last executing test programs:

4.88750385s ago: executing program 4 (id=761):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000002000000000b7080003000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000950000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x3938700}, {0x77359400}}, 0x0)

4.804136517s ago: executing program 4 (id=763):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
write$binfmt_script(r1, &(0x7f0000001800)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1)
openat$cgroup_freezer_state(r1, &(0x7f0000000640), 0x2, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x1, &(0x7f0000000740)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYBLOB='\x00'/17, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r7, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r6}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000094e400b70400000000000085000000c300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open$cgroup(&(0x7f0000000680)={0x1, 0x80, 0x7, 0x2, 0x8c, 0x8, 0x0, 0x9, 0x8700a, 0x8, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0xb0, 0x3}, 0x2, 0x2, 0x0, 0x6, 0x9, 0x29, 0x2, 0x0, 0x5, 0x0, 0x8001}, r1, 0x3, 0xffffffffffffffff, 0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000040), 0x4)

3.78025506s ago: executing program 4 (id=769):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000e390558eb29f011476929eb3c02832ed4ed089d1846536b7eb874cd732dd4465e668d36f6142207236a51f5f8752321c472029a97629a60dddc0592a2405f7031759e582c56f82cbccea6a9c439f5acaa71712c8925c064792311dffe97cf554792b731165f5ce48f02700fd58e0798b5cebb2b722812faa9696843a0f284c0159157e8ed48f8567cc49db84775f36c6459375778b2c7132c31ab26aff10ff62e17d9f9b3236717ab7490bcfe5b1bddb2ccb3ba8d9e25e57d70662521d029fbeb03f8c88ec7cba350dd82b57927d960a9c7453756cae5e", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10)
socket$inet(0x2, 0xa, 0x86)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

3.263669356s ago: executing program 1 (id=779):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
write$binfmt_script(r1, &(0x7f0000001800)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1)
openat$cgroup_freezer_state(r1, &(0x7f0000000640), 0x2, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x1, &(0x7f0000000740)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYBLOB='\x00'/17, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r7, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r6}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000094e400b70400000000000085000000c300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open$cgroup(&(0x7f0000000680)={0x1, 0x80, 0x7, 0x2, 0x8c, 0x8, 0x0, 0x9, 0x8700a, 0x8, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0xb0, 0x3}, 0x2, 0x2, 0x0, 0x6, 0x9, 0x29, 0x2, 0x0, 0x5, 0x0, 0x8001}, r1, 0x3, 0xffffffffffffffff, 0x9)
syz_open_dev$tty20(0xc, 0x4, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000040), 0x4)

3.253116037s ago: executing program 4 (id=780):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_GET_PACK_ID(r1, 0x227c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYRES64=r1, @ANYRES8], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x79ac1631, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r4}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

2.161074386s ago: executing program 1 (id=787):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0)
sendfile(r1, r0, 0x0, 0x6)

2.138569307s ago: executing program 4 (id=788):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x13, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="18010000000000200000000000000000181900", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000080)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', r1, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4008550d, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
syz_usbip_server_init(0x4)

2.128269608s ago: executing program 3 (id=789):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="170000000000000004000000ff00000000000000e390558eb29f011476929eb3c02832ed4ed089d1846536b7eb874cd732dd4465e668d36f6142207236a51f5f8752321c472029a97629a60dddc0592a2405f7031759e582c56f82cbccea6a9c439f5acaa71712c8925c064792311dffe97cf554792b731165f5ce48f02700fd58e0798b5cebb2b722812faa9696843a0f284c0159157e8ed48f8567cc49db84775f36c6459375778b2c7132c31ab26aff10ff62e17d9f9b3236717ab7490bcfe5b1bddb2ccb3ba8d9e25e57d70662521d029fbeb03f8c88ec7cba350dd82b57927d960a9c7453756cae5e", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

2.124224919s ago: executing program 0 (id=790):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r3, 0x0, r5, 0x0, 0x8000f28, 0x0)
splice(r4, 0x0, r3, 0x0, 0x7f, 0xe)
write(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0)
r6 = memfd_create(&(0x7f0000000540)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x10, r7, 0x0)
r8 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r8, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f00001b8000/0x2000)=nil, &(0x7f000064f000/0x3000)=nil, 0x0, &(0x7f0000000240)=[{}], 0x1, 0x0, 0x0, 0x28})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan1\x00'})
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[], 0x20}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

2.104546401s ago: executing program 1 (id=791):
rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffff7feffff7ffd]}, 0x0, 0x8)
r0 = gettid()
tkill(r0, 0x14)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000002c0)={0x2, &(0x7f0000000000)=[{0x14, 0x0, 0xfd, 0x4000000}, {0x6}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'netdevsim0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_RATE={0x6}]}, 0x38}}, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000ec0)={'wpan0\x00'})
r7 = gettid()
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000aa5949820004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRESOCT=r2], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r10}, &(0x7f00000004c0), &(0x7f0000000500)='%-5lx  \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r11}, 0x10)
syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000080)='./file1\x00', 0x1000004, &(0x7f0000000d40)=ANY=[@ANYRES16=0x0, @ANYRES32], 0x4, 0x7c1, &(0x7f0000001a00)="$eJzs3U1sHOUZAOB3HIcEI6WIVimKQpgEKgUpmPUaTF0OsKzH9sB619pdV4mqikbEQVYcoFDUkgtElaCtWlU99Ui5cuuNqlIr9dD2VKkceukNiVNFpf6JqkJyNbPrxH9rh+D8QJ7H8n6zs+983zvr9bw7a++3AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+qVMaSaOTfXjiZDlafarfmtrl9tb/frmvWeWLduBFJ8R3798dH/+qt+9Llmw8WF8ficO/a4dhfNPvjwh0H73zsi8NDq9tvk9DVOnqFcUnE60VS504vLy++dA0SuY5+9OtPvMl/V4rLmayZd1r5XG0mS/NOK52cmKg8NDvdSafzRtY51elmc2m9ndW6rXZ6vP5AOjY5OZ5mo6daC82ZqVojW1356IPVSmUifWp0Pqu1O63mQ09Fpz6bNxp5c6aMqVa+G0XMo8UD8em8m3az2lyanl1aXhzfKdUiaGyrG/b0Hj+H77/zg1fe/+fSYvGAHNRJ0n9gVsfGqtWxiUcmH3m0UhmuVqrrV1Q2iEsRMRRRRFyTBy2fIbt7AIdPYahf/6MReTRjIU5GuuFrb0TsjXpMRTtaMVes+8veTVF9q/X/Kw/9/U/bjbu2/q9W+bsv33woyvp/pHftyKD6vymL6/31crwaF+JcnI7lWI7FeGl3+9+36xkPfdoeknXXZiKLZuTRiVbkMRe1ck3aX5PGZEzERFTimZiN6ehEGtORRyOy6MSp6EQ3svIRVY92ZFGLbrSiHWkcj3o8EGmMxWRMxnikkcVonIpWLEQzZuLBqJW9nI2l8n4f35DlwdvjV8/9+YO3iuVLQWPb7VbxZK4I+sc2QZvK/bb1f2WleL6wMUL9v9Vdg6M4XJ2V1foPAAAAfG4l5avvSfkS/z3l0nTeyL5xo9MCAAAAdlH5l//DRbO3WLonkuL8v7JF5HvXPTcAAABgdyTle+ySiBiJe3tLZ2MpXo/F2OpFAAAAAOAzqPz7/5GiGYl4rVyxOl2K838AAAD4nPjBoDn231+dY7czvy/5TTkHcHJx/uT9yflaEVc7v6e3Xb/5+qUeu9OHkgP9TspmYvjCHUlEDNezw8nq7Jcf7+u1H5aXh4YvbT5orv+k3d42gdg+gfJa/DiO9mKOnum1Z/q3JL1RRqbzRjZabzUeK6dELL67rzy/9L2IYvQfNucOJHF2aXlx9NkXls+UuVwserl4vj+B4rp5FFe+sG0uK/17IO7Zeo/3lm/E6I870hu3snb/h8qt/7dSzjM7cP+TtWO+Ecd6McdGeu3I6i29MfcXY46NPjYWtdqBoW52svvKypq972cxttOe7/BTeCPu68Xcd/y+XrNFFtV1WTy/OYvq2ix690UM7VIWbx197eR/ft9KsvGdshj/BFms7InYmAXAjXK2nPXnchW6vaxCRVEpFPV/Q929fXXLKzjW/vvyKL1nGR/3u42INbVuODZW98t9X1l1X4neEf14L+Z47/nE8KEt6kpliyP6i0sv/qF/RH/4nZ//4ptH/vjLctyrqm7vxAO9mH4Td/1uQI0t9vknG6rq28UWb285bvEcrNOoJnExYs93zr8YB19+9cKDS+dPP7f43OLz1er4ROXhSuWRauwtnyr0m20yBeDWtfNn7AyMuK3fRfLwoLPqfsW769K/FIzGs/FCLMeZOFG+2yAi7t087rvFmfiaf0M4scNZ68iaT3g5scO55eXY6ubYJAbEjq+5x778s7L56Jr8OADguji2TR3eof5femX+xA7n3etr+Yaz4xhcy7fy1Wt6bwDArSFrf5iMdN9M2u18/pmxycmxWnc2S9ut+tNpO5+aydK82c3a9dlacyZL59utbqu++sLxVNZJOwvz8612N51utdMY6uQny09+T/sf/d7J5mrNbl7vzDeyWidL661mt1bvplN5p57OLzzZyDuzWbvcuDOf1fPpvF7r5q1m2mkttOvZaJp2smxNYD6VNbv5dF4sNtP5dj5Xa1+MiMbCXJZOZZ16O5/vtnodro6VN6db7bmy29HNu/+3631/A8DN4OVXL5w7vby8+NLVLfz1SoJv9D4CAOup0gAAAAAAAAAAAAAAcPPb/Ha9Yu2neEfgJ1vYF9d8iFto4Wv9KRl7a4qlmySxG7fwrccfPzco5snX7p69sn62/k3Z6q2ubx6IuO3dn/bWPDE4+Pv937/d2dP3IuIqNl9JtolZd5i47ToflgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgS/8PAAD//9u2aZI=")
r12 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r12, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x5f, 0xffffffffffffffff, {0x29}}, './file0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r9}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
rt_sigqueueinfo(r7, 0x21, &(0x7f0000000000))

1.707755956s ago: executing program 3 (id=793):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r1}, &(0x7f00000005c0), &(0x7f0000000600)='%pI4   \x00'}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func, @map_fd, @generic, @initr0, @exit, @alu, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0xc, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x911}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a30000000002c000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000003a000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xa0}}, 0x8040)

1.532263102s ago: executing program 4 (id=794):
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x3014490, &(0x7f0000000100)={[{@nombcache}, {@usrjquota}, {@errors_remount}, {@norecovery}, {@abort}, {@mblk_io_submit}, {@nouid32}, {@barrier_val}, {@grpjquota}, {}]}, 0x45, 0x7ce, &(0x7f0000000500)="$eJzs3c9rHNcdAPDvrFY/7VYqlLYuFBYKrcF4Vbmq3UKhKj2UQg2G5JRDbLFaC0crrdGujCVEYhMCuQSSkFty8Tk/LyHX/IDkkvwfwcZJZBOHHILC7A9pJe/aK0faje3PB8Z6b+fNvPfdN/P2STOeDeCxlUv/yUQciYiXk4jxxutJRAzWUtmImXq5OxvrhXRJYnPzia+TWpnbG+uFaNkmdaiR+V1EfPxCxLHM3fVWVtcWZkul4vKObVfXjl9YnJ0vzheXTk5NT5849bdTJ/cv1m+/WDt845X//vmdme+f/+27L32SxEwcTuOr2Y5jv+Qi14hrMH0Ld/jPflfWN+8/20WhTMTmZj2ZPegGsQfpqTnQ6JUjMR4D9+qf0V62DAA4KM9FOjPrYKDjGgDgoZbUP///1e92AAC90vw7wO2N9UJz6e9fJHrr5r8jYqQef/P6Zn1NtnHNbqR2HXTsdrLjykgSERP7UH8uIt744Om30iV2XU8FOEhXrkbEuYncjvF/IGoj3O57FvbqL+1fnm/N5HatNP5B73yYzn/+3m7+l9ma/0Sb+c9wm3P3Qdz//M9c34dqOkrnf/9subftTkv8DRMDjdwvanO+weT8hVIxHdt+GRFHY3A4zU/Vy7a9Q+borR9udaq/df73zavPvJnWn/7cLpG5nh3euc3cbHX2p8bddPNqxO+z7eJPx//hWv8nHea/Z7qs43//ePH1TuvS+NN4m8vd8R+szWsRf2rb/8lWmTQ1WV28OFlpd3/iZO1wmGweFG28NxNjnerPZbf7P13S+pu/C/RC2v9j945/Imm9X7PS9a63zoXPr41/1KlQ6/HfPv72x/9Q8mQtPdR47fJstbo8FTGU/P/u109sb9vMN8un8R/9Y/vzvzn+tTn+n0r3f67LNyJ746u3Hzz+g5XGP7en/t9zIkbuLAx0qr+7/p/esU0341+3DXzQ9w0AAAAAAAAAAAAAAAAAAAAAAAAA9iITEYcjyeS30plMPl//Du9fx1imVK5Uj50vryzNpetqzz/NNB91Od7yPNSpxvPwm/kTu/J/jYhfRcRrw6O1fL5QLs31O3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaDjU4fv/U18O7yo80I8WAgAHYsQHOwA8bpJstt9NAAB6baTrkrmIGD3QtgAAvdH95z8A8Kjo/PnvwgAAPKru8/v/7v8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt15vTpdNn8bmO9kObnLq2uLJQvHZ8rVhbyiyuFfKG8fDE/Xy7Pl4r5Qnkxsh12dKX+o1QuX5yOpZXLk9VipTpZWV07u1heWaqevbA4O188WxzsYWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0K3K6trC5nipuJwmZksSPU4sfFbvh59LeyT2logr9f7b1z1/evIPv0l32tcAY2h7lBjty9gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DD4MQAA//+KvR+l")
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB="00000000bc6c35e10000000000", @ANYRES32=0x0], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$cgroup_int(r2, &(0x7f0000000000), 0xffffff6a)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r4}, 0x10)
unshare(0x26020280)
syz_clone3(&(0x7f0000001240)={0x22204400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$FIBMAP(r2, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x2}, 0x0)

1.373187806s ago: executing program 2 (id=796):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x3938700}, {0x77359400}}, 0x0)

1.340978079s ago: executing program 2 (id=797):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
write$binfmt_script(r1, &(0x7f0000001800)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1)
openat$cgroup_freezer_state(r1, &(0x7f0000000640), 0x2, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x1, &(0x7f0000000740)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYBLOB='\x00'/17, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r7, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r6}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000094e400b70400000000000085000000c300000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open$cgroup(&(0x7f0000000680)={0x1, 0x80, 0x7, 0x2, 0x8c, 0x8, 0x0, 0x9, 0x8700a, 0x8, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0xb0, 0x3}, 0x2, 0x2, 0x0, 0x6, 0x9, 0x29, 0x2, 0x0, 0x5, 0x0, 0x8001}, r1, 0x3, 0xffffffffffffffff, 0x9)
syz_open_dev$tty20(0xc, 0x4, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000040), 0x4)

1.227580589s ago: executing program 0 (id=798):
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
perf_event_open(&(0x7f0000000300)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0x1000, 0x0, 0xc5}, 0x0, 0x20000, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r1)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c)
connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131003b1c47b905b58d6f74f4350bb1b80b38d55aaa"], 0x20}}, 0x0)

1.2149664s ago: executing program 1 (id=799):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x18}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

416.160123ms ago: executing program 3 (id=800):
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131003b1c47b905b58d6f74f4350bb1b80b38d55aaa"], 0x20}}, 0x0)

411.812173ms ago: executing program 1 (id=801):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2f, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x3}}}]}}]}, 0x45c}}, 0x0)
fcntl$notify(r2, 0x402, 0x5)
r6 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r6, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x2}}, './file0\x00'})

399.094884ms ago: executing program 0 (id=802):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0500000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000200000000000000000000000000000000d00db05ebdfc0000000000000000"], 0x48)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
ftruncate(r1, 0xc17a)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = socket(0x11, 0x3, 0x0)
r3 = epoll_create1(0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)={0xe000202b})
epoll_pwait(r4, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffffffffffff7, 0x0, 0x0)
r5 = dup3(r2, r4, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000300)={0x200f})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000040)={0x20000004})
epoll_ctl$EPOLL_CTL_MOD(r7, 0x3, r6, &(0x7f00000000c0))

291.563214ms ago: executing program 2 (id=803):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000014c0)={0x1a, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x8c}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$GTP_CMD_DELPDP(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x28}}, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000000000090", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1802000051fa7413000000000000000085000000410000001801000020646c2500000000002082e17b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095000000000000001ceed19b51ceef86b942ee69cf761dde018e561dd0435fc4cd5d000000002ac74bacb9c76b79dbaf7c63811dd0803cd9c7192d2f298403088f8c6783d5246ba59d62418b15edb48df00194941c5684c9a3bf6bd49f3793009626f5d7bcc88eb4cd7733af010739e7a2abf48b0444833bdc0d8704bf2174d901844337759e0a271276f3b886989aa89816b0a4ed554bb09ab27bf6bd5dcee84f902885411bdd1b479006f57ba2392d4bba642c3183c568883ae03d51c2b470"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x60)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route_sched(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x2c, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0x5}}]}, 0x2c}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x90)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000340)=@sg0, 0x0, &(0x7f0000000580)='./file0\x00')

291.039474ms ago: executing program 3 (id=804):
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131003b1c47b905b58d6f74f4350bb1b80b38d55aaa"], 0x20}}, 0x0)

271.523446ms ago: executing program 1 (id=805):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
pipe(&(0x7f0000000200))
write(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0)
memfd_create(&(0x7f0000000540)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f00001b8000/0x2000)=nil, &(0x7f000064f000/0x3000)=nil, 0x0, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x28})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000010651fbe347b2c2b00000c00018008000100", @ANYRES32=r6], 0x20}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

218.30383ms ago: executing program 0 (id=806):
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10006, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, 0x0, 0x0)

177.110184ms ago: executing program 2 (id=807):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d90000000000"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
socket$inet(0x2, 0x800, 0x4ba)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000200)=[{{0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}}, {{0x0, 0x1}}], 0x10)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0x0, 0x0)

167.158435ms ago: executing program 3 (id=808):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2f, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00497786597dbd2c459a4eb848d7ee63ed400df217f0ad4e50ac877321ebb94a4c1272eecf58c17374c8a89473e8e9a6764605d0dd6eebe6d3abecd72f02c9ebe88463eaea18d5ec8f028b937001b9b944dfc83a825bf25740d87c8aac392384af98aa507594fb305e6cac7f256b5ab71e3b6054873980d031898b22b9edcc66bad1217655b725c525adac7f563c5bca52bf9af89943c05645c590c5a901be5b8bb16a5289d450f4509b992b6d97e5975c66a3030b7ab085952d4e1b1f848ac2c63995dbca0021552d8424b3937cf2253ae1a2", @ANYRESOCT, @ANYBLOB="bd49488ecc2a1e8d8984cbe7fb724acc07d59709e8c77c26bc2c07a7efe6e64daad3fc2a338e4e1d9d1447c58e3f19dc1eaf096acd1148c455efdbb6ba2f8c6ad00c43ca785332441acd3ce04176de4cf70e319f9062ff1f52f76fc4dc13fbad595f1eb51bd73bcadadd9aa6b23ba19ea5a4d8da0527c425a06bdd32eed71cd09e256354769a34fe6a68a07c649ca51669da707cf67fffb3207a91fa4a30b0a8ca537f9b33b273e29d84350abca302d5e32146751321624036c0ec9ca39e48db45aa581537129b9aeb94aed17f93d523596b15b814294812", @ANYRES64, @ANYRES64, @ANYBLOB="3beed1c4992b990a61114526e9c55ce666bed240e51911d744ba5799013800d2d1243bb1dbbf19809fcbc92a76ea34b4cc720fcbbef63f7463010dc2e84ba32925642306b826edb4846f3a2d826dad32044bc60ce950887b99e2693fc6b33ac61859d71079df8978c30215766a99057c8d45dcfb9ac666b2dcfa55c9624229f071c5b487dc032e8084d363fd02ed48ed05f009a5280e1cbea0c0a95ba143494187d7666ac5c146b55300374b26289acf98d8e49c69fe1d7c3054202df3a2e4ba"], 0x1, 0x222, &(0x7f0000000300)="$eJzs2k2LW2UUB/Bz25HWKdNEfKMF8UE3urk0Wblw0UFaEAOKNoIK0lvnRkMyyZAbBiLSzs6tH8G1uHQnSL/AbPwEXbibzSy7EK+0KZ0X4mIQJ9j5/TY5cPKH5+FcLmdx9979YXPQq/JeMY1zWRYr12MnHmbRjHNxPuZ24u277zx47ZPPPv9gvdO58XFKN9dvtdoppcuv//bFdz+/cX966dNfLv96IXabX+7tt//YfWX3yt5ft77pV6lfpdF4mop0ZzyeFneGZdroV4M8pY+GZVGVqT+qysmRfm843tqapWK0sba6NSmrKhWjWRqUszQdp+lkloqvi/4o5Xme1laDf6P708O6jv36udtR1/XzP8al+7H2IBqRvZCyF69nL9/OXt3JruzXdWPZR+U/Yf5nm/mfbeZ/th1a6i5GbH6/3d3uzn/n/fVe9GMYZVyLRvwZjx6TJ+b1zfc7N66lx5qRNu89yd/b7p4/mm9FI5qL8615Ph3NX4jVw/l2NOKlxfn2wvzFeOvNQ/k8GvH7VzGOYWzEo+xB/m4rpfc+7BzLX338PwCAZ02enlq4v+X5P/Xn+RPsh8f2q5W4urLcuxNRzb4dFMNhOVEoFIqnxbLfTJyGg6Ev+yQAAAAAAAAAAACcxGl8TrjsOwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/w9/BwAA///8j/If")
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

76.160434ms ago: executing program 0 (id=809):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2f, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

75.876313ms ago: executing program 2 (id=810):
socket(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x2, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x6)

58.518045ms ago: executing program 3 (id=811):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0xe, 0xfffffffe, 0xffffffff, 0x0, "2af01c3d00400600ffffffffffff00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f00000002c0)={0xffff, 0x0, 0x0, 0x7fff, 0xff, "db2d416fbecfb84b5452b768e08ee2df361089"})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0xd)

46.809096ms ago: executing program 0 (id=812):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x17, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
r3 = io_uring_setup(0x70d9, &(0x7f0000000700)={0x0, 0xcff9, 0x2, 0x2, 0x269})
io_uring_enter(r3, 0x6df6, 0x0, 0x7, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'team0\x00', <r4=>0x0})
r5 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xd0a2, 0x0, 0x2, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, @perf_config_ext={0x4, 0x3}, 0x0, 0x0, 0x1, 0x8}, 0x0, 0x5, r5, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x10000}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000004c0)='kmem_cache_free\x00', r6}, 0x10)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="0400ffff07"], 0xd)
r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_DESTROY(r7, &(0x7f0000000080), 0x4)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x3], 0x0, [0x8, 0x4], [0x0, 0x8]}}]}}]}, 0x8c}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0200080004000100080000000100000080000000", @ANYRES32=r2, @ANYBLOB="0000008000"/20, @ANYRES32=r4, @ANYRES32=r2, @ANYBLOB="03000000050000000300"/28], 0x50)
fcntl$dupfd(r0, 0x406, 0xffffffffffffffff)
modify_ldt$read(0x0, 0x0, 0x0)

0s ago: executing program 2 (id=813):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x7)
ioctl$PIO_SCRNMAP(r2, 0x4b41, &(0x7f0000000280)="35e76dfc29a4bab84cd1a43ce079c16b7781049965b3ec8fa104482f4ae31964e5a8b0d976031ddd71726763c300bb3ad27963fbd24ea7848d429ff4bb84fd0ab49a87dbc4e0f7c5c459f142ab48c1dec3e951a898d2c1df60ed7d59fa7541bbf4fcf6ab75518c5e1d1226749267cc40394312be1307eceeb5acbfca889ddf15ef910ba6e08fa4c3d235f00b9849aaddcf0b2d612e6f887b42e5ff9bb9c6029c2ea97448f9649ccaaf0f198ada5df2475b20ef29836c")
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000c00)={<r7=>0x0, 0x6cf, 0x9})
ioctl$BTRFS_IOC_GET_DEV_STATS(r4, 0xc4089434, &(0x7f0000001000)={r7, 0xfff, 0x0, [0x5a92, 0xf, 0x62cd, 0x100000000, 0x7], [0x401, 0x4, 0x10, 0xb9, 0x8, 0xffffffffffffffff, 0x8, 0xe, 0x77, 0x6, 0xb2, 0x1000, 0xfffffffffffffffd, 0x7, 0x4, 0x8001, 0x2, 0x5000000, 0xfffffffffffffffd, 0xfad, 0x8, 0x1, 0x6f76, 0x9, 0x0, 0x3, 0x1, 0x100000000, 0x3, 0x3fc000000000000, 0xc, 0x4, 0xb8, 0x3, 0x6, 0x8, 0x94, 0x400, 0xbf, 0x8, 0x101, 0x4, 0x4, 0x40b, 0x8, 0x294, 0x7, 0x1d4, 0x101, 0x324, 0xfffffffffffff3a9, 0x80000000, 0x1, 0x4, 0x3, 0x9, 0x0, 0x4, 0x70d8000000000, 0x100000000, 0x1, 0x6, 0x2, 0x7, 0x7, 0xa0, 0xffffffffffffffff, 0x18, 0x1, 0x7, 0x6, 0x1, 0x8880000000000000, 0x5, 0x1, 0xd78, 0x8, 0x0, 0x1ff, 0xb71, 0x7, 0x5, 0x401, 0xfff, 0x6, 0x0, 0x101, 0x7, 0xfffffffffffffff8, 0x0, 0x5, 0x5, 0x100, 0x280000000000000, 0x7, 0xffffffff, 0x2, 0x0, 0x80, 0x0, 0x3, 0x6, 0x5, 0x7, 0x2, 0xffffffffffffffff, 0xfffffffffffffffa, 0x9, 0x2ec2, 0x976, 0x7, 0x2, 0xfff000, 0x7, 0xa, 0x7, 0x2, 0x8da8, 0x0, 0xfffffffffffffff2, 0x6]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r6}, &(0x7f00000005c0), &(0x7f0000000600)='%pI4   \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000640)='console\x00', r3}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
r10 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$PERF_EVENT_IOC_SET_BPF(r10, 0x40042408, r12)
sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={0x84, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_FILTER={0x14, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x140}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x30}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0xc, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, 0x84}}, 0x0)
syz_open_dev$sg(&(0x7f0000000040), 0x3, 0x10600)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})

kernel console output (not intermixed with test programs):

g VLAN 0 to HW filter on device team0
[   57.894553][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.901690][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.917931][ T4566] EXT4-fs error (device loop1): ext4_lookup:1815: inode #2: comm syz.1.292: deleted inode referenced: 12
[   57.919291][ T4581] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.291: bg 0: block 234: padding at end of block bitmap is not set
[   57.942705][ T4566] EXT4-fs error (device loop1): ext4_lookup:1815: inode #2: comm syz.1.292: deleted inode referenced: 12
[   57.956108][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.963172][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.975520][   T29] audit: type=1400 audit(1726615477.897:548): avc:  denied  { unlink } for  pid=2944 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   57.996586][ T4581] EXT4-fs (loop2): Remounting filesystem read-only
[   58.020381][ T4622] loop0: detected capacity change from 0 to 512
[   58.038230][ T4372] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   58.048647][ T4372] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   58.058298][ T4554] EXT4-fs (loop2): ext4_do_writepages: jbd2_start: 9223372036854775807 pages, ino 18; err -5
[   58.094157][ T4622] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.131191][   T29] audit: type=1400 audit(1726615478.047:549): avc:  denied  { create } for  pid=4621 comm="syz.0.293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   58.137828][ T4622] netlink: 'syz.0.293': attribute type 10 has an invalid length.
[   58.169624][   T29] audit: type=1400 audit(1726615478.057:550): avc:  denied  { create } for  pid=4621 comm="syz.0.293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   58.201698][ T4622] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.258759][ T4622] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   58.287004][ T4641] loop1: detected capacity change from 0 to 512
[   58.347946][ T4372] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.419223][ T4641] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.476930][ T4660] loop0: detected capacity change from 0 to 256
[   58.500156][   T29] audit: type=1400 audit(1726615478.427:551): avc:  denied  { mount } for  pid=4648 comm="syz.0.298" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   58.527792][ T4659] loop2: detected capacity change from 0 to 1024
[   58.567686][   T29] audit: type=1400 audit(1726615478.497:552): avc:  denied  { unmount } for  pid=3260 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   58.576770][ T4372] veth0_vlan: entered promiscuous mode
[   58.604459][ T4372] veth1_vlan: entered promiscuous mode
[   58.651568][   T29] audit: type=1400 audit(1726615478.577:553): avc:  denied  { create } for  pid=4657 comm="syz.2.299" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   58.671673][ T4372] veth0_macvtap: entered promiscuous mode
[   58.778252][ T4372] veth1_macvtap: entered promiscuous mode
[   58.915413][ T4722] loop2: detected capacity change from 0 to 2048
[   58.946584][ T4722]  loop2: p1 < > p4
[   58.979146][ T4722] loop2: p4 size 8388608 extends beyond EOD, truncated
[   59.016697][   T29] audit: type=1326 audit(1726615478.937:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4725 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac0597def9 code=0x7ffc0000
[   59.040231][   T29] audit: type=1326 audit(1726615478.937:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4725 comm="syz.4.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac0597def9 code=0x7ffc0000
[   59.068007][ T4721] loop0: detected capacity change from 0 to 256
[   59.095613][ T4372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.106835][ T4372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.116709][ T4372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.127184][ T4372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.137104][ T4372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.147562][ T4372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.158028][ T4372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.168653][ T4372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.231033][ T4372] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.246336][ T2962]  loop2: p1 < > p4
[   59.255094][ T4722] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   59.262816][ T4722] macvtap1: entered promiscuous mode
[   59.268323][ T4722] macvtap1: entered allmulticast mode
[   59.273730][ T4722] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   59.282896][ T2962] loop2: p4 size 8388608 extends beyond EOD, truncated
[   59.290394][ T4722] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[   59.297682][ T4722] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[   59.321613][ T4727] netlink: 'syz.4.306': attribute type 4 has an invalid length.
[   59.356892][ T4372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.367429][ T4372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.377297][ T4372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.387771][ T4372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.397632][ T4372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.408194][ T4372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.418059][ T4372] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.428627][ T4372] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.443242][ T4372] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.462027][ T4728] netlink: 'syz.4.306': attribute type 4 has an invalid length.
[   59.516378][ T4735] netlink: 24 bytes leftover after parsing attributes in process `syz.0.307'.
[   59.554596][ T4372] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.563532][ T4372] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.572528][ T4372] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.581429][ T4372] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.601893][ T4735] netlink: 12 bytes leftover after parsing attributes in process `syz.0.307'.
[   59.660027][ T4745] FAULT_INJECTION: forcing a failure.
[   59.660027][ T4745] name failslab, interval 1, probability 0, space 0, times 0
[   59.672889][ T4745] CPU: 0 UID: 0 PID: 4745 Comm: syz.2.310 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   59.683157][ T4745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   59.693233][ T4745] Call Trace:
[   59.696563][ T4745]  <TASK>
[   59.699552][ T4745]  dump_stack_lvl+0xf2/0x150
[   59.704159][ T4745]  dump_stack+0x15/0x20
[   59.708383][ T4745]  should_fail_ex+0x229/0x230
[   59.713083][ T4745]  ? v9fs_mount+0x53/0x560
[   59.717515][ T4745]  should_failslab+0x8f/0xb0
[   59.722135][ T4745]  __kmalloc_cache_noprof+0x4b/0x2a0
[   59.727662][ T4745]  v9fs_mount+0x53/0x560
[   59.731920][ T4745]  ? __pfx_v9fs_mount+0x10/0x10
[   59.736832][ T4745]  legacy_get_tree+0x77/0xd0
[   59.741441][ T4745]  vfs_get_tree+0x56/0x1e0
[   59.745934][ T4745]  do_new_mount+0x227/0x690
[   59.750634][ T4745]  path_mount+0x49b/0xb30
[   59.755032][ T4745]  __se_sys_mount+0x27c/0x2d0
[   59.759760][ T4745]  __x64_sys_mount+0x67/0x80
[   59.764371][ T4745]  x64_sys_call+0x203e/0x2d60
[   59.769129][ T4745]  do_syscall_64+0xc9/0x1c0
[   59.773640][ T4745]  ? clear_bhb_loop+0x55/0xb0
[   59.778373][ T4745]  ? clear_bhb_loop+0x55/0xb0
[   59.783071][ T4745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.789010][ T4745] RIP: 0033:0x7f30a2e2def9
[   59.793491][ T4745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.813199][ T4745] RSP: 002b:00007f30a1aa1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   59.821629][ T4745] RAX: ffffffffffffffda RBX: 00007f30a2fe5f80 RCX: 00007f30a2e2def9
[   59.829690][ T4745] RDX: 00000000200002c0 RSI: 0000000020000280 RDI: 0000000020000100
[   59.837764][ T4745] RBP: 00007f30a1aa1090 R08: 0000000020000300 R09: 0000000000000000
[   59.845920][ T4745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   59.853916][ T4745] R13: 0000000000000000 R14: 00007f30a2fe5f80 R15: 00007ffd7c878858
[   59.861997][ T4745]  </TASK>
[   59.882069][ T4747] serio: Serial port ptm0
[   59.962050][ T4752] loop2: detected capacity change from 0 to 1024
[   60.124244][ T4780] loop0: detected capacity change from 0 to 512
[   60.149747][ T4780] ext4 filesystem being mounted at /64/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   60.291604][ T4798] IPVS: persistence engine module ip_vs_pe_si not found
[   60.320334][ T4789] netlink: 8 bytes leftover after parsing attributes in process `syz.3.317'.
[   60.325127][ T4800] loop2: detected capacity change from 0 to 512
[   60.368103][ T4800] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   60.381794][ T4800] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[   60.388840][ T4812] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[   60.399543][ T4800] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 2 with error 28
[   60.402782][ T4812] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   60.415071][ T4800] EXT4-fs (loop2): This should not happen!! Data will be lost
[   60.415071][ T4800] 
[   60.422539][ T4812] vhci_hcd vhci_hcd.0: Device attached
[   60.432060][ T4800] EXT4-fs (loop2): Total free blocks count 0
[   60.443955][ T4800] EXT4-fs (loop2): Free/Dirty block details
[   60.449015][ T4816] netlink: 8 bytes leftover after parsing attributes in process `syz.1.316'.
[   60.450324][ T4800] EXT4-fs (loop2): free_blocks=65281
[   60.464064][ T4800] EXT4-fs (loop2): dirty_blocks=2
[   60.469156][ T4800] EXT4-fs (loop2): Block reservation details
[   60.475281][ T4800] EXT4-fs (loop2): i_reserved_data_blocks=2
[   60.500449][ T4813] vhci_hcd: connection closed
[   60.500711][ T4696] vhci_hcd: stop threads
[   60.509937][ T4696] vhci_hcd: release socket
[   60.514363][ T4696] vhci_hcd: disconnect device
[   60.570602][ T4827] FAULT_INJECTION: forcing a failure.
[   60.570602][ T4827] name failslab, interval 1, probability 0, space 0, times 0
[   60.583374][ T4827] CPU: 1 UID: 0 PID: 4827 Comm: syz.4.323 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   60.593700][ T4827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   60.603869][ T4827] Call Trace:
[   60.607161][ T4827]  <TASK>
[   60.610257][ T4827]  dump_stack_lvl+0xf2/0x150
[   60.614892][ T4827]  dump_stack+0x15/0x20
[   60.619079][ T4827]  should_fail_ex+0x229/0x230
[   60.623812][ T4827]  ? dst_alloc+0xc0/0x100
[   60.628279][ T4827]  should_failslab+0x8f/0xb0
[   60.632940][ T4827]  kmem_cache_alloc_noprof+0x4c/0x290
[   60.638424][ T4827]  dst_alloc+0xc0/0x100
[   60.642684][ T4827]  ip_route_output_key_hash_rcu+0xb90/0x12d0
[   60.648706][ T4827]  ? call_rcu+0x2fb/0x430
[   60.653066][ T4827]  ip_route_output_flow+0x76/0x120
[   60.658297][ T4827]  tcp_v4_connect+0x45f/0xad0
[   60.663023][ T4827]  __inet_stream_connect+0x162/0x790
[   60.668344][ T4827]  ? should_fail_ex+0xd7/0x230
[   60.673185][ T4827]  ? tcp_sendmsg_fastopen+0x163/0x4f0
[   60.678592][ T4827]  ? should_failslab+0x8f/0xb0
[   60.683424][ T4827]  ? __kmalloc_cache_noprof+0x10b/0x2a0
[   60.689056][ T4827]  tcp_sendmsg_fastopen+0x40e/0x4f0
[   60.694292][ T4827]  tcp_sendmsg_locked+0x2513/0x2700
[   60.699564][ T4827]  ? mntput+0x49/0x70
[   60.703578][ T4827]  ? __rcu_read_unlock+0x4e/0x70
[   60.708650][ T4827]  ? avc_has_perm_noaudit+0x1cc/0x210
[   60.714063][ T4827]  ? avc_has_perm+0xd4/0x160
[   60.718688][ T4827]  ? _raw_spin_unlock_bh+0x36/0x40
[   60.723922][ T4827]  ? __pfx_tcp_sendmsg+0x10/0x10
[   60.728891][ T4827]  tcp_sendmsg+0x30/0x50
[   60.733157][ T4827]  inet_sendmsg+0x77/0xd0
[   60.737593][ T4827]  __sock_sendmsg+0x102/0x180
[   60.742327][ T4827]  __sys_sendto+0x1d9/0x250
[   60.746895][ T4827]  __x64_sys_sendto+0x78/0x90
[   60.751698][ T4827]  x64_sys_call+0x2959/0x2d60
[   60.756490][ T4827]  do_syscall_64+0xc9/0x1c0
[   60.761031][ T4827]  ? clear_bhb_loop+0x55/0xb0
[   60.765788][ T4827]  ? clear_bhb_loop+0x55/0xb0
[   60.770624][ T4827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.776569][ T4827] RIP: 0033:0x7fac0597def9
[   60.781005][ T4827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   60.800675][ T4827] RSP: 002b:00007fac045f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   60.809228][ T4827] RAX: ffffffffffffffda RBX: 00007fac05b35f80 RCX: 00007fac0597def9
[   60.817234][ T4827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   60.825320][ T4827] RBP: 00007fac045f7090 R08: 0000000020e68000 R09: 0000000000000010
[   60.833322][ T4827] R10: 00000000200007fd R11: 0000000000000246 R12: 0000000000000001
[   60.841385][ T4827] R13: 0000000000000000 R14: 00007fac05b35f80 R15: 00007ffcbb77fa68
[   60.849393][ T4827]  </TASK>
[   60.904446][ T4838] loop4: detected capacity change from 0 to 512
[   60.924493][ T4837] loop2: detected capacity change from 0 to 1024
[   60.931319][ T4838] EXT4-fs: Ignoring removed i_version option
[   60.942571][ T4838] EXT4-fs: Invalid want_extra_isize 7
[   61.189528][ T4874] loop3: detected capacity change from 0 to 2048
[   61.206570][ T4874] EXT4-fs: Ignoring removed mblk_io_submit option
[   61.394042][ T4885] syz.3.330[4885] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   61.394128][ T4885] syz.3.330[4885] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   61.845421][ T4891] loop0: detected capacity change from 0 to 512
[   61.864103][ T4874] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.330: bg 0: block 234: padding at end of block bitmap is not set
[   61.868169][ T4891] EXT4-fs: Ignoring removed mblk_io_submit option
[   61.901438][ T4874] EXT4-fs (loop3): Remounting filesystem read-only
[   61.917049][ T4891] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   61.952584][ T4891] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[   61.966479][ T4891] System zones: 1-12
[   61.976230][ T4891] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.336: corrupted in-inode xattr: e_value size too large
[   61.995463][ T4891] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.336: couldn't read orphan inode 15 (err -117)
[   62.048311][ T4906] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   62.055776][ T4906] macvtap1: entered promiscuous mode
[   62.061220][ T4906] macvtap1: entered allmulticast mode
[   62.066629][ T4906] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   62.075692][ T4906] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[   62.082996][ T4906] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[   62.158368][ T4914] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[   62.164990][ T4914] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   62.172438][ T4914] vhci_hcd vhci_hcd.0: Device attached
[   62.196646][ T4917] vhci_hcd: connection closed
[   62.196837][ T4690] vhci_hcd: stop threads
[   62.205809][ T4690] vhci_hcd: release socket
[   62.210419][ T4690] vhci_hcd: disconnect device
[   62.220502][ T4921] FAULT_INJECTION: forcing a failure.
[   62.220502][ T4921] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   62.233799][ T4921] CPU: 1 UID: 0 PID: 4921 Comm: syz.3.341 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   62.244067][ T4921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   62.254237][ T4921] Call Trace:
[   62.257534][ T4921]  <TASK>
[   62.260477][ T4921]  dump_stack_lvl+0xf2/0x150
[   62.265100][ T4921]  dump_stack+0x15/0x20
[   62.269287][ T4921]  should_fail_ex+0x229/0x230
[   62.274079][ T4921]  should_fail_alloc_page+0xfd/0x110
[   62.279419][ T4921]  __alloc_pages_noprof+0x109/0x360
[   62.284719][ T4921]  alloc_pages_mpol_noprof+0xb1/0x1e0
[   62.290135][ T4921]  vma_alloc_folio_noprof+0x1a0/0x2f0
[   62.295552][ T4921]  handle_mm_fault+0xdbe/0x2a20
[   62.300513][ T4921]  exc_page_fault+0x3b9/0x650
[   62.305218][ T4921]  asm_exc_page_fault+0x26/0x30
[   62.310139][ T4921] RIP: 0033:0x7f762e8cb22b
[   62.314566][ T4921] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01
[   62.334245][ T4921] RSP: 002b:00007f762d58ee10 EFLAGS: 00010246
[   62.340344][ T4921] RAX: 00007f762d590f30 RBX: 00007f762eaab620 RCX: 0000000000000000
[   62.348337][ T4921] RDX: 00007f762d590f78 RSI: 00007f762e97c900 RDI: 00007f762d58ee30
[   62.356395][ T4921] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000
[   62.364408][ T4921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   62.372432][ T4921] R13: 0000000000000000 R14: 00007f762ead5f80 R15: 00007ffef8420928
[   62.380482][ T4921]  </TASK>
[   62.384309][ T4921] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   62.437731][ T4924] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[   62.444329][ T4924] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   62.451812][ T4924] vhci_hcd vhci_hcd.0: Device attached
[   62.475471][ T4925] vhci_hcd: connection closed
[   62.475598][ T4696] vhci_hcd: stop threads
[   62.484664][ T4696] vhci_hcd: release socket
[   62.489155][ T4696] vhci_hcd: disconnect device
[   62.523711][ T4930] loop3: detected capacity change from 0 to 2048
[   62.552178][ T4932] loop1: detected capacity change from 0 to 2048
[   62.559029][ T4930] EXT4-fs: Ignoring removed mblk_io_submit option
[   62.566565][ T4932] EXT4-fs: Ignoring removed mblk_io_submit option
[   62.655009][ T4939] syz.3.351[4939] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   62.655103][ T4939] syz.3.351[4939] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   62.723362][ T4944] loop0: detected capacity change from 0 to 512
[   62.753791][ T4941] syz.1.352[4941] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   62.753884][ T4941] syz.1.352[4941] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   62.785889][ T4944] EXT4-fs: Ignoring removed mblk_io_submit option
[   62.818214][ T4944] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   62.841497][ T4944] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[   62.861862][ T4944] System zones: 1-12
[   62.872442][ T4944] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.354: corrupted in-inode xattr: e_value size too large
[   62.896284][ T4944] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.354: couldn't read orphan inode 15 (err -117)
[   62.915563][ T4932] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.352: bg 0: block 234: padding at end of block bitmap is not set
[   62.930153][ T4932] EXT4-fs (loop1): Remounting filesystem read-only
[   62.942361][ T4930] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.351: bg 0: block 234: padding at end of block bitmap is not set
[   62.978932][ T4930] EXT4-fs (loop3): Remounting filesystem read-only
[   63.068847][ T4953] loop4: detected capacity change from 0 to 2048
[   63.085777][ T4953] EXT4-fs: Ignoring removed mblk_io_submit option
[   63.193340][ T4959] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.203709][ T4959] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.249869][   T29] kauditd_printk_skb: 129 callbacks suppressed
[   63.249886][   T29] audit: type=1400 audit(1726615483.177:685): avc:  denied  { write } for  pid=4961 comm="syz.1.360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   63.286294][ T4963] atomic_op ffff8881152af128 conn xmit_atomic 0000000000000000
[   63.298874][ T4965] FAULT_INJECTION: forcing a failure.
[   63.298874][ T4965] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   63.312085][ T4965] CPU: 0 UID: 0 PID: 4965 Comm: syz.3.359 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   63.322454][ T4965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   63.332587][ T4965] Call Trace:
[   63.335929][ T4965]  <TASK>
[   63.338887][ T4965]  dump_stack_lvl+0xf2/0x150
[   63.343626][ T4965]  dump_stack+0x15/0x20
[   63.347848][ T4965]  should_fail_ex+0x229/0x230
[   63.352637][ T4965]  should_fail+0xb/0x10
[   63.356864][ T4965]  should_fail_usercopy+0x1a/0x20
[   63.361926][ T4965]  _copy_from_iter+0xd3/0xd20
[   63.366730][ T4965]  ? kmalloc_reserve+0x16e/0x190
[   63.371697][ T4965]  ? __build_skb_around+0x196/0x1f0
[   63.376986][ T4965]  ? __alloc_skb+0x21f/0x310
[   63.381593][ T4965]  ? __virt_addr_valid+0x1ed/0x250
[   63.386713][ T4965]  ? __check_object_size+0x35b/0x510
[   63.392013][ T4965]  netlink_sendmsg+0x460/0x6e0
[   63.396840][ T4965]  ? __pfx_netlink_sendmsg+0x10/0x10
[   63.402140][ T4965]  __sock_sendmsg+0x140/0x180
[   63.406883][ T4965]  ____sys_sendmsg+0x312/0x410
[   63.411665][ T4965]  __sys_sendmsg+0x1dd/0x270
[   63.416330][ T4965]  __x64_sys_sendmsg+0x46/0x50
[   63.421188][ T4965]  x64_sys_call+0x2689/0x2d60
[   63.425929][ T4965]  do_syscall_64+0xc9/0x1c0
[   63.430445][ T4965]  ? clear_bhb_loop+0x55/0xb0
[   63.435155][ T4965]  ? clear_bhb_loop+0x55/0xb0
[   63.439868][ T4965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.445778][ T4965] RIP: 0033:0x7f762e91def9
[   63.450205][ T4965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   63.469830][ T4965] RSP: 002b:00007f762d591038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   63.478258][ T4965] RAX: ffffffffffffffda RBX: 00007f762ead5f80 RCX: 00007f762e91def9
[   63.486285][ T4965] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 000000000000000b
[   63.494264][ T4965] RBP: 00007f762d591090 R08: 0000000000000000 R09: 0000000000000000
[   63.502247][ T4965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   63.510309][ T4965] R13: 0000000000000000 R14: 00007f762ead5f80 R15: 00007ffef8420928
[   63.518296][ T4965]  </TASK>
[   63.527509][ T4968] syz.4.358[4968] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   63.527599][ T4968] syz.4.358[4968] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   63.542391][ T4962] netlink: 16 bytes leftover after parsing attributes in process `syz.0.362'.
[   63.554423][ T4959] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4959 comm=syz.0.362
[   63.563002][   T29] audit: type=1400 audit(1726615483.467:686): avc:  denied  { create } for  pid=4957 comm="syz.0.362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   63.594389][   T29] audit: type=1400 audit(1726615483.477:687): avc:  denied  { setopt } for  pid=4957 comm="syz.0.362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   63.613759][   T29] audit: type=1400 audit(1726615483.477:688): avc:  denied  { write } for  pid=4957 comm="syz.0.362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   63.675170][ T4974] loop3: detected capacity change from 0 to 512
[   63.749779][ T4977] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   63.757264][ T4977] macvtap1: entered promiscuous mode
[   63.762631][ T4977] macvtap1: entered allmulticast mode
[   63.768057][ T4977] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   63.777408][ T4977] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[   63.784731][ T4977] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[   63.938272][ T4974] ext4 filesystem being mounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   63.968877][ T4960] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.358: bg 0: block 234: padding at end of block bitmap is not set
[   63.999354][ T4974] syz.3.366[4974] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   63.999434][ T4974] syz.3.366[4974] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   64.057373][   T29] audit: type=1400 audit(1726615483.937:689): avc:  denied  { write } for  pid=4957 comm="syz.0.362" name="ns" dev="proc" ino=7946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   64.089871][   T29] audit: type=1400 audit(1726615483.937:690): avc:  denied  { add_name } for  pid=4957 comm="syz.0.362" name="memory.events" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   64.108957][ T4960] EXT4-fs (loop4): Remounting filesystem read-only
[   64.110476][   T29] audit: type=1400 audit(1726615483.937:691): avc:  denied  { create } for  pid=4957 comm="syz.0.362" name="memory.events" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[   64.137787][   T29] audit: type=1400 audit(1726615483.937:692): avc:  denied  { associate } for  pid=4957 comm="syz.0.362" name="memory.events" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   64.159509][   T29] audit: type=1400 audit(1726615483.947:693): avc:  denied  { create } for  pid=4957 comm="syz.0.362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   64.240358][ T4983] loop0: detected capacity change from 0 to 2048
[   64.247394][ T4983] EXT4-fs: Ignoring removed mblk_io_submit option
[   64.353290][ T4994] syz.0.369[4994] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   64.353439][ T4994] syz.0.369[4994] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   64.440285][ T4998] loop4: detected capacity change from 0 to 512
[   64.494063][ T5001] loop3: detected capacity change from 0 to 2048
[   64.534744][ T4998] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002]
[   64.550911][ T4998] System zones: 0-2, 18-18, 34-34
[   64.557025][ T4998] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.372: bg 0: block 248: padding at end of block bitmap is not set
[   64.572488][ T4998] Quota error (device loop4): write_blk: dquota write failed
[   64.580176][ T4998] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.372: Failed to acquire dquot type 1
[   64.580231][ T5001]  loop3: p1 < > p4
[   64.580830][ T5001] loop3: p4 size 8388608 extends beyond EOD, truncated
[   64.605948][ T4998] EXT4-fs (loop4): 1 truncate cleaned up
[   64.615747][ T4998] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.641604][ T4983] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.369: bg 0: block 234: padding at end of block bitmap is not set
[   64.683752][ T4983] EXT4-fs (loop0): Remounting filesystem read-only
[   64.700329][ T5001] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[   64.707815][ T5001] macvtap1: entered promiscuous mode
[   64.713227][ T5001] macvtap1: entered allmulticast mode
[   64.718688][ T5001] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[   64.734383][ T5001] netdevsim netdevsim3 netdevsim0: left allmulticast mode
[   64.741784][ T5001] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[   64.921604][ T5026] loop0: detected capacity change from 0 to 512
[   64.968329][ T5026] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   64.986329][ T5026] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.378: Failed to acquire dquot type 0
[   65.240781][ T5041] loop1: detected capacity change from 0 to 2048
[   65.248795][ T5041] EXT4-fs: Ignoring removed mblk_io_submit option
[   65.325638][ T5004] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   65.413185][ T5049] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[   65.420691][ T5049] macvtap1: entered promiscuous mode
[   65.426171][ T5049] macvtap1: entered allmulticast mode
[   65.431565][ T5049] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[   65.483637][ T5049] netdevsim netdevsim3 netdevsim0: left allmulticast mode
[   65.491012][ T5049] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[   65.560318][ T5051] loop2: detected capacity change from 0 to 512
[   65.615172][ T5051] EXT4-fs: Ignoring removed mblk_io_submit option
[   65.707336][ T5051] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   65.781884][ T5051] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[   65.832224][ T5051] System zones: 1-12
[   65.842918][ T5051] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.384: corrupted in-inode xattr: e_value size too large
[   65.881747][ T5061] loop0: detected capacity change from 0 to 512
[   65.897621][ T5051] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.384: couldn't read orphan inode 15 (err -117)
[   65.899222][ T5041] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.382: bg 0: block 234: padding at end of block bitmap is not set
[   65.924114][ T5061] EXT4-fs: Ignoring removed i_version option
[   65.930209][ T5061] EXT4-fs: Ignoring removed nobh option
[   65.936038][ T5041] EXT4-fs (loop1): Remounting filesystem read-only
[   65.949505][ T5061] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   65.972075][ T5047] EXT4-fs (loop1): ext4_do_writepages: jbd2_start: 9223372036854775807 pages, ino 18; err -5
[   65.973401][ T5063] loop4: detected capacity change from 0 to 1024
[   65.990934][ T5061] EXT4-fs (loop0): 1 truncate cleaned up
[   65.996599][ T5063] EXT4-fs (loop4): inodes count not valid: 0 vs 32
[   66.071906][ T5072] FAULT_INJECTION: forcing a failure.
[   66.071906][ T5072] name failslab, interval 1, probability 0, space 0, times 0
[   66.084682][ T5072] CPU: 0 UID: 0 PID: 5072 Comm: syz.4.393 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   66.094971][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   66.105103][ T5072] Call Trace:
[   66.108441][ T5072]  <TASK>
[   66.111385][ T5072]  dump_stack_lvl+0xf2/0x150
[   66.116062][ T5072]  dump_stack+0x15/0x20
[   66.120267][ T5072]  should_fail_ex+0x229/0x230
[   66.124967][ T5072]  ? getname_flags+0x81/0x3b0
[   66.129725][ T5072]  should_failslab+0x8f/0xb0
[   66.134336][ T5072]  kmem_cache_alloc_noprof+0x4c/0x290
[   66.139825][ T5072]  getname_flags+0x81/0x3b0
[   66.144338][ T5072]  user_path_at+0x26/0x110
[   66.148772][ T5072]  __se_sys_move_mount+0xfd/0x730
[   66.153900][ T5072]  ? fput+0x14e/0x190
[   66.157923][ T5072]  __x64_sys_move_mount+0x67/0x80
[   66.162970][ T5072]  x64_sys_call+0x1b80/0x2d60
[   66.167707][ T5072]  do_syscall_64+0xc9/0x1c0
[   66.172218][ T5072]  ? clear_bhb_loop+0x55/0xb0
[   66.176916][ T5072]  ? clear_bhb_loop+0x55/0xb0
[   66.181681][ T5072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.187593][ T5072] RIP: 0033:0x7fac0597def9
[   66.192032][ T5072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.211704][ T5072] RSP: 002b:00007fac045f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad
[   66.220141][ T5072] RAX: ffffffffffffffda RBX: 00007fac05b35f80 RCX: 00007fac0597def9
[   66.228132][ T5072] RDX: ffffffffffffff9c RSI: 0000000020008080 RDI: ffffffffffffffff
[   66.236135][ T5072] RBP: 00007fac045f7090 R08: 0000000000000145 R09: 0000000000000000
[   66.244155][ T5072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.252227][ T5072] R13: 0000000000000001 R14: 00007fac05b35f80 R15: 00007ffcbb77fa68
[   66.260222][ T5072]  </TASK>
[   66.417725][ T5090] loop3: detected capacity change from 0 to 512
[   66.438428][ T5090] EXT4-fs mount: 127 callbacks suppressed
[   66.438448][ T5090] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   66.470726][ T5094] serio: Serial port ptm0
[   66.477905][ T5090] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.501745][ T5090] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.400: Failed to acquire dquot type 0
[   66.538113][ T5096] loop1: detected capacity change from 0 to 512
[   66.578440][ T5096] EXT4-fs (loop1): mounted filesystem 00800000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.594350][ T5096] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.605359][ T5096] EXT4-fs (loop1): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[   66.636294][ T4372] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   66.695731][ T5103] capability: warning: `syz.2.403' uses 32-bit capabilities (legacy support in use)
[   66.717425][ T5108] loop3: detected capacity change from 0 to 512
[   66.724269][ T5108] EXT4-fs: Ignoring removed i_version option
[   66.730427][ T5108] EXT4-fs: Ignoring removed nobh option
[   66.737532][ T5110] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[   66.745908][ T5108] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   66.758621][ T5108] EXT4-fs (loop3): 1 truncate cleaned up
[   66.765289][ T5108] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   66.771481][ T5113] netlink: 8 bytes leftover after parsing attributes in process `syz.2.407'.
[   66.803706][ T4372] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.828781][ T5119] FAULT_INJECTION: forcing a failure.
[   66.828781][ T5119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   66.841983][ T5119] CPU: 0 UID: 0 PID: 5119 Comm: syz.3.408 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   66.852297][ T5119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   66.862373][ T5119] Call Trace:
[   66.865657][ T5119]  <TASK>
[   66.868592][ T5119]  dump_stack_lvl+0xf2/0x150
[   66.873219][ T5119]  dump_stack+0x15/0x20
[   66.877423][ T5119]  should_fail_ex+0x229/0x230
[   66.882209][ T5119]  should_fail+0xb/0x10
[   66.886380][ T5119]  should_fail_usercopy+0x1a/0x20
[   66.891437][ T5119]  _copy_from_user+0x1e/0xd0
[   66.896037][ T5119]  copy_msghdr_from_user+0x54/0x2a0
[   66.901258][ T5119]  __sys_sendmsg+0x171/0x270
[   66.905931][ T5119]  __x64_sys_sendmsg+0x46/0x50
[   66.910755][ T5119]  x64_sys_call+0x2689/0x2d60
[   66.915461][ T5119]  do_syscall_64+0xc9/0x1c0
[   66.919998][ T5119]  ? clear_bhb_loop+0x55/0xb0
[   66.924750][ T5119]  ? clear_bhb_loop+0x55/0xb0
[   66.929497][ T5119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.935411][ T5119] RIP: 0033:0x7f762e91def9
[   66.939843][ T5119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.959472][ T5119] RSP: 002b:00007f762d591038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   66.967895][ T5119] RAX: ffffffffffffffda RBX: 00007f762ead5f80 RCX: 00007f762e91def9
[   66.975946][ T5119] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[   66.983922][ T5119] RBP: 00007f762d591090 R08: 0000000000000000 R09: 0000000000000000
[   66.991898][ T5119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   66.999952][ T5119] R13: 0000000000000000 R14: 00007f762ead5f80 R15: 00007ffef8420928
[   67.007940][ T5119]  </TASK>
[   67.038767][ T5121] netlink: 12 bytes leftover after parsing attributes in process `syz.0.412'.
[   67.065963][ T5126] loop2: detected capacity change from 0 to 512
[   67.068835][ T5121] bond1: entered promiscuous mode
[   67.085775][ T5128] FAULT_INJECTION: forcing a failure.
[   67.085775][ T5128] name failslab, interval 1, probability 0, space 0, times 0
[   67.098477][ T5128] CPU: 1 UID: 0 PID: 5128 Comm: syz.3.414 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   67.100291][ T5129] gretap1: entered promiscuous mode
[   67.108805][ T5128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   67.108825][ T5128] Call Trace:
[   67.108832][ T5128]  <TASK>
[   67.108841][ T5128]  dump_stack_lvl+0xf2/0x150
[   67.115548][ T5129] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   67.124109][ T5128]  dump_stack+0x15/0x20
[   67.124142][ T5128]  should_fail_ex+0x229/0x230
[   67.152546][ T5128]  ? match_strdup+0x37/0x40
[   67.157098][ T5128]  should_failslab+0x8f/0xb0
[   67.161707][ T5128]  __kmalloc_node_track_caller_noprof+0xa6/0x380
[   67.168073][ T5128]  kmemdup_nul+0x30/0x80
[   67.172382][ T5128]  match_strdup+0x37/0x40
[   67.176767][ T5128]  p9_client_create+0x25c/0xa80
[   67.181637][ T5128]  v9fs_session_init+0xf9/0xda0
[   67.186567][ T5128]  ? __rcu_read_unlock+0x4e/0x70
[   67.191528][ T5128]  ? __rcu_read_unlock+0x4e/0x70
[   67.196647][ T5128]  ? v9fs_mount+0x53/0x560
[   67.201069][ T5128]  ? should_failslab+0x8f/0xb0
[   67.205875][ T5128]  v9fs_mount+0x69/0x560
[   67.210124][ T5128]  ? __pfx_v9fs_mount+0x10/0x10
[   67.215016][ T5128]  legacy_get_tree+0x77/0xd0
[   67.219696][ T5128]  vfs_get_tree+0x56/0x1e0
[   67.224238][ T5128]  do_new_mount+0x227/0x690
[   67.228758][ T5128]  path_mount+0x49b/0xb30
[   67.233181][ T5128]  __se_sys_mount+0x27c/0x2d0
[   67.237909][ T5128]  __x64_sys_mount+0x67/0x80
[   67.242527][ T5128]  x64_sys_call+0x203e/0x2d60
[   67.247222][ T5128]  do_syscall_64+0xc9/0x1c0
[   67.251787][ T5128]  ? clear_bhb_loop+0x55/0xb0
[   67.256506][ T5128]  ? clear_bhb_loop+0x55/0xb0
[   67.261308][ T5128]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.267277][ T5128] RIP: 0033:0x7f762e91def9
[   67.271708][ T5128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.291345][ T5128] RSP: 002b:00007f762d591038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   67.299914][ T5128] RAX: ffffffffffffffda RBX: 00007f762ead5f80 RCX: 00007f762e91def9
[   67.307912][ T5128] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000
[   67.315910][ T5128] RBP: 00007f762d591090 R08: 0000000020001340 R09: 0000000000000000
[   67.323955][ T5128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   67.331949][ T5128] R13: 0000000000000000 R14: 00007f762ead5f80 R15: 00007ffef8420928
[   67.340039][ T5128]  </TASK>
[   67.346995][ T5126] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   67.359616][ T5126] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.372056][ T5126] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.411: Failed to acquire dquot type 0
[   67.420760][ T5140] loop3: detected capacity change from 0 to 512
[   67.434137][ T5140] EXT4-fs: Ignoring removed i_version option
[   67.440297][ T5140] EXT4-fs: Ignoring removed nobh option
[   67.455609][ T5140] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   67.457029][ T5141] netlink: 16 bytes leftover after parsing attributes in process `syz.1.419'.
[   67.481948][ T5140] EXT4-fs (loop3): 1 truncate cleaned up
[   67.488589][ T5140] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.531705][ T5147] loop4: detected capacity change from 0 to 512
[   67.543624][ T5149] bridge0: port 3(veth0_to_bond) entered blocking state
[   67.543821][ T4372] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.550752][ T5149] bridge0: port 3(veth0_to_bond) entered disabled state
[   67.571381][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   67.590536][ T5149] veth0_to_bond: entered allmulticast mode
[   67.597161][ T5149] veth0_to_bond: entered promiscuous mode
[   67.609745][ T5147] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.634818][ T5147] ext4 filesystem being mounted at /31/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   67.660837][ T5147] bpf_get_probe_write_proto: 4 callbacks suppressed
[   67.660865][ T5147] syz.4.421[5147] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   67.661489][ T5160] serio: Serial port ptm0
[   67.669335][ T5147] syz.4.421[5147] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   67.724658][ T5163] loop3: detected capacity change from 0 to 512
[   67.747623][ T4255] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.779126][ T5163] EXT4-fs (loop3): mounted filesystem 00800000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.807905][ T5163] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.814206][ T5172] FAULT_INJECTION: forcing a failure.
[   67.814206][ T5172] name failslab, interval 1, probability 0, space 0, times 0
[   67.831081][ T5172] CPU: 0 UID: 0 PID: 5172 Comm: syz.4.428 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   67.841419][ T5172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   67.851590][ T5172] Call Trace:
[   67.854875][ T5172]  <TASK>
[   67.857814][ T5172]  dump_stack_lvl+0xf2/0x150
[   67.862447][ T5172]  dump_stack+0x15/0x20
[   67.866688][ T5172]  should_fail_ex+0x229/0x230
[   67.871395][ T5172]  ? __get_vm_area_node+0xf7/0x1b0
[   67.876568][ T5172]  should_failslab+0x8f/0xb0
[   67.881305][ T5172]  __kmalloc_cache_node_noprof+0x50/0x2b0
[   67.887121][ T5172]  __get_vm_area_node+0xf7/0x1b0
[   67.892166][ T5172]  __vmalloc_node_range_noprof+0x2e1/0xec0
[   67.898018][ T5172]  ? bpf_prog_alloc_no_stats+0x49/0x360
[   67.903614][ T5172]  ? mntput_no_expire+0x70/0x3c0
[   67.908613][ T5172]  ? avc_has_perm_noaudit+0x1cc/0x210
[   67.914080][ T5172]  ? selinux_capable+0x1f2/0x260
[   67.919116][ T5172]  ? bpf_prog_alloc_no_stats+0x49/0x360
[   67.924679][ T5172]  __vmalloc_noprof+0x5e/0x70
[   67.929378][ T5172]  ? bpf_prog_alloc_no_stats+0x49/0x360
[   67.934983][ T5172]  bpf_prog_alloc_no_stats+0x49/0x360
[   67.940381][ T5172]  ? bpf_prog_alloc+0x28/0x150
[   67.945236][ T5172]  bpf_prog_alloc+0x3a/0x150
[   67.949873][ T5172]  bpf_prog_load+0x4d1/0x1070
[   67.954585][ T5172]  ? __rcu_read_unlock+0x4e/0x70
[   67.959567][ T5172]  __sys_bpf+0x463/0x7a0
[   67.963856][ T5172]  __x64_sys_bpf+0x43/0x50
[   67.968369][ T5172]  x64_sys_call+0x2625/0x2d60
[   67.973071][ T5172]  do_syscall_64+0xc9/0x1c0
[   67.977649][ T5172]  ? clear_bhb_loop+0x55/0xb0
[   67.982422][ T5172]  ? clear_bhb_loop+0x55/0xb0
[   67.987155][ T5172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.993199][ T5172] RIP: 0033:0x7fac0597def9
[   67.997627][ T5172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.017274][ T5172] RSP: 002b:00007fac045f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   68.025800][ T5172] RAX: ffffffffffffffda RBX: 00007fac05b35f80 RCX: 00007fac0597def9
[   68.033783][ T5172] RDX: 0000000000000090 RSI: 0000000020000040 RDI: 0000000000000005
[   68.041774][ T5172] RBP: 00007fac045f7090 R08: 0000000000000000 R09: 0000000000000000
[   68.049763][ T5172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.056815][ T5163] EXT4-fs (loop3): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[   68.057787][ T5172] R13: 0000000000000000 R14: 00007fac05b35f80 R15: 00007ffcbb77fa68
[   68.057816][ T5172]  </TASK>
[   68.077931][ T5172] syz.4.428: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz4,mems_allowed=0
[   68.094178][ T5172] CPU: 0 UID: 0 PID: 5172 Comm: syz.4.428 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   68.104488][ T5172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   68.114578][ T5172] Call Trace:
[   68.117881][ T5172]  <TASK>
[   68.120910][ T5172]  dump_stack_lvl+0xf2/0x150
[   68.125576][ T5172]  dump_stack+0x15/0x20
[   68.129799][ T5172]  warn_alloc+0x145/0x1b0
[   68.134203][ T5172]  __vmalloc_node_range_noprof+0x306/0xec0
[   68.140057][ T5172]  ? mntput_no_expire+0x70/0x3c0
[   68.145037][ T5172]  ? avc_has_perm_noaudit+0x1cc/0x210
[   68.150445][ T5172]  ? selinux_capable+0x1f2/0x260
[   68.155550][ T5172]  ? bpf_prog_alloc_no_stats+0x49/0x360
[   68.161103][ T5172]  __vmalloc_noprof+0x5e/0x70
[   68.165833][ T5172]  ? bpf_prog_alloc_no_stats+0x49/0x360
[   68.171464][ T5172]  bpf_prog_alloc_no_stats+0x49/0x360
[   68.176931][ T5172]  ? bpf_prog_alloc+0x28/0x150
[   68.181824][ T5172]  bpf_prog_alloc+0x3a/0x150
[   68.186489][ T5172]  bpf_prog_load+0x4d1/0x1070
[   68.191189][ T5172]  ? __rcu_read_unlock+0x4e/0x70
[   68.196153][ T5172]  __sys_bpf+0x463/0x7a0
[   68.200420][ T5172]  __x64_sys_bpf+0x43/0x50
[   68.204852][ T5172]  x64_sys_call+0x2625/0x2d60
[   68.209577][ T5172]  do_syscall_64+0xc9/0x1c0
[   68.214095][ T5172]  ? clear_bhb_loop+0x55/0xb0
[   68.218916][ T5172]  ? clear_bhb_loop+0x55/0xb0
[   68.223616][ T5172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.229595][ T5172] RIP: 0033:0x7fac0597def9
[   68.234008][ T5172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.253642][ T5172] RSP: 002b:00007fac045f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   68.262092][ T5172] RAX: ffffffffffffffda RBX: 00007fac05b35f80 RCX: 00007fac0597def9
[   68.270154][ T5172] RDX: 0000000000000090 RSI: 0000000020000040 RDI: 0000000000000005
[   68.278165][ T5172] RBP: 00007fac045f7090 R08: 0000000000000000 R09: 0000000000000000
[   68.278186][ T5172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.278199][ T5172] R13: 0000000000000000 R14: 00007fac05b35f80 R15: 00007ffcbb77fa68
[   68.278224][ T5172]  </TASK>
[   68.288201][   T29] kauditd_printk_skb: 144 callbacks suppressed
[   68.288218][   T29] audit: type=1326 audit(1726615488.217:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5174 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   68.294247][ T5172] Mem-Info:
[   68.335644][   T29] audit: type=1326 audit(1726615488.227:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5174 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   68.337466][ T5172] active_anon:6615 inactive_anon:2 isolated_anon:0
[   68.337466][ T5172]  active_file:18773 inactive_file:1923 isolated_file:0
[   68.337466][ T5172]  unevictable:0 dirty:182 writeback:0
[   68.337466][ T5172]  slab_reclaimable:2611 slab_unreclaimable:13528
[   68.337466][ T5172]  mapped:21100 shmem:229 pagetables:748
[   68.337466][ T5172]  sec_pagetables:0 bounce:0
[   68.337466][ T5172]  kernel_misc_reclaimable:0
[   68.337466][ T5172]  free:1897726 free_pcp:10365 free_cma:0
[   68.360155][   T29] audit: type=1326 audit(1726615488.227:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5174 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   68.404873][ T5172] Node 0 active_anon:26460kB inactive_anon:8kB active_file:75092kB inactive_file:7692kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:84400kB dirty:728kB writeback:0kB shmem:916kB writeback_tmp:0kB kernel_stack:3360kB pagetables:2992kB sec_pagetables:0kB all_unreclaimable? no
[   68.427595][   T29] audit: type=1326 audit(1726615488.227:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5174 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   68.427637][   T29] audit: type=1326 audit(1726615488.227:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5174 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   68.427662][   T29] audit: type=1326 audit(1726615488.227:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5174 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   68.455155][ T5172] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   68.477916][   T29] audit: type=1326 audit(1726615488.227:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5174 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   68.500729][ T5172] lowmem_reserve[]:
[   68.523359][   T29] audit: type=1326 audit(1726615488.227:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5174 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   68.550104][ T5172]  0 2866 7844 0
[   68.550135][ T5172] Node 0 DMA32 free:2950364kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953896kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:3532kB free_cma:0kB
[   68.550212][ T5172] lowmem_reserve[]:
[   68.572973][   T29] audit: type=1326 audit(1726615488.237:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5174 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   68.576788][ T5172]  0 0 4978 0
[   68.576817][ T5172] Node 0 Normal free:4625180kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:26460kB inactive_anon:8kB active_file:75092kB inactive_file:7692kB unevictable:0kB writepending:756kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:37928kB local_pcp:16340kB free_cma:0kB
[   68.599585][   T29] audit: type=1326 audit(1726615488.237:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5174 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   68.603120][ T5172] lowmem_reserve[]: 0 0 0 0
[   68.603151][ T5172] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 
[   68.716200][ T5178] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[   68.720174][ T5172] 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   68.743030][ T5172] Node 0 DMA32: 3*4kB (M) 4*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 3*512kB (M) 2*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950364kB
[   68.759448][ T5172] Node 0 Normal: 503*4kB (ME) 120*8kB (ME) 214*16kB (UME) 643*32kB (UME) 527*64kB (ME) 174*128kB (UME) 63*256kB (ME) 26*512kB (UME) 27*1024kB (UME) 18*2048kB (UME) 1086*4096kB (UM) = 4625180kB
[   68.778862][ T5172] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[   68.788208][ T5172] 20919 total pagecache pages
[   68.792915][ T5172] 2 pages in swap cache
[   68.797104][ T5172] Free swap  = 124732kB
[   68.801273][ T5172] Total swap = 124996kB
[   68.805430][ T5172] 2097051 pages RAM
[   68.806121][    C1] hrtimer: interrupt took 36765 ns
[   68.809247][ T5172] 0 pages HighMem/MovableOnly
[   68.819133][ T5172] 80185 pages reserved
[   68.882019][ T5185] loop1: detected capacity change from 0 to 512
[   68.895921][ T5187] loop4: detected capacity change from 0 to 512
[   68.905864][ T5176] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[   68.914584][ T5185] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   68.916475][ T5187] EXT4-fs: Ignoring removed i_version option
[   68.933168][ T5187] EXT4-fs: Ignoring removed nobh option
[   68.940319][ T5185] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   68.996631][ T5185] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.434: Failed to acquire dquot type 0
[   69.026883][ T5187] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   69.064706][ T5187] EXT4-fs (loop4): 1 truncate cleaned up
[   69.090953][ T5187] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.170192][ T4255] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.229975][ T5199] hsr_slave_0: left promiscuous mode
[   69.242944][ T3267] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   69.254766][ T5199] hsr_slave_1: left promiscuous mode
[   69.263560][ T5201] loop4: detected capacity change from 0 to 512
[   69.304841][ T5206] loop1: detected capacity change from 0 to 512
[   69.318486][ T5201] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.354547][ T5206] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   69.370053][ T5201] ext4 filesystem being mounted at /35/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   69.388825][ T5215] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5215 comm=syz.3.442
[   69.406570][ T5201] syz.4.437[5201] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   69.406662][ T5201] syz.4.437[5201] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   69.419249][ T5206] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   69.481756][ T5206] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.440: Failed to acquire dquot type 0
[   69.506613][ T4255] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.597107][ T5181] loop2: detected capacity change from 0 to 1024
[   69.599148][ T5222] netlink: 'syz.3.445': attribute type 3 has an invalid length.
[   69.623346][ T3267] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   69.643863][ T5222] netlink: 8 bytes leftover after parsing attributes in process `syz.3.445'.
[   69.652844][ T5222] netlink: 12 bytes leftover after parsing attributes in process `syz.3.445'.
[   69.665103][ T5181] EXT4-fs: test_dummy_encryption option not supported
[   69.698767][ T5229] loop1: detected capacity change from 0 to 512
[   69.726573][ T5229] EXT4-fs: Ignoring removed i_version option
[   69.732672][ T5229] EXT4-fs: Ignoring removed nobh option
[   69.751894][ T5230] loop4: detected capacity change from 0 to 164
[   69.760351][ T5229] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   69.773648][ T5230] rock: directory entry would overflow storage
[   69.779998][ T5230] rock: sig=0x4f50, size=4, remaining=3
[   69.785723][ T5230] iso9660: Corrupted directory entry in block 4 of inode 1792
[   69.801692][ T5229] EXT4-fs (loop1): 1 truncate cleaned up
[   69.810614][ T5227] tipc: Can't bind to reserved service type 0
[   69.817207][ T5229] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.834129][ T5181] loop2: detected capacity change from 0 to 128
[   69.849962][ T5234] FAULT_INJECTION: forcing a failure.
[   69.849962][ T5234] name failslab, interval 1, probability 0, space 0, times 0
[   69.862763][ T5234] CPU: 0 UID: 0 PID: 5234 Comm: syz.3.449 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   69.865589][ T5236] loop4: detected capacity change from 0 to 512
[   69.873091][ T5234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   69.873112][ T5234] Call Trace:
[   69.873120][ T5234]  <TASK>
[   69.873130][ T5234]  dump_stack_lvl+0xf2/0x150
[   69.873161][ T5234]  dump_stack+0x15/0x20
[   69.904747][ T5234]  should_fail_ex+0x229/0x230
[   69.909457][ T5234]  ? raw_ioctl+0x106a/0x1b40
[   69.914410][ T5234]  should_failslab+0x8f/0xb0
[   69.919049][ T5234]  __kmalloc_cache_noprof+0x4b/0x2a0
[   69.924451][ T5234]  raw_ioctl+0x106a/0x1b40
[   69.928900][ T5234]  ? __pfx_raw_ioctl+0x10/0x10
[   69.933697][ T5234]  __se_sys_ioctl+0xcd/0x140
[   69.938399][ T5234]  __x64_sys_ioctl+0x43/0x50
[   69.943067][ T5234]  x64_sys_call+0x15cc/0x2d60
[   69.947767][ T5234]  do_syscall_64+0xc9/0x1c0
[   69.952282][ T5234]  ? clear_bhb_loop+0x55/0xb0
[   69.957088][ T5234]  ? clear_bhb_loop+0x55/0xb0
[   69.961784][ T5234]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.967833][ T5234] RIP: 0033:0x7f762e91dafb
[   69.972339][ T5234] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   69.991961][ T5234] RSP: 002b:00007f762d56df10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   70.000435][ T5234] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f762e91dafb
[   70.008502][ T5234] RDX: 00007f762d56efe0 RSI: 0000000041015500 RDI: 0000000000000004
[   70.016480][ T5234] RBP: 00007f762d56efe0 R08: 0000000000000000 R09: 00332e6364755f79
[   70.024487][ T5234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[   70.032492][ T5234] R13: 00007f762d56dfb0 R14: 00000000200002c0 R15: 00007f762ec00320
[   70.040480][ T5234]  </TASK>
[   70.068495][ T3267] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.089901][ T5236] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   70.109913][ T5181] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   70.124706][ T5236] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.136762][ T5181] ext4 filesystem being mounted at /93/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   70.167424][ T5236] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.450: Failed to acquire dquot type 0
[   70.203153][ T5181] netlink: 68 bytes leftover after parsing attributes in process `syz.2.431'.
[   70.213975][ T5181] netlink: 8 bytes leftover after parsing attributes in process `syz.2.431'.
[   70.293129][ T4255] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   70.354994][ T5251] loop0: detected capacity change from 0 to 512
[   70.410351][ T5251] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.424025][ T5251] ext4 filesystem being mounted at /92/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   70.438692][ T5251] syz.0.454[5251] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   70.438824][ T5251] syz.0.454[5251] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   70.515714][ T5260] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[   70.534571][ T5260] macvtap1: entered promiscuous mode
[   70.540160][ T5260] macvtap1: entered allmulticast mode
[   70.545671][ T5260] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[   70.555655][ T5260] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[   70.562976][ T5260] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[   70.826782][ T3260] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.950754][ T5264] FAULT_INJECTION: forcing a failure.
[   70.950754][ T5264] name failslab, interval 1, probability 0, space 0, times 0
[   70.963453][ T5264] CPU: 0 UID: 0 PID: 5264 Comm: syz.3.457 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   70.973907][ T5264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   70.983987][ T5264] Call Trace:
[   70.984426][ T5266] loop0: detected capacity change from 0 to 2048
[   70.987271][ T5264]  <TASK>
[   70.987283][ T5264]  dump_stack_lvl+0xf2/0x150
[   70.987317][ T5264]  dump_stack+0x15/0x20
[   70.996184][ T5266] EXT4-fs: Ignoring removed mblk_io_submit option
[   70.996604][ T5264]  should_fail_ex+0x229/0x230
[   71.016553][ T5264]  ? prepare_creds+0x37/0x480
[   71.021346][ T5264]  should_failslab+0x8f/0xb0
[   71.025984][ T5264]  kmem_cache_alloc_noprof+0x4c/0x290
[   71.031477][ T5264]  prepare_creds+0x37/0x480
[   71.036074][ T5264]  copy_creds+0x90/0x3f0
[   71.040412][ T5264]  copy_process+0x64b/0x1f90
[   71.045045][ T5264]  ? kstrtouint_from_user+0xb0/0xe0
[   71.050281][ T5264]  ? 0xffffffff81000000
[   71.054502][ T5264]  kernel_clone+0x167/0x5e0
[   71.059069][ T5264]  ? vfs_write+0x580/0x910
[   71.063631][ T5264]  __x64_sys_clone+0xe8/0x120
[   71.068345][ T5264]  x64_sys_call+0x2d23/0x2d60
[   71.073049][ T5264]  do_syscall_64+0xc9/0x1c0
[   71.077595][ T5264]  ? clear_bhb_loop+0x55/0xb0
[   71.082383][ T5264]  ? clear_bhb_loop+0x55/0xb0
[   71.087099][ T5264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.093059][ T5264] RIP: 0033:0x7f762e91def9
[   71.097475][ T5264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.117340][ T5264] RSP: 002b:00007f762d590fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[   71.125829][ T5264] RAX: ffffffffffffffda RBX: 00007f762ead5f80 RCX: 00007f762e91def9
[   71.133898][ T5264] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   71.141880][ T5264] RBP: 00007f762d591090 R08: 0000000000000000 R09: 0000000000000000
[   71.149920][ T5264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   71.157921][ T5264] R13: 0000000000000000 R14: 00007f762ead5f80 R15: 00007ffef8420928
[   71.165904][ T5264]  </TASK>
[   71.458288][ T5268] loop3: detected capacity change from 0 to 512
[   71.484432][ T5266] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.527737][ T5268] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.540468][ T5268] ext4 filesystem being mounted at /32/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   71.553738][ T5268] syz.3.460[5268] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   71.553812][ T5268] syz.3.460[5268] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   71.576266][ T5274] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   71.621581][ T5279] syz.0.458[5279] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   71.621712][ T5279] syz.0.458[5279] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   71.670262][ T4372] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.696461][ T5282] loop1: detected capacity change from 0 to 7
[   71.702908][ T5282] Buffer I/O error on dev loop1, logical block 0, async page read
[   71.715089][ T5282] Buffer I/O error on dev loop1, logical block 0, async page read
[   71.723152][ T5282]  loop1: unable to read partition table
[   71.733477][ T5282] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[   71.733477][ T5282] 
) failed (rc=-5)
[   71.771244][ T5284] loop3: detected capacity change from 0 to 512
[   71.774492][ T5272] loop1: detected capacity change from 0 to 512
[   71.794537][ T5284] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   71.808027][ T5284] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   71.811081][ T3265] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   71.829290][ T5284] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.463: Failed to acquire dquot type 0
[   71.838796][ T5266] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.458: bg 0: block 234: padding at end of block bitmap is not set
[   71.857942][ T5272] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002]
[   71.860053][ T5266] EXT4-fs (loop0): Remounting filesystem read-only
[   71.890621][ T5272] System zones: 0-2, 18-18, 34-34
[   71.897050][ T5272] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.459: bg 0: block 248: padding at end of block bitmap is not set
[   71.911967][ T5272] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.459: Failed to acquire dquot type 1
[   71.931459][ T5272] EXT4-fs (loop1): 1 truncate cleaned up
[   71.937719][ T5272] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.944413][ T4372] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   71.950381][ T5272] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   72.054274][ T5298] loop2: detected capacity change from 0 to 2048
[   72.065689][ T3260] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.107583][ T5308] loop3: detected capacity change from 0 to 512
[   72.115569][ T5308] EXT4-fs: Ignoring removed mblk_io_submit option
[   72.123273][ T5308] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[   72.132380][ T5298]  loop2: p1 < > p4
[   72.134134][ T5308] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[   72.144787][ T5308] System zones: 1-12
[   72.149318][ T5308] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.471: corrupted in-inode xattr: e_value size too large
[   72.164241][ T5308] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.471: couldn't read orphan inode 15 (err -117)
[   72.164770][ T5298] loop2: p4 size 8388608 extends beyond EOD, truncated
[   72.185444][ T5308] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.252852][ T2962]  loop2: p1 < > p4
[   72.268805][ T2962] loop2: p4 size 8388608 extends beyond EOD, truncated
[   72.281265][ T4372] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.314660][ T5311] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   72.395257][ T5311] macvtap1: entered promiscuous mode
[   72.400719][ T5311] macvtap1: entered allmulticast mode
[   72.406215][ T5311] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   72.414726][ T3267] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.453723][ T5316] loop1: detected capacity change from 0 to 512
[   72.480197][ T5311] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[   72.487552][ T5311] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[   72.535673][ T5316] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.597424][ T5316] ext4 filesystem being mounted at /90/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   72.724562][ T3267] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.840903][ T5328] loop0: detected capacity change from 0 to 512
[   72.863865][ T5330] loop3: detected capacity change from 0 to 512
[   72.885061][ T5328] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.902162][ T5330] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   72.931340][ T5328] ext4 filesystem being mounted at /95/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   72.952685][ T5330] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   73.001465][ T5330] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.477: Failed to acquire dquot type 0
[   73.030286][ T3260] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.042868][ T5338] loop2: detected capacity change from 0 to 2048
[   73.059575][ T5338] EXT4-fs: Ignoring removed mblk_io_submit option
[   73.077772][ T5340] FAULT_INJECTION: forcing a failure.
[   73.077772][ T5340] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   73.091023][ T5340] CPU: 1 UID: 0 PID: 5340 Comm: syz.4.480 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   73.101492][ T5340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   73.111621][ T5340] Call Trace:
[   73.114904][ T5340]  <TASK>
[   73.117880][ T5340]  dump_stack_lvl+0xf2/0x150
[   73.122548][ T5340]  dump_stack+0x15/0x20
[   73.126737][ T5340]  should_fail_ex+0x229/0x230
[   73.131432][ T5340]  should_fail+0xb/0x10
[   73.135602][ T5340]  should_fail_usercopy+0x1a/0x20
[   73.140692][ T5340]  _copy_from_iter+0xd3/0xd20
[   73.145445][ T5340]  ? kmalloc_reserve+0x16e/0x190
[   73.150445][ T5340]  ? __build_skb_around+0x196/0x1f0
[   73.155751][ T5340]  ? __alloc_skb+0x21f/0x310
[   73.160389][ T5340]  ? __virt_addr_valid+0x1ed/0x250
[   73.165527][ T5340]  ? __check_object_size+0x35b/0x510
[   73.170855][ T5340]  netlink_sendmsg+0x460/0x6e0
[   73.175633][ T5340]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.181062][ T5340]  __sock_sendmsg+0x140/0x180
[   73.185833][ T5340]  ____sys_sendmsg+0x312/0x410
[   73.190668][ T5340]  __sys_sendmsg+0x1dd/0x270
[   73.195291][ T5340]  __x64_sys_sendmsg+0x46/0x50
[   73.200174][ T5340]  x64_sys_call+0x2689/0x2d60
[   73.204939][ T5340]  do_syscall_64+0xc9/0x1c0
[   73.209471][ T5340]  ? clear_bhb_loop+0x55/0xb0
[   73.214194][ T5340]  ? clear_bhb_loop+0x55/0xb0
[   73.218996][ T5340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.224946][ T5340] RIP: 0033:0x7fac0597def9
[   73.229456][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.249097][ T5340] RSP: 002b:00007fac045f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.257571][ T5340] RAX: ffffffffffffffda RBX: 00007fac05b35f80 RCX: 00007fac0597def9
[   73.265572][ T5340] RDX: 0000000004000054 RSI: 0000000020000480 RDI: 0000000000000003
[   73.273743][ T5340] RBP: 00007fac045f7090 R08: 0000000000000000 R09: 0000000000000000
[   73.281721][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.289698][ T5340] R13: 0000000000000000 R14: 00007fac05b35f80 R15: 00007ffcbb77fa68
[   73.297736][ T5340]  </TASK>
[   73.312664][ T5338] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.335243][ T4372] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   73.415418][ T5355] netlink: 24 bytes leftover after parsing attributes in process `syz.0.485'.
[   73.447989][   T29] kauditd_printk_skb: 86 callbacks suppressed
[   73.448007][   T29] audit: type=1400 audit(1726615493.377:915): avc:  denied  { bind } for  pid=5349 comm="syz.3.481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   73.473523][   T29] audit: type=1400 audit(1726615493.377:916): avc:  denied  { name_bind } for  pid=5349 comm="syz.3.481" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[   73.495215][   T29] audit: type=1400 audit(1726615493.377:917): avc:  denied  { node_bind } for  pid=5349 comm="syz.3.481" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[   73.515684][ T5358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   73.530393][   T29] audit: type=1400 audit(1726615493.427:918): avc:  denied  { create } for  pid=5351 comm="syz.4.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   73.549761][   T29] audit: type=1400 audit(1726615493.427:919): avc:  denied  { getopt } for  pid=5351 comm="syz.4.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   73.561002][ T5356] bpf_get_probe_write_proto: 2 callbacks suppressed
[   73.561024][ T5356] syz.2.478[5356] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   73.586440][ T5356] syz.2.478[5356] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   73.624642][ T5358] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   73.708577][ T5363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.485'.
[   73.794110][ T5365] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   73.801772][ T5365] macvtap1: entered promiscuous mode
[   73.807165][ T5365] macvtap1: entered allmulticast mode
[   73.812626][ T5365] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   73.825509][ T5365] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[   73.832902][ T5365] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[   74.151048][ T5371] netlink: 'syz.3.489': attribute type 3 has an invalid length.
[   74.160719][ T5371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.489'.
[   74.169537][ T5371] netlink: 12 bytes leftover after parsing attributes in process `syz.3.489'.
[   74.248720][ T5338] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.478: bg 0: block 234: padding at end of block bitmap is not set
[   74.264863][ T5338] EXT4-fs (loop2): Remounting filesystem read-only
[   74.307967][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.388411][ T5378] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[   74.395927][ T5378] macvtap1: entered promiscuous mode
[   74.401471][ T5378] macvtap1: entered allmulticast mode
[   74.406910][ T5378] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[   74.478998][ T5376] loop3: detected capacity change from 0 to 512
[   74.498251][ T5376] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c11c, mo2=0002]
[   74.501024][ T5388] loop2: detected capacity change from 0 to 512
[   74.545333][ T5376] System zones: 0-2, 18-18, 34-34
[   74.555027][ T5394] loop1: detected capacity change from 0 to 512
[   74.558923][ T5376] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.491: bg 0: block 248: padding at end of block bitmap is not set
[   74.566659][ T5394] EXT4-fs: Ignoring removed mblk_io_submit option
[   74.577280][ T5378] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[   74.589380][ T5378] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[   74.589420][ T5394] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   74.611245][ T5376] Quota error (device loop3): write_blk: dquota write failed
[   74.614634][ T5394] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[   74.618735][ T5376] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[   74.626665][ T5394] System zones: 1-12
[   74.644871][ T5376] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.491: Failed to acquire dquot type 1
[   74.647456][ T5388] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.662399][ T5394] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.498: corrupted in-inode xattr: e_value size too large
[   74.691672][ T5376] EXT4-fs (loop3): 1 truncate cleaned up
[   74.698164][ T5376] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.707301][ T5388] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   74.721490][ T5394] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.498: couldn't read orphan inode 15 (err -117)
[   74.736456][ T5376] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   74.756875][ T5394] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.774076][ T5401] loop4: detected capacity change from 0 to 2048
[   74.786339][   T29] audit: type=1326 audit(1726615494.697:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   74.809663][   T29] audit: type=1326 audit(1726615494.707:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   74.832964][   T29] audit: type=1326 audit(1726615494.707:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.2.496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   74.885735][ T3267] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.887510][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.896692][ T5401]  loop4: p1 < > p4
[   74.912341][ T5401] loop4: p4 size 8388608 extends beyond EOD, truncated
[   74.942875][ T2962]  loop4: p1 < > p4
[   74.959491][ T2962] loop4: p4 size 8388608 extends beyond EOD, truncated
[   75.033827][ T5405] netlink: 16 bytes leftover after parsing attributes in process `syz.2.501'.
[   75.118766][ T5411] loop2: detected capacity change from 0 to 512
[   75.159042][ T5411] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.184018][ T4372] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.202141][ T5411] ext4 filesystem being mounted at /100/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   75.238817][ T2962]  loop4: p1 < > p4
[   75.243240][ T2962] loop4: p4 size 8388608 extends beyond EOD, truncated
[   75.252317][ T5418] serio: Serial port ptm0
[   75.275609][ T4025] udevd[4025]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   75.278002][ T3253] udevd[3253]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   75.319470][ T5423] loop3: detected capacity change from 0 to 512
[   75.341244][ T5423] EXT4-fs (loop3): mounted filesystem 00800000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.343995][ T5409] loop1: detected capacity change from 0 to 512
[   75.353876][ T5423] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.374244][ T5423] EXT4-fs (loop3): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[   75.377139][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.468827][ T5409] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c11c, mo2=0002]
[   75.494110][ T5409] System zones: 0-2, 18-18, 34-34
[   75.510450][ T5409] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.503: bg 0: block 248: padding at end of block bitmap is not set
[   75.556852][ T5409] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.503: Failed to acquire dquot type 1
[   75.593498][ T5447] syz.2.515[5447] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   75.593626][ T5447] syz.2.515[5447] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   75.631307][ T5453] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[   75.637942][ T5453] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   75.645685][ T5453] vhci_hcd vhci_hcd.0: Device attached
[   75.653593][ T5457] loop3: detected capacity change from 0 to 2048
[   75.662502][ T5457] EXT4-fs: Ignoring removed mblk_io_submit option
[   75.669353][ T5409] EXT4-fs (loop1): 1 truncate cleaned up
[   75.676440][ T5447] loop2: detected capacity change from 0 to 512
[   75.686464][ T5409] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.708050][ T5454] vhci_hcd: connection closed
[   75.708298][ T4690] vhci_hcd: stop threads
[   75.716237][ T5409] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.717340][ T4690] vhci_hcd: release socket
[   75.732126][ T4690] vhci_hcd: disconnect device
[   75.739131][ T5457] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.747925][ T5447] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.775561][ T5447] ext4 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.807016][ T5447] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.515: Failed to acquire dquot type 0
[   75.854793][ T5447] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.515: Failed to acquire dquot type 0
[   75.880559][ T5447] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.515: Failed to acquire dquot type 0
[   75.902651][ T5468] netlink: 2720 bytes leftover after parsing attributes in process `syz.0.521'.
[   75.907651][ T5469] syz.3.518[5469] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   75.911871][ T5469] syz.3.518[5469] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   75.930775][ T5471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.976722][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.996483][ T5471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   76.021348][ T3267] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.031010][ T5471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   76.041434][ T5457] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.518: bg 0: block 234: padding at end of block bitmap is not set
[   76.046736][ T5473] loop2: detected capacity change from 0 to 1024
[   76.057909][ T5457] EXT4-fs (loop3): Remounting filesystem read-only
[   76.069307][ T5471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   76.085132][ T5473] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.095156][ T5462] EXT4-fs (loop3): ext4_do_writepages: jbd2_start: 9223372036854775807 pages, ino 18; err -5
[   76.117913][ T5471] loop0: detected capacity change from 0 to 512
[   76.154386][ T5471] EXT4-fs error (device loop0): ext4_quota_enable:7018: comm syz.0.522: Bad quota inum: 9240576, type: 1
[   76.176877][ T5471] EXT4-fs warning (device loop0): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-117, ino=9240576). Please run e2fsck to fix.
[   76.208914][ T5471] EXT4-fs (loop0): mount failed
[   76.300280][ T5494] netlink: 8 bytes leftover after parsing attributes in process `syz.0.522'.
[   76.433198][ T5500] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[   76.469739][ T5500] macvtap1: entered promiscuous mode
[   76.475324][ T5500] macvtap1: entered allmulticast mode
[   76.480755][ T5500] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[   76.497706][ T5500] netdevsim netdevsim3 netdevsim0: left allmulticast mode
[   76.504942][ T5500] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[   76.571353][ T5502] loop4: detected capacity change from 0 to 2048
[   76.590761][ T5502] EXT4-fs: Ignoring removed mblk_io_submit option
[   76.748997][ T5506] syz.4.530[5506] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   76.749072][ T5506] syz.4.530[5506] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   77.019895][ T5510] loop2: detected capacity change from 0 to 512
[   77.099982][ T5510] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   77.137969][ T5510] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.532: bg 0: block 248: padding at end of block bitmap is not set
[   77.195644][ T5510] EXT4-fs (loop2): Remounting filesystem read-only
[   77.219552][ T5510] EXT4-fs (loop2): 1 truncate cleaned up
[   77.225589][ T5510] SELinux: (dev loop2, type ext4) getxattr errno 5
[   77.283896][ T5510] loop2: detected capacity change from 0 to 764
[   77.347241][ T5502] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.530: bg 0: block 234: padding at end of block bitmap is not set
[   77.380088][ T5522] loop3: detected capacity change from 0 to 1024
[   77.386901][ T5524] loop2: detected capacity change from 0 to 512
[   77.397500][ T5502] EXT4-fs (loop4): Remounting filesystem read-only
[   77.421800][ T5524] ext4 filesystem being mounted at /107/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   77.470434][ T5524] syz.2.536[5524] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   77.470641][ T5524] syz.2.536[5524] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   77.609287][ T5536] loop1: detected capacity change from 0 to 512
[   77.669207][ T5536] ext4 filesystem being mounted at /98/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   77.767046][ T5554] netlink: 8 bytes leftover after parsing attributes in process `syz.3.547'.
[   77.794627][ T5555] loop4: detected capacity change from 0 to 2048
[   77.810566][ T5555] EXT4-fs: Ignoring removed mblk_io_submit option
[   77.915543][ T5565] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   77.982961][ T5565] macvtap1: entered promiscuous mode
[   77.988357][ T5565] macvtap1: entered allmulticast mode
[   77.993818][ T5565] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   78.014163][ T5567] loop0: detected capacity change from 0 to 512
[   78.164601][ T5565] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[   78.171867][ T5565] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[   78.637377][ T5555] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.548: bg 0: block 234: padding at end of block bitmap is not set
[   78.664453][ T5573] FAULT_INJECTION: forcing a failure.
[   78.664453][ T5573] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   78.677581][ T5573] CPU: 1 UID: 0 PID: 5573 Comm: syz.2.553 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   78.687853][ T5573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   78.697905][ T5573] Call Trace:
[   78.701178][ T5573]  <TASK>
[   78.704154][ T5573]  dump_stack_lvl+0xf2/0x150
[   78.708746][ T5573]  dump_stack+0x15/0x20
[   78.712945][ T5573]  should_fail_ex+0x229/0x230
[   78.717637][ T5573]  should_fail+0xb/0x10
[   78.721797][ T5573]  should_fail_usercopy+0x1a/0x20
[   78.726862][ T5573]  _copy_from_user+0x1e/0xd0
[   78.731515][ T5573]  copy_msghdr_from_user+0x54/0x2a0
[   78.736809][ T5573]  __sys_sendmsg+0x171/0x270
[   78.741427][ T5573]  __x64_sys_sendmsg+0x46/0x50
[   78.746246][ T5573]  x64_sys_call+0x2689/0x2d60
[   78.751006][ T5573]  do_syscall_64+0xc9/0x1c0
[   78.755568][ T5573]  ? clear_bhb_loop+0x55/0xb0
[   78.760380][ T5573]  ? clear_bhb_loop+0x55/0xb0
[   78.765089][ T5573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.771022][ T5573] RIP: 0033:0x7f30a2e2def9
[   78.775433][ T5573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.795060][ T5573] RSP: 002b:00007f30a1aa1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   78.803563][ T5573] RAX: ffffffffffffffda RBX: 00007f30a2fe5f80 RCX: 00007f30a2e2def9
[   78.811567][ T5573] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
[   78.819614][ T5573] RBP: 00007f30a1aa1090 R08: 0000000000000000 R09: 0000000000000000
[   78.827621][ T5573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   78.835594][ T5573] R13: 0000000000000000 R14: 00007f30a2fe5f80 R15: 00007ffd7c878858
[   78.843574][ T5573]  </TASK>
[   78.936522][ T5579] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.555'.
[   78.951664][ T5579] netlink: 8 bytes leftover after parsing attributes in process `syz.3.555'.
[   78.988930][   T29] kauditd_printk_skb: 131 callbacks suppressed
[   78.988948][   T29] audit: type=1400 audit(1726615498.917:1044): avc:  denied  { setopt } for  pid=5580 comm="syz.3.556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   79.006143][ T5555] EXT4-fs (loop4): Remounting filesystem read-only
[   79.037206][   T29] audit: type=1400 audit(1726615498.937:1045): avc:  denied  { listen } for  pid=5580 comm="syz.3.556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   79.338559][ T5584] hsr_slave_0: left promiscuous mode
[   79.387838][ T5584] hsr_slave_1: left promiscuous mode
[   79.437511][   T29] audit: type=1326 audit(1726615499.367:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5588 comm="syz.2.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   79.461004][   T29] audit: type=1326 audit(1726615499.367:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5588 comm="syz.2.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   79.484411][   T29] audit: type=1326 audit(1726615499.367:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5588 comm="syz.2.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   79.507848][   T29] audit: type=1326 audit(1726615499.367:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5588 comm="syz.2.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   79.531292][   T29] audit: type=1326 audit(1726615499.367:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5588 comm="syz.2.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   79.554680][   T29] audit: type=1326 audit(1726615499.367:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5588 comm="syz.2.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   79.584597][   T29] audit: type=1326 audit(1726615499.367:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5588 comm="syz.2.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   79.601590][ T5597] loop1: detected capacity change from 0 to 1024
[   79.607931][   T29] audit: type=1326 audit(1726615499.367:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5588 comm="syz.2.560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   79.720074][ T5604] netlink: 'syz.2.563': attribute type 3 has an invalid length.
[   79.722011][ T5608] loop3: detected capacity change from 0 to 1024
[   79.743531][ T5610] loop4: detected capacity change from 0 to 1024
[   79.814356][ T5623] netlink: 24 bytes leftover after parsing attributes in process `syz.3.572'.
[   79.835326][ T5625] netlink: 140 bytes leftover after parsing attributes in process `syz.4.571'.
[   79.854723][ T5620] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   79.861950][ T5623] netlink: 12 bytes leftover after parsing attributes in process `syz.3.572'.
[   79.865164][ T5620] loop2: detected capacity change from 0 to 128
[   79.952442][ T5614] loop1: detected capacity change from 0 to 512
[   79.982685][ T5632] loop4: detected capacity change from 0 to 1024
[   79.995160][ T5614] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c11c, mo2=0002]
[   80.005420][ T5614] System zones: 0-2, 18-18, 34-34
[   80.015843][ T5614] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.568: bg 0: block 248: padding at end of block bitmap is not set
[   80.047620][ T5614] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.568: Failed to acquire dquot type 1
[   80.062047][ T5614] EXT4-fs (loop1): 1 truncate cleaned up
[   80.077710][ T5614] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   80.210651][ T5655] loop2: detected capacity change from 0 to 512
[   80.229575][ T5655] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   80.249341][ T5657] loop3: detected capacity change from 0 to 512
[   80.258531][ T5655] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.583: Failed to acquire dquot type 0
[   80.330201][ T5657] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   80.388453][ T5657] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.584: Failed to acquire dquot type 0
[   80.400207][ T5665] Invalid ELF header magic: != ELF
[   80.525088][ T5673] loop3: detected capacity change from 0 to 512
[   80.558554][ T5673] ext4 filesystem being mounted at /71/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   80.628100][ T5673] bpf_get_probe_write_proto: 6 callbacks suppressed
[   80.628120][ T5673] syz.3.590[5673] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   80.656243][ T5673] syz.3.590[5673] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   80.670221][ T5677] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   81.627141][ T5682] loop1: detected capacity change from 0 to 2048
[   81.664660][ T5677] macvtap1: entered promiscuous mode
[   81.670090][ T5677] macvtap1: entered allmulticast mode
[   81.675472][ T5677] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   81.683336][ T5682]  loop1: p1 < > p4
[   81.687831][ T5682] loop1: p4 size 8388608 extends beyond EOD, truncated
[   81.752855][ T5677] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[   81.760080][ T5677] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[   81.831169][ T5682] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   81.838629][ T5682] macvtap1: entered promiscuous mode
[   81.844053][ T5682] macvtap1: entered allmulticast mode
[   81.849465][ T5682] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   81.871243][ T5682] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[   81.878615][ T5682] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[   82.085320][ T5697] loop0: detected capacity change from 0 to 2048
[   82.119794][ T5697] EXT4-fs: Ignoring removed mblk_io_submit option
[   82.548931][ T5707] syz.0.596[5707] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   82.548986][ T5707] syz.0.596[5707] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   82.572606][ T5709] loop1: detected capacity change from 0 to 512
[   82.661411][ T5709] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   82.712095][ T5709] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.597: Failed to acquire dquot type 0
[   82.962405][ T5697] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.596: bg 0: block 234: padding at end of block bitmap is not set
[   83.050423][ T5697] EXT4-fs (loop0): Remounting filesystem read-only
[   83.116367][ T5720] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.150708][ T5720] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.193406][ T5730] loop2: detected capacity change from 0 to 512
[   83.216986][ T5730] EXT4-fs: Ignoring removed mblk_io_submit option
[   83.239207][ T5730] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   83.259033][ T5730] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b042c118, mo2=0002]
[   83.270277][ T5723] netlink: 16 bytes leftover after parsing attributes in process `syz.4.601'.
[   83.279354][ T5730] System zones: 1-12
[   83.293641][ T5730] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.605: corrupted in-inode xattr: e_value size too large
[   83.346334][ T5730] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.605: couldn't read orphan inode 15 (err -117)
[   83.470914][ T5747] loop0: detected capacity change from 0 to 512
[   83.495917][ T5748] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   83.509463][ T5752] loop4: detected capacity change from 0 to 512
[   83.530864][ T5747] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   83.549977][ T5748] macvtap1: entered promiscuous mode
[   83.555434][ T5748] macvtap1: entered allmulticast mode
[   83.561169][ T5748] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   83.578432][ T5747] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.609: Failed to acquire dquot type 0
[   83.594801][ T5752] ext4 filesystem being mounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   83.625784][ T5752] syz.4.611[5752] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   83.625863][ T5752] syz.4.611[5752] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   83.699448][ T5748] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[   83.717957][ T5748] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[   83.971215][ T5767] loop0: detected capacity change from 0 to 2048
[   84.059289][ T5772] serio: Serial port ptm0
[   84.087725][ T5767]  loop0: p1 < > p4
[   84.109923][   T29] kauditd_printk_skb: 84 callbacks suppressed
[   84.109939][   T29] audit: type=1326 audit(1726615504.037:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5771 comm="syz.2.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   84.149833][ T5776] loop2: detected capacity change from 0 to 512
[   84.168552][   T29] audit: type=1326 audit(1726615504.067:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5771 comm="syz.2.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   84.186437][ T5767] loop0: p4 size 8388608 extends beyond EOD, truncated
[   84.191943][   T29] audit: type=1326 audit(1726615504.067:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5771 comm="syz.2.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   84.222141][   T29] audit: type=1326 audit(1726615504.067:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5771 comm="syz.2.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   84.245526][   T29] audit: type=1326 audit(1726615504.067:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5771 comm="syz.2.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   84.268850][   T29] audit: type=1326 audit(1726615504.067:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5771 comm="syz.2.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   84.292352][   T29] audit: type=1326 audit(1726615504.067:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5771 comm="syz.2.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   84.315726][   T29] audit: type=1326 audit(1726615504.067:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5771 comm="syz.2.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   84.337786][ T5777] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[   84.338858][   T29] audit: type=1326 audit(1726615504.067:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5771 comm="syz.2.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   84.353570][ T2962]  loop0: p1 < > p4
[   84.369481][   T29] audit: type=1326 audit(1726615504.067:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5771 comm="syz.2.616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30a2e2def9 code=0x7ffc0000
[   84.405750][ T2962] loop0: p4 size 8388608 extends beyond EOD, truncated
[   84.407301][ T5776] ext4 filesystem being mounted at /124/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.503071][ T5777] macvtap1: entered promiscuous mode
[   84.508610][ T5777] macvtap1: entered allmulticast mode
[   84.514000][ T5777] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[   84.691399][ T5777] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[   84.698782][ T5777] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[   84.882180][ T5778] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[   84.973239][ T5778] macvtap1: entered promiscuous mode
[   84.978766][ T5778] macvtap1: entered allmulticast mode
[   84.984210][ T5778] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[   85.116193][ T5778] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[   85.123498][ T5778] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[   85.500848][ T5799] loop3: detected capacity change from 0 to 512
[   85.518925][ T5799] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   85.531042][ T5799] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.623: Failed to acquire dquot type 0
[   85.761684][ T5810] SELinux:  Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   86.506172][ T5807] sched: RT throttling activated
[   87.287665][ T5827] loop2: detected capacity change from 0 to 2048
[   87.298713][ T5827] EXT4-fs: Ignoring removed mblk_io_submit option
[   88.208603][ T5832] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[   88.216064][ T5832] macvtap1: entered promiscuous mode
[   88.221497][ T5832] macvtap1: entered allmulticast mode
[   88.226932][ T5832] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[   88.236100][ T5832] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[   88.243334][ T5832] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[   88.357071][ T5840] syz.2.630[5840] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   88.357146][ T5840] syz.2.630[5840] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   88.463332][ T5845] loop1: detected capacity change from 0 to 7
[   88.482123][ T5845] Buffer I/O error on dev loop1, logical block 0, async page read
[   88.491332][ T5845] Buffer I/O error on dev loop1, logical block 0, async page read
[   88.499243][ T5845]  loop1: unable to read partition table
[   88.505918][ T5845] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[   88.505918][ T5845] 
) failed (rc=-5)
[   88.525319][ T4690] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm kworker/u8:24: bg 0: block 234: padding at end of block bitmap is not set
[   88.541655][ T4690] EXT4-fs (loop2): Remounting filesystem read-only
[   88.601433][ T5851] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   88.610460][ T5851] loop0: detected capacity change from 0 to 128
[   88.724324][ T5843] ALSA: seq fatal error: cannot create timer (-22)
[   88.809651][ T5859] loop3: detected capacity change from 0 to 512
[   88.828878][ T5859] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c11c, mo2=0002]
[   88.838510][ T5859] System zones: 0-2, 18-18, 34-34
[   88.844108][ T5859] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.639: bg 0: block 248: padding at end of block bitmap is not set
[   88.860234][ T5859] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.639: Failed to acquire dquot type 1
[   88.876574][ T5859] EXT4-fs (loop3): 1 truncate cleaned up
[   88.886848][ T5859] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.952413][ T5875] netlink: 24 bytes leftover after parsing attributes in process `syz.0.646'.
[   89.056500][ T5875] netlink: 12 bytes leftover after parsing attributes in process `syz.0.646'.
[   89.237590][   T29] kauditd_printk_skb: 26 callbacks suppressed
[   89.237609][   T29] audit: type=1400 audit(1726615509.157:1160): avc:  denied  { read write } for  pid=5885 comm="+}[@" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   89.268066][   T29] audit: type=1400 audit(1726615509.157:1161): avc:  denied  { open } for  pid=5885 comm="+}[@" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   89.284058][ T5887] loop4: detected capacity change from 0 to 2048
[   89.348206][ T5887] EXT4-fs: Ignoring removed mblk_io_submit option
[   89.429793][ T5893] loop1: detected capacity change from 0 to 7
[   89.456324][ T5893] Buffer I/O error on dev loop1, logical block 0, async page read
[   89.476016][ T5893] Buffer I/O error on dev loop1, logical block 0, async page read
[   89.483931][ T5893]  loop1: unable to read partition table
[   89.511962][ T5899] syz.4.651[5899] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   89.512027][ T5899] syz.4.651[5899] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   89.545640][   T29] audit: type=1326 audit(1726615509.467:1162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5901 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   89.546321][ T5893] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[   89.546321][ T5893] 
) failed (rc=-5)
[   89.558932][   T29] audit: type=1326 audit(1726615509.467:1163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5901 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   89.624118][   T29] audit: type=1326 audit(1726615509.507:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5901 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   89.647045][   T29] audit: type=1326 audit(1726615509.507:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5901 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   89.669912][   T29] audit: type=1326 audit(1726615509.507:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5901 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   89.692716][   T29] audit: type=1326 audit(1726615509.507:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5901 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   89.698837][ T5904] loop3: detected capacity change from 0 to 2048
[   89.715597][   T29] audit: type=1326 audit(1726615509.507:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5901 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   89.744785][   T29] audit: type=1326 audit(1726615509.507:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5901 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   89.807344][ T5904] EXT4-fs: Ignoring removed mblk_io_submit option
[   90.037527][ T5837] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set
[   90.057283][ T5837] EXT4-fs (loop3): Remounting filesystem read-only
[   90.104125][ T5904] syz.3.657[5904] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   90.104228][ T5904] syz.3.657[5904] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   90.136118][ T5887] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.651: bg 0: block 234: padding at end of block bitmap is not set
[   90.245168][ T5887] EXT4-fs (loop4): Remounting filesystem read-only
[   93.038876][ T5959] loop0: detected capacity change from 0 to 512
[   93.087905][ T5959] ext4 filesystem being mounted at /129/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.130458][ T5959] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.675: Failed to acquire dquot type 0
[   93.374139][ T5972] loop1: detected capacity change from 0 to 7
[   93.390551][ T3267] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.425299][ T3267] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.433189][ T3267]  loop1: unable to read partition table
[   93.461841][ T5982] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   93.477466][ T5972] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.508972][ T5972] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.517119][ T5972]  loop1: unable to read partition table
[   93.545699][ T5987] Invalid ELF header magic: != ELF
[   93.554200][ T5972] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[   93.554200][ T5972] 
) failed (rc=-5)
[   93.607843][ T2962] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.615778][ T2962] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.623673][ T2962]  loop1: unable to read partition table
[   93.635159][ T3253] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.654898][ T3253] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.669365][ T3253] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.677415][ T3253] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.686321][ T5991] Invalid ELF header magic: != ELF
[   93.693103][ T3253] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.701179][ T3253] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.710327][ T3253] Buffer I/O error on dev loop1, logical block 0, async page read
[   93.722920][ T5995] loop1: detected capacity change from 0 to 512
[   93.761408][ T5995] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.812966][ T5995] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.688: Failed to acquire dquot type 0
[   93.947483][ T6014] netlink: 16 bytes leftover after parsing attributes in process `syz.4.695'.
[   94.030647][ T6021] netlink: 24 bytes leftover after parsing attributes in process `syz.2.698'.
[   94.070599][ T6021] netlink: 12 bytes leftover after parsing attributes in process `syz.2.698'.
[   94.102752][ T6026] FAULT_INJECTION: forcing a failure.
[   94.102752][ T6026] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   94.115836][ T6026] CPU: 1 UID: 0 PID: 6026 Comm: syz.0.700 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[   94.126147][ T6026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   94.136197][ T6026] Call Trace:
[   94.139470][ T6026]  <TASK>
[   94.142481][ T6026]  dump_stack_lvl+0xf2/0x150
[   94.147075][ T6026]  dump_stack+0x15/0x20
[   94.151228][ T6026]  should_fail_ex+0x229/0x230
[   94.155990][ T6026]  should_fail+0xb/0x10
[   94.160161][ T6026]  should_fail_usercopy+0x1a/0x20
[   94.165201][ T6026]  _copy_from_user+0x1e/0xd0
[   94.169805][ T6026]  copy_msghdr_from_user+0x54/0x2a0
[   94.175011][ T6026]  __sys_sendmmsg+0x21e/0x500
[   94.179741][ T6026]  __x64_sys_sendmmsg+0x57/0x70
[   94.184592][ T6026]  x64_sys_call+0xa49/0x2d60
[   94.189182][ T6026]  do_syscall_64+0xc9/0x1c0
[   94.193682][ T6026]  ? clear_bhb_loop+0x55/0xb0
[   94.198421][ T6026]  ? clear_bhb_loop+0x55/0xb0
[   94.203166][ T6026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.209129][ T6026] RIP: 0033:0x7f18e3dfdef9
[   94.213594][ T6026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.233296][ T6026] RSP: 002b:00007f18e2a71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   94.241717][ T6026] RAX: ffffffffffffffda RBX: 00007f18e3fb5f80 RCX: 00007f18e3dfdef9
[   94.249756][ T6026] RDX: 0000000000000001 RSI: 0000000020000300 RDI: 0000000000000003
[   94.257749][ T6026] RBP: 00007f18e2a71090 R08: 0000000000000000 R09: 0000000000000000
[   94.265731][ T6026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.273718][ T6026] R13: 0000000000000000 R14: 00007f18e3fb5f80 R15: 00007fff42207068
[   94.281785][ T6026]  </TASK>
[   94.347007][ T6034] loop1: detected capacity change from 0 to 512
[   94.388537][ T6034] ext4 filesystem being mounted at /121/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   94.521319][ T6050] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   94.533994][ T6051] loop3: detected capacity change from 0 to 1024
[   94.546267][ T6049] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[   94.552806][ T6049] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   94.560684][ T6049] vhci_hcd vhci_hcd.0: Device attached
[   94.574631][ T6050] loop0: detected capacity change from 0 to 128
[   94.593734][ T6051] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   94.616036][ T6052] vhci_hcd: connection closed
[   94.616402][ T4696] vhci_hcd: stop threads
[   94.625382][ T4696] vhci_hcd: release socket
[   94.629864][ T4696] vhci_hcd: disconnect device
[   94.645101][ T6060] netlink: 24 bytes leftover after parsing attributes in process `syz.0.712'.
[   94.751888][ T6069] Invalid ELF header magic: != ELF
[   94.801896][ T6074] loop1: detected capacity change from 0 to 512
[   94.829619][ T6074] ext4 filesystem being mounted at /126/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   94.907716][ T6086] netlink: 24 bytes leftover after parsing attributes in process `syz.3.723'.
[   94.942244][ T6088] netlink: 8 bytes leftover after parsing attributes in process `syz.0.725'.
[   94.951248][ T6088] netlink: 8 bytes leftover after parsing attributes in process `syz.0.725'.
[   95.035904][   T29] kauditd_printk_skb: 91 callbacks suppressed
[   95.035919][   T29] audit: type=1326 audit(1726615514.957:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6097 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   95.036328][ T6098] syz.0.729[6098] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   95.042136][   T29] audit: type=1326 audit(1726615514.957:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6097 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   95.100168][   T29] audit: type=1326 audit(1726615514.997:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6097 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   95.123564][   T29] audit: type=1326 audit(1726615514.997:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6097 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   95.146920][   T29] audit: type=1326 audit(1726615514.997:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6097 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   95.170519][   T29] audit: type=1326 audit(1726615514.997:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6097 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   95.194095][   T29] audit: type=1326 audit(1726615514.997:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6097 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   95.217343][   T29] audit: type=1326 audit(1726615514.997:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6097 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   95.240926][   T29] audit: type=1326 audit(1726615514.997:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6097 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   95.264396][   T29] audit: type=1326 audit(1726615514.997:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6097 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7f18e3dfdef9 code=0x7ffc0000
[   95.362094][ T6111] loop1: detected capacity change from 0 to 1024
[   95.368920][ T6109] loop0: detected capacity change from 0 to 512
[   95.389031][ T6109] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   95.413562][ T6111] EXT4-fs: Ignoring removed mblk_io_submit option
[   95.436515][ T6109] EXT4-fs (loop0): 1 truncate cleaned up
[   95.546255][ T6109] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.733: corrupted in-inode xattr: overlapping e_value 
[   96.316275][ T6126] loop1: detected capacity change from 0 to 7
[   96.322860][ T3253]  loop1: unable to read partition table
[   96.329407][ T6109] EXT4-fs (loop0): Remounting filesystem read-only
[   96.335966][ T6109] EXT4-fs warning (device loop0): ext4_xattr_set_entry:1772: inode #15: comm syz.0.733: unable to update i_inline_off
[   96.359008][ T6126]  loop1: unable to read partition table
[   96.373847][ T6126] loop_reread_partitions: partition scan of loop1 (�被x������ڬ��dƤ����ݡ�����
[   96.373847][ T6126] 
) failed (rc=-5)
[   96.396062][ T6133] Invalid ELF header magic: != ELF
[   96.466463][ T2962]  loop1: unable to read partition table
[   96.482739][ T3260] EXT4-fs unmount: 65 callbacks suppressed
[   96.482754][ T3260] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   96.634568][ T6139] loop1: detected capacity change from 0 to 512
[   96.662147][ T6139] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c11c, mo2=0002]
[   96.676346][ T6139] System zones: 0-2, 18-18, 34-34
[   96.688550][ T6139] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.741: bg 0: block 248: padding at end of block bitmap is not set
[   96.707000][ T6159] pim6reg1: entered promiscuous mode
[   96.712341][ T6159] pim6reg1: entered allmulticast mode
[   96.718184][ T6139] EXT4-fs error (device loop1): ext4_acquire_dquot:6848: comm syz.1.741: Failed to acquire dquot type 1
[   96.733054][ T6139] EXT4-fs (loop1): 1 truncate cleaned up
[   96.738970][ T6139] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.752116][ T6139] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.803439][ T6162] netlink: 24 bytes leftover after parsing attributes in process `syz.2.751'.
[   96.997327][ T6177] loop4: detected capacity change from 0 to 128
[   98.013330][ T6196] loop2: detected capacity change from 0 to 128
[   98.028394][ T3267] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.044223][ T6196] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[   98.146221][ T6196] syz.2.766: attempt to access beyond end of device
[   98.146221][ T6196] loop2: rw=3, sector=6950, nr_sectors = 2 limit=128
[   98.197679][ T6196] syz.2.766: attempt to access beyond end of device
[   98.197679][ T6196] loop2: rw=2051, sector=6952, nr_sectors = 942 limit=128
[   98.336946][ T6209] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   98.570977][ T6225] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   99.688191][ T6245] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   99.823488][ T6257] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[   99.830020][ T6257] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   99.837503][ T6257] vhci_hcd vhci_hcd.0: Device attached
[   99.877873][ T6260] vhci_hcd: connection closed
[   99.878109][ T4690] vhci_hcd: stop threads
[   99.887184][ T4690] vhci_hcd: release socket
[   99.891748][ T4690] vhci_hcd: disconnect device
[   99.990584][ T6267] loop1: detected capacity change from 0 to 764
[  100.235172][ T6272] loop3: detected capacity change from 0 to 128
[  100.265435][ T6272] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  100.311134][ T6272] ext4 filesystem being mounted at /113/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  100.429543][   T29] kauditd_printk_skb: 23 callbacks suppressed
[  100.429559][   T29] audit: type=1400 audit(1726615520.357:1286): avc:  denied  { link } for  pid=6271 comm="syz.3.793" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  100.436576][ T6277] loop4: detected capacity change from 0 to 2048
[  100.482354][   T29] audit: type=1400 audit(1726615520.357:1287): avc:  denied  { rename } for  pid=6271 comm="syz.3.793" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  100.496454][ T6272] netlink: 14 bytes leftover after parsing attributes in process `syz.3.793'.
[  100.718172][ T6277] EXT4-fs: Ignoring removed mblk_io_submit option
[  101.458384][ T4372] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  101.491298][ T6277] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  101.541239][ T6296] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  101.601033][ T6301] netlink: 24 bytes leftover after parsing attributes in process `syz.2.803'.
[  101.776638][ T6315] loop3: detected capacity change from 0 to 128
[  101.830743][ T6309] syz.4.794[6309] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  101.830864][ T6309] syz.4.794[6309] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  101.903436][ T6327] ==================================================================
[  101.922762][ T6327] BUG: KCSAN: data-race in getrusage / unmap_region
[  101.929393][ T6327] 
[  101.931718][ T6327] write to 0xffff88811468cb68 of 8 bytes by task 6322 on cpu 1:
[  101.939350][ T6327]  unmap_region+0x105/0x230
[  101.943886][ T6327]  do_vmi_align_munmap+0x6df/0xa60
[  101.949023][ T6327]  do_vmi_munmap+0x1fb/0x250
[  101.953636][ T6327]  do_munmap+0x7a/0xb0
[  101.957723][ T6327]  __se_sys_mremap+0xab6/0xf10
[  101.962501][ T6327]  __x64_sys_mremap+0x67/0x80
[  101.967191][ T6327]  x64_sys_call+0x2747/0x2d60
[  101.971902][ T6327]  do_syscall_64+0xc9/0x1c0
[  101.976416][ T6327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.982345][ T6327] 
[  101.984668][ T6327] read to 0xffff88811468cb68 of 8 bytes by task 6327 on cpu 0:
[  101.992228][ T6327]  getrusage+0xa35/0xb90
[  101.996490][ T6327]  io_sq_thread+0x544/0x1000
[  102.001442][ T6327]  ret_from_fork+0x4b/0x60
[  102.005868][ T6327]  ret_from_fork_asm+0x1a/0x30
[  102.010649][ T6327] 
[  102.012971][ T6327] value changed: 0x0000000000000e9a -> 0x0000000000001083
[  102.020076][ T6327] 
[  102.022397][ T6327] Reported by Kernel Concurrency Sanitizer on:
[  102.028545][ T6327] CPU: 0 UID: 0 PID: 6327 Comm: iou-sqp-6322 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[  102.039056][ T6327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  102.049118][ T6327] ==================================================================
[  102.092327][ T6326] pim6reg1: entered promiscuous mode
[  102.097788][ T6326] pim6reg1: entered allmulticast mode
[  102.297986][ T6277] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.794: bg 0: block 234: padding at end of block bitmap is not set
[  102.346050][ T6277] EXT4-fs (loop4): Remounting filesystem read-only
[  102.462476][ T4255] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.