
[   47.095690][ T4108]  __kmalloc_noprof+0xab/0x3f0
[   47.100507][ T4108]  ? context_struct_to_string+0x23d/0x380
[   47.106258][ T4108]  context_struct_to_string+0x23d/0x380
[   47.111885][ T4108]  ? sidtab_sid2str_get+0x11a/0x140
[   47.117170][ T4108]  security_sid_to_context_core+0x218/0x2f0
[   47.123089][ T4108]  security_sid_to_context+0x27/0x30
[   47.128477][ T4108]  avc_audit_post_callback+0x10d/0x530
[   47.133560][   T29] kauditd_printk_skb: 219 callbacks suppressed
[   47.133576][   T29] audit: type=1400 audit(1734239255.902:1183): avc:  denied  { ioctl open } for  pid=4110 comm="syz.4.234" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   47.133984][ T4108]  ? __pfx_avc_audit_post_callback+0x10/0x10
[   47.170142][ T4108]  common_lsm_audit+0x90f/0x1010
[   47.175100][ T4108]  ? avc_denied+0xf1/0x110
[   47.179613][ T4108]  slow_avc_audit+0xf9/0x140
[   47.184224][ T4108]  avc_has_perm+0x129/0x160
[   47.188796][ T4108]  sel_write_load+0xe5/0x360
[   47.193406][ T4108]  ? __pfx_sel_write_load+0x10/0x10
[   47.198706][ T4108]  vfs_write+0x281/0x920
[   47.202965][ T4108]  ? __fget_files+0x17c/0x1c0
[   47.207725][ T4108]  ksys_write+0xe8/0x1b0
[   47.211988][ T4108]  __x64_sys_write+0x42/0x50
[   47.216628][ T4108]  x64_sys_call+0x287e/0x2dc0
[   47.221372][ T4108]  do_syscall_64+0xc9/0x1c0
[   47.225945][ T4108]  ? clear_bhb_loop+0x55/0xb0
[   47.230630][ T4108]  ? clear_bhb_loop+0x55/0xb0
[   47.235354][ T4108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   47.241418][ T4108] RIP: 0033:0x7f9e34105d19
[   47.245888][ T4108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   47.265876][ T4108] RSP: 002b:00007f9e32777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   47.274298][ T4108] RAX: ffffffffffffffda RBX: 00007f9e342f5fa0 RCX: 00007f9e34105d19
[   47.282273][ T4108] RDX: 0000000000002000 RSI: 0000000020000340 RDI: 0000000000000003
[   47.290335][ T4108] RBP: 00007f9e32777090 R08: 0000000000000000 R09: 0000000000000000
[   47.298308][ T4108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   47.306283][ T4108] R13: 0000000000000000 R14: 00007f9e342f5fa0 R15: 00007fff9c82ee58
[   47.314263][ T4108]  </TASK>
[   47.332198][   T29] audit: type=1400 audit(1734239255.862:1181): avc:  denied  { load_policy } for  pid=4107 comm="syz.3.232" scontext=root:sysadm_r:sysadm_t tsid=2 tclass=security permissive=1
[   47.348895][ T4108] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0)
[   47.349673][   T29] audit: type=1326 audit(1734239256.152:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4109 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   47.358186][ T4108] SELinux: failed to load policy
[   47.381467][   T29] audit: type=1326 audit(1734239256.152:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4109 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   47.409788][   T29] audit: type=1326 audit(1734239256.152:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4109 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   47.433325][   T29] audit: type=1326 audit(1734239256.152:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4109 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   47.456727][   T29] audit: type=1326 audit(1734239256.152:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4109 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   47.464714][ T4114] netlink: 44 bytes leftover after parsing attributes in process `syz.0.235'.
[   47.480106][   T29] audit: type=1326 audit(1734239256.152:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4109 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   47.492016][ T4118] loop1: detected capacity change from 0 to 1024
[   47.512238][   T29] audit: type=1326 audit(1734239256.152:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4109 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   47.542111][   T29] audit: type=1326 audit(1734239256.152:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4109 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   47.626890][ T4118] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.639258][ T4118] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   47.656266][ T4130] Process accounting resumed
[   47.660979][ T4130] kernel write not supported for file /asound/timers (pid: 4130 comm: syz.0.241)
[   47.690161][ T4118] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.236: bg 0: block 393: padding at end of block bitmap is not set
[   47.708712][ T4118] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   47.721110][ T4118] EXT4-fs (loop1): This should not happen!! Data will be lost
[   47.721110][ T4118] 
[   47.736910][ T4137] loop3: detected capacity change from 0 to 512
[   47.743780][ T4137] EXT4-fs: Ignoring removed oldalloc option
[   47.760291][ T4137] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   47.782824][ T4137] EXT4-fs (loop3): 1 truncate cleaned up
[   47.789556][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.792707][ T4137] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.858109][ T4143] syz.2.246[4143] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   47.858247][ T4143] syz.2.246[4143] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   47.896929][ T4143] syz.2.246[4143] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   47.920631][ T4143] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   47.953028][ T4150] netlink: 'syz.1.248': attribute type 10 has an invalid length.
[   47.966155][ T4150] bond0: (slave netdevsim1): Releasing backup interface
[   47.974386][ T4143] sd 0:0:1:0: device reset
[   47.997342][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.008543][ T4150] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   48.015179][ T4154] netlink: 44 bytes leftover after parsing attributes in process `syz.4.251'.
[   48.025024][ T4155] netlink: 'syz.1.248': attribute type 10 has an invalid length.
[   48.027633][ T4150] team0: Failed to send options change via netlink (err -105)
[   48.041730][ T4150] team0: Port device netdevsim1 added
[   48.064806][ T4155] team0: Failed to send options change via netlink (err -105)
[   48.094649][ T4155] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   48.114460][ T4163] dccp_xmit_packet: Payload too large (65475) for featneg.
[   48.126076][ T4155] team0: Port device netdevsim1 removed
[   48.148515][ T4155] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   48.166540][ T4163] veth0_virt_wifi: entered promiscuous mode
[   48.187038][ T4163] veth0_virt_wifi: left promiscuous mode
[   48.329079][ T4174] loop1: detected capacity change from 0 to 1024
[   48.368253][ T4174] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.405288][ T4174] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.427078][ T4174] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.258: bg 0: block 393: padding at end of block bitmap is not set
[   48.483453][ T4174] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   48.495950][ T4174] EXT4-fs (loop1): This should not happen!! Data will be lost
[   48.495950][ T4174] 
[   48.507043][ T4191] FAULT_INJECTION: forcing a failure.
[   48.507043][ T4191] name failslab, interval 1, probability 0, space 0, times 0
[   48.519678][ T4191] CPU: 0 UID: 0 PID: 4191 Comm: syz.3.254 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   48.530412][ T4191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   48.540486][ T4191] Call Trace:
[   48.543782][ T4191]  <TASK>
[   48.546768][ T4191]  dump_stack_lvl+0xf2/0x150
[   48.551404][ T4191]  dump_stack+0x15/0x1a
[   48.555613][ T4191]  should_fail_ex+0x223/0x230
[   48.560317][ T4191]  should_failslab+0x8f/0xb0
[   48.565002][ T4191]  kmem_cache_alloc_noprof+0x52/0x320
[   48.570469][ T4191]  ? alloc_empty_file+0xd0/0x200
[   48.575434][ T4191]  alloc_empty_file+0xd0/0x200
[   48.580253][ T4191]  alloc_file_clone+0x3a/0xa0
[   48.584991][ T4191]  do_shmat+0x3d7/0x770
[   48.589234][ T4191]  __x64_sys_shmat+0x64/0xb0
[   48.593885][ T4191]  x64_sys_call+0x28f6/0x2dc0
[   48.598615][ T4191]  do_syscall_64+0xc9/0x1c0
[   48.603135][ T4191]  ? clear_bhb_loop+0x55/0xb0
[   48.607988][ T4191]  ? clear_bhb_loop+0x55/0xb0
[   48.612730][ T4191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.618694][ T4191] RIP: 0033:0x7f9e34105d19
[   48.623169][ T4191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.642878][ T4191] RSP: 002b:00007f9e32735038 EFLAGS: 00000246 ORIG_RAX: 000000000000001e
[   48.651402][ T4191] RAX: ffffffffffffffda RBX: 00007f9e342f6160 RCX: 00007f9e34105d19
[   48.659423][ T4191] RDX: ffffffffffffcfff RSI: 0000000020000000 RDI: 0000000000000001
[   48.667434][ T4191] RBP: 00007f9e32735090 R08: 0000000000000000 R09: 0000000000000000
[   48.675422][ T4191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   48.683415][ T4191] R13: 0000000000000001 R14: 00007f9e342f6160 R15: 00007fff9c82ee58
[   48.691453][ T4191]  </TASK>
[   48.814359][ T4193] loop4: detected capacity change from 0 to 512
[   48.847167][ T4193] EXT4-fs: Ignoring removed oldalloc option
[   48.858018][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.884313][ T4193] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   48.910684][ T4193] EXT4-fs (loop4): 1 truncate cleaned up
[   48.939587][ T4193] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.070595][ T4199] FAULT_INJECTION: forcing a failure.
[   49.070595][ T4199] name failslab, interval 1, probability 0, space 0, times 0
[   49.083380][ T4199] CPU: 0 UID: 0 PID: 4199 Comm: syz.0.265 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   49.093999][ T4199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   49.104135][ T4199] Call Trace:
[   49.107435][ T4199]  <TASK>
[   49.110380][ T4199]  dump_stack_lvl+0xf2/0x150
[   49.115055][ T4199]  dump_stack+0x15/0x1a
[   49.119328][ T4199]  should_fail_ex+0x223/0x230
[   49.124034][ T4199]  should_failslab+0x8f/0xb0
[   49.128686][ T4199]  __kmalloc_noprof+0xab/0x3f0
[   49.133478][ T4199]  ? copy_splice_read+0xc7/0x5d0
[   49.138451][ T4199]  copy_splice_read+0xc7/0x5d0
[   49.143332][ T4199]  ? __kmalloc_noprof+0x284/0x3f0
[   49.148385][ T4199]  ? alloc_pipe_info+0x1cb/0x360
[   49.153363][ T4199]  ? __pfx_shmem_file_splice_read+0x10/0x10
[   49.159347][ T4199]  splice_direct_to_actor+0x28b/0x670
[   49.164819][ T4199]  ? __pfx_direct_splice_actor+0x10/0x10
[   49.170476][ T4199]  do_splice_direct+0xd7/0x150
[   49.175275][ T4199]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   49.181264][ T4199]  do_sendfile+0x398/0x660
[   49.185697][ T4199]  __x64_sys_sendfile64+0x110/0x150
[   49.190994][ T4199]  x64_sys_call+0xfbd/0x2dc0
[   49.195599][ T4199]  do_syscall_64+0xc9/0x1c0
[   49.200171][ T4199]  ? clear_bhb_loop+0x55/0xb0
[   49.204863][ T4199]  ? clear_bhb_loop+0x55/0xb0
[   49.209974][ T4199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.215910][ T4199] RIP: 0033:0x7f4993aa5d19
[   49.220331][ T4199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.240109][ T4199] RSP: 002b:00007f4992117038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   49.248532][ T4199] RAX: ffffffffffffffda RBX: 00007f4993c95fa0 RCX: 00007f4993aa5d19
[   49.256529][ T4199] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[   49.264584][ T4199] RBP: 00007f4992117090 R08: 0000000000000000 R09: 0000000000000000
[   49.272639][ T4199] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[   49.280715][ T4199] R13: 0000000000000000 R14: 00007f4993c95fa0 R15: 00007ffe9cce40a8
[   49.288699][ T4199]  </TASK>
[   49.303649][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.369927][ T4210] netlink: 'syz.4.268': attribute type 10 has an invalid length.
[   49.419389][ T4210] bond0: (slave netdevsim1): Releasing backup interface
[   49.428095][ T4217] netlink: 'syz.4.268': attribute type 10 has an invalid length.
[   49.447995][ T4210] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   49.470153][ T4210] team0: Failed to send options change via netlink (err -105)
[   49.470180][ T4210] team0: Port device netdevsim1 added
[   49.538781][ T4226] netlink: 'syz.1.274': attribute type 13 has an invalid length.
[   49.554417][ T4228] netlink: 44 bytes leftover after parsing attributes in process `syz.2.277'.
[   49.598417][ T4226] gretap0: refused to change device tx_queue_len
[   49.604868][ T4226] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   49.636285][ T4230] loop3: detected capacity change from 0 to 512
[   49.652645][ T4217] team0: Failed to send options change via netlink (err -105)
[   49.661350][ T4230] EXT4-fs: Mount option(s) incompatible with ext2
[   49.668997][ T4217] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   49.698501][ T4217] team0: Port device netdevsim1 removed
[   49.705822][ T4230] Process accounting resumed
[   49.710673][ T4230] kernel write not supported for file /asound/timers (pid: 4230 comm: syz.3.278)
[   49.721363][ T4234] loop1: detected capacity change from 0 to 512
[   49.729901][ T4217] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   49.759481][ T4234] EXT4-fs: Ignoring removed oldalloc option
[   49.774090][ T4234] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   49.786628][ T4234] EXT4-fs (loop1): 1 truncate cleaned up
[   49.792687][ T4234] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.795674][ T4242] netlink: 'syz.3.284': attribute type 10 has an invalid length.
[   49.843194][ T4242] team0: Failed to send options change via netlink (err -105)
[   49.850846][ T4242] team0: Port device netdevsim1 added
[   49.874502][ T4242] netlink: 'syz.3.284': attribute type 10 has an invalid length.
[   49.895514][   T11] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   49.906309][ T3297] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.953776][ T4261] FAULT_INJECTION: forcing a failure.
[   49.953776][ T4261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   49.967032][ T4261] CPU: 1 UID: 0 PID: 4261 Comm: syz.4.292 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   49.977652][ T4261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   49.987767][ T4261] Call Trace:
[   49.991057][ T4261]  <TASK>
[   49.994041][ T4261]  dump_stack_lvl+0xf2/0x150
[   49.998746][ T4261]  dump_stack+0x15/0x1a
[   50.002944][ T4261]  should_fail_ex+0x223/0x230
[   50.007659][ T4261]  should_fail+0xb/0x10
[   50.011839][ T4261]  should_fail_usercopy+0x1a/0x20
[   50.016893][ T4261]  _copy_to_user+0x20/0xa0
[   50.021375][ T4261]  simple_read_from_buffer+0xa0/0x110
[   50.026774][ T4261]  proc_fail_nth_read+0xf9/0x140
[   50.031820][ T4261]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   50.037459][ T4261]  vfs_read+0x1a2/0x700
[   50.041707][ T4261]  ? __rcu_read_unlock+0x4e/0x70
[   50.046669][ T4261]  ? __fget_files+0x17c/0x1c0
[   50.051370][ T4261]  ksys_read+0xe8/0x1b0
[   50.055548][ T4261]  __x64_sys_read+0x42/0x50
[   50.060125][ T4261]  x64_sys_call+0x2874/0x2dc0
[   50.064844][ T4261]  do_syscall_64+0xc9/0x1c0
[   50.069404][ T4261]  ? clear_bhb_loop+0x55/0xb0
[   50.074160][ T4261]  ? clear_bhb_loop+0x55/0xb0
[   50.078879][ T4261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.084798][ T4261] RIP: 0033:0x7fed36a0472c
[   50.089219][ T4261] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   50.108920][ T4261] RSP: 002b:00007fed35077030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   50.117366][ T4261] RAX: ffffffffffffffda RBX: 00007fed36bf5fa0 RCX: 00007fed36a0472c
[   50.125364][ T4261] RDX: 000000000000000f RSI: 00007fed350770a0 RDI: 0000000000000004
[   50.133411][ T4261] RBP: 00007fed35077090 R08: 0000000000000000 R09: 0000000000000000
[   50.141391][ T4261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.149391][ T4261] R13: 0000000000000000 R14: 00007fed36bf5fa0 R15: 00007ffddaf50328
[   50.157440][ T4261]  </TASK>
[   50.176746][ T4268] netlink: 44 bytes leftover after parsing attributes in process `syz.0.294'.
[   50.187109][ T4242] team0: Failed to send options change via netlink (err -105)
[   50.201990][ T4242] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   50.219718][ T4242] team0: Port device netdevsim1 removed
[   50.222226][ T4273] netlink: 'syz.4.296': attribute type 10 has an invalid length.
[   50.228777][ T4242] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   50.259461][ T4273] bond0: (slave netdevsim1): Releasing backup interface
[   50.276847][ T4275] loop2: detected capacity change from 0 to 512
[   50.277138][ T4273] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   50.283731][ T4275] EXT4-fs: Ignoring removed oldalloc option
[   50.292510][ T4273] team0: Failed to send options change via netlink (err -105)
[   50.305733][ T4273] team0: Port device netdevsim1 added
[   50.306917][ T4277] netlink: 'syz.4.296': attribute type 10 has an invalid length.
[   50.319655][ T4275] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   50.331068][ T4275] EXT4-fs (loop2): 1 truncate cleaned up
[   50.337743][ T4275] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.372017][ T4278] loop3: detected capacity change from 0 to 8192
[   50.390739][ T4277] team0: Failed to send options change via netlink (err -105)
[   50.398403][ T4277] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   50.408071][ T4277] team0: Port device netdevsim1 removed
[   50.408604][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.416292][ T4277] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   50.424148][ T4278]  loop3: p1 p2 p3 p4
[   50.443321][ T4278] loop3: p1 start 17760256 is beyond EOD, truncated
[   50.450025][ T4278] loop3: p2 size 64053 extends beyond EOD, truncated
[   50.465723][ T4278] loop3: p3 start 458496 is beyond EOD, truncated
[   50.472230][ T4278] loop3: p4 size 50331648 extends beyond EOD, 
[   50.472184][ T4285] syz.2.300[4285] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   50.478538][ T4278] truncated
[   50.497214][ T4287] dccp_xmit_packet: Payload too large (65475) for featneg.
[   50.532478][ T4287] veth0_virt_wifi: entered promiscuous mode
[   50.555798][ T4287] veth0_virt_wifi: left promiscuous mode
[   50.569156][ T4291] Process accounting resumed
[   50.573802][ T4291] kernel write not supported for file /asound/timers (pid: 4291 comm: syz.3.304)
[   50.584673][ T3557] udevd[3557]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   50.602520][ T3446] udevd[3446]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   50.639328][ T4293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   50.651089][ T4293] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   50.667723][ T4293] hub 9-0:1.0: USB hub found
[   50.681764][ T4299] netlink: 32 bytes leftover after parsing attributes in process `syz.3.307'.
[   50.697935][ T4293] hub 9-0:1.0: 8 ports detected
[   50.735851][ T4301] loop4: detected capacity change from 0 to 1024
[   50.748239][ T4301] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   50.760487][ T4301] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.776411][ T4301] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.308: bg 0: block 393: padding at end of block bitmap is not set
[   50.791067][ T4301] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   50.803557][ T4301] EXT4-fs (loop4): This should not happen!! Data will be lost
[   50.803557][ T4301] 
[   50.830444][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.880187][ T4317] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   50.889414][ T4317] sd 0:0:1:0: device reset
[   50.952204][ T4324] loop1: detected capacity change from 0 to 512
[   50.969300][ T4324] EXT4-fs: Mount option(s) incompatible with ext2
[   51.007151][ T4324] Process accounting resumed
[   51.011871][ T4324] kernel write not supported for file /asound/timers (pid: 4324 comm: syz.1.315)
[   51.288202][ T4339] loop4: detected capacity change from 0 to 1024
[   51.317282][ T4339] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.339013][ T4339] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   51.351666][ T4339] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.321: bg 0: block 393: padding at end of block bitmap is not set
[   51.367997][ T4339] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   51.380481][ T4339] EXT4-fs (loop4): This should not happen!! Data will be lost
[   51.380481][ T4339] 
[   51.435736][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.479711][ T4348] loop4: detected capacity change from 0 to 2048
[   51.639551][ T4352] bpf_get_probe_write_proto: 11 callbacks suppressed
[   51.639571][ T4352] syz.3.324[4352] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   51.649095][ T4352] syz.3.324[4352] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   51.674614][ T4352] syz.3.324[4352] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   51.710396][ T4353] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   51.741355][ T4352] sd 0:0:1:0: device reset
[   51.798023][ T4358] netlink: 12 bytes leftover after parsing attributes in process `syz.4.327'.
[   51.826524][ T4361] loop3: detected capacity change from 0 to 512
[   51.852485][ T4361] EXT4-fs: Ignoring removed oldalloc option
[   51.867379][ T4361] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   51.880909][ T4361] EXT4-fs (loop3): 1 truncate cleaned up
[   51.888940][ T4361] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.114716][ T4374] loop2: detected capacity change from 0 to 512
[   52.125884][ T4374] EXT4-fs: Mount option(s) incompatible with ext2
[   52.137604][   T29] kauditd_printk_skb: 219 callbacks suppressed
[   52.137621][   T29] audit: type=1326 audit(1734239260.952:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.0.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4993aa47cf code=0x7ffc0000
[   52.184617][   T29] audit: type=1326 audit(1734239260.972:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.0.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f4993aa5da7 code=0x7ffc0000
[   52.207441][ T4374] Process accounting resumed
[   52.207948][   T29] audit: type=1326 audit(1734239260.972:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.0.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4993aa4680 code=0x7ffc0000
[   52.212581][ T4374] kernel write not supported for file /asound/timers (pid: 4374 comm: syz.2.335)
[   52.235952][   T29] audit: type=1326 audit(1734239260.972:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.0.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f4993aa497a code=0x7ffc0000
[   52.257227][ T4381] loop3: detected capacity change from 0 to 1024
[   52.268128][   T29] audit: type=1326 audit(1734239260.972:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.0.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   52.297885][   T29] audit: type=1326 audit(1734239260.972:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.0.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   52.318084][ T4383] syz.0.336[4383] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   52.321410][   T29] audit: type=1326 audit(1734239260.972:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.0.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   52.332938][ T4383] syz.0.336[4383] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   52.356169][   T29] audit: type=1326 audit(1734239260.972:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.0.334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4993aa5d19 code=0x7ffc0000
[   52.390768][   T29] audit: type=1326 audit(1734239261.002:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4373 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b3755d19 code=0x7ffc0000
[   52.414269][   T29] audit: type=1326 audit(1734239261.002:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4373 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b3755d19 code=0x7ffc0000
[   52.432464][ T4383] syz.0.336[4383] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   52.522982][ T4386] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   52.557232][ T4389] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[   52.561103][ T4383] sd 0:0:1:0: device reset
[   52.576504][ T4389] batman_adv: batadv0: Adding interface: ip6gretap1
[   52.583131][ T4389] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   52.608983][ T4389] batman_adv: batadv0: Interface activated: ip6gretap1
[   52.641353][ T4381] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.681447][ T4377] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.333: bg 0: block 393: padding at end of block bitmap is not set
[   52.734989][ T4377] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   52.747433][ T4377] EXT4-fs (loop3): This should not happen!! Data will be lost
[   52.747433][ T4377] 
[   52.793791][ T4399] netlink: 12 bytes leftover after parsing attributes in process `syz.0.340'.
[   52.971451][ T4414] netlink: 'syz.0.347': attribute type 10 has an invalid length.
[   53.002029][ T4414] bond0: (slave netdevsim1): Releasing backup interface
[   53.038553][ T4414] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   53.063764][ T4420] netlink: 'syz.0.347': attribute type 10 has an invalid length.
[   53.083336][ T4414] team0: Failed to send options change via netlink (err -105)
[   53.090927][ T4414] team0: Port device netdevsim1 added
[   53.127304][ T4424] loop2: detected capacity change from 0 to 1024
[   53.157359][ T4420] team0: Failed to send options change via netlink (err -105)
[   53.177214][ T4420] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   53.197797][ T4420] team0: Port device netdevsim1 removed
[   53.216908][ T4420] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   53.325639][ T4431] loop2: detected capacity change from 0 to 1024
[   53.347112][ T4431] ext4 filesystem being mounted at /79/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.400481][ T4431] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.353: bg 0: block 393: padding at end of block bitmap is not set
[   53.442904][ T4431] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   53.455384][ T4431] EXT4-fs (loop2): This should not happen!! Data will be lost
[   53.455384][ T4431] 
[   53.504377][ T4444] loop4: detected capacity change from 0 to 1024
[   53.527080][ T4444] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.543976][ T4444] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.357: bg 0: block 393: padding at end of block bitmap is not set
[   53.562327][ T4455] loop2: detected capacity change from 0 to 512
[   53.572068][ T4455] EXT4-fs: Ignoring removed oldalloc option
[   53.582513][ T4444] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   53.595022][ T4444] EXT4-fs (loop4): This should not happen!! Data will be lost
[   53.595022][ T4444] 
[   53.607400][ T4455] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   53.622766][ T4455] EXT4-fs (loop2): 1 truncate cleaned up
[   53.663527][ T4459] ÿÿÿÿÿÿ: renamed from vlan1 (while UP)
[   53.715275][ T4461] netlink: 28 bytes leftover after parsing attributes in process `syz.4.362'.
[   53.778242][ T4465] loop2: detected capacity change from 0 to 1024
[   53.957558][ T4476] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[   54.159826][ T4492] loop3: detected capacity change from 0 to 256
[   54.217434][ T1096] IPVS: starting estimator thread 0...
[   54.398543][ T4498] IPVS: using max 2304 ests per chain, 115200 per kthread
[   54.411043][ T4502] Process accounting resumed
[   54.415761][ T4502] kernel write not supported for file /asound/timers (pid: 4502 comm: syz.1.374)
[   54.451104][ T4512] netlink: 12 bytes leftover after parsing attributes in process `syz.3.375'.
[   54.483091][ T4514] syz.4.378[4514] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   54.483272][ T4514] syz.4.378[4514] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   54.572458][ T4514] syz.4.378[4514] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   54.685241][ T4514] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   54.736530][ T4514] sd 0:0:1:0: device reset
[   54.794966][ T4536] netlink: 60 bytes leftover after parsing attributes in process `syz.0.381'.
[   54.833025][ T4536] netlink: 76 bytes leftover after parsing attributes in process `syz.0.381'.
[   54.843064][ T4541] loop4: detected capacity change from 0 to 1024
[   54.870700][ T4541] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   54.895120][ T4541] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.384: bg 0: block 393: padding at end of block bitmap is not set
[   54.920675][ T4541] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 9 with error 117
[   54.933206][ T4541] EXT4-fs (loop4): This should not happen!! Data will be lost
[   54.933206][ T4541] 
[   54.988240][ T4555] netlink: 12 bytes leftover after parsing attributes in process `syz.3.387'.
[   55.075333][ T4562] loop4: detected capacity change from 0 to 2048
[   55.259744][ T4568] FAULT_INJECTION: forcing a failure.
[   55.259744][ T4568] name failslab, interval 1, probability 0, space 0, times 0
[   55.272513][ T4568] CPU: 1 UID: 0 PID: 4568 Comm: syz.3.392 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   55.282826][ T4572] netlink: 'syz.2.394': attribute type 10 has an invalid length.
[   55.283246][ T4568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   55.283264][ T4568] Call Trace:
[   55.292029][ T4562] EXT4-fs error (device loop4): ext4_find_extent:938: inode #2: comm syz.4.388: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   55.301191][ T4568]  <TASK>
[   55.301205][ T4568]  dump_stack_lvl+0xf2/0x150
[   55.301251][ T4568]  dump_stack+0x15/0x1a
[   55.308979][ T4562] EXT4-fs error (device loop4): ext4_find_extent:938: inode #2: comm syz.4.388: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   55.320767][ T4568]  should_fail_ex+0x223/0x230
[   55.320819][ T4568]  ? perf_event_mmap+0x721/0xd10
[   55.320842][ T4568]  should_failslab+0x8f/0xb0
[   55.330196][ T4562] EXT4-fs error (device loop4): ext4_find_extent:938: inode #2: comm syz.4.388: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[   55.332552][ T4568]  __kmalloc_cache_noprof+0x4e/0x320
[   55.349660][ T4573] netlink: 'syz.2.394': attribute type 10 has an invalid length.
[   55.353544][ T4568]  perf_event_mmap+0x721/0xd10
[   55.397335][ T4568]  ? up_write+0x30/0xf0
[   55.401567][ T4568]  __mmap_region+0x1003/0x13f0
[   55.406443][ T4568]  mmap_region+0x18c/0x1e0
[   55.410906][ T4568]  do_mmap+0x718/0xb60
[   55.415017][ T4568]  vm_mmap_pgoff+0x133/0x290
[   55.419662][ T4568]  ksys_mmap_pgoff+0x286/0x330
[   55.424475][ T4568]  x64_sys_call+0x1940/0x2dc0
[   55.429180][ T4568]  do_syscall_64+0xc9/0x1c0
[   55.433706][ T4568]  ? clear_bhb_loop+0x55/0xb0
[   55.438459][ T4568]  ? clear_bhb_loop+0x55/0xb0
[   55.443198][ T4568]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.449157][ T4568] RIP: 0033:0x7f9e34105d19
[   55.453662][ T4568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.473371][ T4568] RSP: 002b:00007f9e32777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   55.481875][ T4568] RAX: ffffffffffffffda RBX: 00007f9e342f5fa0 RCX: 00007f9e34105d19
[   55.489859][ T4568] RDX: 000000000000000a RSI: 0000000000003000 RDI: 0000000020000000
[   55.497899][ T4568] RBP: 00007f9e32777090 R08: 0000000000000004 R09: 0000000000000000
[   55.505959][ T4568] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[   55.513991][ T4568] R13: 0000000000000000 R14: 00007f9e342f5fa0 R15: 00007fff9c82ee58
[   55.522049][ T4568]  </TASK>
[   55.528999][ T4572] bond0: (slave netdevsim1): Releasing backup interface
[   55.554086][ T4572] netdevsim netdevsim2 netdevsim1: left promiscuous mode
[   55.569923][ T4572] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   55.586870][ T4572] team0: Failed to send options change via netlink (err -105)
[   55.594440][ T4572] team0: Port device netdevsim1 added
[   55.601718][ T4579] syz.3.396[4579] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   55.608417][ T4583] netlink: 32 bytes leftover after parsing attributes in process `syz.0.397'.
[   55.628704][ T4579] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   55.640058][ T4579] sd 0:0:1:0: device reset
[   55.647657][ T4573] team0: Failed to send options change via netlink (err -105)
[   55.655696][ T4573] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[   55.681406][ T4573] team0: Port device netdevsim1 removed
[   55.682070][ T4589] FAULT_INJECTION: forcing a failure.
[   55.682070][ T4589] name failslab, interval 1, probability 0, space 0, times 0
[   55.693636][ T4573] netdevsim netdevsim2 netdevsim1: entered promiscuous mode
[   55.699756][ T4589] CPU: 0 UID: 0 PID: 4589 Comm: syz.3.399 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   55.717714][ T4589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   55.727869][ T4589] Call Trace:
[   55.730820][ T4573] bond0: (slave netdevsim1): Enslaving as an active interface with an up link
[   55.731146][ T4589]  <TASK>
[   55.743040][ T4589]  dump_stack_lvl+0xf2/0x150
[   55.747678][ T4589]  dump_stack+0x15/0x1a
[   55.751884][ T4589]  should_fail_ex+0x223/0x230
[   55.756645][ T4589]  should_failslab+0x8f/0xb0
[   55.761311][ T4589]  __kmalloc_noprof+0xab/0x3f0
[   55.766093][ T4589]  ? bpf_test_init+0xc7/0x170
[   55.770840][ T4589]  bpf_test_init+0xc7/0x170
[   55.775403][ T4589]  bpf_prog_test_run_xdp+0x321/0x8b0
[   55.780723][ T4589]  ? __rcu_read_unlock+0x4e/0x70
[   55.785753][ T4589]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[   55.791588][ T4589]  bpf_prog_test_run+0x20f/0x3a0
[   55.796586][ T4589]  __sys_bpf+0x400/0x7a0
[   55.800863][ T4589]  __x64_sys_bpf+0x43/0x50
[   55.805515][ T4589]  x64_sys_call+0x2914/0x2dc0
[   55.810212][ T4589]  do_syscall_64+0xc9/0x1c0
[   55.814773][ T4589]  ? clear_bhb_loop+0x55/0xb0
[   55.819526][ T4589]  ? clear_bhb_loop+0x55/0xb0
[   55.824281][ T4589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.830216][ T4589] RIP: 0033:0x7f9e34105d19
[   55.834678][ T4589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.854335][ T4589] RSP: 002b:00007f9e32777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   55.862762][ T4589] RAX: ffffffffffffffda RBX: 00007f9e342f5fa0 RCX: 00007f9e34105d19
[   55.870753][ T4589] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
[   55.878858][ T4589] RBP: 00007f9e32777090 R08: 0000000000000000 R09: 0000000000000000
[   55.886944][ T4589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.895079][ T4589] R13: 0000000000000000 R14: 00007f9e342f5fa0 R15: 00007fff9c82ee58
[   55.903093][ T4589]  </TASK>
[   55.963088][ T4606] ==================================================================
[   55.971229][ T4606] BUG: KCSAN: data-race in bcm_connect / bcm_sendmsg
[   55.977948][ T4606] 
[   55.980284][ T4606] write to 0xffff88811d758f14 of 4 bytes by task 4603 on cpu 0:
[   55.987930][ T4606]  bcm_connect+0x112/0x2b0
[   55.992373][ T4606]  __sys_connect+0x18f/0x1b0
[   55.996977][ T4606]  __x64_sys_connect+0x41/0x50
[   56.001753][ T4606]  x64_sys_call+0x22a7/0x2dc0
[   56.006444][ T4606]  do_syscall_64+0xc9/0x1c0
[   56.010960][ T4606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.016895][ T4606] 
[   56.019236][ T4606] read to 0xffff88811d758f14 of 4 bytes by task 4606 on cpu 1:
[   56.026785][ T4606]  bcm_sendmsg+0x47/0x470
[   56.031145][ T4606]  __sock_sendmsg+0x140/0x180
[   56.035855][ T4606]  ____sys_sendmsg+0x312/0x410
[   56.040632][ T4606]  __sys_sendmsg+0x19d/0x230
[   56.045261][ T4606]  __x64_sys_sendmsg+0x46/0x50
[   56.050038][ T4606]  x64_sys_call+0x2734/0x2dc0
[   56.054731][ T4606]  do_syscall_64+0xc9/0x1c0
[   56.059249][ T4606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.065184][ T4606] 
[   56.067513][ T4606] value changed: 0x00000000 -> 0x00000016
[   56.073247][ T4606] 
[   56.075581][ T4606] Reported by Kernel Concurrency Sanitizer on:
[   56.081744][ T4606] CPU: 1 UID: 0 PID: 4606 Comm: syz.3.403 Not tainted 6.13.0-rc2-syzkaller-00333-ga0e3919a2df2 #0
[   56.092352][ T4606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   56.102427][ T4606] ==================================================================
[   60.445139][    C0] Dead loop on virtual device ipvlan1, fix it urgently!