last executing test programs:

6.441676505s ago: executing program 0 (id=35):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
r2 = gettid()
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000140)=0x3)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="1801000029000000000000003b81000085000cfa062a00006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$usbfs(&(0x7f0000000040), 0x80000000003, 0x101301)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r6)
sendmsg$ETHTOOL_MSG_RINGS_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000010000000080007000000000018000180140002006e657464657673696d300000000000000800060000100000080008"], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='io_uring_file_get\x00', r5}, 0x10)
r8 = syz_io_uring_setup(0x3813, &(0x7f00000035c0)={0x0, 0x0, 0x10100, 0x0, 0x4047, 0x0, r4}, &(0x7f00000000c0)=<r9=>0x0, &(0x7f0000003580)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f00000003c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x0, 0x0})
io_uring_enter(r8, 0x291c, 0x0, 0x0, 0x0, 0x0)
ioctl$PPPIOCSPASS(r3, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x60, 0x0, 0x2}]})
write$ppp(r3, &(0x7f0000000300)="5af9", 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
r11 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x800}, &(0x7f0000000240)=<r12=>0x0, &(0x7f0000000280)=<r13=>0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x13, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r11, 0x47f9, 0x0, 0x0, 0x0, 0x0)
io_getevents(0x0, 0x7, 0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
pipe2(&(0x7f0000001cc0)={<r14=>0xffffffffffffffff, <r15=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r14, @ANYBLOB=',wfdno=', @ANYRESHEX=r15, @ANYBLOB="2c756e616d653dd0aedec1aa20ffd81d1bf81329217cb058a396eda2ab40a26d93dd083c0074dcab6cab21ae16c4cdf97bdc355f3b41d27b654301345cb3c4cec37953322d01beaa7257964fd30fe2d72f171da72e389f382dea3c8d91906aead5d5aeccc097ef1092ea987c2b00000000000000002c00985e787bb1"])
timer_create(0x2, &(0x7f0000000040)={0x0, 0x1f, 0x0, @tid=r2}, &(0x7f0000000080))

6.000612093s ago: executing program 0 (id=37):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="180000007734000000000000080000001811000b06305f39e60d00c7ae25dfea5d95182187f6db996982e2b5231c7633f0dcaa8ce039c30d28649c52315e5601bffe3b34d26df72755b3782a84d789d560ce33602ae5d10a47bd400f2f1d427d8aaab39be20000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x7}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00008, 0x0, 0x50032, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000140), 0x4)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6)

5.616242292s ago: executing program 0 (id=39):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x1, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x4040004)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3, <r4=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c00000010000104000000010000000000000000", @ANYRES32=r6, @ANYBLOB="00000000000000002c001280110001006272696467655f736c61766500000000140005800600020000000000050001"], 0x4c}}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x10)
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0xb, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0xe}, @generic={0xe, 0x9, 0x8, 0x50f2, 0x9}, @call={0x85, 0x0, 0x0, 0x1d}, @exit, @alu={0x4, 0x0, 0x3, 0x0, 0x0, 0x18}]}, &(0x7f0000000180)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41100, 0x28, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x2, 0x2, 0x6, 0x2}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000580)=[r0, r3, r4, r3, r4], &(0x7f00000005c0)=[{0x3, 0x3, 0xa, 0x6}], 0x10, 0x4, @void, @value}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000800)={@ifindex=r6, 0xb, 0x1, 0x1c00000, &(0x7f0000000700)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000740)=[0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0]}, 0x40)
syz_open_dev$loop(&(0x7f00000005c0), 0x10000, 0x0)

2.301320499s ago: executing program 0 (id=98):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='stack\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095", @ANYRES64=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x8000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, 0x0, 0x0)
bind$inet6(r2, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000000c0)='illinois\x00', 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
preadv2(r0, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/142, 0x8e}], 0x1, 0x9e2, 0x7, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a"], 0x54}}, 0x0)

2.249474378s ago: executing program 0 (id=101):
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)

2.190534698s ago: executing program 0 (id=105):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000000000"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x1, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x4040004)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0))
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)

2.128675488s ago: executing program 4 (id=106):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) (async)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x5, &(0x7f0000000240)=0xffffffffffffffff, 0x85, 0x0) (async)
syz_clone3(&(0x7f0000000440)={0x800000, 0x0, 0x0, 0x0, {0xf}, 0x0, 0x0, 0x0, &(0x7f0000000400)=[0xffffffffffffffff], 0x1}, 0x58) (async)
r3 = syz_genetlink_get_family_id$smc(&(0x7f00000002c0), 0xffffffffffffffff) (async)
bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async)
r4 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r4, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x1}, 0xc)
setsockopt$MRT6_FLUSH(r4, 0x29, 0xd4, &(0x7f0000000080)=0x8, 0x4)
sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000080), 0xc, &(0x7f0000000500)={&(0x7f0000000300)={0x20, r3, 0x10, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x814}, 0x0) (async)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1018e58, &(0x7f0000000140)={[{@sysvgroups}, {@stripe={'stripe', 0x3d, 0x7}}, {@auto_da_alloc}, {@sb={'sb', 0x3d, 0x20}}, {@noblock_validity}, {@norecovery}, {}, {@bsdgroups}]}, 0x6, 0x640, &(0x7f0000000d80)="$eJzs3c9rXFsdAPDvvZPkJWl86RMRX1AMuHgP5KVJfVh1Y1sXdlGwYBciLhqapIZOf5CkYGvBBFwoKIi4LdKN/4B76d6dCOrOtVBFKha0dB73zp1mMplfaTIzSe7nA5M599wzOeebOyf33HvnzA2gtOazH2nE+xGvbyQRs03rZqK+cr4o9+Lfj29mjyRqte/+K4mkyGuUT4rnM8XCZET86XLEpyv76918+Oj2crVW95OIc1t37p/bfPjoo/U7y7dWb63eXTr/tY8vLH596eOlpoa+vTPF85Wr3/n8L3/6w6+u/bn6URIX4/r4j1eiJY6jMh/z8boIsTl/LCIuZIk2f5eT5hSEUGqV4v04HhGfjdmo5Et1s7H+i5E2DhioWiWi1l3SqwBwUuneUFaNcUDj2L6/4+DrAx6VDM/zS/UDoP3xjxWnHCbzY6PpF0nTkVH93MbZI6g/q+PV48knrx7PPYk95yFevtk6Y0dQTyfbOxHxuXbxJ3nbzuaRZvGne471k4hYjIiJon3fOkQbkqb0IM7DdHOQ+Ju3QxoRF4vnLP/yW9bfelpr2PEDUE7PLhU78u1saXf/l409GuOfaDP+mTn8JZncqPd/ncd/jf39ZD7uSVvGYdmY5Vr7XznemvH3n1/5daf66+O/uSeNR1Z/Yyw4DM93IuZa4v9ZFmwx/sniT9ps/6zIjYv91fHtv/zzSqd1o46/9jTig7bHP7uj0izV5frkubX16upi/WfbOv7wxx/8rlP97eN/ZwCRtpdt/+kO8Tdt/7T1ddnf5H77X7nTmvH7a0/vdKp/puf2T/8xkdSPNyeKnB/tbG1tLEVMJFeLIkX+8tbWxvnu8dbLvKzlz0v1+D/8Uvv+v+f93xLVVONfZh/uf+/2i07r3ub933Qx+XWtzzZ0ksW/0nv77+v/Wd6v+qzjv99/8IVO67rFP3WYwAAAAAAAAKCE0vwabJIuvEmn6cJCfb7sZ2I6rd7b3Pry2r0Hd1ciPsw/DzmeRprkHxmZrS8na+vV1aXi87CN5fMty1+JiPci4jeVqXx54ea96sqogwcAAAAAAAAAAAAAAAAAAIBj4kwx/79xn+r/VOrz/4GS6H2DuX33fwBOiUHeYBI43vL+320X/+7w2gIMl/0/lJf+D+Wl/0N56f9QXvo/lJf+D+Wl/0N56f8AAAAAcCq998Vnf0siYvsbU/kjM1GsM+kXTrfxA5WuDKwdwPDp0VBeby79G+xD6fQ1/v9f8eWAg28OMAJJu8x8cFDr3vmftX3lrp3Dtw0AAAAAAAAAAAAAqPvg/c7z/w82Nxg4aUz7g/I6xPx/Xx0AJ5yv/ofycowP9JjFH5OdVvSa/w8AAAAAAAAAAAAAHJmZ/JGkC8Vc4JlI04WFiE9FxNkYT9bWq6uLEfFuRPy1Mv5Otrw06kYDAAAAAAAAAAAAAAAAAADAKbP58NHt5Wp1daM58f99Oac70bgLau/CtT7KdE18Mw74qkiG/2eZioiRb5SBJcaacpKI7WzLH4uGbWzG8WhGnhjxPyYAAAAAAAAAAAAAAAAAACihprnH7c39dsgtAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDh273/f4/EynT9BX0V3psYdYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMn0SQAAAP//riA8Ng==") (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0xf, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) (async)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./file1\x00', 0x0, 0x2041, 0x0)

2.124326508s ago: executing program 4 (id=108):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18090000002300810000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x400)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{}, &(0x7f0000000500), &(0x7f00000006c0)}, 0x20)
sysinfo(0x0)
unshare(0x60400)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket(0x15, 0x5, 0x0)
recvmsg$can_raw(r4, &(0x7f0000000c40)={0x0, 0x0, 0x0}, 0x2)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4011)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x4, 0x200008, 0x4, 0x20000}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0xc000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.463651605s ago: executing program 2 (id=125):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000de850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r3 = dup3(r2, r1, 0x0)
recvmmsg$unix(r3, &(0x7f00000082c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000480)=""/4081, 0xff1}], 0x1}}], 0x1, 0x0, 0x0)

1.349247535s ago: executing program 2 (id=127):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@random="cf702e8cf671", @random="250481458598", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ni={0x193}}}}}}, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
semctl$SEM_STAT_ANY(0x0, 0x3, 0x14, &(0x7f0000000240)=""/240)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x8}})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000110020850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x398, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x2c8, 0xffffffff, 0xffffffff, 0x2c8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0xff}, @private1={0xfc, 0x1, '\x00', 0x1}, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0x1c8, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x4, 0x4, 0x1, 'syz1\x00', 0x2}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x3f8)

1.300100805s ago: executing program 2 (id=130):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
semctl$SEM_STAT_ANY(0x0, 0x3, 0x14, &(0x7f0000000240)=""/240)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000110020850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x808d, &(0x7f00000000c0), 0xfe, 0x504, &(0x7f0000000a80)="$eJzs3c9vG1kdAPDvTOJukmZxFjgsK7Gs2EVJBHWSDd2NOCwgITitBCz3EhI3iuLEVeLsNtEKUvUPQEIIkLjAiQsSfwAI9cQZIVWCOwIEQtDCgUNhkO1xmho7cVX/QM7nI73OD9v5fl/ceZ733sQTwKX1SkQsRESWZdliRBTz/Wle4qRZ6s97+OD9jXpJIsve+VsSSXPfTOtnPZcvr+Yvm4qIr34p4hvJ/8Y9ODreWa9Uyvv59lJtN3mUZcfXtnfXt8pb5b3V1ZU31t5cu7623Jd6zkXEW1/40/e+/ZMvvvXLT733+xt/Wfhms4JN9Xr1JVCbZtULjd9Fy2RE7A8i2IhMNmrYdH3EuQAAcL76+f4HI+LjEbEYxZhonM0BAAAA4yT77Gw8SprzfwAAAMB4SiNiNpK01LyMM2YjTUul5jW8H46ZtFI9qH0yK56OF8xFIb25XSkv59cOzEUhqW+v5NfYtrZfb9tejYgXIuK7xenGdmmjWtkc5cAHAAAAXCJXH/f/G38O+89is/8PAAAAjJm5UScAAAAADJz+PwAAAIw//X8AAAAYa19+++16yVr3v9589+hwp/rutc3ywU5p93CjtFHdv1Xaqla3Gt/Zt3vRz6tUq7c+HXuHt5dq5YPa0sHR8Y3d6uFe7cb2E7fABgAAAIbohY/d+10SESefmU5b+67ky0JENnH2yZNDTw8YoLR9x3mjdH8cbC7AcE2MOgFgZJ76lP5XvxhMIsDQFUadADByF7UDXYcFft3/XAAAgMGY/8jp/H+jxJn5/2SkmQGDls//J451uHzM/8Pl1cv83+LdISQCDF3hvDMAnQIYe2kPh/qzz/9n2VMlBQAA9N1soyRpKe8HzEaalkoRzzduC1BIbm5XyssR8YGI+G2x8Fx9e6XxysTwAAAAAAAAAAAAAAAAAAAAAAAAAAD0KMuSyAAAAICxFpH+Ocnv/zVffG22fXzgSvKvYmMZEe/98J3v316v1fZX6vv/frq/9oN8/+ujGMEAAAAA2rX66a1+PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD008MH72+0yjDj/vXzETHXKf5kTDWWU1GIiJl/JDF55nVJREz0If7JnYh4sVP8pJ5WzOVZtMdPI2J6xPGv9iE+XGb36u3P5zodf2m80lh2Pv4m8/Ksurd/6Wn7N9Gl/Xu+xxgv3f/ZUtf4dyJemuzc/rTiJ13iv9pj/K9/7fi422PZjyPmO37+JE/EWqrt3lo6ODq+tr27vlXeKu+trq68sfbm2vW15aWb25Vy/m/HGN/56M//c179Z7rEn7ug/q/1WP9/37/94EPN1ULbQ4X4UZYtvNr5/X+x+RtqOBu/9dn3ifxzoL4931o/aa6f9fJPf/PyefXf7FL/i97/hR7rv/iVu3/o8akAwBAcHB3vrFcq5f1xW7ny/5GGlfrKdAwx6Hp0fijN/8sPre7fygMOI9ZU32ONqEECAAAG5vFJfz6BAAAAAAAAAAAAAAAAAAAAAAzdRV8DFn34OrH2mCejqSoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLn+GwAA//+6zNbf")

1.241480245s ago: executing program 4 (id=132):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
setresuid(0x0, 0x0, 0x0) (fail_nth: 2)

927.296063ms ago: executing program 4 (id=136):
recvmsg$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000002280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
sendfile(0xffffffffffffffff, r0, 0x0, 0x3a)

910.638743ms ago: executing program 2 (id=137):
pipe2(&(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x0)
sendfile(r4, r5, 0x0, 0x1000000000004)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r6, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x401, @loopback, 0xe}], 0x1c)
sendto$inet6(r6, &(0x7f0000000500), 0x0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r6, 0x84, 0x19, &(0x7f00000000c0), 0x8)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="170000000000000000000000b10000000000000000999eb8dd11a089773e338b4bab", @ANYRES32=0x1, @ANYRES8=r3, @ANYRESOCT=r1, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r8, @ANYBLOB], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@dax_always}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r9 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x1d4)
getdents64(r9, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x0, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x0, 0x0, 0xff, 0x1}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000400000000000000000071140fe4000000009500000000000000"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x16, 0x4, &(0x7f00000001c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$SNAPSHOT_ATOMIC_RESTORE(r0, 0x3304)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="effdecb37df863ae0000000000000094f3b88713", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'wg0\x00', &(0x7f0000000200)=@ethtool_rxfh_indir={0x38, 0x8, [0x3, 0x80, 0xffff, 0x8001, 0x1, 0x80, 0x2819, 0x4]}})

824.187213ms ago: executing program 4 (id=138):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000060000000800000005"], 0x48)
fsetxattr$security_selinux(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='kfree\x00', r1, 0x0, 0x2}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bond_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="800000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e00000000400002800600010000000000340003800c00010000000000000000000c00010094040000000000000c00010000010000000000000c000100040000000000000008000500", @ANYRES32=r5, @ANYBLOB="080003"], 0x80}}, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000380)={0x9, <r6=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYRESDEC=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r7, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf38, @void, @value}, 0x94)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)

774.226083ms ago: executing program 2 (id=141):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{0x1}, &(0x7f0000000140), &(0x7f0000000180)='%-5lx  \x00'}, 0x20)
getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000380), &(0x7f00000003c0)=0x14)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b0000000000000000000000ff0100000000", @ANYRES32, @ANYBLOB="dd1500004d00000000000000e1ffffffffffffff", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000020000000300"/28], 0x50)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r2, 0x2285, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$sndseq(r3, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0xc4)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmmsg$inet6(r1, &(0x7f00000029c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000014)

765.516033ms ago: executing program 4 (id=142):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18090000002300810000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x400)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{}, &(0x7f0000000500), &(0x7f00000006c0)}, 0x20)
sysinfo(0x0)
unshare(0x60400)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket(0x15, 0x5, 0x0)
recvmsg$can_raw(r4, &(0x7f0000000c40)={0x0, 0x0, 0x0}, 0x2)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4011)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x4, 0x200008, 0x4, 0x20000}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0xc000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)

719.629913ms ago: executing program 2 (id=145):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18090000002300810000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x400)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{}, &(0x7f0000000500), &(0x7f00000006c0)}, 0x20)
sysinfo(0x0)
unshare(0x60400)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket(0x15, 0x5, 0x0)
recvmsg$can_raw(r4, &(0x7f0000000c40)={0x0, 0x0, 0x0}, 0x2)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4011)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x4, 0x200008, 0x4, 0x20000}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0xc000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)

409.302991ms ago: executing program 1 (id=159):
r0 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_getsetattr(r0, &(0x7f0000000300)={0x800, 0x1, 0xffffffffffffffff}, 0x0)
mq_timedreceive(r0, &(0x7f0000000340)=""/195, 0xc3, 0x0, 0x0)
mq_timedreceive(r0, &(0x7f0000000080)=""/92, 0x5c, 0x0, 0x0)

373.664771ms ago: executing program 1 (id=161):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={0x28, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x28}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000850000005000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000001700)=ANY=[@ANYBLOB="540200001600010000000000fedbdf25ff0100000000000000000000000000010a0101010000000000000000000000004e2200004e2300000a00200021000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc0000000000000000000000000000000000000033000000e0000002000000000000000000000000060000000000000019d000000000000009000000000000000000000000000000000000000000000008000000000000000000000000000000ff030000100000000300000000000000ffffffff00000000ffffff7f000000000900000000000000000000007f000000070000002bbd7000000000000200013f000000000000000001000000060000002c001300200100000000000000000000000000010000000000000000000000020000001c00040003004e204e210000fe"], 0x254}}, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000300)='net/tcp\x00')
lseek(r5, 0xd7, 0x0)

249.660941ms ago: executing program 1 (id=164):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@random="cf702e8cf671", @random="250481458598", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ni={0x193}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
semctl$SEM_STAT_ANY(0x0, 0x3, 0x14, &(0x7f0000000240)=""/240)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x10002)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000110020850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x398, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x2c8, 0xffffffff, 0xffffffff, 0x2c8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0xff}, @private1={0xfc, 0x1, '\x00', 0x1}, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0x1c8, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x4, 0x4, 0x1, 'syz1\x00', 0x2}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x3f8)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

249.231101ms ago: executing program 1 (id=165):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x42002, 0x180)
write$cgroup_int(r2, &(0x7f00000001c0)=0x700, 0x12)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{0x1}, &(0x7f0000000140), &(0x7f0000000180)='%-5lx  \x00'}, 0x20)
getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000380), &(0x7f00000003c0)=0x14)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b0000000000000000000000ff01000000000000", @ANYRES32, @ANYBLOB="dd1500004d00000000000000e1ffffffffffffff", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000020000000300"/28], 0x50)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r3, 0x2285, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
write$sndseq(r4, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0xa8)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x4)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmmsg$inet6(r1, &(0x7f00000029c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000014)

214.940651ms ago: executing program 1 (id=166):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{0x1}, &(0x7f0000000140), &(0x7f0000000180)='%-5lx  \x00'}, 0x20)
getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000380), &(0x7f00000003c0)=0x14)
openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b0000000000000000000000ff0100000000", @ANYRES32, @ANYBLOB="dd1500004d00000000000000e1ffffffffffffff", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000020000000300"/28], 0x50)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r2, 0x2285, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$sndseq(r3, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0xc4)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmmsg$inet6(r1, &(0x7f00000029c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000014)

184.9533ms ago: executing program 1 (id=167):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x1, 0x400)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f0000000200))
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{}, &(0x7f0000000500), &(0x7f00000006c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000f00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sysinfo(0x0)
unshare(0x60400)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket(0x15, 0x5, 0x0)
recvmsg$can_raw(r5, &(0x7f0000000c40)={0x0, 0x0, 0x0}, 0x2)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4011)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x4, 0x200008, 0x4, 0x20000}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r6], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0xc000)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)

184.68022ms ago: executing program 3 (id=168):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="180000007734000000000000080000001811000b06305f39e60d00c7ae25dfea5d95182187f6db996982e2b5231c7633f0dcaa8ce039c30d28649c52315e5601bffe3b34d26df72755b3782a84d789d560ce33602ae5d10a47bd400f2f1d427d8aaab39be20000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x7}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00008, 0x0, 0x50032, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)

125.38042ms ago: executing program 3 (id=169):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000700)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xe}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtfilter={0x24, 0x2c, 0xd2f, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {}, {0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000005}, 0x40)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

107.14266ms ago: executing program 3 (id=170):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='stack\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095", @ANYRES64=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x8000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r1}, 0x10)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, 0x0, 0x0)
bind$inet6(r2, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000000c0)='illinois\x00', 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
preadv2(r0, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/142, 0x8e}], 0x1, 0x9e2, 0x7, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRES16=r4, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0)

87.58327ms ago: executing program 3 (id=171):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000217100000001010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000016d8ce4db711d5e46c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e30000000000000000000000014000100677265e52ea619052f9c08000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e6430"], 0x4b0}}, 0x0)

34.35355ms ago: executing program 3 (id=172):
pipe2(0x0, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c756e616d653dd0aedec1aa20ffd81d1bf81329217cb058a396eda2ab40a26d93dd083c0074dcab6cab21ae16c4cdf97bdc355f3b41d27b654301345cb3c4cec37953322d01beaa7257964fd30fe2d72f171da72e389f382dea3c8d91906aead5d5aeccc097ef1092ea987c2b00000000000000002c00985e787bb1"])

0s ago: executing program 3 (id=173):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000000101010300000000000000000a0000010c001980080001009200000018000180140001"], 0x38}}, 0x0)

kernel console output (not intermixed with test programs):


syzkaller
syzkaller login: [   20.078863][   T29] kauditd_printk_skb: 64 callbacks suppressed
[   20.078880][   T29] audit: type=1400 audit(1734646038.533:76): avc:  denied  { transition } for  pid=3179 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   20.082908][   T29] audit: type=1400 audit(1734646038.533:77): avc:  denied  { noatsecure } for  pid=3179 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   20.094647][   T29] audit: type=1400 audit(1734646038.543:78): avc:  denied  { write } for  pid=3179 comm="sh" path="pipe:[1638]" dev="pipefs" ino=1638 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   20.098177][   T29] audit: type=1400 audit(1734646038.543:79): avc:  denied  { rlimitinh } for  pid=3179 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   20.109824][   T29] audit: type=1400 audit(1734646038.543:80): avc:  denied  { siginh } for  pid=3179 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   20.648841][   T29] audit: type=1400 audit(1734646039.103:81): avc:  denied  { read } for  pid=2982 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.0.57' (ED25519) to the list of known hosts.
[   28.265130][   T29] audit: type=1400 audit(1734646046.713:82): avc:  denied  { mounton } for  pid=3289 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   28.266375][ T3289] cgroup: Unknown subsys name 'net'
[   28.287904][   T29] audit: type=1400 audit(1734646046.713:83): avc:  denied  { mount } for  pid=3289 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   28.315409][   T29] audit: type=1400 audit(1734646046.753:84): avc:  denied  { unmount } for  pid=3289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   28.487670][ T3289] cgroup: Unknown subsys name 'cpuset'
[   28.493879][ T3289] cgroup: Unknown subsys name 'rlimit'
[   28.625628][   T29] audit: type=1400 audit(1734646047.073:85): avc:  denied  { setattr } for  pid=3289 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   28.650383][   T29] audit: type=1400 audit(1734646047.083:86): avc:  denied  { create } for  pid=3289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.671064][   T29] audit: type=1400 audit(1734646047.083:87): avc:  denied  { write } for  pid=3289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.691440][   T29] audit: type=1400 audit(1734646047.083:88): avc:  denied  { read } for  pid=3289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.699167][ T3292] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   28.712054][   T29] audit: type=1400 audit(1734646047.093:89): avc:  denied  { mounton } for  pid=3289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   28.745592][   T29] audit: type=1400 audit(1734646047.093:90): avc:  denied  { mount } for  pid=3289 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   28.769494][   T29] audit: type=1400 audit(1734646047.183:91): avc:  denied  { relabelto } for  pid=3292 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   28.799627][ T3289] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   30.602005][ T3300] chnl_net:caif_netlink_parms(): no params data found
[   30.641125][ T3306] chnl_net:caif_netlink_parms(): no params data found
[   30.680312][ T3298] chnl_net:caif_netlink_parms(): no params data found
[   30.735565][ T3300] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.742862][ T3300] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.750100][ T3300] bridge_slave_0: entered allmulticast mode
[   30.756411][ T3300] bridge_slave_0: entered promiscuous mode
[   30.764827][ T3300] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.772054][ T3300] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.779268][ T3300] bridge_slave_1: entered allmulticast mode
[   30.785763][ T3300] bridge_slave_1: entered promiscuous mode
[   30.796148][ T3308] chnl_net:caif_netlink_parms(): no params data found
[   30.809292][ T3305] chnl_net:caif_netlink_parms(): no params data found
[   30.842809][ T3300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   30.855346][ T3300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   30.873572][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.880757][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.888151][ T3306] bridge_slave_0: entered allmulticast mode
[   30.894588][ T3306] bridge_slave_0: entered promiscuous mode
[   30.916026][ T3298] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.923600][ T3298] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.930850][ T3298] bridge_slave_0: entered allmulticast mode
[   30.937318][ T3298] bridge_slave_0: entered promiscuous mode
[   30.943960][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.951118][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.958324][ T3306] bridge_slave_1: entered allmulticast mode
[   30.964778][ T3306] bridge_slave_1: entered promiscuous mode
[   30.982504][ T3298] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.989647][ T3298] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.996836][ T3298] bridge_slave_1: entered allmulticast mode
[   31.003273][ T3298] bridge_slave_1: entered promiscuous mode
[   31.019744][ T3300] team0: Port device team_slave_0 added
[   31.052451][ T3300] team0: Port device team_slave_1 added
[   31.064061][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   31.097245][ T3298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   31.107362][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   31.117390][ T3298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   31.130797][ T3308] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.137888][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.145054][ T3308] bridge_slave_0: entered allmulticast mode
[   31.151497][ T3308] bridge_slave_0: entered promiscuous mode
[   31.181735][ T3308] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.188858][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.196127][ T3308] bridge_slave_1: entered allmulticast mode
[   31.202526][ T3308] bridge_slave_1: entered promiscuous mode
[   31.209103][ T3300] batman_adv: batadv0: Adding interface: batadv_slave_0
[   31.216062][ T3300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   31.242004][ T3300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   31.253286][ T3300] batman_adv: batadv0: Adding interface: batadv_slave_1
[   31.260269][ T3300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   31.286243][ T3300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   31.302423][ T3306] team0: Port device team_slave_0 added
[   31.309185][ T3306] team0: Port device team_slave_1 added
[   31.314877][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.321960][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state
[   31.329350][ T3305] bridge_slave_0: entered allmulticast mode
[   31.335793][ T3305] bridge_slave_0: entered promiscuous mode
[   31.355120][ T3298] team0: Port device team_slave_0 added
[   31.365524][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.372666][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state
[   31.379924][ T3305] bridge_slave_1: entered allmulticast mode
[   31.386313][ T3305] bridge_slave_1: entered promiscuous mode
[   31.393501][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   31.403970][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   31.418523][ T3298] team0: Port device team_slave_1 added
[   31.449370][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0
[   31.456355][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   31.482434][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   31.494297][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   31.513479][ T3308] team0: Port device team_slave_0 added
[   31.524586][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1
[   31.531670][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   31.557594][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   31.569582][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   31.581098][ T3300] hsr_slave_0: entered promiscuous mode
[   31.587513][ T3300] hsr_slave_1: entered promiscuous mode
[   31.594246][ T3308] team0: Port device team_slave_1 added
[   31.600323][ T3298] batman_adv: batadv0: Adding interface: batadv_slave_0
[   31.607349][ T3298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   31.633366][ T3298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   31.646506][ T3298] batman_adv: batadv0: Adding interface: batadv_slave_1
[   31.653523][ T3298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   31.679725][ T3298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   31.719398][ T3305] team0: Port device team_slave_0 added
[   31.732066][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0
[   31.739139][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   31.765114][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   31.781501][ T3305] team0: Port device team_slave_1 added
[   31.808436][ T3306] hsr_slave_0: entered promiscuous mode
[   31.814669][ T3306] hsr_slave_1: entered promiscuous mode
[   31.820812][ T3306] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   31.828405][ T3306] Cannot create hsr debugfs directory
[   31.834278][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1
[   31.841305][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   31.867304][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   31.886644][ T3298] hsr_slave_0: entered promiscuous mode
[   31.892666][ T3298] hsr_slave_1: entered promiscuous mode
[   31.898623][ T3298] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   31.906245][ T3298] Cannot create hsr debugfs directory
[   31.939009][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0
[   31.946036][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   31.972079][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   32.000861][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1
[   32.007888][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   32.033903][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   32.054376][ T3308] hsr_slave_0: entered promiscuous mode
[   32.060989][ T3308] hsr_slave_1: entered promiscuous mode
[   32.067111][ T3308] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   32.074661][ T3308] Cannot create hsr debugfs directory
[   32.129170][ T3305] hsr_slave_0: entered promiscuous mode
[   32.135219][ T3305] hsr_slave_1: entered promiscuous mode
[   32.141260][ T3305] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   32.148879][ T3305] Cannot create hsr debugfs directory
[   32.248020][ T3300] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   32.264582][ T3300] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   32.275309][ T3300] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   32.291372][ T3300] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   32.326882][ T3308] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   32.341546][ T3308] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   32.350429][ T3298] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   32.363968][ T3308] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   32.372909][ T3298] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   32.383557][ T3298] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   32.392838][ T3298] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   32.401745][ T3308] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   32.428970][ T3306] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   32.437781][ T3306] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   32.458749][ T3306] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   32.476724][ T3306] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   32.485379][ T3305] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   32.495185][ T3305] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   32.504475][ T3305] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   32.520423][ T3305] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   32.593592][ T3300] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.615211][ T3298] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.640621][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.648701][ T3300] 8021q: adding VLAN 0 to HW filter on device team0
[   32.658400][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.671802][ T3298] 8021q: adding VLAN 0 to HW filter on device team0
[   32.684313][ T3306] 8021q: adding VLAN 0 to HW filter on device team0
[   32.695510][ T1878] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.702609][ T1878] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.712626][ T1878] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.719868][ T1878] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.728849][ T1878] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.735895][ T1878] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.753264][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.760400][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.771898][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.778989][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.795828][ T3300] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   32.806241][ T3300] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   32.821090][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.828165][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.845310][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.854714][ T3308] 8021q: adding VLAN 0 to HW filter on device team0
[   32.878023][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.885118][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.895686][ T3305] 8021q: adding VLAN 0 to HW filter on device team0
[   32.908204][   T88] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.915271][   T88] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.931328][   T88] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.938438][   T88] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.948131][   T88] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.955269][   T88] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.973815][ T3298] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   33.011299][ T3300] 8021q: adding VLAN 0 to HW filter on device batadv0
[   33.049475][ T3308] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   33.059948][ T3308] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   33.108429][ T3305] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   33.127567][ T3298] 8021q: adding VLAN 0 to HW filter on device batadv0
[   33.142838][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0
[   33.176664][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0
[   33.245691][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0
[   33.302695][ T3306] veth0_vlan: entered promiscuous mode
[   33.328667][ T3306] veth1_vlan: entered promiscuous mode
[   33.339553][ T3300] veth0_vlan: entered promiscuous mode
[   33.372631][ T3300] veth1_vlan: entered promiscuous mode
[   33.384315][ T3306] veth0_macvtap: entered promiscuous mode
[   33.401899][ T3306] veth1_macvtap: entered promiscuous mode
[   33.413720][ T3298] veth0_vlan: entered promiscuous mode
[   33.429261][ T3298] veth1_vlan: entered promiscuous mode
[   33.435186][ T3308] veth0_vlan: entered promiscuous mode
[   33.451224][ T3308] veth1_vlan: entered promiscuous mode
[   33.459000][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0
[   33.468644][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1
[   33.476001][ T3305] veth0_vlan: entered promiscuous mode
[   33.487592][ T3306] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   33.496348][ T3306] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   33.505324][ T3306] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   33.514111][ T3306] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   33.526111][ T3305] veth1_vlan: entered promiscuous mode
[   33.542001][ T3300] veth0_macvtap: entered promiscuous mode
[   33.551778][ T3300] veth1_macvtap: entered promiscuous mode
[   33.567883][ T3298] veth0_macvtap: entered promiscuous mode
[   33.577659][ T3300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   33.588212][ T3300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   33.598765][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_0
[   33.609628][ T3298] veth1_macvtap: entered promiscuous mode
[   33.619012][ T3300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   33.629495][ T3300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   33.640035][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_1
[   33.651749][ T3308] veth0_macvtap: entered promiscuous mode
[   33.661788][   T29] kauditd_printk_skb: 18 callbacks suppressed
[   33.661803][   T29] audit: type=1400 audit(1734646052.123:110): avc:  denied  { mounton } for  pid=3306 comm="syz-executor" path="/root/syzkaller.3MXBSm/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   33.664578][ T3305] veth0_macvtap: entered promiscuous mode
[   33.686600][   T29] audit: type=1400 audit(1734646052.133:111): avc:  denied  { mount } for  pid=3306 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   33.698462][ T3300] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   33.719873][   T29] audit: type=1400 audit(1734646052.133:112): avc:  denied  { mounton } for  pid=3306 comm="syz-executor" path="/root/syzkaller.3MXBSm/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   33.719909][   T29] audit: type=1400 audit(1734646052.133:113): avc:  denied  { mount } for  pid=3306 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   33.728606][ T3300] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   33.753880][   T29] audit: type=1400 audit(1734646052.133:114): avc:  denied  { mounton } for  pid=3306 comm="syz-executor" path="/root/syzkaller.3MXBSm/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   33.775722][ T3300] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   33.784358][   T29] audit: type=1400 audit(1734646052.133:115): avc:  denied  { mounton } for  pid=3306 comm="syz-executor" path="/root/syzkaller.3MXBSm/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4357 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   33.811048][ T3300] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   33.819735][   T29] audit: type=1400 audit(1734646052.133:116): avc:  denied  { unmount } for  pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   33.876620][   T29] audit: type=1400 audit(1734646052.323:117): avc:  denied  { mounton } for  pid=3306 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=502 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   33.900672][   T29] audit: type=1400 audit(1734646052.333:118): avc:  denied  { mount } for  pid=3306 comm="syz-executor" name="/" dev="gadgetfs" ino=3764 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   33.926230][ T3298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   33.926292][ T3306] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   33.936743][ T3298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   33.961181][ T3298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   33.971656][ T3298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   33.982924][ T3298] batman_adv: batadv0: Interface activated: batadv_slave_0
[   33.990997][ T3308] veth1_macvtap: entered promiscuous mode
[   34.004604][ T3305] veth1_macvtap: entered promiscuous mode
[   34.014544][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.020776][   T29] audit: type=1400 audit(1734646052.473:119): avc:  denied  { read write } for  pid=3306 comm="syz-executor" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   34.025106][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.059403][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.069851][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.079688][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.090175][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.100614][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0
[   34.119059][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.129559][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.139451][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.149920][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.162271][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1
[   34.169869][ T3298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.180337][ T3298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.190189][ T3298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.192775][ T3441] FAULT_INJECTION: forcing a failure.
[   34.192775][ T3441] name failslab, interval 1, probability 0, space 0, times 1
[   34.200743][ T3298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.200759][ T3298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.200773][ T3298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.202082][ T3298] batman_adv: batadv0: Interface activated: batadv_slave_1
[   34.213483][ T3441] CPU: 0 UID: 0 PID: 3441 Comm: syz.2.6 Not tainted 6.13.0-rc3-syzkaller-00082-gbaaa2567a712 #0
[   34.224264][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.233684][ T3441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[   34.243538][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.250676][ T3441] Call Trace:
[   34.250697][ T3441]  <TASK>
[   34.261158][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.271492][ T3441]  dump_stack_lvl+0xf2/0x150
[   34.281614][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.281626][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.281639][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.281650][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   34.291438][ T3441]  dump_stack+0x15/0x1a
[   34.294725][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.297644][ T3441]  should_fail_ex+0x223/0x230
[   34.311748][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0
[   34.312629][ T3441]  should_failslab+0x8f/0xb0
[   34.368552][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.371781][ T3441]  kmem_cache_alloc_noprof+0x52/0x320
[   34.379010][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.383531][ T3441]  ? __break_lease+0x7a/0xf60
[   34.393991][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.399363][ T3441]  __break_lease+0x7a/0xf60
[   34.409139][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.413859][ T3441]  ? security_inode_setxattr+0xcb/0x1f0
[   34.424281][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.428736][ T3441]  __vfs_setxattr_locked+0x12c/0x1d0
[   34.438588][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.444069][ T3441]  vfs_setxattr+0x140/0x290
[   34.454479][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   34.459731][ T3441]  file_setxattr+0x139/0x1b0
[   34.459777][ T3441]  path_setxattrat+0x2c2/0x310
[   34.469618][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   34.474102][ T3441]  __x64_sys_fsetxattr+0x6d/0x80
[   34.490417][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1
[   34.493971][ T3441]  x64_sys_call+0x29d2/0x2dc0
[   34.509347][ T3305] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   34.515942][ T3441]  do_syscall_64+0xc9/0x1c0
[   34.520803][ T3305] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.529268][ T3441]  ? clear_bhb_loop+0x55/0xb0
[   34.529304][ T3441]  ? clear_bhb_loop+0x55/0xb0
[   34.533886][ T3305] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.542494][ T3441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   34.542568][ T3441] RIP: 0033:0x7f4548925d29
[   34.547256][ T3305] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   34.551870][ T3441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   34.551891][ T3441] RSP: 002b:00007f4546f97038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[   34.551917][ T3441] RAX: ffffffffffffffda RBX: 00007f4548b15fa0 RCX: 00007f4548925d29
[   34.565997][ T3298] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   34.566475][ T3441] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000005
[   34.570932][ T3298] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.579531][ T3441] RBP: 00007f4546f97090 R08: 0000000000000000 R09: 0000000000000000
[   34.579549][ T3441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   34.579579][ T3441] R13: 0000000000000000 R14: 00007f4548b15fa0 R15: 00007fffd8b11778
[   34.579603][ T3441]  </TASK>
[   34.599459][ T3298] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.677539][ T3298] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   34.709596][ T3445] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5'.
[   34.732870][ T3308] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   34.741651][ T3308] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.750613][ T3308] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.759443][ T3308] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   34.787960][ T3446] lo speed is unknown, defaulting to 1000
[   34.794724][ T3446] lo speed is unknown, defaulting to 1000
[   34.813822][ T3446] lo speed is unknown, defaulting to 1000
[   34.862206][ T3446] infiniband syz2: set active
[   34.867043][ T3446] infiniband syz2: added lo
[   34.872111][ T1040] lo speed is unknown, defaulting to 1000
[   35.033613][ T3451] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7'.
[   35.064951][ T3461] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.116431][ T3464] SELinux:  Context system_u:object_r:inetd_var_run_t:s0 is not valid (left unmapped).
[   35.139046][ T3446] RDS/IB: syz2: added
[   35.151990][ T3465] FAULT_INJECTION: forcing a failure.
[   35.151990][ T3465] name failslab, interval 1, probability 0, space 0, times 0
[   35.164725][ T3465] CPU: 1 UID: 0 PID: 3465 Comm: syz.3.4 Not tainted 6.13.0-rc3-syzkaller-00082-gbaaa2567a712 #0
[   35.175151][ T3465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[   35.185253][ T3465] Call Trace:
[   35.188542][ T3465]  <TASK>
[   35.191496][ T3465]  dump_stack_lvl+0xf2/0x150
[   35.196128][ T3465]  dump_stack+0x15/0x1a
[   35.200367][ T3465]  should_fail_ex+0x223/0x230
[   35.205127][ T3465]  should_failslab+0x8f/0xb0
[   35.209794][ T3465]  kmem_cache_alloc_node_noprof+0x59/0x320
[   35.215629][ T3465]  ? __alloc_skb+0x10b/0x310
[   35.220326][ T3465]  __alloc_skb+0x10b/0x310
[   35.224804][ T3465]  netlink_alloc_large_skb+0xad/0xe0
[   35.230104][ T3465]  netlink_sendmsg+0x3b4/0x6e0
[   35.234892][ T3465]  ? __pfx_netlink_sendmsg+0x10/0x10
[   35.240252][ T3465]  __sock_sendmsg+0x140/0x180
[   35.245025][ T3465]  ____sys_sendmsg+0x312/0x410
[   35.249811][ T3465]  __sys_sendmsg+0x19d/0x230
[   35.254499][ T3465]  __x64_sys_sendmsg+0x46/0x50
[   35.259283][ T3465]  x64_sys_call+0x2734/0x2dc0
[   35.263974][ T3465]  do_syscall_64+0xc9/0x1c0
[   35.268496][ T3465]  ? clear_bhb_loop+0x55/0xb0
[   35.273261][ T3465]  ? clear_bhb_loop+0x55/0xb0
[   35.277956][ T3465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   35.283875][ T3465] RIP: 0033:0x7fa7b35f5d29
[   35.288359][ T3465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   35.307996][ T3465] RSP: 002b:00007fa7b1c40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   35.316425][ T3465] RAX: ffffffffffffffda RBX: 00007fa7b37e6080 RCX: 00007fa7b35f5d29
[   35.324420][ T3465] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000008
[   35.332407][ T3465] RBP: 00007fa7b1c40090 R08: 0000000000000000 R09: 0000000000000000
[   35.340384][ T3465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   35.348376][ T3465] R13: 0000000000000000 R14: 00007fa7b37e6080 R15: 00007ffd30e6af08
[   35.356525][ T3465]  </TASK>
[   35.377295][ T3446] smc: adding ib device syz2 with port count 1
[   35.396829][ T3446] smc:    ib device syz2 port 1 has pnetid 
[   35.402954][ T3376] lo speed is unknown, defaulting to 1000
[   35.408964][ T3446] lo speed is unknown, defaulting to 1000
[   35.499783][ T3446] lo speed is unknown, defaulting to 1000
[   35.599480][ T3446] lo speed is unknown, defaulting to 1000
[   35.680147][ T3446] lo speed is unknown, defaulting to 1000
[   35.731777][ T3471] netlink: 36 bytes leftover after parsing attributes in process `syz.0.9'.
[   35.750832][ T3446] lo speed is unknown, defaulting to 1000
[   35.788428][ T3470] rdma_rxe: rxe_newlink: failed to add lo
[   35.809132][ T3472] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4'.
[   36.112144][ T3487] netlink: 'syz.3.16': attribute type 1 has an invalid length.
[   36.185210][ T3491] netlink: 24 bytes leftover after parsing attributes in process `syz.3.18'.
[   36.199548][ T3493] loop2: detected capacity change from 0 to 512
[   36.209159][ T3493] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   36.217359][ T3493] EXT4-fs (loop2): orphan cleanup on readonly fs
[   36.223865][ T3493] EXT4-fs warning (device loop2): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   36.225876][ T3491] netlink: 88 bytes leftover after parsing attributes in process `syz.3.18'.
[   36.249675][ T3493] EXT4-fs (loop2): Cannot turn on quotas: error -117
[   36.256553][ T3493] EXT4-fs error (device loop2): ext4_orphan_get:1389: inode #16: comm syz.2.19: casefold flag without casefold feature
[   36.271746][ T3493] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.19: couldn't read orphan inode 16 (err -117)
[   36.300620][ T3493] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   36.332186][ T3461] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.382340][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.410763][ T3498] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT
[   36.412588][ T3500] loop2: detected capacity change from 0 to 512
[   36.431302][ T3498] netlink: 'syz.4.21': attribute type 10 has an invalid length.
[   36.448993][ T3500] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   36.457275][ T3500] EXT4-fs (loop2): orphan cleanup on readonly fs
[   36.463967][ T3500] EXT4-fs warning (device loop2): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   36.476098][ T3504] syz.0.23[3504] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.479086][ T3504] syz.0.23[3504] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.480119][ T3498] 8021q: adding VLAN 0 to HW filter on device batadv0
[   36.490828][ T3500] EXT4-fs (loop2): Cannot turn on quotas: error -117
[   36.509321][ T3504] syz.0.23[3504] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.515804][ T3500] EXT4-fs error (device loop2): ext4_orphan_get:1389: inode #16: comm syz.2.22: casefold flag without casefold feature
[   36.531715][ T3505] loop4: detected capacity change from 0 to 512
[   36.546237][ T3500] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.22: couldn't read orphan inode 16 (err -117)
[   36.550472][ T3498] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   36.576746][ T3500] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   36.612473][ T3505] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   36.625166][ T3505] EXT4-fs (loop4): orphan cleanup on readonly fs
[   36.629590][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.636137][ T3505] EXT4-fs warning (device loop4): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   36.660647][ T3505] EXT4-fs (loop4): Cannot turn on quotas: error -117
[   36.668908][ T3505] EXT4-fs error (device loop4): ext4_orphan_get:1389: inode #16: comm syz.4.21: casefold flag without casefold feature
[   36.686758][ T3513] FAULT_INJECTION: forcing a failure.
[   36.686758][ T3513] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   36.699862][ T3513] CPU: 1 UID: 0 PID: 3513 Comm: syz.2.25 Not tainted 6.13.0-rc3-syzkaller-00082-gbaaa2567a712 #0
[   36.710385][ T3513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[   36.720461][ T3513] Call Trace:
[   36.723803][ T3513]  <TASK>
[   36.726784][ T3513]  dump_stack_lvl+0xf2/0x150
[   36.731552][ T3513]  dump_stack+0x15/0x1a
[   36.735730][ T3513]  should_fail_ex+0x223/0x230
[   36.740434][ T3513]  should_fail+0xb/0x10
[   36.744601][ T3513]  should_fail_usercopy+0x1a/0x20
[   36.749639][ T3513]  strncpy_from_user+0x25/0x210
[   36.754615][ T3513]  ? kmem_cache_alloc_noprof+0x18e/0x320
[   36.760283][ T3513]  ? getname_flags+0x81/0x3b0
[   36.764968][ T3513]  getname_flags+0xb0/0x3b0
[   36.769477][ T3513]  user_path_at+0x26/0x120
[   36.773943][ T3513]  __se_sys_fspick+0x9f/0x260
[   36.778656][ T3513]  __x64_sys_fspick+0x43/0x50
[   36.783424][ T3513]  x64_sys_call+0x2806/0x2dc0
[   36.788169][ T3513]  do_syscall_64+0xc9/0x1c0
[   36.792680][ T3513]  ? clear_bhb_loop+0x55/0xb0
[   36.797363][ T3513]  ? clear_bhb_loop+0x55/0xb0
[   36.802051][ T3513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   36.808019][ T3513] RIP: 0033:0x7f4548925d29
[   36.812463][ T3513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   36.832076][ T3513] RSP: 002b:00007f4546f97038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[   36.840616][ T3513] RAX: ffffffffffffffda RBX: 00007f4548b15fa0 RCX: 00007f4548925d29
[   36.848627][ T3513] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c
[   36.856649][ T3513] RBP: 00007f4546f97090 R08: 0000000000000000 R09: 0000000000000000
[   36.864632][ T3513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   36.872607][ T3513] R13: 0000000000000000 R14: 00007f4548b15fa0 R15: 00007fffd8b11778
[   36.880604][ T3513]  </TASK>
[   36.889201][ T3505] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.21: couldn't read orphan inode 16 (err -117)
[   36.905640][ T3505] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   36.970926][ T3518] loop2: detected capacity change from 0 to 4096
[   37.041043][ T3521] netlink: 'syz.0.30': attribute type 10 has an invalid length.
[   37.052849][ T3521] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.061947][ T3521] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   37.175233][ T3531] 9pnet_fd: Insufficient options for proto=fd
[   37.237121][ T3534] loop2: detected capacity change from 0 to 512
[   37.243879][ T3534] EXT4-fs: Ignoring removed mblk_io_submit option
[   37.250356][ T3534] EXT4-fs: Ignoring removed bh option
[   37.257498][ T3534] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   37.270699][ T3534] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   37.294116][ T3534] EXT4-fs (loop2): 1 truncate cleaned up
[   37.300591][ T3534] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.554941][ T3461] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   37.660191][ T3461] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   37.972696][ T3461] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.006255][ T3461] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.021169][ T3546] block device autoloading is deprecated and will be removed.
[   38.046841][ T3546] syz.3.38: attempt to access beyond end of device
[   38.046841][ T3546] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   38.061788][ T3461] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.090314][ T3548] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   38.109867][ T3461] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.146340][ T3550] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.172158][ T3550] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.179287][ T3550] bridge0: port 2(bridge_slave_1) entered forwarding state
[   38.201044][ T3553] syz.3.40: attempt to access beyond end of device
[   38.201044][ T3553] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   38.265677][ T3558] netlink: 'syz.3.42': attribute type 10 has an invalid length.
[   38.278669][ T3558] 8021q: adding VLAN 0 to HW filter on device batadv0
[   38.290132][ T3558] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   38.416150][ T3568] 9pnet_fd: Insufficient options for proto=fd
[   38.451189][ T3570] syz.3.47: attempt to access beyond end of device
[   38.451189][ T3570] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   38.592635][ T3574] loop3: detected capacity change from 0 to 1024
[   38.602673][ T3574] =======================================================
[   38.602673][ T3574] WARNING: The mand mount option has been deprecated and
[   38.602673][ T3574]          and is ignored by this kernel. Remove the mand
[   38.602673][ T3574]          option from the mount to silence this warning.
[   38.602673][ T3574] =======================================================
[   38.647422][ T3574] EXT4-fs: dax option not supported
[   38.668141][   T29] kauditd_printk_skb: 434 callbacks suppressed
[   38.668157][   T29] audit: type=1326 audit(1734646057.123:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3573 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b35f5d29 code=0x7ffc0000
[   38.728004][   T29] audit: type=1326 audit(1734646057.163:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3573 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa7b35f5d29 code=0x7ffc0000
[   38.751385][   T29] audit: type=1326 audit(1734646057.163:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3573 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b35f5d29 code=0x7ffc0000
[   38.775127][   T29] audit: type=1326 audit(1734646057.163:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3573 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b35f5d29 code=0x7ffc0000
[   38.798619][   T29] audit: type=1326 audit(1734646057.163:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3573 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7fa7b35f5d29 code=0x7ffc0000
[   38.821856][   T29] audit: type=1326 audit(1734646057.163:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3573 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b35f5d29 code=0x7ffc0000
[   38.845445][   T29] audit: type=1326 audit(1734646057.163:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3573 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b35f5d29 code=0x7ffc0000
[   38.868752][   T29] audit: type=1326 audit(1734646057.163:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3573 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa7b35f5d29 code=0x7ffc0000
[   38.891850][   T29] audit: type=1326 audit(1734646057.163:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3573 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b35f5d29 code=0x7ffc0000
[   38.915099][   T29] audit: type=1326 audit(1734646057.163:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3573 comm="syz.3.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7b35f5d29 code=0x7ffc0000
[   38.940073][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.113395][ T3577] syz.3.50[3577] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   39.113541][ T3577] syz.3.50[3577] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   39.124839][ T3577] syz.3.50[3577] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   39.189027][ T3586] netlink: 8 bytes leftover after parsing attributes in process `syz.3.50'.
[   39.609776][ T3603] mmap: +}[@ (3603) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   39.731062][ T3607] 9pnet_fd: Insufficient options for proto=fd
[   39.761066][ T3610] block device autoloading is deprecated and will be removed.
[   39.774141][ T3610] syz.1.58: attempt to access beyond end of device
[   39.774141][ T3610] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   39.794702][ T3612] loop3: detected capacity change from 0 to 1024
[   39.803634][ T3612] EXT4-fs: dax option not supported
[   39.844675][ T3613] pim6reg: entered allmulticast mode
[   39.855874][ T3613] loop2: detected capacity change from 0 to 512
[   39.867123][ T3613] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   39.880480][ T3613] EXT4-fs (loop2): 1 truncate cleaned up
[   39.889974][ T3613] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.908256][ T3613] pim6reg: left allmulticast mode
[   39.929612][ T3629] loop1: detected capacity change from 0 to 1024
[   39.936247][ T3629] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[   39.964383][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.010971][ T3633] netlink: 'syz.2.66': attribute type 10 has an invalid length.
[   40.022096][ T3633] 8021q: adding VLAN 0 to HW filter on device batadv0
[   40.031002][ T3633] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   40.169712][ T3646] 9pnet_fd: Insufficient options for proto=fd
[   40.174866][ T3647] loop2: detected capacity change from 0 to 512
[   40.185123][ T3647] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   40.193383][ T3647] EXT4-fs (loop2): orphan cleanup on readonly fs
[   40.204900][ T3647] EXT4-fs warning (device loop2): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   40.223239][ T3647] EXT4-fs (loop2): Cannot turn on quotas: error -117
[   40.230653][ T3647] EXT4-fs error (device loop2): ext4_orphan_get:1389: inode #16: comm syz.2.72: casefold flag without casefold feature
[   40.236345][ T3650] syzkaller0: entered promiscuous mode
[   40.245425][ T3647] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.72: couldn't read orphan inode 16 (err -117)
[   40.248947][ T3650] syzkaller0: entered allmulticast mode
[   40.267190][ T3647] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   40.297927][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.358587][ T3498] syz.4.21 (3498) used greatest stack depth: 10488 bytes left
[   40.368772][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.392786][ T3658] loop1: detected capacity change from 0 to 512
[   40.413812][ T3658] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.436038][ T3658] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   40.477616][ T3670] syz.2.81: attempt to access beyond end of device
[   40.477616][ T3670] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   40.481533][ T3658] EXT4-fs error (device loop1): ext4_do_update_inode:5153: inode #19: comm syz.1.78: corrupted inode contents
[   40.503398][ T3658] EXT4-fs error (device loop1): ext4_dirty_inode:6041: inode #19: comm syz.1.78: mark_inode_dirty error
[   40.514996][ T3658] EXT4-fs error (device loop1): ext4_do_update_inode:5153: inode #19: comm syz.1.78: corrupted inode contents
[   40.527427][ T3658] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3006: inode #19: comm syz.1.78: mark_inode_dirty error
[   40.542575][ T3658] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3009: inode #19: comm syz.1.78: mark inode dirty (error -117)
[   40.569074][ T3658] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -117)
[   40.604968][ T3678] syz.2.84[3678] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   40.606224][ T3678] syz.2.84[3678] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   40.618435][ T3678] syz.2.84[3678] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   40.631887][ T3298] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.707807][ T3548] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.748480][ T3684] FAULT_INJECTION: forcing a failure.
[   40.748480][ T3684] name failslab, interval 1, probability 0, space 0, times 0
[   40.759720][ T3680] loop3: detected capacity change from 0 to 512
[   40.761230][ T3684] CPU: 1 UID: 0 PID: 3684 Comm: syz.4.87 Not tainted 6.13.0-rc3-syzkaller-00082-gbaaa2567a712 #0
[   40.772351][ T3680] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   40.777864][ T3684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[   40.777881][ T3684] Call Trace:
[   40.777890][ T3684]  <TASK>
[   40.777898][ T3684]  dump_stack_lvl+0xf2/0x150
[   40.807626][ T3684]  dump_stack+0x15/0x1a
[   40.811832][ T3684]  should_fail_ex+0x223/0x230
[   40.816521][ T3684]  should_failslab+0x8f/0xb0
[   40.821248][ T3684]  __kmalloc_noprof+0xab/0x3f0
[   40.826036][ T3684]  ? io_alloc_async_data+0x4a/0xb0
[   40.831188][ T3684]  io_alloc_async_data+0x4a/0xb0
[   40.836199][ T3684]  io_prep_rw+0x2ec/0x440
[   40.841068][ T3684]  io_prep_rwv+0x59/0x1f0
[   40.845430][ T3684]  io_prep_readv+0x1f/0x30
[   40.849893][ T3684]  io_submit_sqes+0x5d0/0x1090
[   40.854686][ T3684]  __se_sys_io_uring_enter+0x1b9/0x1ba0
[   40.860265][ T3684]  ? 0xffffffff81000000
[   40.864504][ T3684]  ? selinux_file_permission+0x22a/0x360
[   40.870154][ T3684]  ? bpf_probe_read_user_str+0x6a/0x70
[   40.875632][ T3684]  ? __rcu_read_unlock+0x4e/0x70
[   40.880587][ T3684]  ? bpf_trace_run2+0x123/0x1d0
[   40.885549][ T3684]  ? __bpf_trace_sys_enter+0x10/0x30
[   40.890906][ T3684]  ? trace_sys_enter+0xcd/0x110
[   40.895776][ T3684]  __x64_sys_io_uring_enter+0x78/0x90
[   40.901198][ T3684]  x64_sys_call+0xb5e/0x2dc0
[   40.905796][ T3684]  do_syscall_64+0xc9/0x1c0
[   40.910306][ T3684]  ? clear_bhb_loop+0x55/0xb0
[   40.915021][ T3684]  ? clear_bhb_loop+0x55/0xb0
[   40.919713][ T3684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.925638][ T3684] RIP: 0033:0x7f1c9abb5d29
[   40.930065][ T3684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   40.949857][ T3684] RSP: 002b:00007f1c99227038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[   40.958365][ T3684] RAX: ffffffffffffffda RBX: 00007f1c9ada5fa0 RCX: 00007f1c9abb5d29
[   40.966346][ T3684] RDX: 0000000000000000 RSI: 0000000000000567 RDI: 0000000000000003
[   40.974369][ T3684] RBP: 00007f1c99227090 R08: 0000000000000000 R09: 0000000000000000
[   40.982347][ T3684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   40.990326][ T3684] R13: 0000000000000000 R14: 00007f1c9ada5fa0 R15: 00007ffc41ad2768
[   40.998325][ T3684]  </TASK>
[   41.037940][ T3548] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.059671][ T3686] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT
[   41.073027][ T3686] netlink: 'syz.1.88': attribute type 10 has an invalid length.
[   41.084009][ T3548] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.098997][ T3692] netlink: 76 bytes leftover after parsing attributes in process `syz.3.92'.
[   41.109980][ T3692] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=3692 comm=syz.3.92
[   41.131418][ T3694] netlink: 76 bytes leftover after parsing attributes in process `syz.4.91'.
[   41.136169][ T3695] loop1: detected capacity change from 0 to 512
[   41.164317][ T3686] 8021q: adding VLAN 0 to HW filter on device batadv0
[   41.179751][ T3695] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   41.181802][ T3686] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   41.189078][ T3695] EXT4-fs (loop1): orphan cleanup on readonly fs
[   41.203769][ T3695] EXT4-fs warning (device loop1): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   41.225546][ T3695] EXT4-fs (loop1): Cannot turn on quotas: error -117
[   41.233893][ T3695] EXT4-fs error (device loop1): ext4_orphan_get:1389: inode #16: comm syz.1.88: casefold flag without casefold feature
[   41.246013][ T3548] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   41.251199][ T3695] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.88: couldn't read orphan inode 16 (err -117)
[   41.275973][ T3695] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   41.276199][ T3548] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   41.300530][ T3548] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   41.312298][ T3548] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   41.431912][ T3719] pimreg: entered allmulticast mode
[   41.438520][ T3719] pimreg: left allmulticast mode
[   41.443940][ T3722] netlink: 76 bytes leftover after parsing attributes in process `syz.4.104'.
[   41.463531][ T3724] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.475326][ T3728] syz.4.106[3728] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   41.493555][ T3686] syz.1.88 (3686) used greatest stack depth: 10464 bytes left
[   41.512916][ T3298] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.537997][ T3735] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   41.575310][ T3724] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.599138][ T3735] loop1: detected capacity change from 0 to 1764
[   41.608426][ T3724] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.634010][ T3735] netlink: 16 bytes leftover after parsing attributes in process `syz.1.107'.
[   41.702876][ T3724] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   41.720155][ T3747] Zero length message leads to an empty skb
[   41.781086][ T3758] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT
[   41.788790][ T3761] block device autoloading is deprecated and will be removed.
[   41.794123][ T3758] netlink: 'syz.1.118': attribute type 10 has an invalid length.
[   41.802376][ T3761] syz.3.120: attempt to access beyond end of device
[   41.802376][ T3761] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   41.831862][ T3758] loop1: detected capacity change from 0 to 512
[   41.855542][ T3758] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   41.865496][ T3758] EXT4-fs (loop1): orphan cleanup on readonly fs
[   41.873662][ T3758] EXT4-fs warning (device loop1): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   41.890108][ T3758] EXT4-fs (loop1): Cannot turn on quotas: error -117
[   41.904470][ T3768] loop3: detected capacity change from 0 to 128
[   41.906505][ T3758] EXT4-fs error (device loop1): ext4_orphan_get:1389: inode #16: comm syz.1.118: casefold flag without casefold feature
[   41.924062][ T3758] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.118: couldn't read orphan inode 16 (err -117)
[   41.940359][ T3758] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   42.083077][ T3768] netlink: 8 bytes leftover after parsing attributes in process `syz.3.123'.
[   42.097216][ T3768] syz.3.123: attempt to access beyond end of device
[   42.097216][ T3768] loop3: rw=2049, sector=145, nr_sectors = 896 limit=128
[   42.129311][ T3767] syz.3.123: attempt to access beyond end of device
[   42.129311][ T3767] loop3: rw=524288, sector=145, nr_sectors = 224 limit=128
[   42.143448][ T3767] syz.3.123: attempt to access beyond end of device
[   42.143448][ T3767] loop3: rw=0, sector=177, nr_sectors = 8 limit=128
[   42.157136][ T3767] syz.3.123: attempt to access beyond end of device
[   42.157136][ T3767] loop3: rw=0, sector=177, nr_sectors = 8 limit=128
[   42.239087][ T3776] loop3: detected capacity change from 0 to 512
[   42.258739][ T3776] netlink: 4 bytes leftover after parsing attributes in process `syz.3.126'.
[   42.269296][ T3776] netlink: 4 bytes leftover after parsing attributes in process `syz.3.126'.
[   42.309564][ T3779] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT
[   42.348052][ T3783] loop2: detected capacity change from 0 to 512
[   42.355997][ T3783] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   42.364418][ T3783] EXT4-fs (loop2): orphan cleanup on readonly fs
[   42.373177][ T3783] EXT4-fs warning (device loop2): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   42.394555][ T3783] EXT4-fs (loop2): Cannot turn on quotas: error -117
[   42.401914][ T3783] EXT4-fs error (device loop2): ext4_orphan_get:1389: inode #16: comm syz.2.130: casefold flag without casefold feature
[   42.416298][ T3790] FAULT_INJECTION: forcing a failure.
[   42.416298][ T3790] name failslab, interval 1, probability 0, space 0, times 0
[   42.429097][ T3790] CPU: 1 UID: 0 PID: 3790 Comm: syz.4.132 Not tainted 6.13.0-rc3-syzkaller-00082-gbaaa2567a712 #0
[   42.439721][ T3790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[   42.449886][ T3790] Call Trace:
[   42.453169][ T3790]  <TASK>
[   42.456102][ T3790]  dump_stack_lvl+0xf2/0x150
[   42.460774][ T3790]  dump_stack+0x15/0x1a
[   42.465049][ T3790]  should_fail_ex+0x223/0x230
[   42.469740][ T3790]  should_failslab+0x8f/0xb0
[   42.474404][ T3790]  kmem_cache_alloc_node_noprof+0x59/0x320
[   42.480297][ T3790]  ? __alloc_skb+0x10b/0x310
[   42.484976][ T3790]  __alloc_skb+0x10b/0x310
[   42.489399][ T3790]  ? audit_log_start+0x34c/0x6b0
[   42.494381][ T3790]  audit_log_start+0x368/0x6b0
[   42.499303][ T3790]  audit_seccomp+0x4b/0x130
[   42.503820][ T3790]  __seccomp_filter+0x6fa/0x1180
[   42.508789][ T3790]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   42.514815][ T3790]  ? vfs_write+0x596/0x920
[   42.519274][ T3790]  __secure_computing+0x9f/0x1c0
[   42.524248][ T3790]  syscall_trace_enter+0xd1/0x1f0
[   42.529377][ T3790]  ? fpregs_assert_state_consistent+0x83/0xa0
[   42.535533][ T3790]  do_syscall_64+0xaa/0x1c0
[   42.540051][ T3790]  ? clear_bhb_loop+0x55/0xb0
[   42.544740][ T3790]  ? clear_bhb_loop+0x55/0xb0
[   42.549512][ T3790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.555588][ T3790] RIP: 0033:0x7f1c9abb5d29
[   42.560049][ T3790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   42.579792][ T3790] RSP: 002b:00007f1c99227038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075
[   42.588278][ T3790] RAX: ffffffffffffffda RBX: 00007f1c9ada5fa0 RCX: 00007f1c9abb5d29
[   42.596397][ T3790] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   42.604372][ T3790] RBP: 00007f1c99227090 R08: 0000000000000000 R09: 0000000000000000
[   42.612350][ T3790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   42.620328][ T3790] R13: 0000000000000000 R14: 00007f1c9ada5fa0 R15: 00007ffc41ad2768
[   42.628320][ T3790]  </TASK>
[   42.674282][ T3783] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.130: couldn't read orphan inode 16 (err -117)
[   42.686685][ T3298] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.690969][ T3783] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   42.726436][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.732354][ T3794] loop3: detected capacity change from 0 to 512
[   42.769215][ T3794] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   42.769238][ T3800] loop2: detected capacity change from 0 to 1024
[   42.779394][ T3794] EXT4-fs (loop3): orphan cleanup on readonly fs
[   42.791611][ T3794] EXT4-fs warning (device loop3): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   42.812986][ T3800] EXT4-fs: dax option not supported
[   42.847894][ T3794] EXT4-fs (loop3): Cannot turn on quotas: error -117
[   42.869683][ T3794] EXT4-fs error (device loop3): ext4_orphan_get:1389: inode #16: comm syz.3.135: casefold flag without casefold feature
[   42.917836][ T3815] loop1: detected capacity change from 0 to 1024
[   42.924645][ T3815] EXT4-fs: dax option not supported
[   42.928265][ T3794] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.135: couldn't read orphan inode 16 (err -117)
[   42.942392][ T3794] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   42.976454][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.053056][ T3829] loop1: detected capacity change from 0 to 1024
[   43.061209][ T3829] EXT4-fs: dax option not supported
[   43.111853][ T3836] bio_check_eod: 26 callbacks suppressed
[   43.111872][ T3836] syz.1.152: attempt to access beyond end of device
[   43.111872][ T3836] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   43.201598][ T3844] netlink: 16 bytes leftover after parsing attributes in process `syz.1.156'.
[   43.244052][ T3850] 9pnet_fd: Insufficient options for proto=fd
[   43.279740][ T3855] netlink: 268 bytes leftover after parsing attributes in process `syz.1.161'.
[   43.281053][ T3853] loop3: detected capacity change from 0 to 1024
[   43.288960][ T3855] unsupported nla_type 65024
[   43.297283][ T3853] EXT4-fs: dax option not supported
[   43.352434][ T3857] loop3: detected capacity change from 0 to 2048
[   43.367473][ T3859] netlink: 'syz.1.164': attribute type 10 has an invalid length.
[   43.392643][ T3861] syz.1.165: attempt to access beyond end of device
[   43.392643][ T3861] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   43.417571][ T3857]  loop3: p1 < > p4 < >
[   43.471291][ T3288] udevd[3288]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   43.471705][ T3291] udevd[3291]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   43.553759][ T3874] bpf_get_probe_write_proto: 2 callbacks suppressed
[   43.553837][ T3874] syz.3.171[3874] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.560704][ T3874] syz.3.171[3874] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.573171][ T3874] syz.3.171[3874] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.607182][ T3876] 9pnet_fd: Insufficient options for proto=fd
[   43.641423][ T3878] netlink: 16 bytes leftover after parsing attributes in process `syz.3.173'.
[   43.656960][ T3376] ==================================================================
[   43.665065][ T3376] BUG: KCSAN: data-race in kick_pool / wq_worker_running
[   43.672135][ T3376] 
[   43.674493][ T3376] read-write to 0xffff888237c2e8a4 of 4 bytes by task 3373 on cpu 0:
[   43.682559][ T3376]  wq_worker_running+0x98/0x130
[   43.687419][ T3376]  schedule_timeout+0xb8/0x160
[   43.692179][ T3376]  msleep+0x4b/0x70
[   43.696014][ T3376]  nsim_fib_event_work+0x1fd8/0x2270
[   43.701306][ T3376]  process_scheduled_works+0x483/0x9a0
[   43.706770][ T3376]  worker_thread+0x51d/0x6f0
[   43.711384][ T3376]  kthread+0x1d1/0x210
[   43.715449][ T3376]  ret_from_fork+0x4b/0x60
[   43.719856][ T3376]  ret_from_fork_asm+0x1a/0x30
[   43.724620][ T3376] 
[   43.726935][ T3376] read to 0xffff888237c2e8a4 of 4 bytes by task 3376 on cpu 1:
[   43.734467][ T3376]  kick_pool+0x4d/0x2c0
[   43.738652][ T3376]  __queue_work+0x8bb/0xb40
[   43.743161][ T3376]  queue_work_on+0xd3/0x180
[   43.747673][ T3376]  process_srcu+0x711/0xb00
[   43.752170][ T3376]  process_scheduled_works+0x483/0x9a0
[   43.757634][ T3376]  worker_thread+0x51d/0x6f0
[   43.762229][ T3376]  kthread+0x1d1/0x210
[   43.766296][ T3376]  ret_from_fork+0x4b/0x60
[   43.770720][ T3376]  ret_from_fork_asm+0x1a/0x30
[   43.775482][ T3376] 
[   43.777796][ T3376] value changed: 0x00000000 -> 0x00000001
[   43.783515][ T3376] 
[   43.785829][ T3376] Reported by Kernel Concurrency Sanitizer on:
[   43.791988][ T3376] CPU: 1 UID: 0 PID: 3376 Comm: kworker/1:3 Not tainted 6.13.0-rc3-syzkaller-00082-gbaaa2567a712 #0
[   43.802743][ T3376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[   43.812794][ T3376] Workqueue: rcu_gp process_srcu
[   43.817733][ T3376] ==================================================================
[   45.712088][ T3724] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   45.723610][ T3724] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   45.734662][ T3724] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   45.745926][ T3724] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0