last executing test programs:

3m8.94958721s ago: executing program 1 (id=327):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
connect$netlink(r1, &(0x7f0000000300)=@proc={0x10, 0x0, 0x25dfdffc}, 0xc)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}, [{0x4}]}, 0x18}}, 0x0)

3m8.94820515s ago: executing program 1 (id=328):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x1f, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x800, 0x9}, 0x1041, 0xffff, 0x6, 0x5, 0x8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2)
socket$xdp(0x2c, 0x3, 0x0)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x5, 0x14, 0x0, &(0x7f0000000100)="259a53f271a76d2608fff74588a80a3888a82f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xf7, 0x6, 0x10}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae0000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r5, 0x0, 0x2}, 0x18)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2c, r2, 0x301, 0x0, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}]}, 0x2c}}, 0x40006)

3m8.912101244s ago: executing program 1 (id=330):
bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000600)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x14, r3, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}}, 0x14}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={<r7=>0x0, @empty, @multicast2}, &(0x7f00000000c0)=0xc)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={<r8=>0x0, @loopback, @initdev}, &(0x7f0000000140)=0xc)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000180)={@multicast2, @dev, <r9=>0x0}, &(0x7f0000000200)=0xc)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x84, r3, 0x10, 0x70bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x4}]}, @ETHTOOL_A_DEBUG_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x1}, 0x20008040)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x18)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r10, 0x26, &(0x7f0000000440)={0x2, 0x0, 0x85a, 0x9a8})

3m8.817157121s ago: executing program 1 (id=333):
r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000080)={[{@nodelalloc}, {@nobarrier}, {@errors_remount}]}, 0x1, 0x57c, &(0x7f00000129c0)="$eJzs3c9rG8ceAPDvynZ+Oe/Fgbzw3jsUQw5NSSPHdn+k0EN6LG1ooL2nwlZMsBwFSw6xG2hyaC69lFAopYHSP6D3HkP/gf4VgTYQSjDtoReVlVeOYkmWfyiRGn0+sPbM7sgzo90Zz2i0bABDazL9kYv4X0R8lUQcazo2GtnByY10609uzaVbErXax78nkWT7GumT7Pd4FvlvRPz8RcSZXGu+ldW1xUKpVFzO4lPVpetTldW1s1eXCgvFheK1mdnZ82/Ozrzz9ls9q+trl/789qMH75//8tT6Nz8+On4viQtxNDvWXI99uN0cmYzJ7D0ZiwtbEk73ILNBkvS7AOzJSNbOxyLtA47FSNbqgZff5xFRA4ZUov3DkGqMAxpz+x7Ng/8xHr+3MQFqrX+y8dlIHKrPjY6sJ8/MjNL57kQP8k/z+Om3+/fSLXr3OQRAV7fvRMS50dHO/d/endtBmq156P/gxXmQjn9ebzf+yW2Of6LN+Ge8Tdvdi+7tP/eoB9l0lI7/3m07/t1ctJoYyWL/qo/5xpIrV0vFtG/7d0ScjrGDaXy79Zzz6w9rnY41j//SLc2/MRbMyvFo9OCzr5kvVAv7qXOzx3ci/t9l/Ju0Of/p+3Fph3mcLN5/pdOx7vV/vmo/RLza9vw/XdFKtl+fnKpfD1ONq6LVH3dP/tIp/13X/z/7qm6L9Pwf2b7+E0nzem1l93l8f+ivYqdjk0m2aLrL6/9A8kk9fCDbd7NQrS5PRxxIPmzdP/P0tY14I31a/9Ontu//2l3/hyPi0x3W/+6Jux2T7vn678XkMzv/87s6/7sPPPzgs+/2Xv/0/L9RD53O9uyk/9tpAffz3gEAAAAAAMCgyUXE0Uhy+c1wLpfPb3y/40QcyZXKleqZK+WVa/NRv1d2IsZyjZXu8abvQ0xnS5KN+MyW+GxEHI+Ir0cO1+P5uXJpvt+VBwAAAAAAAAAAAAAAAAAAgAEx3rj//+Dm/f+bj7H+daTfpQOeuy2P/B7rVzmAF6/rI/978aQnYCB1bf/AS2s06XcJgH7x/x+Gl/YPw0v7h+Gl/cPw0v5heGn/AAAAAAAAAAAAAAAAAAAAAAAAAAAA0FOXLl5Mt9r6k1tzaXz+xurKYvnG2fliZTG/tDKXnysvX88vlMsLpWJ+rrzU7e+VyuXr0zOxcnOqWqxUpyqra5eXyivXqpevLhUWipeLni0OAAAAAAAAAAAAAAAAAAAArSqra4uFUqm4LDCggUODUYyOgdHBKMYgBWojG42rNDoY5WkNjEVElzT97pkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Km/AwAA//9MAjET")
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90)
r4 = socket$packet(0x11, 0x2, 0x300)
getpeername(r4, &(0x7f00000000c0)=@can={0x1d, <r5=>0x0}, &(0x7f0000000140)=0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r3, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x2, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0, 0x0], <r6=>0x0, 0x9b, &(0x7f0000000380)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x3f, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="18610000090000000000000005000000850000001e000000033c646b0a000000418d1e99c45aca724f1e596349cedec737adc4a8b925ff161ae26f1b50fb235b3d884f3b8fb1a2b7c1e9010a67ace15087e0e40a7dcfa48f7b7a2d2b1fce7d6de319c00155ff54736a05cdb184069cd83d9ac7a6744e2cec161e5c76dcb3757ff7fb9dbd3f462b9f71b9f11672c460802ddbc5243638eb897b32fcd986c86a69fc89f71914b5b06b8461a8216ebfe877dc8795b1311e56ce0e53679d59d03ad5741b11e3e33db78eff7918aea2e7"], &(0x7f0000000200)='GPL\x00', 0x4, 0x34, &(0x7f0000000240)=""/52, 0x40f00, 0x16, '\x00', r5, @sched_cls=0x2f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x0, 0x2, 0x3}, 0x10, r6, r3, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r7}, 0x18)
r8 = syz_io_uring_setup(0x49a, &(0x7f0000000740)={0x0, 0x79b2, 0x3180, 0x8000, 0x400252}, 0x0, &(0x7f00000007c0)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(0x0, r9, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x2004, @fd, 0x9, 0x0, 0x0, 0xf})
io_uring_enter(r8, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = fcntl$dupfd(r0, 0x605, r10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kvm_vcpu_wakeup\x00', r11}, 0xfffffffa)
close(0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r13 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r14 = dup(r13)
accept$inet6(r14, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000040)='kfree\x00', r12}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r15 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r15, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

3m8.720051639s ago: executing program 1 (id=336):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x1f, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x800, 0x9}, 0x1041, 0xffff, 0x6, 0x5, 0x8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x2)
socket$xdp(0x2c, 0x3, 0x0)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x5, 0x14, 0x0, &(0x7f0000000100)="259a53f271a76d2608fff74588a80a3888a82f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xf7, 0x6, 0x10}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae0000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r5, 0x0, 0x2}, 0x18)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2c, r2, 0x301, 0x0, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}]}, 0x2c}}, 0x40006)

3m6.59732012s ago: executing program 1 (id=367):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@any, 0x10001})
r1 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNDELRESOURCE(r1, 0x89ef, &(0x7f0000000040)=0x7)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x977, 0xe5, 0x0, 0xcb71, 0x8, <r2=>0x0})
fcntl$lock(r1, 0x24, &(0x7f0000000100)={0x0, 0x0, 0x9aa9, 0x3, r2})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x101, 0x3)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r3, 0x40049366, &(0x7f0000000180))
recvmsg(r1, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000001c0)=""/71, 0x47}, {&(0x7f0000000240)=""/83, 0x53}, {&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f00000012c0)=""/102, 0x66}, {&(0x7f0000001340)=""/58, 0x3a}], 0x5, &(0x7f0000001400)=""/18, 0x12}, 0x101)
llistxattr(&(0x7f0000001480)='./file0\x00', &(0x7f00000014c0)=""/4096, 0x1000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000002500), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f00000025c0)={&(0x7f00000024c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000002580)={&(0x7f0000002540)={0x38, r5, 0x100, 0x70bd25, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8080}, 0x10)
ioctl$SIOCPNDELRESOURCE(r1, 0x89ef, &(0x7f0000002600)=0x1)
r6 = socket$kcm(0x29, 0x5, 0x0)
recvmsg$kcm(r6, &(0x7f0000003840)={0x0, 0x0, &(0x7f0000003800)=[{&(0x7f0000002640)=""/45, 0x2d}, {&(0x7f0000002680)=""/188, 0xbc}, {&(0x7f0000002740)=""/4096, 0x1000}, {&(0x7f0000003740)=""/131, 0x83}], 0x4}, 0x40)
r7 = socket$kcm(0x29, 0x5, 0x0)
recvmsg$kcm(r7, &(0x7f0000003f40)={&(0x7f0000003880)=@l2tp6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000003e80)=[{&(0x7f0000003900)=""/28, 0x1c}, {&(0x7f0000003940)=""/232, 0xe8}, {&(0x7f0000003a40)=""/40, 0x28}, {&(0x7f0000003a80)=""/254, 0xfe}, {&(0x7f0000003b80)=""/87, 0x57}, {&(0x7f0000003c00)=""/219, 0xdb}, {&(0x7f0000003d00)=""/88, 0x58}, {&(0x7f0000003d80)=""/50, 0x32}, {&(0x7f0000003dc0)=""/67, 0x43}, {&(0x7f0000003e40)=""/42, 0x2a}], 0xa}, 0x10002)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
fcntl$F_GET_RW_HINT(r8, 0x40b, &(0x7f0000003f80))
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000003fc0), r9)
listen(r7, 0xe2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000004000))
ioctl$PPPIOCSACTIVE(r9, 0x40107446, &(0x7f0000004080)={0x1, &(0x7f0000004040)=[{0x3, 0x40, 0x8}]})
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000004100), r4)
sendmsg$TIPC_NL_LINK_GET(r9, &(0x7f0000004240)={&(0x7f00000040c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000004200)={&(0x7f0000004140)={0x94, r10, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xf}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffeff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7fffffff}]}]}, 0x94}, 0x1, 0x0, 0x0, 0xc010}, 0x4008880)
ioctl$sock_kcm_SIOCKCMUNATTACH(r7, 0x89e1, &(0x7f0000004280)={r9})
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000, 0x2, &(0x7f0000ffb000/0x1000)=nil)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000042c0)={0x6, 0x40, 0x6, 0xf}, 0x10)

3m6.59409097s ago: executing program 32 (id=367):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@any, 0x10001})
r1 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNDELRESOURCE(r1, 0x89ef, &(0x7f0000000040)=0x7)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x977, 0xe5, 0x0, 0xcb71, 0x8, <r2=>0x0})
fcntl$lock(r1, 0x24, &(0x7f0000000100)={0x0, 0x0, 0x9aa9, 0x3, r2})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x101, 0x3)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r3, 0x40049366, &(0x7f0000000180))
recvmsg(r1, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000001c0)=""/71, 0x47}, {&(0x7f0000000240)=""/83, 0x53}, {&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f00000012c0)=""/102, 0x66}, {&(0x7f0000001340)=""/58, 0x3a}], 0x5, &(0x7f0000001400)=""/18, 0x12}, 0x101)
llistxattr(&(0x7f0000001480)='./file0\x00', &(0x7f00000014c0)=""/4096, 0x1000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000002500), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f00000025c0)={&(0x7f00000024c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000002580)={&(0x7f0000002540)={0x38, r5, 0x100, 0x70bd25, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8080}, 0x10)
ioctl$SIOCPNDELRESOURCE(r1, 0x89ef, &(0x7f0000002600)=0x1)
r6 = socket$kcm(0x29, 0x5, 0x0)
recvmsg$kcm(r6, &(0x7f0000003840)={0x0, 0x0, &(0x7f0000003800)=[{&(0x7f0000002640)=""/45, 0x2d}, {&(0x7f0000002680)=""/188, 0xbc}, {&(0x7f0000002740)=""/4096, 0x1000}, {&(0x7f0000003740)=""/131, 0x83}], 0x4}, 0x40)
r7 = socket$kcm(0x29, 0x5, 0x0)
recvmsg$kcm(r7, &(0x7f0000003f40)={&(0x7f0000003880)=@l2tp6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000003e80)=[{&(0x7f0000003900)=""/28, 0x1c}, {&(0x7f0000003940)=""/232, 0xe8}, {&(0x7f0000003a40)=""/40, 0x28}, {&(0x7f0000003a80)=""/254, 0xfe}, {&(0x7f0000003b80)=""/87, 0x57}, {&(0x7f0000003c00)=""/219, 0xdb}, {&(0x7f0000003d00)=""/88, 0x58}, {&(0x7f0000003d80)=""/50, 0x32}, {&(0x7f0000003dc0)=""/67, 0x43}, {&(0x7f0000003e40)=""/42, 0x2a}], 0xa}, 0x10002)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
fcntl$F_GET_RW_HINT(r8, 0x40b, &(0x7f0000003f80))
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000003fc0), r9)
listen(r7, 0xe2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000004000))
ioctl$PPPIOCSACTIVE(r9, 0x40107446, &(0x7f0000004080)={0x1, &(0x7f0000004040)=[{0x3, 0x40, 0x8}]})
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000004100), r4)
sendmsg$TIPC_NL_LINK_GET(r9, &(0x7f0000004240)={&(0x7f00000040c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000004200)={&(0x7f0000004140)={0x94, r10, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xf}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffeff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7fffffff}]}]}, 0x94}, 0x1, 0x0, 0x0, 0xc010}, 0x4008880)
ioctl$sock_kcm_SIOCKCMUNATTACH(r7, 0x89e1, &(0x7f0000004280)={r9})
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000, 0x2, &(0x7f0000ffb000/0x1000)=nil)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000042c0)={0x6, 0x40, 0x6, 0xf}, 0x10)

2m8.380342152s ago: executing program 3 (id=1411):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b000000000000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x11, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{}, {0x0, 0x0, 0x1, 0x1}}], 0x10)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000000100)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x8)
brk(0x800000000000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000100000000000000040000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x2844, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r3, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYRESOCT], 0x98}, 0x1, 0x0, 0x0, 0x800}, 0x4048010)
close(0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)

2m8.265719982s ago: executing program 3 (id=1412):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
epoll_create(0xeed)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf, 0xf}, {0xe, 0xd}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x1, 0x21, 0xffffdfff, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)

2m8.150015561s ago: executing program 3 (id=1415):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
preadv(r0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)

2m7.205266977s ago: executing program 3 (id=1428):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x5}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x1e4, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfb, {0x0, 0x0, 0x0, r4, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x1b8, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0x1, 0x1, 0x3, 0x1, 0x4, 0x102, 0x6, 0x7ffffffa, [{0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_LINK={0x8}, @TCA_U32_INDEV={0x14, 0x8, 'vxcan1\x00'}, @TCA_U32_SEL={0x174, 0x5, {0x10, 0x9, 0x6, 0x10da, 0xa760, 0x0, 0x10, 0x100, [{0x1000, 0xe, 0xfffff000, 0x9f6}, {0x4, 0x4, 0x39849ac8, 0x1}, {0x4, 0x1000, 0x7, 0xd443d0e8}, {0xdeb2, 0x3, 0x6, 0x3}, {0x1, 0xfffffffb, 0x100, 0x3ff}, {0x200, 0x3ff, 0x3, 0x4}, {0x2, 0xffffffff, 0x69c, 0x4000000}, {0x9, 0x7, 0x40, 0x80}, {0x6, 0x7fff, 0x9, 0x7}, {0x3, 0xde5, 0x1, 0xbd}, {0x3, 0x80, 0x1, 0x6}, {0x9, 0x10, 0x5, 0x5}, {0x7, 0xe22, 0x9, 0x5cf4}, {0x10001, 0x7, 0xc841, 0x2}, {0x3ff, 0xb, 0x3, 0xa6d}, {0x1, 0x5, 0x5127, 0x800}, {0x6, 0x0, 0x2, 0x1}, {0x40, 0x40, 0x3, 0x5}, {0x4, 0x5d14, 0x7f, 0x72}, {0x7, 0x2, 0x7, 0x7}, {0x48b, 0xf, 0xfff, 0x6}, {0x4, 0x2, 0x7fff, 0x6}]}}]}}]}, 0x1e4}}, 0x24040084)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000600)={{{@in6=@private1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6}, 0x0, @in=@initdev}}, &(0x7f0000000340)=0xe8)
keyctl$get_persistent(0x16, r5, r0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r1}, 0x38)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r8 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r7})
socket$nl_netfilter(0x10, 0x3, 0xc)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x81901)

2m7.204685347s ago: executing program 3 (id=1429):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file1\x00', 0x10c42, &(0x7f0000000d80)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72f46e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f7374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d15539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b73359414993575bf4e880ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7f54653b33118a4e01fcfe3a2329576bf6a45353bf9f720cea11bf481ed7ed0979416e75e6fa5f6b699749e9d4446c849ed79650b35dd0bd6e1955fe9b0c09861cf61fd57be7ba905990ed7a4c5b3793959636630d74ecc23264ea54d4d2cc4f112f49319943f00"/797], 0x1, 0x27a, &(0x7f0000000540)="$eJzs3DFrE38cx/FP0/zbNKVNhr+CgvhFF12ONj4ACdKCGFBqI+ogXO1FQ85cyYVKRGw3FwcfR3F0E9Qn0MXN3a2L4FJQjCRNTdKmitr0onm/oHff5pdP8rvkEr53kNu6+fxBqRA6BbeqWMIUk9a1LaUbVctIax1r1mPqtK7zk5/en7p+6/aVbC43t2A2n128kDGz6dOvHz5+ceZtdfLGy+lX49pM39n6mPmweXzzxNbXxfvF0IqhlYOqubYUBFV3yfdsuRiWHLNrvueGnhXLoVfpGi/4wcpKzdzy8lRypeKFobnlmpW8mlUDq1Zq5t5zi2VzHMemksLP5DcWFtxs1LNA38Qbi0ol645Kmtg3nN+IYlIAACBanf2/Bq7/b3QtP+7/1+n//wD9/zBo9P/J1ue3G/0/AAAAAAAAAAAAAAAAAAAAAAB/g+16PVWv11O7692/cUkJSbv/Rz1P9Afv/3Dr+OFeQvKfruZX85I/0lg2ZAsqypenGaX0pbk/tOzU85dzczPWlNYbf62VX1vNj3bnZ5VSund+didv3fn/lOzMZ5TS/73zmZ75MZ0725F3lNK7uwrka7m5X7fzT2bNLl3N7clPNO8HAAAAAMC/wLHveh6/O85B4zv5Xzg/sOf4Oq6T8Wi3HQAAAACAYRHWHpVc3/cq0RSfWycLIp7GgBfHJP1W/GLHVV/bQ/F9txx28SwYlJduAIuEpEN9wAn1Y6oRfikBAAAA6It20x/1TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF5HccGzA546dsSbCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAETuWwAAAP//AmwlzQ==")
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
writev(r4, &(0x7f0000000580)=[{&(0x7f0000001180)="15a2da46d8347a6de4c4ef6d820c79ef4d95aec6f2c3cf29b24add008a8375f0c3d446d094ef791620e3013906350558495a4255af5695cc962310321a7004b802d6f79a44e7", 0x46}], 0x1)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x20, 0x9, 0x1}}, 0xb8}}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x1, 0x1}}, 0x40)

2m7.17185663s ago: executing program 3 (id=1431):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000008385000000"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf, 0xf}, {0xe, 0xd}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x1, 0x21, 0xffffdfff, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)

2m7.133614753s ago: executing program 33 (id=1431):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000008385000000"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf, 0xf}, {0xe, 0xd}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x4}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x1, 0x21, 0xffffdfff, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)

2m6.133080453s ago: executing program 0 (id=1445):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xe}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1807000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000300)={@mcast2, 0x0, 0x0, 0xff, 0x3, 0x600, 0x600}, 0x21) (fail_nth: 8)

2m6.032198272s ago: executing program 0 (id=1448):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000001200020028bd700000000000190000004ca2b2274d87665152000000"], 0x20}, 0x1, 0x0, 0x0, 0x4040}, 0x4000040)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r2 = io_uring_setup(0x2754, &(0x7f0000000080)={0x0, 0xfffffffc, 0x100, 0xfffffffe, 0x800001b4})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

2m5.996255884s ago: executing program 0 (id=1449):
r0 = io_uring_setup(0x2754, &(0x7f0000000080)={0x0, 0xfffffffc, 0x100, 0xfffffffe, 0x800001b4})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

2m5.962073247s ago: executing program 0 (id=1450):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x81901) (fail_nth: 9)

2m5.577361128s ago: executing program 0 (id=1451):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xf7, 0x6, 0x10}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae0000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2c, r1, 0x301, 0x0, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}]}, 0x2c}}, 0x40006)

2m5.280576872s ago: executing program 0 (id=1456):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000001000), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x28)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, 0x0, 0x40)
r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
open_by_handle_at(r1, 0x0, 0xcee02)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
link(0x0, 0x0)
syz_emit_ethernet(0xa2, &(0x7f0000000a00)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603000bb006c2b00fc020000000000000000000000000000fe8000000000000000000000000000aa2c0004000348000000000000006490783a000000000000000000000082f63de64f6ce2ee11028289aefdb3449391a823213e6336516748ab31ba65ec122f253b1d661c18462075368a1860929ddeb8f71aa23d391b8fa99e9816af2d040876a663a86d97f46b9665cc18492b"], 0x0)

2m5.278600742s ago: executing program 34 (id=1456):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000001000), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x28)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, 0x0, 0x40)
r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
open_by_handle_at(r1, 0x0, 0xcee02)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
link(0x0, 0x0)
syz_emit_ethernet(0xa2, &(0x7f0000000a00)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603000bb006c2b00fc020000000000000000000000000000fe8000000000000000000000000000aa2c0004000348000000000000006490783a000000000000000000000082f63de64f6ce2ee11028289aefdb3449391a823213e6336516748ab31ba65ec122f253b1d661c18462075368a1860929ddeb8f71aa23d391b8fa99e9816af2d040876a663a86d97f46b9665cc18492b"], 0x0)

1m34.642797082s ago: executing program 5 (id=2097):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ae0000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b000000050000000500000009000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
sendmsg$FOU_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010024bd7000fedbdf2501000000050002000a00000014000700fe"], 0x30}, 0x1, 0x0, 0x0, 0x8040}, 0x4000080)

1m34.642342011s ago: executing program 5 (id=2098):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x0, 0x0})
r0 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f0000000240)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e150451160200000064c6", 0x15}, {&(0x7f0000000000)="17460081ba60ccbb9d000000000000", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f00000003c0)="5825be06000000000000007ca2646314d1787b351f0d5ce5d3eaae4571c85e0d08778cfdacf4db98", 0x28}], 0x1}}], 0x2, 0x4004040)

1m34.622758933s ago: executing program 5 (id=2099):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0, r1}, 0x18)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)

1m34.561009778s ago: executing program 5 (id=2100):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in=@multicast1, @in=@empty, 0x1, 0x0, 0x0, 0x0, 0x2, 0x20, 0x20}, {0x0, 0x0, 0x0, 0x0, 0x453f, 0x0, 0x200000000}}, {{@in6=@loopback, 0x0, 0x6c}, 0x0, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02})
readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x0, 'syzkaller1\x00', {0x4}, 0x1})
r3 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000200)={0x4, 0x9, 0x3ff, 0x20000000008412, 0x4, 0x6, 0x1000, 0xfffffffffffffff8, 0x3})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000002c0)='%ps    \x00'}, 0x20)
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = syz_pidfd_open(r6, 0x0)
pidfd_send_signal(r7, 0x0, 0x0, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="50000000020601080000000000000000000000000c000780050015002c0000000000020073797a300000000000000400010000002f000400000000000900020073797a32000000000c000300686173683a697000"], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0xa, 0x1c, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b7080000000000007b8af8ff00000000b7080000010000000600f0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000a96ce67babd2d890f382aee2818f0f5642385026a650647e487f6ff60e3ad0fa6cf3bf4bbda5c5338c7eff09a90582feac42bbe6f9a6dbb5b65a44710ec43cc011ce771b3b68ec322fd77a0334171168c13c1be5f142d64afd996760b233f806091e3a3f4aba2152ada096dcf2be31e49c92e6ff3e373dae8c6729155be1dfb0afd467fcf0ef41efe6f2ea6792000000000000000000000000000000003b680270768775701d003e1bc4b1a4f793f26922539fae3b9583801b2425a6ce429e342fde477228faaeb45aba673cacef618e65b6aec6eecd8fe8d9a3aaf5fdf162f76e8f4320345d0146edc57943e300"/336, @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a5000000185b000009000000000000000000000018180000", @ANYRES32=r5, @ANYBLOB="0000000000000000186900000a000000000000000100000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000"], &(0x7f0000000380)='GPL\x00', 0x27, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x1c, r4, 0x8, &(0x7f0000000580)={0xa, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, r4, 0x0, &(0x7f0000000300)=[r4], 0x0, 0x10, 0x6}, 0x94)
write$P9_RREADLINK(r4, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYRESHEX=r3, @ANYRESDEC=r7, @ANYRESHEX=r8], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
r9 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r9, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
migrate_pages(0xffffffffffffffff, 0x99, 0x0, &(0x7f0000000080)=0x7)
lchown(&(0x7f0000000080)='./file1\x00', 0xee01, 0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)

1m34.402549441s ago: executing program 5 (id=2103):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x18)
r1 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844)

1m34.029137211s ago: executing program 5 (id=2108):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff}, 0x13f, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r1, 0x10, 0x10, 0x10, 0x0, @in={0x2, 0x9b, @dev={0xac, 0x14, 0x14, 0x43}}, @in={0x2, 0x4e22, @multicast2}}}, 0x118) (fail_nth: 3)

1m34.015869362s ago: executing program 35 (id=2108):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff}, 0x13f, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r1, 0x10, 0x10, 0x10, 0x0, @in={0x2, 0x9b, @dev={0xac, 0x14, 0x14, 0x43}}, @in={0x2, 0x4e22, @multicast2}}}, 0x118) (fail_nth: 3)

14.584866534s ago: executing program 4 (id=3476):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x2}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast})
write$tun(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc)

14.427669657s ago: executing program 4 (id=3482):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001ec0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
r3 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r3, 0x0)
ftruncate(r3, 0x51a9497)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r2, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)='2', 0x1}], 0x1}}], 0x1, 0x4000007)
statx(0xffffffffffffffff, 0x0, 0x6000, 0x5a6f5da4ed3dbaa5, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x18)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000e72, 0x94f7}, 0x2880, 0xc8, 0x0, 0x0, 0x0, 0x40000, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a00000080000000064242"], 0xfdef)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
close(r7)
recvmsg$unix(r6, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r8=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[], 0xfdef)

14.397764479s ago: executing program 4 (id=3483):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xec, 0xec, 0x4, [@float={0x9, 0x0, 0x0, 0x10, 0x1a}, @enum64={0x2, 0x8, 0x0, 0x13, 0x1, 0x1, [{0x7, 0x3, 0x93}, {0x1, 0x2, 0x1}, {0xe, 0x9, 0xfffffffc}, {0x4, 0x0, 0x7}, {0x1, 0x3ff}, {0x10, 0xfff, 0x5}, {0x4, 0x8, 0x5}, {0x7, 0x2, 0x2}]}, @var={0xa, 0x0, 0x0, 0xe, 0x3, 0x2}, @var={0x5, 0x0, 0x0, 0xe, 0x5}, @decl_tag={0xb, 0x0, 0x0, 0x11, 0x1, 0xa}, @typedef={0xa}, @fwd={0xd}, @func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0x5, 0x1}, {0x4, 0x3}, {0x6, 0x4}, {0xf, 0x1}]}]}, {0x0, [0x61, 0x5f]}}, &(0x7f0000000000)=""/32, 0x108, 0x20, 0x0, 0x98e}, 0x28)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x0, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setresuid(0xee00, 0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000065c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@cred={{0x1c}}], 0x20, 0x44000}}], 0x2, 0x10)
io_setup(0x8f0, &(0x7f0000002400))
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x9)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./file1\x00', 0x818, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRES16], 0x1, 0x256, &(0x7f0000000bc0)="$eJzs2s9rHGUYB/Bn0takqclG/EUL4ose1MvQ5OyhQVoQA4o2QhWkUzPRJeNuyCyBFaE56dWjR8/i0YMgSI9ecvEv6MFbLjn2II6ku9ZtE0sx224pn89lH3jmu/sM8zI8h91789svNtbrfL3oxVSWxdSF2IlbWSzEVPxjJ9547cpvL31w5aN3lldWLr6f0qXly4tLKaX5l3/9+KsfX7nRO/PhT/O/TMfuwid7+0t/7L6we3bvr8uft+vUrlOn20tFutbt9oprVZnW2vVGntJ7VVnUZWp36nLrrv561d3c7KeiszY3u7lV1nUqOv20UfZTr5t6W/1UfFa0OynP8zQ3GxzH6g+3mib2m1NXo2ma09/HmRsxdzNakT2TsmcvZM9fzV7cyc5+Nz3pQXlIHuj57zdNa9KD8lCMvNRnIqpvtle3Vwefg/7yerSjijLORyv+jINjMjSoL729cvF8um0hvq6uD/PXt1dPDPIxzC9GKxaOzi8O8unu/HTMjv7+UrTiuaPzS0fmZ+L1V0fyebTi90+jG1WsxUH2Tv7niEhvvbtyT/7c7esAAJ40ebrj0P5286Cf/1d/kL/ffjgTESP74T371ck4d3LSd0/d/3KjqKpySzG+4uDwPwZjTKg4dZz46eG5vM81Tx9uTcV4hn/qeN8zP6Yxxlec+P/xCb+YeCT+feiHe9kkBgIAAAAAAAAAAOCBPIo/IU76HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMfb3wEAAP//R7zIZg==")
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r2, 0x2, 0x1)
ioctl$VFAT_IOCTL_READDIR_BOTH(r2, 0x82307201, &(0x7f0000000840)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

14.245041152s ago: executing program 4 (id=3489):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x8, &(0x7f0000001cc0)=ANY=[@ANYRES64=0x0], &(0x7f0000000300)='GPL\x00'}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x3000046, &(0x7f0000000180), 0x1, 0x581, &(0x7f0000000d80)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHWy7cDfeyBBEHIj3eu/l8B/wrxjoYOgoeuFN5aQna9Y2bbrGpDafD5zyvjknec+Tc54375uTNAH0rZHsTyHixYj4Mok4GhFJvm4w8pUjK9stPbk5mS1JLC9//HtS3y6rNx6rcb/DeeWFiPj584jThfXtVhcWZ0rlcjqX10drs9dGqwuLZ67MlqbT6fTq+MTEuTcnxt95+62Oxfraxb+++ejB++e+OLn09Y+Pjt1L4nwcydc1x7EDt5srIzGSPydDcX7NhmMdaGw3SXq9AzyXgTzPhyLrA47GQJ71wN53KyKWgT6VbD//Q6cBe0FjHNCY228+D/5/dwYlXfT4vZUJ0Pr4B1feG4kD9bnRoaXkmZlRNt8d7kD7WRs//Xb/XrZE596HANjS7TsRcXZwcH3/l+T93ya2eNPv7MY3H2iurG1D/wfd8yAb/7y+0finUM/NP/J0XTv+ObxB7j6PrfO/8KgDzbSUjf/e3XD8+/Si1fBAXvtffcw3lFy+Uk7P5qPhUzG0P6tvdj3n3NLD5Vbrmsd/2ZK13xgL5vvxaHD/s/eZKtVKO4m52eM7ES+tGf/ua9q3rLtONjj+2fNxsc02TqT3X2m1buv4/13L30e8uuHxX31xSza/PjlaPx9GG2fFen/ePfFLq/Z7HX92/A9tHv9w0ny9trr9Nr478Hfaat0z8Uf75/++5JN6uXGu3ijVanNjEfuSD/OZ7a3V28dX79uoN7bP4j91snX/1+r8PxgRn7YZ/93jP7zcVvw9Ov5T2zr+2y88/OCzb1u1317/90a9dCq/pZ3+r90d3MlzBwAAAAAAALtNISKORFIoPi0XCsXiyuc7jsehQrlSrZ2+XJm/OhX178oOx1ChcaX7aNPnIcbyz8M26uNr6hMRcSwivho4WK8XJyvlqV4HDwAAAAAAAAAAAAAAAAAAALvE4fp3/gee1le+/7/yX9V/HejhjgHdsa2f/NYpwJ6yZf534peegF1pW6//wJ4i/6F/yX/oX/If+pf8h/4l/6F/tZH/hW7sB9B9Xv8BAAAAAAAAAAAAAAAAAAAAAAAAAACgoy5euJAty0tPbk5m9anrC/MzletnptLqTHF2frI4WZm7VpyuVKbLaXGyMrvV45UrlWtj4zF/Y7SWVmuj1YXFS7OV+au1S1dmS9PppXSoK1EBAAAAAAAAAAAAAAAAAADAf0t1YXGmVC6ncwoKLQoHN91mcBfsoULnC73umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg1T8BAAD//142O6U=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000a00)='./file2\x00', 0x8442, 0x5c)
ioctl$FS_IOC_RESVSP(r1, 0x40305839, &(0x7f0000000180)={0x0, 0x0, 0x0, 0xfff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='kfree\x00', r0, 0x0, 0x1}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_NAME(0xf, &(0x7f0000000040)='\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$TIOCCONS(0xffffffffffffffff, 0x541d)
sendmsg$inet6(r4, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=[@dstopts_2292={{0x18, 0x29, 0x4, {0x2}}}, @dontfrag={{0x11, 0x29, 0x3e, 0x5}}, @dstopts={{0x28, 0x29, 0x37, {0x29, 0x200d, '\x00', [@generic={0x0, 0x7, "02d0c8883e797e"}, @padn={0x1, 0x2, [0x0, 0x0]}]}}}], 0x58}, 0x4040)
r5 = syz_open_dev$vcsn(&(0x7f0000000240), 0x7934, 0x4508c1)
ioctl$PTP_PIN_GETFUNC2(r5, 0xc0603d0f, &(0x7f0000000280)={'\x00', 0x8, 0x1, 0xffffffbd})
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newnexthop={0x28, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}, @NHA_FDB={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, &(0x7f0000000000)=0x33, 0x4)
ioctl$RNDCLEARPOOL(r5, 0x5206, &(0x7f0000000a40)=0x3)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)={0x20, 0x1, 0x1, 0x201, 0x0, 0x0, {0x5}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0xfffffffffffffc98, 0x1, 0x4ad}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8040850}, 0x24008840)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x40, &(0x7f0000000140)={[{@commit}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xa7c}}]}, 0x1, 0x58a, &(0x7f0000000440)="$eJzs3T1sG2UfAPD/neOmH3nf9JXeV3pBHSpAKlJVJ+kHFKZ2RVSq1AGJBSLHjao4cRUn0EQZ0r1CdECAupQNBkYQAwNiYWRlATEjVTQCqekARv5K09QJTohjyP1+0tnPc3f2/3nu/H/sO93JAWTW8fpDGvFURFxOIobXLRuI1sLjzfVWV5aKD1eWiknUald+TiKJiAcrS8X2+knr+UhELEfE/yPi63zEyXTtLQ+0C9WFxanxcrk026qPzE1fH6kuLJ66Nj0+WZoszZx58aVz58+eGzs9tr65D2vra/nt9fXWD7ffufXtK3dvf/LpseXie+NJXIih1rL1/dhNzW2Sjwsb5p/tRbA+SvrdAHYk18rzeir9L4Yj18r6TmrrB4fBPWke0EO1wYgakFGJ/IeMav8OqB//tqe9/P1x72LzAKQed7U1NZcMNM9NxMHGscnhX5LHjkzqx5tH97Kh7EvLNyNidGDgyc9/0vr87dzobjSQnvrqYnNHPbn/07XxJzqMP0Ptc6d/UXv8W31i/HsUP7fJ+He5yxi/vf7jh5vGvxnxdMf4yVr8pEP8NCLe7DL+nde+OL/ZstpHESeic/y2ZOvzwyNXr5VLo83HjjG+PHHs5a36f3iT+M1ztgcbXzOdtn/aZf8//+azZ5a3iP/8s1vv/07b/1BEvNtl/P88+PjVzZbdu5ncr/8K2O7+TyIfd7uM/8KF49+3is4aAgAAAAAAAADALkob17IlaWGtnKaFQvMe3v/G4bRcqc6dvFqZn5loXvN2NPJp+0qr4WY9qdfHWtfjtuunN9TP5FoBc4ca9UKxUp7oc98BAAAAAAAAAAAAAAAAAADg7+LIhvv/f8017v/f+HfVwH61+V9+A/ud/Ifsejz/k761A9h7vv8hs2ryH7JL/kN2yX/ILvkP2SX/IbvkP2SX/AcAAAAAAAAAAAAAAAAAAAAAAAAAgJ64fOlSfao9XFkq1usTAwvzU5W3Tk2UqlOF6flioViZvV6YrFQmy6VCsTL9Z++XVCrXR2Nm/sbIXKk6N1JdWHxjujI/0/5P0VK+5z0CAAAAAAAAAAAAAAAAAACAf56hxpSkhYh8s56mhULEvyLiaBLJ1Wvl0mhE/DsivsvlB+v1sX43GgAAAAAAAAAAAAAAAAAAAPaZ6sLi1Hi5XJrtXWGgFaqHIbovDGxn5YhY3t1m1N9x26/KtzZgnzedQqYKfRyUAAAAAAAAAAAAAAAAAAAgox7d9NvtK37vbYMAAAAAAAAAAAAAAAAAAAAgk9KfkoioTyeGnxvauPRAspprPEfE23euvH9jfG5udqw+//7a/LkPWvNP96P9QLfaeZpGRD2PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEeqC4tT4+VyaXaHhcEu1ul3HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB24o8AAAD//+mR0Yo=")
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x400, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file1\x00', 0x0, 0xa04a, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000301000000140002007767300000000000000000000000000048000880"], 0x70}, 0x1, 0x0, 0x0, 0x24000855}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000580)={0x33c, r7, 0x10, 0x70bd2b, 0x25dfdbff, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_PEERS={0x2fc, 0x8, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x1}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x76}]}, {0x28c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @remote}}, @WGPEER_A_ALLOWEDIPS={0x26c, 0x9, 0x0, 0x1, [{0xe8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}]}, {0x118, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}]}]}, @WGPEER_A_FLAGS={0x8, 0x3, 0x3}]}, {0x58, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "4d15b467ecaa8cbe19ec3ca6c846451ecb73c4dadfc72dcb91a173c5b263d097"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @loopback}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xfff8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @multicast1}}]}]}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e20}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e22}]}, 0x33c}, 0x1, 0x0, 0x0, 0x8090}, 0x40)

14.042232808s ago: executing program 4 (id=3496):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
readv(r0, &(0x7f0000000a00)=[{0x0}, {&(0x7f0000000580)=""/225, 0xe1}], 0x2)

12.565402037s ago: executing program 4 (id=3517):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c5"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
getgid()

12.565238117s ago: executing program 36 (id=3517):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c5"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
getgid()

2.986939139s ago: executing program 9 (id=3736):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x21, &(0x7f00000001c0), 0x4)
recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/191, 0xcb}], 0x1, 0x0, 0x59}, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r3 = socket$netlink(0x10, 0x3, 0x0)
preadv(r2, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.755988188s ago: executing program 6 (id=3744):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014008000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x40050)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x100000000000000)

2.437044923s ago: executing program 6 (id=3759):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newnexthop={0x40, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0x14, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0x3}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
splice(r0, 0x0, r0, 0x0, 0x5, 0x4)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="000200"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x80, 0x0, r2, 0x2, '\x00', 0x0, r0, 0x3}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000c80)={0x6, 0x10, &(0x7f0000000ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@generic={0x2, 0x2, 0x6, 0xf, 0x7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x6, 0x1f, &(0x7f0000000b40)=""/31, 0x40f00, 0x0, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f0000000b80)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000bc0)={0x3, 0x8, 0x8, 0x3}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000c00)=[r2], &(0x7f0000000c40)=[{0x3, 0x3, 0xb, 0x4}, {0x5, 0x1, 0xd, 0x9}]}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001200)=[0x0], 0x1}, 0x58)

2.340125431s ago: executing program 6 (id=3761):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x18)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000380)=ANY=[@ANYBLOB="180040000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095000000000000009d8852baea05eb54eb121a5d2688f218d66e87616949c4e7c4d6d57d23f6906c72628d3a39c620ae7d24709ac282e2373cedcb5488e672df893e20ef428107c787b3adbbf5f4e7"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r2 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x40f5, 0x80, 0x0, 0x224}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000001c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x10)
getgroups(0x0, 0x0)
getuid()
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r6}, 0x10)
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rmdir(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00')
syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x81, 0x8, 0x1, {0x2}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r2, 0x47f8, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1.920878005s ago: executing program 9 (id=3770):
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
creat(&(0x7f0000000880)='./file0\x00', 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@newtfilter={0x14c, 0x2c, 0xd27, 0x30bd29, 0x251fdbfd, {0x0, 0x0, 0x0, r3, {0xfff0, 0xe}, {}, {0x7, 0x6}}, [@filter_kind_options=@f_u32={{0x8}, {0x120, 0x2, [@TCA_U32_SEL={0x114, 0x5, {0xd, 0x31, 0x10, 0x4, 0x100, 0x401, 0x8, 0x5b0, [{0x5, 0xa, 0x2, 0x9}, {0xb, 0x8, 0x3, 0x9}, {0x2, 0x3, 0x2}, {0x2, 0x2, 0x853, 0xff}, {0xdd9, 0x2, 0xb35c}, {0x0, 0x1, 0x101, 0xfffffffb}, {0x9, 0x2, 0x9, 0x100}, {0x2, 0x8, 0x28000, 0x3}, {0x7fff, 0xf, 0x0, 0x40}, {0x10872599, 0x80000001, 0xeaa, 0xfffff023}, {0xb7, 0x5, 0x3440, 0x6}, {0x4, 0xc, 0x800, 0x7}, {0x0, 0x5, 0x7ff, 0x9}, {0xf, 0x7fff, 0xd, 0x5}, {0x2, 0x1, 0xd, 0xfffff052}, {0x400, 0x7fff, 0x8, 0x6}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0x2, 0xffe5}}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@ocfs2={0xc}, 0x0, 0x1200)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)=@fuse={0xc, 0x81, {0x503, 0x81, 0xdbd}}, 0x0, 0x200)

1.797072425s ago: executing program 9 (id=3772):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newnexthop={0x40, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0x14, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0x3}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
splice(r0, 0x0, r0, 0x0, 0x5, 0x4)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="000200"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x80, 0x0, r2, 0x2, '\x00', 0x0, r0, 0x3}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000c80)={0x6, 0x10, &(0x7f0000000ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@generic={0x2, 0x2, 0x6, 0xf, 0x7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x6, 0x1f, &(0x7f0000000b40)=""/31, 0x40f00, 0x0, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f0000000b80)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000bc0)={0x3, 0x8, 0x8, 0x3}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000c00)=[r2], &(0x7f0000000c40)=[{0x3, 0x3, 0xb, 0x4}, {0x5, 0x1, 0xd, 0x9}]}, 0x94)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000001200)=[0x0], 0x1}, 0x58)

1.692832104s ago: executing program 9 (id=3774):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10)
syz_io_uring_setup(0x5b24, &(0x7f0000000340)={0x0, 0x1b2c, 0x2}, 0x0, 0x0)

1.344039652s ago: executing program 8 (id=3779):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000f000000050030000000000005002f00a005000008000300", @ANYRES32=r2], 0x2c}}, 0x0)

1.325787493s ago: executing program 8 (id=3780):
socket$netlink(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000440)={'vxcan1\x00', <r3=>0x0})
connect$can_bcm(r2, &(0x7f0000000300)={0x1d, r3}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @time_exceeded={0xb, 0x2, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @private}, '\x00\x00eX\x00\x00\x00\x00'}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$can_bcm(r2, &(0x7f0000000480)={&(0x7f0000000340), 0x10, &(0x7f00000000c0)={&(0x7f0000000580)={0x1, 0x7ab0715dca68fed7, 0x0, {}, {}, {}, 0x4, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "b8ee0816756b62187804752330b2b55830d7228ef1593c0639bd084bba0bfd8db72f70e5b2e7f90e11cbc6ec61a03fc316d5d47970907af5fc4a27f6cf718909"}}, 0x20000600}}, 0x0)

1.291820976s ago: executing program 8 (id=3781):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x21, &(0x7f00000001c0), 0x4)
recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/191, 0xcb}], 0x1, 0x0, 0x59}, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r3 = socket$netlink(0x10, 0x3, 0x0)
preadv(r2, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.264696938s ago: executing program 2 (id=3782):
socket$netlink(0x10, 0x3, 0x10)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000440)={'vxcan1\x00', <r3=>0x0})
connect$can_bcm(r2, &(0x7f0000000300)={0x1d, r3}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @time_exceeded={0xb, 0x2, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @private}, '\x00\x00eX\x00\x00\x00\x00'}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$can_bcm(r2, &(0x7f0000000480)={&(0x7f0000000340), 0x10, &(0x7f00000000c0)={&(0x7f0000000580)={0x1, 0x7ab0715dca68fed7, 0x0, {}, {}, {}, 0x4, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "b8ee0816756b62187804752330b2b55830d7228ef1593c0639bd084bba0bfd8db72f70e5b2e7f90e11cbc6ec61a03fc316d5d47970907af5fc4a27f6cf718909"}}, 0x20000600}}, 0x0)

1.264216548s ago: executing program 2 (id=3783):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xec, 0xec, 0x4, [@float={0x9, 0x0, 0x0, 0x10, 0x1a}, @enum64={0x2, 0x8, 0x0, 0x13, 0x1, 0x1, [{0x7, 0x3, 0x93}, {0x1, 0x2, 0x1}, {0xe, 0x9, 0xfffffffc}, {0x4, 0x0, 0x7}, {0x1, 0x3ff}, {0x10, 0xfff, 0x5}, {0x4, 0x8, 0x5}, {0x7, 0x2, 0x2}]}, @var={0xa, 0x0, 0x0, 0xe, 0x3, 0x2}, @var={0x5, 0x0, 0x0, 0xe, 0x5}, @decl_tag={0xb, 0x0, 0x0, 0x11, 0x1, 0xa}, @typedef={0xa}, @fwd={0xd}, @func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0x5, 0x1}, {0x4, 0x3}, {0x6, 0x4}, {0xf, 0x1}]}]}, {0x0, [0x61, 0x5f]}}, &(0x7f0000000000)=""/32, 0x108, 0x20, 0x0, 0x98e}, 0x28)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./file1\x00', 0x818, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRES16], 0x1, 0x256, &(0x7f0000000bc0)="$eJzs2s9rHGUYB/Bn0takqclG/EUL4ose1MvQ5OyhQVoQA4o2QhWkUzPRJeNuyCyBFaE56dWjR8/i0YMgSI9ecvEv6MFbLjn2II6ku9ZtE0sx224pn89lH3jmu/sM8zI8h91789svNtbrfL3oxVSWxdSF2IlbWSzEVPxjJ9547cpvL31w5aN3lldWLr6f0qXly4tLKaX5l3/9+KsfX7nRO/PhT/O/TMfuwid7+0t/7L6we3bvr8uft+vUrlOn20tFutbt9oprVZnW2vVGntJ7VVnUZWp36nLrrv561d3c7KeiszY3u7lV1nUqOv20UfZTr5t6W/1UfFa0OynP8zQ3GxzH6g+3mib2m1NXo2ma09/HmRsxdzNakT2TsmcvZM9fzV7cyc5+Nz3pQXlIHuj57zdNa9KD8lCMvNRnIqpvtle3Vwefg/7yerSjijLORyv+jINjMjSoL729cvF8um0hvq6uD/PXt1dPDPIxzC9GKxaOzi8O8unu/HTMjv7+UrTiuaPzS0fmZ+L1V0fyebTi90+jG1WsxUH2Tv7niEhvvbtyT/7c7esAAJ40ebrj0P5286Cf/1d/kL/ffjgTESP74T371ck4d3LSd0/d/3KjqKpySzG+4uDwPwZjTKg4dZz46eG5vM81Tx9uTcV4hn/qeN8zP6Yxxlec+P/xCb+YeCT+feiHe9kkBgIAAAAAAAAAAOCBPIo/IU76HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMfb3wEAAP//R7zIZg==")
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r1, 0x2, 0x1)
ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82307201, &(0x7f0000000840)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

1.208681832s ago: executing program 2 (id=3785):
ftruncate(0xffffffffffffffff, 0x51a9497)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x18)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000e72, 0x94f7}, 0x2880, 0xc8, 0x0, 0x0, 0x0, 0x40000, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a00000080000000064242"], 0xfdef)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0xfdef)

1.156843367s ago: executing program 2 (id=3787):
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000200)={[{@noload}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@jqfmt_vfsold}, {@journal_dev={'journal_dev', 0x3d, 0x800}}, {@nobh}, {@inlinecrypt}, {@grpquota}, {@init_itable}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x7, 0x8000c64)
write$binfmt_elf64(r0, 0x0, 0x478)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x2000)
ioctl$BLKALIGNOFF(r1, 0x127a, &(0x7f0000000080))
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x3c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0xffff}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_MASTER={0x4}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x52, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r8}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r3}, 0x0, &(0x7f0000000580)=r4}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r9 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
read(r2, &(0x7f00000003c0)=""/4096, 0x1000)

1.10953972s ago: executing program 7 (id=3788):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014008000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000000000000850000008500"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x40050)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x100000000000000)

823.995113ms ago: executing program 9 (id=3789):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
fsmount(r0, 0x0, 0x0)

804.169645ms ago: executing program 9 (id=3790):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000fc0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0xe, 0x0, 0x0, 0x0, 0x18}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000003d80)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060500000000000000000001000006050004000100000011000300686173683a69702c706f7274000000000c000780050003000a0000000510050002000000050005000100000012000300686173683a6e65742c706f7274000000"], 0x60}}, 0x4008004)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000140)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@quota}, {@resuid}, {@lazytime}]}, 0x1, 0x445, &(0x7f0000000200)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000010240), 0x5a)
write(r4, &(0x7f00000009c0)="3bf58d7d45d32cfe1da7c797b82f16713d1cb80b3fa1bda74e3977b40e7af46b4c60b70d7a79ed5d8c48f52a50185980", 0x30)
sendfile(r4, r2, 0x0, 0x3ffff)
sendfile(r4, r2, 0x0, 0x7fffeffd)
r5 = socket$netlink(0x10, 0x3, 0x0)
syz_mount_image$iso9660(&(0x7f0000002900), &(0x7f0000000000)='./file0\x00', 0x2, &(0x7f00000002c0)=ANY=[], 0x1, 0x5b1, &(0x7f0000001000)="$eJzs3MFv29YZAPDHxK4NBwsGFGvSNEDZtIfsEFeSFwdGBywaTdtsJVEg5cI5DcXiZMHsblg2YMmly6VDgQ077bz1utOO+6d62T/ggRLlybIzuWkbZcDvB8TvUfzI9z2C4QcRIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEKJks9FoRqGT9Xb34udLNou8e7y0EKbXj/f3rxPNCYsTf0MUQlT9C8vL4eroo6uv/zf2B9WfG+HKaOlKWK6a5fD00hvf/+D1hQvVhotRdCqLl+3xk6e//OTgYP83X2Obo6Ojz6rZfIdpvTTbaS8r86zb3k7jrMzjjfX1xvs7W2W8lXXS8l45SLtxUqTtQV7EN5O7IYSNtThdvZfv9rY32500vpn8MG5ubNy51Wo01uMPV/tpuyjz3vsfrpbJTtbpZL3tYUy1+lbr7XCnOhE/ygbxIG134/jBo4P9tVlJVkHN8wS1ZgW1Gq1Ws9lqNddvb9y+02gs12fr8QcLjSlhepOF+Z+0vHSv1SfKcGF8jXvtW7uIwws6Sv4y7xQAAACA71g0vMceDe/LXx32trJO2jgRcxTNLT0AAADgWzD8an+lvgEQwtUQnf7+DwAAAPx/+/u4c+YzdiGKQtlfisaPqvT33osO21WvfXhx9NHF6T0Otq5Fl+udDJv1hXopSa9Hb46C3hxHf1U3D57/rN8/Q5VHVBSL0bNvlkD4U7g2irl2f9TeH68ZzXZlK+ukq0ne+aAZ2u3LFwbp3uB3nz76fQhFcXTxi173chQePDrYX/35rw7uD3N5Vu3l2WH9C4lTP5Q4mctSmMjlt8fPPdYzvnvyyC8Ob8RUs/6i110ZjduYnP+F0eYXvsb8Pw9vjWLeWhm1Kyfnv1yN2Vw9Y/aTWTT7e+8t1YOdc+ZTWVwfxVy/OTyx3r1Zr1mcyKI1K4vW5PF/oWNxnMW7J7KYPBZrs7JY+4ZZAMzLg+kqdKr+n6q7L3CV+x/VvRqlKuEzq/svZo7yeXhnFPPOtYW6Il0MYeqK3ph1RW+cs66HcHYW/wg3/vbXEHbDjXHw82psNe6fT1TV6PDLaoMvT4/7h1FT/vvhzqWqs3T46/DG4ydPbz06/OTh/sP9T1uttfXGjxqN262wOJxG3ag9AJwhLb6KVgZ/jIoi6/+subHRbA920rjIk4/iItvcTuOsN0iLZKfd207jfpEP8iTvVJ2Ps820jMvdfj+vKklexP28zPaGb36J61e/lGm33RtkSdnvpO0yjZO8N2gng3gzK5O4v/vTTlbupEW8lRdx2U+TbCtL2oMs78Vlvlsk6Wocl2k6EZhtpkefhZBV3V7cL7Juu7gXf5x3drtpvJlW1bI/yKNQ7XA8VtbbyovucLer8z7YAPCKeBzqN9gdv8ru8U/Gq56cWnVmJyzPiJnzFAGAKdNVemneCQEAAAAAAAAAAAAAAKdMPq734/qVPud77O+V7dy9dNaqt+ef2GQnhLDwCqShc87O8quRxmL93/ZF9xOFEGYHf6+KmedVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADO9p8AAAD//0n5kWY=")
r6 = socket$unix(0x1, 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000280)=[{0x6, 0xbd, 0x0, 0x7fff0006}]})
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x7, 0x0, 0x0, 0x7fff0006}]})
bind$unix(r6, 0x0, 0x0)
sendmsg$netlink(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=r7, @ANYBLOB="02e3275a", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r8}, 0x4)

743.31524ms ago: executing program 7 (id=3791):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000f000000050030000000000005002f00a005000008000300", @ANYRES32=r2], 0x2c}}, 0x0)

577.389534ms ago: executing program 6 (id=3792):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000440)={'vxcan1\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000300)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000340), 0x10, &(0x7f00000000c0)={&(0x7f0000000580)={0x1, 0x7ab0715dca68fed7, 0x0, {}, {}, {}, 0x4, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "b8ee0816756b62187804752330b2b55830d7228ef1593c0639bd084bba0bfd8db72f70e5b2e7f90e11cbc6ec61a03fc316d5d47970907af5fc4a27f6cf718909"}}, 0x20000600}}, 0x0)

576.290374ms ago: executing program 7 (id=3802):
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
syz_clone3(&(0x7f0000000900)={0x4184100, 0x0, 0x0, 0x0, {0xd}, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[0x0], 0x1}, 0x58)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa19a, 0x1000}, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000340)='cpu\t&0&&\t')
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0e00000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="0000edff200000000100000000000018a48e3d29ffbb239241660b765b802fb69a5140", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fcdbdf2512000000180001801400020076657468300000000000000008000000080009"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x2004c0a0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

503.07076ms ago: executing program 7 (id=3793):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000000000000000000000000f9", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r2}, &(0x7f0000000000), &(0x7f00000005c0)=r3}, 0x20)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x30, r5, 0xc4fc9e906872338b, 0x70bd2a, 0x0, {{0x15}, {@void, @val={0xc, 0x99, {0xc7, 0x3a}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4, 0x3, 0x0, 0x0}]}]}]}]}, 0x30}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e22, @empty}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r7, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)

486.379171ms ago: executing program 7 (id=3794):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)=r1}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r0, &(0x7f0000000780)}, 0x20)

469.122122ms ago: executing program 7 (id=3795):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004000000957b1464984cdc540d41d923740d58f4b54f86bf16daea7614efee70414e73877e23cbfcc0c0de844d7ab85ce7e5977e0c22"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={[{@nobarrier}, {@noblock_validity}, {@bh}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@grpquota}, {@inlinecrypt}]}, 0x6, 0x5fc, &(0x7f0000000300)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000017c0)={0x0, r0}, 0x18)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4600, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x2000000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/12], 0x48)
r1 = openat$random(0xffffffffffffff9c, &(0x7f000000fe80), 0x40800, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x8, 0x3, 0x460, 0xf0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x390, 0xffffffff, 0xffffffff, 0x390, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x2f, 0x0, 0x3}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@local, 'nicvf0\x00', {0x3f66}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}, [0xffffffff], [], 'wg1\x00', 'gre0\x00', {}, {0xff}}, 0x0, 0x258, 0x2a0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x80ff, 0x0, 0x5, 0x563e4515, 0x0, 0x7, 0x3fc, 0x20}}}, @common=@inet=@hashlimit3={{0x158}, {'veth0_vlan\x00', {0x3, 0x0, 0x48, 0x0, 0x15ab, 0x1000, 0x6, 0x5}}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x2, 0x5, {0x6}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4c0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00'})
ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f000000fec0)=ANY=[@ANYBLOB="04000000000010"])
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r4, 0xc05c5340, &(0x7f0000000280)={0xa, 0x6, 0x2, {0x8, 0x8}, 0x8, 0xc})
pipe(&(0x7f00000001c0)={<r5=>0xffffffffffffffff})
readv(r5, &(0x7f0000002a40)=[{&(0x7f00000007c0)=""/4096, 0x1000}], 0x1)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000440)={0x0, 0x0, 0x0, 0xa71})
fcntl$lock(r6, 0x24, &(0x7f0000001800)={0x1, 0x0, 0x0, 0x5a60})
gettid()
mknod(&(0x7f0000000480)='./file0\x00', 0x1ffa, 0x9edd)

160.686847ms ago: executing program 2 (id=3796):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xec, 0xec, 0x4, [@float={0x9, 0x0, 0x0, 0x10, 0x1a}, @enum64={0x2, 0x8, 0x0, 0x13, 0x1, 0x1, [{0x7, 0x3, 0x93}, {0x1, 0x2, 0x1}, {0xe, 0x9, 0xfffffffc}, {0x4, 0x0, 0x7}, {0x1, 0x3ff}, {0x10, 0xfff, 0x5}, {0x4, 0x8, 0x5}, {0x7, 0x2, 0x2}]}, @var={0xa, 0x0, 0x0, 0xe, 0x3, 0x2}, @var={0x5, 0x0, 0x0, 0xe, 0x5}, @decl_tag={0xb, 0x0, 0x0, 0x11, 0x1, 0xa}, @typedef={0xa}, @fwd={0xd}, @func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0x5, 0x1}, {0x4, 0x3}, {0x6, 0x4}, {0xf, 0x1}]}]}, {0x0, [0x61, 0x5f]}}, &(0x7f0000000000)=""/32, 0x108, 0x20, 0x0, 0x98e}, 0x28)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x0, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./file1\x00', 0x818, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRES16], 0x1, 0x256, &(0x7f0000000bc0)="$eJzs2s9rHGUYB/Bn0takqclG/EUL4ose1MvQ5OyhQVoQA4o2QhWkUzPRJeNuyCyBFaE56dWjR8/i0YMgSI9ecvEv6MFbLjn2II6ku9ZtE0sx224pn89lH3jmu/sM8zI8h91789svNtbrfL3oxVSWxdSF2IlbWSzEVPxjJ9547cpvL31w5aN3lldWLr6f0qXly4tLKaX5l3/9+KsfX7nRO/PhT/O/TMfuwid7+0t/7L6we3bvr8uft+vUrlOn20tFutbt9oprVZnW2vVGntJ7VVnUZWp36nLrrv561d3c7KeiszY3u7lV1nUqOv20UfZTr5t6W/1UfFa0OynP8zQ3GxzH6g+3mib2m1NXo2ma09/HmRsxdzNakT2TsmcvZM9fzV7cyc5+Nz3pQXlIHuj57zdNa9KD8lCMvNRnIqpvtle3Vwefg/7yerSjijLORyv+jINjMjSoL729cvF8um0hvq6uD/PXt1dPDPIxzC9GKxaOzi8O8unu/HTMjv7+UrTiuaPzS0fmZ+L1V0fyebTi90+jG1WsxUH2Tv7niEhvvbtyT/7c7esAAJ40ebrj0P5286Cf/1d/kL/ffjgTESP74T371ck4d3LSd0/d/3KjqKpySzG+4uDwPwZjTKg4dZz46eG5vM81Tx9uTcV4hn/qeN8zP6Yxxlec+P/xCb+YeCT+feiHe9kkBgIAAAAAAAAAAOCBPIo/IU76HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMfb3wEAAP//R7zIZg==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r0, 0x2, 0x1)
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000840)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

107.512671ms ago: executing program 8 (id=3797):
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
creat(&(0x7f0000000880)='./file0\x00', 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@newtfilter={0x14c, 0x2c, 0xd27, 0x30bd29, 0x251fdbfd, {0x0, 0x0, 0x0, r3, {0xfff0, 0xe}, {}, {0x7, 0x6}}, [@filter_kind_options=@f_u32={{0x8}, {0x120, 0x2, [@TCA_U32_SEL={0x114, 0x5, {0xd, 0x31, 0x10, 0x4, 0x100, 0x401, 0x8, 0x5b0, [{0x5, 0xa, 0x2, 0x9}, {0xb, 0x8, 0x3, 0x9}, {0x2, 0x3, 0x2}, {0x2, 0x2, 0x853, 0xff}, {0xdd9, 0x2, 0xb35c}, {0x0, 0x1, 0x101, 0xfffffffb}, {0x9, 0x2, 0x9, 0x100}, {0x2, 0x8, 0x28000, 0x3}, {0x7fff, 0xf, 0x0, 0x40}, {0x10872599, 0x80000001, 0xeaa, 0xfffff023}, {0xb7, 0x5, 0x3440, 0x6}, {0x4, 0xc, 0x800, 0x7}, {0x0, 0x5, 0x7ff, 0x9}, {0xf, 0x7fff, 0xd, 0x5}, {0x2, 0x1, 0xd, 0xfffff052}, {0x400, 0x7fff, 0x8, 0x6}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0x2, 0xffe5}}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@ocfs2={0xc}, 0x0, 0x1200)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)=@fuse={0xc, 0x81, {0x503, 0x81, 0xdbd}}, 0x0, 0x200)

77.365844ms ago: executing program 2 (id=3798):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010100}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040)={r2, 0x7fff}, &(0x7f0000000200)=0x8)

46.356996ms ago: executing program 6 (id=3799):
ftruncate(0xffffffffffffffff, 0x51a9497)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, 0x0, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r0}, 0x18)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000e72, 0x94f7}, 0x2880, 0xc8, 0x0, 0x0, 0x0, 0x40000, 0xfffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a00000080000000064242"], 0xfdef)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0xfdef)

23.677828ms ago: executing program 8 (id=3800):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e0000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
fsmount(r0, 0x0, 0x0)

15.750309ms ago: executing program 6 (id=3801):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32=<r2=>r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000fc0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0xe, 0x0, 0x0, 0x0, 0x18}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000003d80)=ANY=[@ANYRES64=r2, @ANYRES64=0x0, @ANYRESOCT=r0, @ANYRES32=r1, @ANYBLOB="8190ec87e308603f2ae9d42e10744e60957da896ac0b008bc5da9bf008b827fff5fda14c3b879c464d7ad12c3b912d1abfc05c340bbd8ba5b5422a4f986c0cf9e41ff45b64c73883f7ea5c9dc92c7a37f3902c1da264641e4bc123e7abf04a6bfda8f041ef551f4ae978cfe46f09de6b6cfff7f277319d33f9b1dbb77eebb55ae8a405261ae334161baa9074ac07fa8ff845b9866fed1a82d22720628441222b703973957f404905667ae98d13fe9b43bdc6b5b4a3a42647b07ef477e0bd51fca181514157796ab950b6a9bda6efa5dd61106a718a623d1e1a818b1cd02d9bc114fb7bcbf7c6a31c9f540b8d657575f07e7baa0de136b24b17d6998e3772cdc1f664b46025d4e2f5ba237b83eaaa25f69ec5e77cd7b8ab9cc35f77fe9b2787709e34aed9b051ffb94b1d304b5c9429e258cbf29a6ce625122d1613131c652baa9d70cb185e665d2c0532aae2cad48d170a256b2ef336c53bf43ff0c1c000fa2417b6ef2999e34a5c46456be618fcb89c73cdf3731792e63d51894eb1e0e6cce2c7fbadd708877e6030807627f5a854dd764c675e612f2501eec1919baca29846185c6270169ad26b2937b4556c3282b3852493690d323698053d5137546919bf2ef66c91d9e304170c0f01ff01da37bb696149cb3086ff5077f5453bdb178316e7108cd3a5e3c27974000067c28f4e600eb5c03d7b6e4c46b52f3ccaafbfee5213dbac0b6cf52b72445707ce0753080af6545b153dd5fe717aa2344ce140551aed47d257b52df802f409594a4025db6b1f93748cda370d3398cd5ca15b869934a884b631fa37200337de59e0fb789fd4ae3b4f4ba14c75e1fec0950fbac4340ea7f6ad4e365475f025c96e00360f6190a1bf4c9c35996e0f37e235749f40fbae99141a2efab3d933b822b68a430e008ca22330b895932c33a25ad00e9301a138fc6ba8cc269ab31ceb4a5e5ac826da8bd7447a04d47bb81d2c4c1f5f45b79e805c766582be2c7d1f10d522c04033d586be25e9e4c27717fdc9e8c780eab7351f606e8763af649c1bfa086af143d5a67c5ba196fbc1bf6695a1946384a9e4bbbf99814a407ec474b2c09fbd4fc84b02ab18c9904fb0933ddbf038cee78b5850aa8c4796b38fa88f4e28245fda3c861eb62a57b95cb9f24c128480262977dce7ef669a5f6c537d53ad88a45bc116d17618af52929867ad8238d9d16c9153c9399538629c752083422f0579447fb9e0bbd3d48f738407e2f039509cc70927bd80ffc45099fced3453b92c682d9208c82254798caf861520c6064acb36d3ef6eb89efc6e3b8f1ff2c032664d3d9ae22019ac5e67999c02ecd6a75bdb0b1e5ac24bf142c66e13e71ed8ff639832375cfe53124d50ea7c15a469cfa85f8702a70d159c826cfdf26b41d7477d400fbd283f94ab6cc7cde993d4658adc8ba31793dc1bbfd9be11ad95932b8fcc55ead0b72c9841e32deb5873b45d7af012d611b9e20a30a2845a6933b5ab49ebf138d0c2c314b90cd513c63a8ef806446d5f3af1c09c05c6b72b5f407b6cc01384e7e8b9c63cf5a527d8dadb9fc409ddc46e0a8105238af35c5eff8d921fc68fe0a074e55cd330ea9378d94b1ef5bcd139c625c00efba91ba6e628b2ffe4e543a9e7082f02289f9239dd7334fb68eb87880a8918a2fccbd930bdaabe3523fee4a4ac324b8e4267d94cb9dcdb94d4bef3fb5cf75f172fc1a30bb6d0f078dcfb70c9db412ebc53edb08f63a4ad552e0fe2980cd17858aced27677fe530eed822f25fe9ca10a79ab8bfb225938697747aa24d4ea3beca7790161493f38446f050d53ae66b3e6d67f20453c2e6284eb158dcecb52f8755acf5b748afaa84f1d46d4f12d316448e68c9568c681de14bb27431b2722287f7e274289439c22ad6aaf20eaf5fa20f983df8a65cb2ec1fa6110d55760891cd7485d677ef68569f4f5285a89a14365583b03b5383ac0f92ca6d0fff5ec72ccc35065f7780470781da6d1de1311403abdec42600d4039f1bfe12686569d25fe416f28f3af2a530f188a8f18fe24a215a8ebaac1e6cc82557416efcd05135fffb85247bca75c1d9601dc4da38377b15d71aea03501690bdb2e1b12c9738d303feafbb183d498c50d8000f5a78102a15999bac2679d6ee9405f7f522ed2832d839c9459627fb41448646cadbc8dfe831c4d876d5f7b0b196e05aed4c2ce059412e895faab97267a904004e14f00e24112eda67f945a1c4c54eeec07dccd6147a245a2bea35547ed35eb89330b5416f9b611ba34f3cf67dcc979061867eb2c6f27e2b5716b6b80948804a36de633f46bfbd65b569046247dc0bfdc942977eabce1860b453bfaeede0c43e145901372e8aefe0ef13358a4681967ae0b28b406b05c348e48bdd2c34431b87be25ec4d528b25210c97b612cd80d0b59185b5feedcb267d18ae097d6b55b77607fddd70c61a5bceb50e0e424f0cf856da9614ff5c3b24d2c305aa363e43bc96c6f5d57f400206274e4e521abdc14b41ec97e3839942b7966686573681acca29f5dac69a5a7e677c311fe3e1d71dd95a05bdd724d74748f39919e1ae80a10ebd565e16072188fd82770f391c1714ff321030adfddf9c69dbc78e61c586f4b32710b2dcb6a02522be13ea9d5be7046bd333367e03e52e65d9acba64d0ea021288e136c1641d0560e61d5b6a799e329732a312ca186ece15695a6cb1b30dcccddf6b19546b95f05d812a0bdf28ccce2b77b3460b735ab581d25518a76e4d7158406cef61eae37b9e01408be8901953ea2d95149cf5de1fffabf883861e696dd0233b3a1fca34434fd7b96c32b58cfe202585065ca49c9250622e2c8e554ad1e66573bbc72802081ae9f9c4daadd65a41cefe2c5ea8de2518f8b68840f74baf49f4327c792ea4f4d1724285f21f5cd8ee3826c52bfc9a55038bf7fb95a4bb383b9d353ef4523aaf6233f7e92f726b3283c0e9ee97e90b2037b89ab559c66df0150f8d8841d7137937160141654f598ceba849fedb0f8fdaef68553ae5df9f6d4b35affb166735a907dbafa46a1566ca5d00d40d171aa54c8fbf90d7ced122a332e5469320ef2a9ca87c63a00d76785bbb8d5c38ef69e6ba4a886c605f5efb2a87bea768887b0ebcd12521920e253be401b9c7eaa228dd62a6f517f743f1d8999e200bf853e2b59b84b414fce6cefb756a9965d3b9cb994da3042a781a2095503d347e863e8a2f8b733f7563b7d4d6e14bc717fefc322ec651fe74d6f10ef1f2e200f4ea79b0330346248f6c9b0d781c65db79e77a67faca71ea204b025e75144ef5360336f117f624b899063ee5b1b38e1634493d518e5e822638a1206eb528c949b5bf6dd8eb11478506ecd01787b83101a6710bda1aca0f9e9d5878e6fc24b6e1821099358df6562088391bbdfc79c850f28620edaf7e9da0f49152ebb77587b35feb1539a2a3ce06cfcaf3e5e522d64216f391008b9477700ac465946b2c83cb4039ee908f09795e7309bb476366febbf4266c6daa74957ddf8662f8274e6ce2f0884fbf2d3d49c4518170e12470cc4133d511c1b0ca05df21c6b0f39bc854d5b3ba3e4ebbf6cece0f0aa0e7eec1c7f07b8afa9840b15ec9571dd205452f22b8b779e8e0adccc7918a5c660a61dc1f771490e057cf33af3fa8168b057a483fa01599b2afaa49a22a5753018e5d9539d4fc92a8d284675853e5275b89b6971902d2fb71405aa8477beb134ff7c8f7f7c77514674bfd0409fd0e47e41bc6d0ac637d209fb0ceec3d52239078d4beea5cdda7ae0d338b91824d1b1eddd6f63817fd8ee7d95a9d11b1948a2403be1e3a3671a2f6d42059d95b68bb299061d6fb3263cb58cba47ac3ab79b26f14bf2057d4cdca1b487d6a7e71cf9858e85ab4ae9badb60a8da116b14f45214a9bc9c3844e41ef08a3f50bbcfdda9b1f539384565612d553c43b5e594668802f3c294f5656b10da2232409067f3a2e6e699c1176806f580306095412d67f5b65420ee947e8e9a359a1c64254c1df89cd4e3fa4fffd2a6f677395f354e8c43b8ee5867ae5e2a473ce644bfc4e4ecda3727397de9acab85b3b1dd85ef8a6ceb69dfc326a025f3001ce2e9f07aba7bc51dc2141eaaaf8ebb2efc59b4f4429996aaa555c372bac264bf887997b40d65d9d25efede80de093e1dda02429b04a1b535a038e8a854e4b46cc3867b81f38ea36ab92b9e6e784eb3010cec031a05f62558b40171907fcd8d4d732e66f8a6148d22a5610e3d63857de6351d673c19efa08b316e5d47dff8e34d6f83d1fb35244d67435533f4a38ae2c04414698d9c3cda48f0539b55a996d06665450cfd6ca512ce6c3a755d22196eafb33b22d8264f244e9b5cd0210317596c470b07dea90b605be5e6a5c5629d972f219cf048c181361f9af72af704130008129245ff834098aec82804fceba955fb11d2042ca1c5dd844596158a68a454355d35e89bcc1feec89a242618cba17aaeaafdb6cce3d3118b8e7821d0a220c7c924795cfff83d1aff6afcfa476cbc2c0fea732e31d6b2db09eb34c8222e2dd2589b0248b82032f43afe3ba26a3872046b80c920f009b24fd86a35ab0deaffa00985cccc53a9d6eaa39a707e8c66a7af9748701d2acdc84d94afe15fb40b4e005eb96dd67f50fba18e68a0c1deb7a8e750d31954fd148dc68d932538d75bcdba401259a1ff4427ef735f0db34e7be65c5d20ace137b4f7cc140a5e4fe2aa0ecb233799e319f52fd4b2c436a7c9ebee87f24658761cc2fb200a18821efab9719e115e7258b0166b332b48c34c905831683c5bc877ea660b439c615d1d6a580c73882d62627c1054acc41e06bd8d815e348495e27705f3c1d642e988c894a755d714bb0f1302daec6ff67f78c821a359174f0273ae9b7c3bf60947d29b5871b3f902549a38031ea0f9f243592e74ddb3d1843610f1d3251bacd3fe24dbc86d488ef7458133eb7bced001ec78d05a8ca61e9c534ab10eed30819ff96de3294edb672810e0241a90a79a9c838e622dcd395bda50fc08db11162151c7514916b36c15aad74e9b587bb7e88fb92183b1161edeb73c1563a7f56970a384c0ae331c0933cf7b9795975c322a6175189bb36817e4f0409ec5fd09a5ab1611118e77b2cf2be7861853ab411052636f4c76c2759c31e225b7fff4fcf0a4338ed428f62738a7cd8168c5e48f78d9afc6d6aa4f83c6ac36b3504a98cb44933820ee37b094daca7b9fadb12001541dbc299f4e2b324e8508a1bb47d48400fc0afdaa7fdc34b35129e1487331ec14dace215ccf86f1c7af1ae458c6e9c8fc253f9858e3872921e92eba1ebccde303d44708244da779d7e729f50c4e27be9d5a5e8a1e59727b546f4305b04ab94bf83fec8cf3a55fe56adb41ab3f220add7bb185d15bb0904b9f91e6eca9b4391e15412f8d69bb7198c7d7a664084ea51abb9052b5643f7ea0b6286473f8691d8ee00d1b13f35d04dabba07c4f98c2635f99c6da52d4cca6f178769e6e171e26e8ab2413b6e2f036209a100f00eb056839079de588a813d2903fec443bd7b7342cdc63f3314222a4dc7385d86a72907aec5b9cd40e16c9544e4ee9e3c0967a4fb89ff7677ed8b813af2cdd00d405ca841b216e364e4889f79cc06fd37b0a7b6e4fc73c44ce3a3ad80dacffbcf26922d93d2fb14c1b4ec71783754fdc7d56d4d73e65c0434645e664e55db68f113124a08fc946cdcfc0b8f50d50eca229180f29042e83d9d742400ccb92a371c6a45bc6e541f187bf284c2703de7d2febd33230abc77df4d", @ANYRESOCT=r3, @ANYRESDEC=r0, @ANYBLOB="b6902ae551a6648c340aad40915ab459f678b2f54f00d7d74d"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060500000000000000000001000006050004000100000011000300686173683a69702c706f7274000000000c000780050003000a0000000510050002000000050005000100000012000300686173683a6e65742c706f7274000000"], 0x60}}, 0x4008004)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000140)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@quota}, {@resuid}, {@lazytime}]}, 0x1, 0x445, &(0x7f0000000200)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000010240), 0x5a)
write(r7, &(0x7f00000009c0)="3bf58d7d45d32cfe1da7c797b82f16713d1cb80b3fa1bda74e3977b40e7af46b4c60b70d7a79ed5d8c48f52a50185980", 0x30)
sendfile(r7, r5, 0x0, 0x3ffff)
sendfile(r7, r5, 0x0, 0x7fffeffd)
r8 = socket$netlink(0x10, 0x3, 0x0)
syz_mount_image$iso9660(&(0x7f0000002900), &(0x7f0000000000)='./file0\x00', 0x2, &(0x7f00000002c0)=ANY=[], 0x1, 0x5b1, &(0x7f0000001000)="$eJzs3MFv29YZAPDHxK4NBwsGFGvSNEDZtIfsEFeSFwdGBywaTdtsJVEg5cI5DcXiZMHsblg2YMmly6VDgQ077bz1utOO+6d62T/ggRLlybIzuWkbZcDvB8TvUfzI9z2C4QcRIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEKJks9FoRqGT9Xb34udLNou8e7y0EKbXj/f3rxPNCYsTf0MUQlT9C8vL4eroo6uv/zf2B9WfG+HKaOlKWK6a5fD00hvf/+D1hQvVhotRdCqLl+3xk6e//OTgYP83X2Obo6Ojz6rZfIdpvTTbaS8r86zb3k7jrMzjjfX1xvs7W2W8lXXS8l45SLtxUqTtQV7EN5O7IYSNtThdvZfv9rY32500vpn8MG5ubNy51Wo01uMPV/tpuyjz3vsfrpbJTtbpZL3tYUy1+lbr7XCnOhE/ygbxIG134/jBo4P9tVlJVkHN8wS1ZgW1Gq1Ws9lqNddvb9y+02gs12fr8QcLjSlhepOF+Z+0vHSv1SfKcGF8jXvtW7uIwws6Sv4y7xQAAACA71g0vMceDe/LXx32trJO2jgRcxTNLT0AAADgWzD8an+lvgEQwtUQnf7+DwAAAPx/+/u4c+YzdiGKQtlfisaPqvT33osO21WvfXhx9NHF6T0Otq5Fl+udDJv1hXopSa9Hb46C3hxHf1U3D57/rN8/Q5VHVBSL0bNvlkD4U7g2irl2f9TeH68ZzXZlK+ukq0ne+aAZ2u3LFwbp3uB3nz76fQhFcXTxi173chQePDrYX/35rw7uD3N5Vu3l2WH9C4lTP5Q4mctSmMjlt8fPPdYzvnvyyC8Ob8RUs/6i110ZjduYnP+F0eYXvsb8Pw9vjWLeWhm1Kyfnv1yN2Vw9Y/aTWTT7e+8t1YOdc+ZTWVwfxVy/OTyx3r1Zr1mcyKI1K4vW5PF/oWNxnMW7J7KYPBZrs7JY+4ZZAMzLg+kqdKr+n6q7L3CV+x/VvRqlKuEzq/svZo7yeXhnFPPOtYW6Il0MYeqK3ph1RW+cs66HcHYW/wg3/vbXEHbDjXHw82psNe6fT1TV6PDLaoMvT4/7h1FT/vvhzqWqs3T46/DG4ydPbz06/OTh/sP9T1uttfXGjxqN262wOJxG3ag9AJwhLb6KVgZ/jIoi6/+subHRbA920rjIk4/iItvcTuOsN0iLZKfd207jfpEP8iTvVJ2Ps820jMvdfj+vKklexP28zPaGb36J61e/lGm33RtkSdnvpO0yjZO8N2gng3gzK5O4v/vTTlbupEW8lRdx2U+TbCtL2oMs78Vlvlsk6Wocl2k6EZhtpkefhZBV3V7cL7Juu7gXf5x3drtpvJlW1bI/yKNQ7XA8VtbbyovucLer8z7YAPCKeBzqN9gdv8ru8U/Gq56cWnVmJyzPiJnzFAGAKdNVemneCQEAAAAAAAAAAAAAAKdMPq734/qVPud77O+V7dy9dNaqt+ef2GQnhLDwCqShc87O8quRxmL93/ZF9xOFEGYHf6+KmedVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADO9p8AAAD//0n5kWY=")
r9 = socket$unix(0x1, 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000280)=[{0x6, 0xbd, 0x0, 0x7fff0006}]})
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x7, 0x0, 0x0, 0x7fff0006}]})
bind$unix(r9, 0x0, 0x0)
sendmsg$netlink(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=r10, @ANYBLOB="02e3275a", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r11 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r11}, 0x4)

0s ago: executing program 8 (id=3803):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
preadv(r0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)

kernel console output (not intermixed with test programs):

94967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12562 comm="syz.7.3043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  194.727621][T11001] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 1
[  194.800715][T12569] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.835446][T12577] netlink: 'syz.6.3049': attribute type 21 has an invalid length.
[  194.876620][T12569] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.941477][T12569] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.951917][T12590] loop2: detected capacity change from 0 to 1024
[  194.957612][T12592] loop6: detected capacity change from 0 to 1024
[  194.965260][T12592] EXT4-fs: Ignoring removed nobh option
[  194.970925][T12592] EXT4-fs: inline encryption not supported
[  194.980715][T12590] EXT4-fs: Ignoring removed nobh option
[  194.986299][T12590] EXT4-fs: inline encryption not supported
[  194.995351][T12569] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.007809][T12592] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.039036][T12592] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4183: comm syz.6.3055: Allocating blocks 385-513 which overlap fs metadata
[  195.043900][T12590] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.072184][T12241] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  195.094663][T12590] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.3054: Allocating blocks 385-513 which overlap fs metadata
[  195.098273][T12239] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  195.120715][T12239] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  195.151083][T11607] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.766521][T12589] EXT4-fs (loop2): pa ffff8881072daa80: logic 16, phys. 129, len 24
[  195.774637][T12589] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  195.786054][T12591] EXT4-fs (loop6): pa ffff8881072dae00: logic 16, phys. 129, len 24
[  195.794240][T12591] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  195.798700][T12612] loop9: detected capacity change from 0 to 7
[  195.815908][T12612] Buffer I/O error on dev loop9, logical block 0, async page read
[  195.824094][T12612] Buffer I/O error on dev loop9, logical block 0, async page read
[  195.831992][T12612]  loop9: unable to read partition table
[  195.840364][T12612] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ �â·û
[  195.840364][T12612] 
) failed (rc=-5)
[  195.857370][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.868113][ T8022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.894047][T12615] FAULT_INJECTION: forcing a failure.
[  195.894047][T12615] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  195.907465][T12615] CPU: 0 UID: 0 PID: 12615 Comm: syz.2.3060 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  195.907500][T12615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  195.907515][T12615] Call Trace:
[  195.907522][T12615]  <TASK>
[  195.907531][T12615]  __dump_stack+0x1d/0x30
[  195.907573][T12615]  dump_stack_lvl+0xe8/0x140
[  195.907591][T12615]  dump_stack+0x15/0x1b
[  195.907607][T12615]  should_fail_ex+0x265/0x280
[  195.907731][T12615]  should_fail_alloc_page+0xf2/0x100
[  195.907757][T12615]  __alloc_frozen_pages_noprof+0xff/0x360
[  195.907793][T12615]  alloc_pages_mpol+0xb3/0x250
[  195.907824][T12615]  alloc_pages_noprof+0x90/0x130
[  195.907875][T12615]  pgd_alloc+0x51/0x2e0
[  195.907959][T12615]  mm_init+0x377/0x7f0
[  195.908027][T12615]  ? kmem_cache_alloc_noprof+0x220/0x310
[  195.908055][T12615]  copy_mm+0x101/0x370
[  195.908080][T12615]  copy_process+0xd08/0x2000
[  195.908109][T12615]  kernel_clone+0x16c/0x5c0
[  195.908189][T12615]  ? vfs_write+0x7e8/0x960
[  195.908217][T12615]  __x64_sys_clone+0xe6/0x120
[  195.908250][T12615]  x64_sys_call+0x119c/0x2ff0
[  195.908318][T12615]  do_syscall_64+0xd2/0x200
[  195.908344][T12615]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  195.908367][T12615]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  195.908391][T12615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.908465][T12615] RIP: 0033:0x7f937585ebe9
[  195.908481][T12615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.908543][T12615] RSP: 002b:00007f93742befe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  195.908562][T12615] RAX: ffffffffffffffda RBX: 00007f9375a85fa0 RCX: 00007f937585ebe9
[  195.908576][T12615] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000c2002000
[  195.908603][T12615] RBP: 00007f93742bf090 R08: 0000000000000000 R09: 0000000000000000
[  195.908615][T12615] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002
[  195.908626][T12615] R13: 00007f9375a86038 R14: 00007f9375a85fa0 R15: 00007ffd0edea868
[  195.908720][T12615]  </TASK>
[  196.224602][T12639] loop6: detected capacity change from 0 to 1024
[  196.231311][T12641] loop8: detected capacity change from 0 to 512
[  196.232865][T12639] EXT4-fs: Ignoring removed nobh option
[  196.243139][T12639] EXT4-fs: inline encryption not supported
[  196.244965][T12641] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  196.261237][T12639] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.280771][T12639] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4183: comm syz.6.3070: Allocating blocks 385-513 which overlap fs metadata
[  196.281566][T12641] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  196.308967][T12641] ext4 filesystem being mounted at /184/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  196.341766][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  196.372147][T12648] lo speed is unknown, defaulting to 1000
[  196.378460][T12648] lo speed is unknown, defaulting to 1000
[  196.749694][T12568] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.800174][T12568] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.840101][T12657] loop2: detected capacity change from 0 to 1024
[  196.847130][T12657] EXT4-fs: Ignoring removed nobh option
[  196.859065][T12568] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.868977][T12657] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  196.880172][T12657] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  196.894131][T12657] JBD2: no valid journal superblock found
[  196.900592][T12657] EXT4-fs (loop2): Could not load journal inode
[  197.054484][T12638] EXT4-fs (loop6): pa ffff8881072daa80: logic 16, phys. 129, len 24
[  197.062619][T12638] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  197.087162][ T8022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.106977][T12674] __nla_validate_parse: 6 callbacks suppressed
[  197.107065][T12674] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3081'.
[  197.117262][T12677] loop4: detected capacity change from 0 to 512
[  197.129714][T12677] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  197.146221][T12677] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  197.160999][T12677] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.254556][T11607] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  197.662063][T12688] netlink: 'syz.6.3086': attribute type 13 has an invalid length.
[  197.670859][T12688] gretap0: refused to change device tx_queue_len
[  197.677442][T12688] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  197.816786][T12695] pim6reg1: entered promiscuous mode
[  197.822394][T12695] pim6reg1: entered allmulticast mode
[  197.875431][T12702] loop6: detected capacity change from 0 to 512
[  197.882388][T12702] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  197.899799][T12702] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  197.914924][T12702] ext4 filesystem being mounted at /332/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.939474][ T8022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  198.777177][T12727] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3103'.
[  198.794189][T12727] loop2: detected capacity change from 0 to 512
[  198.806011][T12727] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  198.830755][T12727] EXT4-fs (loop2): 1 truncate cleaned up
[  198.833896][T12732] loop8: detected capacity change from 0 to 512
[  198.836808][T12727] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.859206][T12732] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.872593][T12732] ext4 filesystem being mounted at /195/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  199.018279][T12744] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  199.024990][T12744] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  199.032614][T12744] vhci_hcd vhci_hcd.0: Device attached
[  199.090880][T12752] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3105'.
[  199.151476][T12744] netlink: 'syz.2.3103': attribute type 27 has an invalid length.
[  199.263670][T12756] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3112'.
[  199.384428][T12757] sd 0:0:1:0: device reset
[  199.546373][T12602] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  199.624932][T12602] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  199.706966][T12747] vhci_hcd: connection closed
[  199.719807][T12256] vhci_hcd: stop threads
[  199.728805][T12256] vhci_hcd: release socket
[  199.733207][T12256] vhci_hcd: disconnect device
[  199.740693][T12602] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.778594][T12602] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  199.800470][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.976538][   T29] kauditd_printk_skb: 268 callbacks suppressed
[  199.976619][   T29] audit: type=1326 audit(1754806712.542:8744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.6.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5bd3b35ba7 code=0x7ffc0000
[  200.006348][   T29] audit: type=1326 audit(1754806712.542:8745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.6.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5bd3adadd9 code=0x7ffc0000
[  200.029812][   T29] audit: type=1326 audit(1754806712.542:8746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.6.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5bd3b35ba7 code=0x7ffc0000
[  200.053529][   T29] audit: type=1326 audit(1754806712.542:8747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.6.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5bd3adadd9 code=0x7ffc0000
[  200.077305][   T29] audit: type=1326 audit(1754806712.542:8748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.6.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  200.102754][   T29] audit: type=1326 audit(1754806712.542:8749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.6.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  200.104593][T12778] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3121'.
[  200.126352][   T29] audit: type=1326 audit(1754806712.542:8750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.6.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  200.158707][   T29] audit: type=1326 audit(1754806712.542:8751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12775 comm="syz.6.3120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  200.205580][   T29] audit: type=1400 audit(1754806712.772:8752): avc:  denied  { create } for  pid=12777 comm="syz.6.3121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  200.225309][   T29] audit: type=1400 audit(1754806712.772:8753): avc:  denied  { write } for  pid=12777 comm="syz.6.3121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  200.298185][T12782] loop7: detected capacity change from 0 to 512
[  200.313919][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.313918][T12782] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.335465][T12782] ext4 filesystem being mounted at /320/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  200.360794][T12787] loop2: detected capacity change from 0 to 512
[  200.398600][T12787] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  200.422554][T12787] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  200.450380][T12787] ext4 filesystem being mounted at /586/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  200.506992][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  200.584400][T12793] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3123'.
[  200.742909][T12796] loop8: detected capacity change from 0 to 512
[  200.772832][T12800] FAULT_INJECTION: forcing a failure.
[  200.772832][T12800] name failslab, interval 1, probability 0, space 0, times 0
[  200.785622][T12800] CPU: 1 UID: 0 PID: 12800 Comm: syz.4.3129 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  200.785650][T12800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  200.785663][T12800] Call Trace:
[  200.785669][T12800]  <TASK>
[  200.785676][T12800]  __dump_stack+0x1d/0x30
[  200.785698][T12800]  dump_stack_lvl+0xe8/0x140
[  200.785802][T12800]  dump_stack+0x15/0x1b
[  200.785824][T12800]  should_fail_ex+0x265/0x280
[  200.785849][T12800]  should_failslab+0x8c/0xb0
[  200.785878][T12800]  kmem_cache_alloc_lru_noprof+0x55/0x310
[  200.786079][T12800]  ? alloc_inode+0x9a/0x170
[  200.786115][T12800]  alloc_inode+0x9a/0x170
[  200.786138][T12800]  new_inode+0x1d/0xe0
[  200.786238][T12800]  ramfs_symlink+0x2e/0x1b0
[  200.786261][T12800]  vfs_symlink+0xd4/0x1e0
[  200.786288][T12800]  do_symlinkat+0xc7/0x3c0
[  200.786316][T12800]  __x64_sys_symlinkat+0x5a/0x70
[  200.786340][T12800]  x64_sys_call+0x293d/0x2ff0
[  200.786393][T12800]  do_syscall_64+0xd2/0x200
[  200.786494][T12800]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  200.786566][T12800]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  200.786591][T12800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.786630][T12800] RIP: 0033:0x7fe85076ebe9
[  200.786645][T12800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.786690][T12800] RSP: 002b:00007fe84f1cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[  200.786712][T12800] RAX: ffffffffffffffda RBX: 00007fe850995fa0 RCX: 00007fe85076ebe9
[  200.786733][T12800] RDX: 0000200000000080 RSI: 0000000000000006 RDI: 0000200000000400
[  200.786748][T12800] RBP: 00007fe84f1cf090 R08: 0000000000000000 R09: 0000000000000000
[  200.786763][T12800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  200.786807][T12800] R13: 00007fe850996038 R14: 00007fe850995fa0 R15: 00007fff54afafe8
[  200.786829][T12800]  </TASK>
[  201.282080][T12796] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.296672][T12796] ext4 filesystem being mounted at /198/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  201.311019][T12808] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3132'.
[  201.349446][T12808] sd 0:0:1:0: device reset
[  201.384238][ T8111] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.526646][T12829] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3127'.
[  201.837240][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.852151][T12835] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3140'.
[  201.894696][T12844] loop8: detected capacity change from 0 to 512
[  201.931038][T12844] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.948582][T12844] ext4 filesystem being mounted at /199/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  202.094413][T12862] syzkaller1: entered promiscuous mode
[  202.100065][T12862] syzkaller1: entered allmulticast mode
[  202.192819][T12864] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3145'.
[  202.362886][T12874] loop2: detected capacity change from 0 to 512
[  202.402531][T12874] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.415444][T12874] ext4 filesystem being mounted at /591/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  202.646954][T12879] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3155'.
[  202.852512][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.922304][T12882] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3158'.
[  202.966885][T12882] loop6: detected capacity change from 0 to 512
[  202.978245][T12882] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  202.985474][T12884] loop8: detected capacity change from 0 to 1024
[  202.995040][T12884] EXT4-fs: Ignoring removed nobh option
[  203.000688][T12884] EXT4-fs: inline encryption not supported
[  203.015884][T12882] EXT4-fs (loop6): 1 truncate cleaned up
[  203.022748][T12882] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  203.031451][T12884] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  203.052899][T12884] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4183: comm syz.8.3157: Allocating blocks 385-513 which overlap fs metadata
[  203.176424][T12890] netlink: 'syz.6.3158': attribute type 27 has an invalid length.
[  203.233655][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.262260][T12896] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3162'.
[  203.303312][T12900] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3161'.
[  203.315040][T12900] loop2: detected capacity change from 0 to 512
[  203.321835][T12900] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  203.377018][T12900] EXT4-fs (loop2): 1 truncate cleaned up
[  203.385531][T12900] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  203.517572][T12910] netlink: 'syz.2.3161': attribute type 27 has an invalid length.
[  203.544743][T12912] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3167'.
[  203.814353][T12883] EXT4-fs (loop8): pa ffff8881072dae70: logic 16, phys. 129, len 24
[  203.822532][T12883] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  203.856160][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.984780][ T8022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.294801][T12941] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3179'.
[  204.322367][T12941] loop2: detected capacity change from 0 to 512
[  204.344884][T12941] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  204.357338][T12941] EXT4-fs (loop2): 1 truncate cleaned up
[  204.357355][T12948] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3181'.
[  204.394092][T12951] netlink: 'syz.8.3182': attribute type 13 has an invalid length.
[  204.399989][T12928] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3173'.
[  204.528031][T12955] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  204.534662][T12955] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  204.542215][T12955] vhci_hcd vhci_hcd.0: Device attached
[  204.594140][T12955] netlink: 'syz.2.3179': attribute type 27 has an invalid length.
[  204.703609][T12968] lo speed is unknown, defaulting to 1000
[  204.722546][T12968] lo speed is unknown, defaulting to 1000
[  204.809178][T12972] netlink: 36 bytes leftover after parsing attributes in process `syz.8.3189'.
[  204.823356][T12972] loop8: detected capacity change from 0 to 512
[  204.844859][T12972] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  204.856178][T12979] FAULT_INJECTION: forcing a failure.
[  204.856178][T12979] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  204.869362][T12979] CPU: 1 UID: 0 PID: 12979 Comm: syz.4.3191 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  204.869447][T12979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  204.869461][T12979] Call Trace:
[  204.869467][T12979]  <TASK>
[  204.869474][T12979]  __dump_stack+0x1d/0x30
[  204.869495][T12979]  dump_stack_lvl+0xe8/0x140
[  204.869541][T12979]  dump_stack+0x15/0x1b
[  204.869562][T12979]  should_fail_ex+0x265/0x280
[  204.869587][T12979]  should_fail+0xb/0x20
[  204.869608][T12979]  should_fail_usercopy+0x1a/0x20
[  204.869635][T12979]  _copy_from_iter+0xcf/0xe40
[  204.869678][T12979]  ? _copy_from_iter+0x16d/0xe40
[  204.869711][T12979]  copy_page_from_iter+0x178/0x2a0
[  204.869742][T12979]  skb_copy_datagram_from_iter+0x232/0x490
[  204.869777][T12979]  tun_get_user+0xafa/0x2680
[  204.869830][T12979]  ? ref_tracker_alloc+0x1f2/0x2f0
[  204.869873][T12979]  ? selinux_file_permission+0x2f0/0x320
[  204.869970][T12979]  tun_chr_write_iter+0x15e/0x210
[  204.870007][T12979]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  204.870054][T12979]  vfs_write+0x52a/0x960
[  204.870085][T12979]  ksys_write+0xda/0x1a0
[  204.870111][T12979]  __x64_sys_write+0x40/0x50
[  204.870137][T12979]  x64_sys_call+0x27fe/0x2ff0
[  204.870162][T12979]  do_syscall_64+0xd2/0x200
[  204.870218][T12979]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  204.870244][T12979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.870266][T12979] RIP: 0033:0x7fe85076ebe9
[  204.870282][T12979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.870382][T12979] RSP: 002b:00007fe84f1cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  204.870406][T12979] RAX: ffffffffffffffda RBX: 00007fe850995fa0 RCX: 00007fe85076ebe9
[  204.870439][T12979] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 00000000000000c8
[  204.870452][T12979] RBP: 00007fe84f1cf090 R08: 0000000000000000 R09: 0000000000000000
[  204.870507][T12979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  204.870521][T12979] R13: 00007fe850996038 R14: 00007fe850995fa0 R15: 00007fff54afafe8
[  204.870543][T12979]  </TASK>
[  205.097374][T12972] EXT4-fs (loop8): 1 truncate cleaned up
[  205.191480][T12985] netlink: 'syz.4.3193': attribute type 13 has an invalid length.
[  205.227993][T12958] vhci_hcd: connection closed
[  205.228480][T11001] vhci_hcd: stop threads
[  205.237462][T11001] vhci_hcd: release socket
[  205.242001][T11001] vhci_hcd: disconnect device
[  205.270041][T12988] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(12)
[  205.276659][T12988] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  205.284279][T12988] vhci_hcd vhci_hcd.0: Device attached
[  205.309396][T12988] netlink: 'syz.8.3189': attribute type 27 has an invalid length.
[  205.340134][T12995] loop6: detected capacity change from 0 to 512
[  205.347120][T12995] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  205.363805][T12995] EXT4-fs (loop6): 1 truncate cleaned up
[  205.473318][   T29] kauditd_printk_skb: 170 callbacks suppressed
[  205.473334][   T29] audit: type=1400 audit(1754806718.042:8924): avc:  denied  { bind } for  pid=12999 comm="syz.7.3197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  205.507160][T13001] netlink: 'syz.6.3196': attribute type 27 has an invalid length.
[  205.520745][T13000] loop7: detected capacity change from 0 to 128
[  205.528449][ T3382] usb 17-1: new low-speed USB device number 3 using vhci_hcd
[  205.542084][   T29] audit: type=1400 audit(1754806718.082:8925): avc:  denied  { tracepoint } for  pid=12999 comm="syz.7.3197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  205.561978][   T29] audit: type=1400 audit(1754806718.092:8926): avc:  denied  { setopt } for  pid=12999 comm="syz.7.3197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  205.582474][   T29] audit: type=1400 audit(1754806718.102:8927): avc:  denied  { mount } for  pid=12999 comm="syz.7.3197" name="/" dev="loop7" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  205.712522][   T29] audit: type=1400 audit(1754806718.282:8928): avc:  denied  { unmount } for  pid=8111 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  205.778671][T12989] vhci_hcd: connection reset by peer
[  205.786139][T12271] vhci_hcd: stop threads
[  205.790501][T12271] vhci_hcd: release socket
[  205.794944][T12271] vhci_hcd: disconnect device
[  205.858395][   T29] audit: type=1400 audit(1754806718.412:8929): avc:  denied  { create } for  pid=13006 comm="syz.2.3200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  205.878752][   T29] audit: type=1400 audit(1754806718.412:8930): avc:  denied  { write } for  pid=13006 comm="syz.2.3200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  205.898957][   T29] audit: type=1400 audit(1754806718.412:8931): avc:  denied  { nlmsg_write } for  pid=13006 comm="syz.2.3200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  205.935521][T13009] FAULT_INJECTION: forcing a failure.
[  205.935521][T13009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  205.948707][T13009] CPU: 1 UID: 0 PID: 13009 Comm: syz.2.3201 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  205.948748][T13009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  205.948761][T13009] Call Trace:
[  205.948768][T13009]  <TASK>
[  205.948776][T13009]  __dump_stack+0x1d/0x30
[  205.948799][T13009]  dump_stack_lvl+0xe8/0x140
[  205.948819][T13009]  dump_stack+0x15/0x1b
[  205.948838][T13009]  should_fail_ex+0x265/0x280
[  205.948918][T13009]  should_fail+0xb/0x20
[  205.948935][T13009]  should_fail_usercopy+0x1a/0x20
[  205.948994][T13009]  _copy_from_user+0x1c/0xb0
[  205.949030][T13009]  ___sys_sendmsg+0xc1/0x1d0
[  205.949072][T13009]  __x64_sys_sendmsg+0xd4/0x160
[  205.949098][T13009]  x64_sys_call+0x191e/0x2ff0
[  205.949171][T13009]  do_syscall_64+0xd2/0x200
[  205.949249][T13009]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  205.949279][T13009]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  205.949310][T13009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.949334][T13009] RIP: 0033:0x7f937585ebe9
[  205.949417][T13009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.949438][T13009] RSP: 002b:00007f93742bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  205.949459][T13009] RAX: ffffffffffffffda RBX: 00007f9375a85fa0 RCX: 00007f937585ebe9
[  205.949472][T13009] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  205.949485][T13009] RBP: 00007f93742bf090 R08: 0000000000000000 R09: 0000000000000000
[  205.949508][T13009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  205.949528][T13009] R13: 00007f9375a86038 R14: 00007f9375a85fa0 R15: 00007ffd0edea868
[  205.949551][T13009]  </TASK>
[  206.231411][T13015] capability: warning: `syz.2.3202' uses 32-bit capabilities (legacy support in use)
[  206.243154][T13017] netlink: 'syz.4.3204': attribute type 13 has an invalid length.
[  206.251015][T13017] netlink: 'syz.4.3204': attribute type 27 has an invalid length.
[  206.362032][T13021] loop4: detected capacity change from 0 to 512
[  206.396358][T13021] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  206.398542][   T29] audit: type=1326 audit(1754806718.962:8932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13022 comm="syz.8.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9e72a45ba7 code=0x7ffc0000
[  206.412771][T13025] loop2: detected capacity change from 0 to 512
[  206.429829][   T29] audit: type=1326 audit(1754806718.962:8933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13022 comm="syz.8.3207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9e729eadd9 code=0x7ffc0000
[  206.465145][T13025] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  206.497448][T13021] EXT4-fs (loop4): 1 truncate cleaned up
[  206.527317][T13036] syzkaller1: entered promiscuous mode
[  206.533064][T13036] syzkaller1: entered allmulticast mode
[  206.540478][T13025] EXT4-fs (loop2): 1 truncate cleaned up
[  206.583992][T13042] netlink: 'syz.7.3215': attribute type 13 has an invalid length.
[  206.639483][T13049] loop7: detected capacity change from 0 to 512
[  206.646635][T13049] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  206.660979][T13049] EXT4-fs (loop7): 1 truncate cleaned up
[  206.694371][T13050] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  206.700991][T13050] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  206.708592][T13050] vhci_hcd vhci_hcd.0: Device attached
[  206.756918][T13057] loop8: detected capacity change from 0 to 512
[  206.771420][T13057] ext4 filesystem being mounted at /215/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  206.799108][T13062] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(12)
[  206.805785][T13062] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  206.813382][T13062] vhci_hcd vhci_hcd.0: Device attached
[  206.820275][T13061] loop6: detected capacity change from 0 to 512
[  206.835980][T13061] ext4 filesystem being mounted at /360/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  207.058232][ T3529] usb 15-1: new low-speed USB device number 4 using vhci_hcd
[  207.250181][T13070] loop4: detected capacity change from 0 to 1024
[  207.257001][T13070] EXT4-fs: Ignoring removed bh option
[  207.296794][T13070] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  207.327331][T13053] vhci_hcd: connection closed
[  207.327634][T12271] vhci_hcd: stop threads
[  207.336709][T12271] vhci_hcd: release socket
[  207.341163][T12271] vhci_hcd: disconnect device
[  207.492979][T13063] vhci_hcd: connection reset by peer
[  207.498746][T11001] vhci_hcd: stop threads
[  207.503010][T11001] vhci_hcd: release socket
[  207.507422][T11001] vhci_hcd: disconnect device
[  207.774510][T13086] syzkaller1: entered promiscuous mode
[  207.780096][T13086] syzkaller1: entered allmulticast mode
[  207.822629][T13081] lo speed is unknown, defaulting to 1000
[  207.828891][T13081] lo speed is unknown, defaulting to 1000
[  208.058115][T12257] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.090629][T13083] __nla_validate_parse: 4 callbacks suppressed
[  208.090648][T13083] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3225'.
[  208.151163][T13110] loop6: detected capacity change from 0 to 128
[  208.185381][T12257] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.207989][T13094] lo speed is unknown, defaulting to 1000
[  208.216737][T13094] lo speed is unknown, defaulting to 1000
[  208.236381][T13125] loop4: detected capacity change from 0 to 128
[  208.266856][T13130] syzkaller1: entered promiscuous mode
[  208.273071][T13130] syzkaller1: entered allmulticast mode
[  208.280399][T12257] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.302828][T13132] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3240'.
[  208.317969][T13132] loop7: detected capacity change from 0 to 512
[  208.325033][T13132] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  208.336198][T12257] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.339220][T13132] EXT4-fs (loop7): 1 truncate cleaned up
[  208.411367][T13094] chnl_net:caif_netlink_parms(): no params data found
[  208.491779][T13144] loop4: detected capacity change from 0 to 512
[  208.499687][T13144] EXT4-fs: Ignoring removed nobh option
[  208.505379][T13143] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(12)
[  208.512034][T13143] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  208.519764][T13143] vhci_hcd vhci_hcd.0: Device attached
[  208.541182][T13144] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  208.552781][T13144] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it
[  208.562888][T13144] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.3242: Corrupt directory, running e2fsck is recommended
[  208.576565][T13143] validate_nla: 6 callbacks suppressed
[  208.576578][T13143] netlink: 'syz.7.3240': attribute type 27 has an invalid length.
[  208.602837][T12257] bond0 (unregistering): Released all slaves
[  208.619644][T13144] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[  208.628073][T13144] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.3242: corrupted in-inode xattr: invalid ea_ino
[  208.645760][T13136] lo speed is unknown, defaulting to 1000
[  208.653723][T13144] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.3242: couldn't read orphan inode 15 (err -117)
[  208.666737][T13136] lo speed is unknown, defaulting to 1000
[  208.674625][T12257] tipc: Disabling bearer <udp:syz2>
[  208.679922][T12257] tipc: Left network mode
[  208.699519][T13094] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.706695][T13094] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.721845][T13094] bridge_slave_0: entered allmulticast mode
[  208.732937][T13094] bridge_slave_0: entered promiscuous mode
[  208.764507][T13094] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.771776][T13094] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.794842][T13094] bridge_slave_1: entered allmulticast mode
[  208.801847][T13094] bridge_slave_1: entered promiscuous mode
[  208.813845][T12257] hsr_slave_0: left promiscuous mode
[  208.822540][T12257] hsr_slave_1: left promiscuous mode
[  208.832125][T12257] veth1_vlan: left promiscuous mode
[  208.837552][T12257] veth0_vlan: left promiscuous mode
[  208.902230][T12263] smc: removing ib device syz!
[  208.952850][   T10] lo speed is unknown, defaulting to 1000
[  208.958669][   T10] infiniband syz2: ib_query_port failed (-19)
[  208.991899][T13094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  209.003638][T13094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  209.064765][T13094] team0: Port device team_slave_0 added
[  209.085398][T13094] team0: Port device team_slave_1 added
[  209.102566][T13164] loop8: detected capacity change from 0 to 128
[  209.130105][T13164] IPv6: Can't replace route, no match found
[  209.156266][T13094] batman_adv: batadv0: Adding interface: batadv_slave_0
[  209.163383][T13094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.189438][T13094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  209.200008][T13145] vhci_hcd: connection closed
[  209.202167][T12271] vhci_hcd: stop threads
[  209.211186][T12271] vhci_hcd: release socket
[  209.215590][T12271] vhci_hcd: disconnect device
[  209.262899][T13094] batman_adv: batadv0: Adding interface: batadv_slave_1
[  209.269890][T13094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.296207][T13094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  209.365279][T13169] syzkaller1: entered promiscuous mode
[  209.370789][T13169] syzkaller1: entered allmulticast mode
[  209.437242][T12257] IPVS: stop unused estimator thread 0...
[  209.445159][T13094] hsr_slave_0: entered promiscuous mode
[  209.457929][T13094] hsr_slave_1: entered promiscuous mode
[  209.468290][T13094] debugfs: 'hsr0' already exists in 'hsr'
[  209.474106][T13094] Cannot create hsr debugfs directory
[  209.540485][T13162] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3247'.
[  209.558372][T13177] batadv_slave_0: entered promiscuous mode
[  209.578059][T13175] loop8: detected capacity change from 0 to 2048
[  209.620216][T13175]  loop8: p3 < > p4 < >
[  209.624385][T13175] loop8: partition table partially beyond EOD, truncated
[  209.646409][T13175] loop8: p3 start 4284289 is beyond EOD, truncated
[  209.719028][T13180] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3254'.
[  209.739102][T13180] loop7: detected capacity change from 0 to 512
[  209.747375][T13180] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  209.777387][T13180] EXT4-fs (loop7): 1 truncate cleaned up
[  209.779235][T13094] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  209.797368][T13094] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  209.816157][T13094] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  209.826627][T13094] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  209.883525][T13200] syzkaller1: entered promiscuous mode
[  209.889140][T13200] syzkaller1: entered allmulticast mode
[  209.896474][T13201] netlink: 'syz.7.3254': attribute type 27 has an invalid length.
[  209.906471][T13176] batadv_slave_0: left promiscuous mode
[  209.953104][T13094] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.989071][T13094] 8021q: adding VLAN 0 to HW filter on device team0
[  209.999986][T12247] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.007091][T12247] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.017962][T13208] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3263'.
[  210.028945][T12263] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.035992][T12263] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.046126][T13208] sd 0:0:1:0: device reset
[  210.069123][T13094] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  210.079504][T13094] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  210.107921][T13215] program syz.8.3266 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  210.178469][T13094] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.267922][T13231] lo speed is unknown, defaulting to 1000
[  210.299918][T13094] veth0_vlan: entered promiscuous mode
[  210.328744][T13094] veth1_vlan: entered promiscuous mode
[  210.374940][T13242] loop8: detected capacity change from 0 to 1024
[  210.396814][T13242] EXT4-fs: Ignoring removed nobh option
[  210.402016][T13243] syzkaller1: entered promiscuous mode
[  210.402719][T13242] EXT4-fs: inline encryption not supported
[  210.407804][T13243] syzkaller1: entered allmulticast mode
[  210.426122][T13094] veth0_macvtap: entered promiscuous mode
[  210.439964][T13094] veth1_macvtap: entered promiscuous mode
[  210.474109][T13242] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4183: comm syz.8.3273: Allocating blocks 385-513 which overlap fs metadata
[  210.509082][T13094] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.549641][T13094] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.570577][T12266] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.581468][T12266] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.588287][ T3382] usb 17-1: enqueue for inactive port 0
[  210.596112][ T3382] usb 17-1: enqueue for inactive port 0
[  210.601917][T12266] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.610952][T12266] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.645463][T13250] FAULT_INJECTION: forcing a failure.
[  210.645463][T13250] name failslab, interval 1, probability 0, space 0, times 0
[  210.646026][   T29] kauditd_printk_skb: 221 callbacks suppressed
[  210.646115][   T29] audit: type=1400 audit(1754806723.212:9155): avc:  denied  { mounton } for  pid=13094 comm="syz-executor" path="/root/syzkaller.zHJVSM/syz-tmp" dev="sda1" ino=2057 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  210.658116][T13250] CPU: 1 UID: 0 PID: 13250 Comm: syz.7.3275 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  210.658190][T13250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  210.658241][T13250] Call Trace:
[  210.658249][T13250]  <TASK>
[  210.658257][T13250]  __dump_stack+0x1d/0x30
[  210.658295][T13250]  dump_stack_lvl+0xe8/0x140
[  210.658368][T13250]  dump_stack+0x15/0x1b
[  210.658388][T13250]  should_fail_ex+0x265/0x280
[  210.658477][T13250]  ? tcf_action_init_1+0x11e/0x4a0
[  210.658520][T13250]  should_failslab+0x8c/0xb0
[  210.658624][T13250]  __kmalloc_cache_noprof+0x4c/0x320
[  210.658661][T13250]  tcf_action_init_1+0x11e/0x4a0
[  210.658698][T13250]  tcf_action_init+0x267/0x6d0
[  210.658727][T13250]  ? mark_reg_read+0x59/0x340
[  210.658930][T13250]  tc_ctl_action+0x291/0x830
[  210.658978][T13250]  ? __pfx_tc_ctl_action+0x10/0x10
[  210.659009][T13250]  rtnetlink_rcv_msg+0x657/0x6d0
[  210.659118][T13250]  netlink_rcv_skb+0x120/0x220
[  210.659139][T13250]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  210.659174][T13250]  rtnetlink_rcv+0x1c/0x30
[  210.659200][T13250]  netlink_unicast+0x5c0/0x690
[  210.659290][T13250]  netlink_sendmsg+0x58b/0x6b0
[  210.659315][T13250]  ? __pfx_netlink_sendmsg+0x10/0x10
[  210.659339][T13250]  __sock_sendmsg+0x142/0x180
[  210.659434][T13250]  ____sys_sendmsg+0x31e/0x4e0
[  210.659459][T13250]  ___sys_sendmsg+0x17b/0x1d0
[  210.659496][T13250]  __x64_sys_sendmsg+0xd4/0x160
[  210.659571][T13250]  x64_sys_call+0x191e/0x2ff0
[  210.659596][T13250]  do_syscall_64+0xd2/0x200
[  210.659626][T13250]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  210.659666][T13250]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  210.659695][T13250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.659719][T13250] RIP: 0033:0x7f9f0469ebe9
[  210.659735][T13250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.659756][T13250] RSP: 002b:00007f9f03107038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  210.659803][T13250] RAX: ffffffffffffffda RBX: 00007f9f048c5fa0 RCX: 00007f9f0469ebe9
[  210.659818][T13250] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000007
[  210.659833][T13250] RBP: 00007f9f03107090 R08: 0000000000000000 R09: 0000000000000000
[  210.659847][T13250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  210.659861][T13250] R13: 00007f9f048c6038 R14: 00007f9f048c5fa0 R15: 00007ffd38279c48
[  210.659882][T13250]  </TASK>
[  210.689818][ T3382] vhci_hcd: vhci_device speed not set
[  210.706790][T13253] loop7: detected capacity change from 0 to 512
[  210.737659][   T29] audit: type=1400 audit(1754806723.302:9156): avc:  denied  { mount } for  pid=13094 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  210.762664][T13255] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3277'.
[  210.763438][   T29] audit: type=1400 audit(1754806723.302:9157): avc:  denied  { mount } for  pid=13094 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  210.770812][T13255] loop4: detected capacity change from 0 to 512
[  210.773040][   T29] audit: type=1400 audit(1754806723.302:9158): avc:  denied  { mounton } for  pid=13094 comm="syz-executor" path="/root/syzkaller.zHJVSM/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  210.779553][T13255] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  210.783421][   T29] audit: type=1400 audit(1754806723.302:9159): avc:  denied  { mounton } for  pid=13094 comm="syz-executor" path="/root/syzkaller.zHJVSM/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=38661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  210.793703][T13253] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  210.796072][T13255] EXT4-fs (loop4): 1 truncate cleaned up
[  210.800110][   T29] audit: type=1400 audit(1754806723.372:9160): avc:  denied  { mounton } for  pid=13094 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  210.843174][T13253] ext4 filesystem being mounted at /345/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  210.844996][   T29] audit: type=1400 audit(1754806723.372:9161): avc:  denied  { mount } for  pid=13094 comm="syz-executor" name="/" dev="gadgetfs" ino=4766 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  211.051355][T13261] netlink: 'syz.4.3277': attribute type 27 has an invalid length.
[  211.160359][   T29] audit: type=1400 audit(1754806723.422:9162): avc:  denied  { ioctl } for  pid=13252 comm="syz.7.3276" path="/345/file0/cpu.stat" dev="loop7" ino=18 ioctlcmd=0x583b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  211.201984][T13241] EXT4-fs (loop8): pa ffff888107273070: logic 16, phys. 129, len 24
[  211.210064][T13241] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  211.254692][   T29] audit: type=1326 audit(1754806723.822:9163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13267 comm="syz.8.3279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e72a4ebe9 code=0x7ffc0000
[  211.291305][   T29] audit: type=1326 audit(1754806723.822:9164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13267 comm="syz.8.3279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f9e72a4ebe9 code=0x7ffc0000
[  211.353749][T13274] lo speed is unknown, defaulting to 1000
[  211.414249][T13277] syzkaller1: entered promiscuous mode
[  211.419873][T13277] syzkaller1: entered allmulticast mode
[  211.526936][T13289] netlink: 132 bytes leftover after parsing attributes in process `syz.8.3288'.
[  211.562767][T13287] loop6: detected capacity change from 0 to 512
[  211.569591][T13287] journal_path: Non-blockdev passed as './bus'
[  211.575844][T13287] EXT4-fs: error: could not find journal device path
[  211.694032][T13295] FAULT_INJECTION: forcing a failure.
[  211.694032][T13295] name failslab, interval 1, probability 0, space 0, times 0
[  211.706695][T13295] CPU: 1 UID: 0 PID: 13295 Comm: syz.6.3291 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  211.706735][T13295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  211.706751][T13295] Call Trace:
[  211.706759][T13295]  <TASK>
[  211.706768][T13295]  __dump_stack+0x1d/0x30
[  211.706793][T13295]  dump_stack_lvl+0xe8/0x140
[  211.706815][T13295]  dump_stack+0x15/0x1b
[  211.706832][T13295]  should_fail_ex+0x265/0x280
[  211.706853][T13295]  should_failslab+0x8c/0xb0
[  211.706937][T13295]  kmem_cache_alloc_node_noprof+0x57/0x320
[  211.706970][T13295]  ? __alloc_skb+0x101/0x320
[  211.707074][T13295]  __alloc_skb+0x101/0x320
[  211.707108][T13295]  netlink_alloc_large_skb+0xba/0xf0
[  211.707149][T13295]  netlink_sendmsg+0x3cf/0x6b0
[  211.707177][T13295]  ? __pfx_netlink_sendmsg+0x10/0x10
[  211.707284][T13295]  __sock_sendmsg+0x142/0x180
[  211.707318][T13295]  ____sys_sendmsg+0x31e/0x4e0
[  211.707344][T13295]  ___sys_sendmsg+0x17b/0x1d0
[  211.707489][T13295]  __x64_sys_sendmsg+0xd4/0x160
[  211.707520][T13295]  x64_sys_call+0x191e/0x2ff0
[  211.707548][T13295]  do_syscall_64+0xd2/0x200
[  211.707581][T13295]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  211.707637][T13295]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  211.707666][T13295]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.707763][T13295] RIP: 0033:0x7f5bd3b3ebe9
[  211.707781][T13295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.707924][T13295] RSP: 002b:00007f5bd25a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  211.707947][T13295] RAX: ffffffffffffffda RBX: 00007f5bd3d65fa0 RCX: 00007f5bd3b3ebe9
[  211.707997][T13295] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
[  211.708014][T13295] RBP: 00007f5bd25a7090 R08: 0000000000000000 R09: 0000000000000000
[  211.708030][T13295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  211.708045][T13295] R13: 00007f5bd3d66038 R14: 00007f5bd3d65fa0 R15: 00007fff39ee70f8
[  211.708098][T13295]  </TASK>
[  211.935803][T13299] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3294'.
[  211.953078][T13299] loop6: detected capacity change from 0 to 512
[  211.962273][T13299] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  211.976414][T13299] EXT4-fs (loop6): 1 truncate cleaned up
[  212.032311][T13310] lo speed is unknown, defaulting to 1000
[  212.113243][T13314] netlink: 'syz.6.3294': attribute type 27 has an invalid length.
[  212.122235][ T3529] usb 15-1: enqueue for inactive port 0
[  212.129476][ T3529] usb 15-1: enqueue for inactive port 0
[  212.136415][T13317] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3299'.
[  212.150619][T13317] loop4: detected capacity change from 0 to 512
[  212.158141][T13317] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  212.179665][T13317] EXT4-fs (loop4): 1 truncate cleaned up
[  212.187397][T13320] loop7: detected capacity change from 0 to 1024
[  212.219768][ T3529] vhci_hcd: vhci_device speed not set
[  212.245507][T13326] loop7: detected capacity change from 0 to 128
[  212.304216][T13328] netlink: 'syz.4.3299': attribute type 27 has an invalid length.
[  212.389780][T13330] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3302'.
[  212.412494][T13330] loop2: detected capacity change from 0 to 512
[  212.459062][T13330] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  212.491624][T13330] EXT4-fs (loop2): 1 truncate cleaned up
[  212.649074][T13344] netlink: 'syz.2.3302': attribute type 27 has an invalid length.
[  212.745088][T13351] lo speed is unknown, defaulting to 1000
[  212.895545][T13356] loop6: detected capacity change from 0 to 512
[  212.902251][T13356] EXT4-fs: test_dummy_encryption option not supported
[  212.965283][T13363] loop7: detected capacity change from 0 to 512
[  212.972660][T13363] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  212.991980][T13363] ext4 filesystem being mounted at /359/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  213.050191][T13367] loop8: detected capacity change from 0 to 128
[  213.126309][T13371] loop7: detected capacity change from 0 to 512
[  213.171183][T13371] ext4 filesystem being mounted at /361/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  213.319522][T13376] syzkaller0: entered promiscuous mode
[  213.325022][T13376] syzkaller0: entered allmulticast mode
[  213.332126][T13374] __nla_validate_parse: 3 callbacks suppressed
[  213.332140][T13374] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3316'.
[  213.362543][T13376] loop4: detected capacity change from 0 to 512
[  213.371925][T13376] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock
[  213.381641][T13376] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 not in group (block 1)!
[  213.391741][T13376] EXT4-fs (loop4): group descriptors corrupted!
[  213.426015][T13385] loop2: detected capacity change from 0 to 4096
[  213.593884][T13396] lo speed is unknown, defaulting to 1000
[  213.711890][T13385] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3321'.
[  214.040870][T13419] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3333'.
[  214.053464][T13402] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3327'.
[  214.066227][T13416] netlink: 11 bytes leftover after parsing attributes in process `syz.2.3332'.
[  214.070455][T13419] sd 0:0:1:0: device reset
[  214.158823][T13425] loop7: detected capacity change from 0 to 1024
[  214.186466][T13425] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 1 with error 28
[  214.199035][T13425] EXT4-fs (loop7): This should not happen!! Data will be lost
[  214.199035][T13425] 
[  214.208909][T13425] EXT4-fs (loop7): Total free blocks count 0
[  214.215000][T13425] EXT4-fs (loop7): Free/Dirty block details
[  214.220920][T13425] EXT4-fs (loop7): free_blocks=0
[  214.225854][T13425] EXT4-fs (loop7): dirty_blocks=0
[  214.230941][T13425] EXT4-fs (loop7): Block reservation details
[  214.236937][T13425] EXT4-fs (loop7): i_reserved_data_blocks=0
[  214.252522][T13407] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3328'.
[  214.302535][T13441] loop4: detected capacity change from 0 to 512
[  214.307428][T13439] lo speed is unknown, defaulting to 1000
[  214.312480][T13441] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  214.331314][T13441] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  214.409632][ T3529] hid_parser_main: 6 callbacks suppressed
[  214.409649][ T3529] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  214.423956][ T3529] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  214.534658][T13461] loop8: detected capacity change from 0 to 512
[  214.549742][T13461] ext4 filesystem being mounted at /253/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  214.571977][T13461] FAULT_INJECTION: forcing a failure.
[  214.571977][T13461] name failslab, interval 1, probability 0, space 0, times 0
[  214.584733][T13461] CPU: 1 UID: 0 PID: 13461 Comm: syz.8.3345 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  214.584832][T13461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  214.584845][T13461] Call Trace:
[  214.584852][T13461]  <TASK>
[  214.584859][T13461]  __dump_stack+0x1d/0x30
[  214.584882][T13461]  dump_stack_lvl+0xe8/0x140
[  214.584903][T13461]  dump_stack+0x15/0x1b
[  214.584985][T13461]  should_fail_ex+0x265/0x280
[  214.585011][T13461]  should_failslab+0x8c/0xb0
[  214.585041][T13461]  kmem_cache_alloc_noprof+0x50/0x310
[  214.585072][T13461]  ? getname_flags+0x80/0x3b0
[  214.585186][T13461]  getname_flags+0x80/0x3b0
[  214.585215][T13461]  do_sys_openat2+0x60/0x110
[  214.585256][T13461]  __x64_sys_creat+0x65/0x90
[  214.585297][T13461]  x64_sys_call+0x2d94/0x2ff0
[  214.585390][T13461]  do_syscall_64+0xd2/0x200
[  214.585422][T13461]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  214.585446][T13461]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  214.585471][T13461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.585553][T13461] RIP: 0033:0x7f9e72a4ebe9
[  214.585568][T13461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.585586][T13461] RSP: 002b:00007f9e714af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  214.585608][T13461] RAX: ffffffffffffffda RBX: 00007f9e72c75fa0 RCX: 00007f9e72a4ebe9
[  214.585621][T13461] RDX: 0000000000000000 RSI: ecf86c37d53049cc RDI: 0000000000000000
[  214.585633][T13461] RBP: 00007f9e714af090 R08: 0000000000000000 R09: 0000000000000000
[  214.585702][T13461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.585717][T13461] R13: 00007f9e72c76038 R14: 00007f9e72c75fa0 R15: 00007ffe62482148
[  214.585846][T13461]  </TASK>
[  214.813741][T13472] netlink: 36 bytes leftover after parsing attributes in process `syz.8.3349'.
[  214.827345][T13472] loop8: detected capacity change from 0 to 512
[  214.835040][T13472] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  214.849655][T13472] EXT4-fs (loop8): 1 truncate cleaned up
[  214.927043][T13478] sd 0:0:1:0: device reset
[  214.966330][T13479] netlink: 'syz.8.3349': attribute type 27 has an invalid length.
[  215.096092][T13483] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3351'.
[  215.108626][T13483] loop2: detected capacity change from 0 to 512
[  215.115664][T13483] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  215.127015][T13483] EXT4-fs (loop2): 1 truncate cleaned up
[  215.269364][T13486] netlink: 'syz.2.3351': attribute type 27 has an invalid length.
[  215.389253][T13490] syzkaller1: entered promiscuous mode
[  215.394747][T13490] syzkaller1: entered allmulticast mode
[  215.519847][T13499] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  215.676972][   T29] kauditd_printk_skb: 1589 callbacks suppressed
[  215.676988][   T29] audit: type=1400 audit(1754806728.242:10754): avc:  denied  { name_connect } for  pid=13505 comm="syz.8.3359" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  215.677359][T13504] loop4: detected capacity change from 0 to 512
[  215.712689][T13504] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  215.724508][T13504] EXT4-fs (loop4): 1 truncate cleaned up
[  216.021832][T13515] loop2: detected capacity change from 0 to 128
[  216.151390][T13517] loop2: detected capacity change from 0 to 512
[  216.159888][T13517] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  216.168066][T13517] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #13: comm syz.2.3363: iget: bad i_size value: 12154757448730
[  216.181057][T13517] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.3363: couldn't read orphan inode 13 (err -117)
[  216.196211][T13517] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3363'.
[  216.209488][   T29] audit: type=1400 audit(1754806728.782:10755): avc:  denied  { create } for  pid=13516 comm="syz.2.3363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  216.243155][T13521] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3364'.
[  216.254193][T13521] sd 0:0:1:0: device reset
[  216.294785][T13529] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  216.311997][   T29] audit: type=1400 audit(1754806728.882:10756): avc:  denied  { write } for  pid=13530 comm="syz.2.3369" name="001" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  216.313009][T13531] FAULT_INJECTION: forcing a failure.
[  216.313009][T13531] name failslab, interval 1, probability 0, space 0, times 0
[  216.347578][T13531] CPU: 0 UID: 0 PID: 13531 Comm: syz.2.3369 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  216.347598][T13531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  216.347641][T13531] Call Trace:
[  216.347645][T13531]  <TASK>
[  216.347650][T13531]  __dump_stack+0x1d/0x30
[  216.347664][T13531]  dump_stack_lvl+0xe8/0x140
[  216.347685][T13531]  dump_stack+0x15/0x1b
[  216.347695][T13531]  should_fail_ex+0x265/0x280
[  216.347724][T13531]  should_failslab+0x8c/0xb0
[  216.347739][T13531]  kmem_cache_alloc_node_noprof+0x57/0x320
[  216.347757][T13531]  ? __alloc_skb+0x101/0x320
[  216.347783][T13531]  __alloc_skb+0x101/0x320
[  216.347802][T13531]  netlink_alloc_large_skb+0xba/0xf0
[  216.347822][T13531]  netlink_sendmsg+0x3cf/0x6b0
[  216.347879][T13531]  ? __pfx_netlink_sendmsg+0x10/0x10
[  216.347892][T13531]  __sock_sendmsg+0x142/0x180
[  216.347910][T13531]  ____sys_sendmsg+0x31e/0x4e0
[  216.347931][T13531]  ___sys_sendmsg+0x17b/0x1d0
[  216.347951][T13531]  __x64_sys_sendmsg+0xd4/0x160
[  216.347999][T13531]  x64_sys_call+0x191e/0x2ff0
[  216.348014][T13531]  do_syscall_64+0xd2/0x200
[  216.348030][T13531]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  216.348101][T13531]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  216.348116][T13531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.348129][T13531] RIP: 0033:0x7fd49447ebe9
[  216.348139][T13531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.348150][T13531] RSP: 002b:00007fd492ee7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  216.348171][T13531] RAX: ffffffffffffffda RBX: 00007fd4946a5fa0 RCX: 00007fd49447ebe9
[  216.348282][T13531] RDX: 0000000004000000 RSI: 0000200000000000 RDI: 0000000000000006
[  216.348297][T13531] RBP: 00007fd492ee7090 R08: 0000000000000000 R09: 0000000000000000
[  216.348313][T13531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.348329][T13531] R13: 00007fd4946a6038 R14: 00007fd4946a5fa0 R15: 00007ffc85286f48
[  216.348351][T13531]  </TASK>
[  216.662706][   T29] audit: type=1400 audit(1754806729.232:10757): avc:  denied  { name_bind } for  pid=13542 comm="syz.4.3373" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  216.716200][T13551] loop2: detected capacity change from 0 to 1024
[  216.725215][T13551] EXT4-fs: Ignoring removed nobh option
[  216.730813][T13551] EXT4-fs: inline encryption not supported
[  216.738092][   T29] audit: type=1400 audit(1754806729.302:10758): avc:  denied  { create } for  pid=13555 comm="syz.4.3377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  216.757950][   T29] audit: type=1326 audit(1754806729.302:10759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13552 comm="syz.6.3376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  216.784704][   T29] audit: type=1326 audit(1754806729.312:10760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13552 comm="syz.6.3376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  216.808312][   T29] audit: type=1326 audit(1754806729.312:10761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13552 comm="syz.6.3376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  216.831916][   T29] audit: type=1326 audit(1754806729.312:10762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13552 comm="syz.6.3376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  216.855524][   T29] audit: type=1326 audit(1754806729.312:10763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13552 comm="syz.6.3376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  216.894888][T13551] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.3374: Allocating blocks 385-513 which overlap fs metadata
[  216.912255][T13568] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  217.028068][T13583] loop7: detected capacity change from 0 to 136
[  217.092615][T13586] Symlink component flag not implemented
[  217.098571][T13586] Symlink component flag not implemented (108)
[  217.105050][T13586] Symlink component flag not implemented (108)
[  217.455518][T13588] syzkaller1: entered promiscuous mode
[  217.461137][T13588] syzkaller1: entered allmulticast mode
[  217.541851][T13550] EXT4-fs (loop2): pa ffff888107273620: logic 16, phys. 129, len 24
[  217.549922][T13550] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  217.586084][T13596] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  217.611126][T13598] loop2: detected capacity change from 0 to 512
[  217.630109][T13598] ext4 filesystem being mounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  217.651225][T13598] bridge0: port 3(macvlan2) entered blocking state
[  217.657756][T13598] bridge0: port 3(macvlan2) entered disabled state
[  217.664597][T13598] macvlan2: entered allmulticast mode
[  217.670012][T13598] bridge0: entered allmulticast mode
[  217.675969][T13598] macvlan2: left allmulticast mode
[  217.681582][T13598] bridge0: left allmulticast mode
[  217.748901][T13605] loop2: detected capacity change from 0 to 512
[  217.755548][T13605] journal_path: Non-blockdev passed as './file2'
[  217.761925][T13605] EXT4-fs: error: could not find journal device path
[  217.844092][T13613] loop2: detected capacity change from 0 to 512
[  217.871810][T13613] ext4 filesystem being mounted at /26/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  218.005489][T13623] syzkaller1: entered promiscuous mode
[  218.011107][T13623] syzkaller1: entered allmulticast mode
[  218.079833][T13629] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  218.507225][T13651] loop4: detected capacity change from 0 to 8192
[  218.514906][T13651] FAT-fs (loop4): bogus number of directory entries (9)
[  218.521895][T13651] FAT-fs (loop4): Can't find a valid FAT filesystem
[  218.710136][T13094] EXT4-fs unmount: 64 callbacks suppressed
[  218.710171][T13094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.796439][T13663] syzkaller1: entered promiscuous mode
[  218.802055][T13663] syzkaller1: entered allmulticast mode
[  219.017580][T13672] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  219.080258][T13679] netlink: 'syz.7.3421': attribute type 21 has an invalid length.
[  219.133316][T13679] lo speed is unknown, defaulting to 1000
[  219.363016][T13692] loop2: detected capacity change from 0 to 512
[  219.399173][T13692] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  219.418296][T13692] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  219.590043][T13710] loop8: detected capacity change from 0 to 1024
[  219.597346][T13710] EXT4-fs: Ignoring removed nobh option
[  219.603017][T13710] EXT4-fs: inline encryption not supported
[  219.620478][T13711] __nla_validate_parse: 3 callbacks suppressed
[  219.620492][T13711] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3425'.
[  219.672898][T13710] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  219.711907][T13710] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4183: comm syz.8.3432: Allocating blocks 385-513 which overlap fs metadata
[  220.023767][T13724] loop4: detected capacity change from 0 to 1024
[  220.039940][T13724] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  220.083241][T13724] tipc: Failed to obtain node identity
[  220.088869][T13724] tipc: Enabling of bearer <ib:caif0> rejected, failed to enable media
[  220.098263][T13724] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.3437: Allocating blocks 497-513 which overlap fs metadata
[  220.119277][T13724] EXT4-fs (loop4): pa ffff8881072daaf0: logic 256, phys. 369, len 9
[  220.127310][T13724] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[  220.139476][T13724] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  220.192605][T11607] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.203484][T13094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.253134][T13744] FAULT_INJECTION: forcing a failure.
[  220.253134][T13744] name failslab, interval 1, probability 0, space 0, times 0
[  220.265920][T13744] CPU: 0 UID: 0 PID: 13744 Comm: syz.4.3446 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  220.265961][T13744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  220.265976][T13744] Call Trace:
[  220.265984][T13744]  <TASK>
[  220.266040][T13744]  __dump_stack+0x1d/0x30
[  220.266071][T13744]  dump_stack_lvl+0xe8/0x140
[  220.266170][T13744]  dump_stack+0x15/0x1b
[  220.266190][T13744]  should_fail_ex+0x265/0x280
[  220.266216][T13744]  should_failslab+0x8c/0xb0
[  220.266295][T13744]  kmem_cache_alloc_node_noprof+0x57/0x320
[  220.266329][T13744]  ? dup_task_struct+0x70/0x6a0
[  220.266386][T13744]  dup_task_struct+0x70/0x6a0
[  220.266412][T13744]  ? _parse_integer+0x27/0x40
[  220.266435][T13744]  copy_process+0x399/0x2000
[  220.266461][T13744]  ? kstrtouint+0x76/0xc0
[  220.266482][T13744]  ? kstrtouint_from_user+0x9f/0xf0
[  220.266567][T13744]  ? __rcu_read_unlock+0x4f/0x70
[  220.266591][T13744]  kernel_clone+0x16c/0x5c0
[  220.266619][T13744]  ? vfs_write+0x7e8/0x960
[  220.266644][T13744]  __x64_sys_clone+0xe6/0x120
[  220.266684][T13744]  x64_sys_call+0x119c/0x2ff0
[  220.266708][T13744]  do_syscall_64+0xd2/0x200
[  220.266738][T13744]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  220.266765][T13744]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  220.266841][T13744]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.266928][T13744] RIP: 0033:0x7fe85076ebe9
[  220.266953][T13744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.266978][T13744] RSP: 002b:00007fe84f1cefe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  220.266997][T13744] RAX: ffffffffffffffda RBX: 00007fe850995fa0 RCX: 00007fe85076ebe9
[  220.267038][T13744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000060000400
[  220.267052][T13744] RBP: 00007fe84f1cf090 R08: 0000000000000000 R09: 0000000000000000
[  220.267066][T13744] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  220.267081][T13744] R13: 00007fe850996038 R14: 00007fe850995fa0 R15: 00007fff54afafe8
[  220.267104][T13744]  </TASK>
[  220.473913][T13709] EXT4-fs (loop8): pa ffff888107273700: logic 16, phys. 129, len 24
[  220.481953][T13709] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  220.495206][T13749] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3449'.
[  220.507214][T13749] loop4: detected capacity change from 0 to 512
[  220.515223][T13749] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  220.529750][T13752] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  220.538750][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.550745][T13749] EXT4-fs (loop4): 1 truncate cleaned up
[  220.558705][T13749] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  220.587253][T13756] lo speed is unknown, defaulting to 1000
[  220.596362][T13758] loop2: detected capacity change from 0 to 256
[  220.612419][T13758] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13758 comm=syz.2.3453
[  220.698570][T13765] netlink: 'syz.4.3449': attribute type 27 has an invalid length.
[  220.712237][   T29] kauditd_printk_skb: 172 callbacks suppressed
[  220.712251][   T29] audit: type=1400 audit(1754806733.282:10934): avc:  denied  { read } for  pid=13766 comm="syz.8.3455" name="usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  220.741969][   T29] audit: type=1400 audit(1754806733.282:10935): avc:  denied  { open } for  pid=13766 comm="syz.8.3455" path="/dev/usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  220.768599][T13769] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3455'.
[  220.798290][   T29] audit: type=1400 audit(1754806733.342:10936): avc:  denied  { ioctl } for  pid=13766 comm="syz.8.3455" path="/dev/usbmon0" dev="devtmpfs" ino=141 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  220.909897][   T29] audit: type=1326 audit(1754806733.472:10937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz.7.3457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  220.933497][   T29] audit: type=1326 audit(1754806733.472:10938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz.7.3457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  220.957118][   T29] audit: type=1326 audit(1754806733.472:10939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz.7.3457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  220.982272][T13777] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3459'.
[  220.994785][T13779] FAULT_INJECTION: forcing a failure.
[  220.994785][T13779] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  221.007979][T13779] CPU: 1 UID: 0 PID: 13779 Comm: syz.8.3458 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  221.008013][T13779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  221.008028][T13779] Call Trace:
[  221.008034][T13779]  <TASK>
[  221.008042][T13779]  __dump_stack+0x1d/0x30
[  221.008116][T13779]  dump_stack_lvl+0xe8/0x140
[  221.008140][T13779]  dump_stack+0x15/0x1b
[  221.008161][T13779]  should_fail_ex+0x265/0x280
[  221.008187][T13779]  should_fail+0xb/0x20
[  221.008207][T13779]  should_fail_usercopy+0x1a/0x20
[  221.008233][T13779]  _copy_to_user+0x20/0xa0
[  221.008323][T13779]  simple_read_from_buffer+0xb5/0x130
[  221.008379][T13779]  proc_fail_nth_read+0x10e/0x150
[  221.008472][T13779]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  221.008549][T13779]  vfs_read+0x1a8/0x770
[  221.008569][T13779]  ? __fput+0x555/0x650
[  221.008604][T13779]  ? __rcu_read_unlock+0x4f/0x70
[  221.008630][T13779]  ? __fget_files+0x184/0x1c0
[  221.008715][T13779]  ksys_read+0xda/0x1a0
[  221.008741][T13779]  __x64_sys_read+0x40/0x50
[  221.008763][T13779]  x64_sys_call+0x27bc/0x2ff0
[  221.008799][T13779]  do_syscall_64+0xd2/0x200
[  221.008831][T13779]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  221.008904][T13779]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  221.008934][T13779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.008990][T13779] RIP: 0033:0x7f9e72a4d5fc
[  221.009006][T13779] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  221.009029][T13779] RSP: 002b:00007f9e714af030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  221.009052][T13779] RAX: ffffffffffffffda RBX: 00007f9e72c75fa0 RCX: 00007f9e72a4d5fc
[  221.009076][T13779] RDX: 000000000000000f RSI: 00007f9e714af0a0 RDI: 0000000000000003
[  221.009091][T13779] RBP: 00007f9e714af090 R08: 0000000000000000 R09: 0000000000000000
[  221.009105][T13779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  221.009117][T13779] R13: 00007f9e72c76038 R14: 00007f9e72c75fa0 R15: 00007ffe62482148
[  221.009136][T13779]  </TASK>
[  221.305816][T13786] loop2: detected capacity change from 0 to 512
[  221.323975][T13787] netlink: 'syz.7.3459': attribute type 27 has an invalid length.
[  221.338702][T13786] EXT4-fs: Ignoring removed oldalloc option
[  221.376047][T13786] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.3461: Parent and EA inode have the same ino 15
[  221.416265][T13786] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.3461: Parent and EA inode have the same ino 15
[  221.430224][T13786] EXT4-fs (loop2): 1 orphan inode deleted
[  221.450324][T13786] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.468109][T11607] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.543429][T13796] syzkaller1: entered promiscuous mode
[  221.549364][T13796] syzkaller1: entered allmulticast mode
[  221.656786][T13799] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3466'.
[  221.686765][T13799] sd 0:0:1:0: device reset
[  221.699625][T13094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.741744][T13801] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3467'.
[  221.769881][T13801] sd 0:0:1:0: device reset
[  221.808639][ T3529] usb usb8-port1: attempt power cycle
[  221.928627][T13818] syzkaller1: entered promiscuous mode
[  221.934134][T13818] syzkaller1: entered allmulticast mode
[  221.963338][   T29] audit: type=1326 audit(1754806734.532:10940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13820 comm="syz.4.3475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe85076ebe9 code=0x7ffc0000
[  221.987046][   T29] audit: type=1326 audit(1754806734.532:10941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13820 comm="syz.4.3475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe85076ebe9 code=0x7ffc0000
[  222.010678][   T29] audit: type=1326 audit(1754806734.532:10942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13820 comm="syz.4.3475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7fe85076ebe9 code=0x7ffc0000
[  222.034531][   T29] audit: type=1326 audit(1754806734.532:10943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13820 comm="syz.4.3475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe85076ebe9 code=0x7ffc0000
[  222.064341][T13823] syzkaller1: entered promiscuous mode
[  222.069891][T13823] syzkaller1: entered allmulticast mode
[  222.171707][T13836] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3481'.
[  222.190208][T13836] sd 0:0:1:0: device reset
[  222.207137][T13838] loop4: detected capacity change from 0 to 128
[  222.319129][T13849] veth0_vlan: entered allmulticast mode
[  222.374763][T13851] loop4: detected capacity change from 0 to 1024
[  222.399510][T13853] veth0_vlan: left promiscuous mode
[  222.407879][T13851] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.423944][T13853] veth0_vlan: entered promiscuous mode
[  222.447494][T13851] netlink: 8 bytes leftover after parsing attributes in process `'.
[  222.481077][T13851] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm : corrupted in-inode xattr: invalid ea_ino
[  222.539661][T13869] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3495'.
[  222.566201][T13872] FAULT_INJECTION: forcing a failure.
[  222.566201][T13872] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  222.579384][T13872] CPU: 1 UID: 0 PID: 13872 Comm: syz.2.3497 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  222.579441][T13872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  222.579455][T13872] Call Trace:
[  222.579461][T13872]  <TASK>
[  222.579468][T13872]  __dump_stack+0x1d/0x30
[  222.579490][T13872]  dump_stack_lvl+0xe8/0x140
[  222.579583][T13872]  dump_stack+0x15/0x1b
[  222.579602][T13872]  should_fail_ex+0x265/0x280
[  222.579623][T13872]  should_fail+0xb/0x20
[  222.579664][T13872]  should_fail_usercopy+0x1a/0x20
[  222.579695][T13872]  _copy_from_user+0x1c/0xb0
[  222.579726][T13872]  do_sock_getsockopt+0xf1/0x240
[  222.579749][T13872]  __x64_sys_getsockopt+0x11e/0x1a0
[  222.579795][T13872]  x64_sys_call+0x2bc6/0x2ff0
[  222.579820][T13872]  do_syscall_64+0xd2/0x200
[  222.579902][T13872]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  222.580023][T13872]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  222.580110][T13872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.580134][T13872] RIP: 0033:0x7fd49447ebe9
[  222.580151][T13872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  222.580213][T13872] RSP: 002b:00007fd492ee7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  222.580241][T13872] RAX: ffffffffffffffda RBX: 00007fd4946a5fa0 RCX: 00007fd49447ebe9
[  222.580254][T13872] RDX: 0000000000000001 RSI: 0000000000000006 RDI: 0000000000000004
[  222.580268][T13872] RBP: 00007fd492ee7090 R08: 0000200000000100 R09: 0000000000000000
[  222.580282][T13872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  222.580295][T13872] R13: 00007fd4946a6038 R14: 00007fd4946a5fa0 R15: 00007ffc85286f48
[  222.580316][T13872]  </TASK>
[  222.779411][T13879] lo speed is unknown, defaulting to 1000
[  222.894237][T13883] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3502'.
[  223.311594][T13907] FAULT_INJECTION: forcing a failure.
[  223.311594][T13907] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  223.324712][T13907] CPU: 1 UID: 0 PID: 13907 Comm: syz.8.3510 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  223.324745][T13907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  223.324806][T13907] Call Trace:
[  223.324813][T13907]  <TASK>
[  223.324822][T13907]  __dump_stack+0x1d/0x30
[  223.324844][T13907]  dump_stack_lvl+0xe8/0x140
[  223.324864][T13907]  dump_stack+0x15/0x1b
[  223.324888][T13907]  should_fail_ex+0x265/0x280
[  223.324912][T13907]  should_fail+0xb/0x20
[  223.325007][T13907]  should_fail_usercopy+0x1a/0x20
[  223.325034][T13907]  _copy_from_user+0x1c/0xb0
[  223.325068][T13907]  __sys_bpf+0x178/0x7b0
[  223.325105][T13907]  __x64_sys_bpf+0x41/0x50
[  223.325148][T13907]  x64_sys_call+0x2aea/0x2ff0
[  223.325174][T13907]  do_syscall_64+0xd2/0x200
[  223.325207][T13907]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  223.325237][T13907]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  223.325267][T13907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.325332][T13907] RIP: 0033:0x7f9e72a4ebe9
[  223.325347][T13907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.325365][T13907] RSP: 002b:00007f9e714af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  223.325384][T13907] RAX: ffffffffffffffda RBX: 00007f9e72c75fa0 RCX: 00007f9e72a4ebe9
[  223.325398][T13907] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  223.325427][T13907] RBP: 00007f9e714af090 R08: 0000000000000000 R09: 0000000000000000
[  223.325442][T13907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  223.325456][T13907] R13: 00007f9e72c76038 R14: 00007f9e72c75fa0 R15: 00007ffe62482148
[  223.325477][T13907]  </TASK>
[  223.581244][T13915] loop8: detected capacity change from 0 to 512
[  223.588302][T13915] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  223.601580][T13915] EXT4-fs (loop8): 1 truncate cleaned up
[  223.607679][T13915] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  223.718579][ T3529] usb usb8-port1: unable to enumerate USB device
[  223.747425][T13918] netlink: 'syz.8.3513': attribute type 27 has an invalid length.
[  223.834109][T13924] unsupported nla_type 52263
[  223.846447][T13924] loop6: detected capacity change from 0 to 512
[  223.953166][T11607] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.964311][T13924] EXT4-fs (loop6): too many log groups per flexible block group
[  223.972029][T13924] EXT4-fs (loop6): failed to initialize mballoc (-12)
[  223.979199][T13924] EXT4-fs (loop6): mount failed
[  224.054638][T13924] loop6: detected capacity change from 0 to 128
[  224.141244][T13929] lo speed is unknown, defaulting to 1000
[  224.209800][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811ac22000: rx timeout, send abort
[  224.218081][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811ac22000: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  224.232461][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811ac22200: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  224.300628][T13943] lo speed is unknown, defaulting to 1000
[  224.335732][T13929] chnl_net:caif_netlink_parms(): no params data found
[  224.559355][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.603657][T13929] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.610768][T13929] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.623961][T13929] bridge_slave_0: entered allmulticast mode
[  224.630664][T13929] bridge_slave_0: entered promiscuous mode
[  224.637178][T13966] syzkaller1: entered promiscuous mode
[  224.642758][T13966] syzkaller1: entered allmulticast mode
[  224.671521][T13929] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.678702][T13929] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.688314][T13929] bridge_slave_1: entered allmulticast mode
[  224.694884][T13929] bridge_slave_1: entered promiscuous mode
[  224.765832][T13971] syzkaller1: entered promiscuous mode
[  224.771420][T13971] syzkaller1: entered allmulticast mode
[  224.781171][T13929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  224.826496][T13929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  224.835737][T13977] loop6: detected capacity change from 0 to 1024
[  224.860439][T13929] team0: Port device team_slave_0 added
[  224.867170][T13929] team0: Port device team_slave_1 added
[  224.882130][T13977] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  224.899088][T13979] __nla_validate_parse: 4 callbacks suppressed
[  224.899104][T13979] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3532'.
[  224.915833][T13929] batman_adv: batadv0: Adding interface: batadv_slave_0
[  224.922859][T13929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  224.948777][T13929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  224.982898][T13977] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4183: comm syz.6.3531: Allocating blocks 449-513 which overlap fs metadata
[  224.989132][T13929] batman_adv: batadv0: Adding interface: batadv_slave_1
[  225.003841][T13929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.029944][T13929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  225.058888][T13929] hsr_slave_0: entered promiscuous mode
[  225.064999][T13929] hsr_slave_1: entered promiscuous mode
[  225.094918][T13929] debugfs: 'hsr0' already exists in 'hsr'
[  225.100730][T13929] Cannot create hsr debugfs directory
[  225.106442][T13977] netlink: 552 bytes leftover after parsing attributes in process `syz.6.3531'.
[  225.150796][T13977] EXT4-fs (loop6): pa ffff8881072dad90: logic 48, phys. 177, len 21
[  225.158854][T13977] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4
[  225.224224][ T8022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.249107][T12263] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.343600][T12263] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.357281][T13929] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  225.373090][T14004] syzkaller1: entered promiscuous mode
[  225.378692][T14004] syzkaller1: entered allmulticast mode
[  225.394546][T13929] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  225.427223][T12263] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.440190][T13929] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  225.451851][T13929] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  225.481292][T14013] lo speed is unknown, defaulting to 1000
[  225.495233][T14023] loop2: detected capacity change from 0 to 512
[  225.503107][T14023] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  225.518343][T14023] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.3545: invalid indirect mapped block 4294967295 (level 0)
[  225.537100][T14023] EXT4-fs (loop2): Remounting filesystem read-only
[  225.544567][T14023] EXT4-fs (loop2): 1 orphan inode deleted
[  225.550552][T14023] EXT4-fs (loop2): 1 truncate cleaned up
[  225.557214][T14023] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.557508][T12263] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  225.598116][T13929] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.610691][T13094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.670032][T13929] 8021q: adding VLAN 0 to HW filter on device team0
[  225.693890][T11001] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.701222][T11001] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.718492][T12263] bridge_slave_1: left allmulticast mode
[  225.724164][T12263] bridge_slave_1: left promiscuous mode
[  225.730114][T12263] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.742059][T12263] bridge_slave_0: left allmulticast mode
[  225.747715][T12263] bridge_slave_0: left promiscuous mode
[  225.753467][T12263] bridge0: port 1(bridge_slave_0) entered disabled state
[  225.763338][   T29] kauditd_printk_skb: 34 callbacks suppressed
[  225.763352][   T29] audit: type=1400 audit(1754806738.332:10978): avc:  denied  { bind } for  pid=14033 comm="syz.2.3549" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  225.790048][   T29] audit: type=1400 audit(1754806738.332:10979): avc:  denied  { name_bind } for  pid=14033 comm="syz.2.3549" src=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  225.800961][T14038] loop6: detected capacity change from 0 to 512
[  225.810928][   T29] audit: type=1400 audit(1754806738.332:10980): avc:  denied  { node_bind } for  pid=14033 comm="syz.2.3549" saddr=fe80::aa src=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  225.840957][T14038] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  225.880708][T14038] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #16: comm syz.6.3550: invalid indirect mapped block 4294967295 (level 0)
[  225.905045][T14038] EXT4-fs (loop6): Remounting filesystem read-only
[  225.912253][T14038] EXT4-fs (loop6): 1 orphan inode deleted
[  225.917987][T14038] EXT4-fs (loop6): 1 truncate cleaned up
[  225.924131][T14038] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.941743][T12263] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  225.954748][ T8022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.964129][T12263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  225.975406][T12263] bond0 (unregistering): Released all slaves
[  225.984369][T12263] bond1 (unregistering): Released all slaves
[  225.996961][T13929] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  226.007383][T13929] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  226.020661][T14058] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3554'.
[  226.037758][T11001] bridge0: port 2(bridge_slave_1) entered blocking state
[  226.044976][T11001] bridge0: port 2(bridge_slave_1) entered forwarding state
[  226.065561][T14050] syzkaller1: entered promiscuous mode
[  226.071333][T14050] syzkaller1: entered allmulticast mode
[  226.125138][T12263] hsr_slave_0: left promiscuous mode
[  226.133677][T12263] hsr_slave_1: left promiscuous mode
[  226.140947][T12263] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  226.148354][T12263] batman_adv: batadv0: Removing interface: batadv_slave_0
[  226.158520][T12263] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  226.165935][T12263] batman_adv: batadv0: Removing interface: batadv_slave_1
[  226.180419][T14068] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3558'.
[  226.191254][T12263] veth1_macvtap: left promiscuous mode
[  226.196792][T12263] veth0_macvtap: left promiscuous mode
[  226.211293][T12263] veth1_vlan: left promiscuous mode
[  226.216633][T12263] veth0_vlan: left promiscuous mode
[  226.247007][T14071] loop8: detected capacity change from 0 to 1024
[  226.265768][T14073] loop2: detected capacity change from 0 to 128
[  226.287944][T14071] EXT4-fs: Ignoring removed nobh option
[  226.293574][T14071] EXT4-fs: inline encryption not supported
[  226.324889][T14071] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  226.339839][T12263] team0 (unregistering): Port device team_slave_1 removed
[  226.342068][T14077] netlink: 'syz.7.3558': attribute type 27 has an invalid length.
[  226.357947][T14071] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4183: comm syz.8.3557: Allocating blocks 385-513 which overlap fs metadata
[  226.373583][T12263] team0 (unregistering): Port device team_slave_0 removed
[  226.417007][T14075] lo speed is unknown, defaulting to 1000
[  226.428272][T13929] 8021q: adding VLAN 0 to HW filter on device batadv0
[  226.648907][T13929] veth0_vlan: entered promiscuous mode
[  226.664127][T13929] veth1_vlan: entered promiscuous mode
[  226.707374][T13929] veth0_macvtap: entered promiscuous mode
[  226.724545][T13929] veth1_macvtap: entered promiscuous mode
[  226.746794][T13929] batman_adv: batadv0: Interface activated: batadv_slave_0
[  226.763218][T13929] batman_adv: batadv0: Interface activated: batadv_slave_1
[  226.774169][T12257] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  226.792407][T12257] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  226.808170][T12257] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  226.823132][T12257] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  226.916732][T14108] netlink: 36 bytes leftover after parsing attributes in process `syz.9.3565'.
[  226.928536][T14108] loop9: detected capacity change from 0 to 512
[  226.935712][T14108] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  226.948106][T14108] EXT4-fs (loop9): 1 truncate cleaned up
[  226.954255][T14108] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.012345][T14111] syzkaller1: entered promiscuous mode
[  227.017915][T14111] syzkaller1: entered allmulticast mode
[  227.074375][T14069] EXT4-fs (loop8): pa ffff888107273e70: logic 16, phys. 129, len 24
[  227.082449][T14069] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  227.119637][T14113] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(12)
[  227.126307][T14113] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  227.133826][T14113] vhci_hcd vhci_hcd.0: Device attached
[  227.140282][T14113] netlink: 'syz.9.3565': attribute type 27 has an invalid length.
[  227.160342][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.189075][   T29] audit: type=1326 audit(1754806739.762:10981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14122 comm="syz.7.3571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  227.218410][   T29] audit: type=1326 audit(1754806739.782:10982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14122 comm="syz.7.3571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  227.242134][   T29] audit: type=1326 audit(1754806739.782:10983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14122 comm="syz.7.3571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  227.292782][T14130] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3573'.
[  227.309993][T14132] loop2: detected capacity change from 0 to 512
[  227.317051][T14132] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  227.330862][T14125] lo speed is unknown, defaulting to 1000
[  227.362651][T14132] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  227.380115][ T3529] usb 19-1: new low-speed USB device number 2 using vhci_hcd
[  227.422035][T14132] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  227.476068][   T29] audit: type=1400 audit(1754806740.042:10984): avc:  denied  { bind } for  pid=14142 comm="syz.7.3577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  227.498994][T14143] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.522107][T13094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  227.534881][T14147] syzkaller1: entered promiscuous mode
[  227.540489][T14147] syzkaller1: entered allmulticast mode
[  227.566023][   T29] audit: type=1400 audit(1754806740.132:10985): avc:  denied  { open } for  pid=14150 comm="syz.2.3579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  227.585532][   T29] audit: type=1400 audit(1754806740.132:10986): avc:  denied  { perfmon } for  pid=14150 comm="syz.2.3579" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  227.606701][   T29] audit: type=1400 audit(1754806740.132:10987): avc:  denied  { kernel } for  pid=14150 comm="syz.2.3579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  227.670380][T14143] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.688084][T14156] loop2: detected capacity change from 0 to 128
[  227.726197][T14160] loop8: detected capacity change from 0 to 128
[  227.735721][T14143] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.762040][T14116] vhci_hcd: connection reset by peer
[  227.767574][T11001] vhci_hcd: stop threads
[  227.771946][T11001] vhci_hcd: release socket
[  227.776358][T11001] vhci_hcd: disconnect device
[  227.840322][T14143] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.958089][T14173] loop8: detected capacity change from 0 to 512
[  227.965509][T14173] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  228.031060][T11001] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.047347][T11001] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.072104][T12247] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.082238][T14173] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  228.098423][T12247] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  228.106648][T14173] ext4 filesystem being mounted at /314/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  228.152337][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  228.312130][T13929] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.443735][T14205] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3604'.
[  228.479410][T14210] netlink: 'syz.8.3605': attribute type 1 has an invalid length.
[  228.539064][T14210] loop8: detected capacity change from 0 to 512
[  228.558044][T14210] EXT4-fs: Ignoring removed i_version option
[  228.580322][T14210] EXT4-fs (loop8): orphan cleanup on readonly fs
[  228.637257][T14229] loop9: detected capacity change from 0 to 1024
[  228.658452][T14210] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm syz.8.3605: bg 0: block 131: padding at end of block bitmap is not set
[  228.702791][T14229] EXT4-fs: Ignoring removed nomblk_io_submit option
[  228.710294][T14210] EXT4-fs (loop8): Remounting filesystem read-only
[  228.717105][T14210] EXT4-fs (loop8): 1 truncate cleaned up
[  228.737328][T14210] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  228.760754][T14229] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.779677][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.781276][T14245] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3618'.
[  228.812098][T14250] loop8: detected capacity change from 0 to 128
[  228.885799][T14259] loop2: detected capacity change from 0 to 512
[  228.894592][T14259] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  228.910043][T13929] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.920475][T14259] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  228.948145][T14259] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.007387][T13094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  229.027699][T14274] loop2: detected capacity change from 0 to 128
[  229.061393][T14281] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3631'.
[  229.074034][T14281] loop6: detected capacity change from 0 to 512
[  229.082498][T14277] FAULT_INJECTION: forcing a failure.
[  229.082498][T14277] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  229.082671][T14281] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  229.095590][T14277] CPU: 1 UID: 0 PID: 14277 Comm: syz.9.3626 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  229.095695][T14277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  229.095710][T14277] Call Trace:
[  229.095717][T14277]  <TASK>
[  229.095725][T14277]  __dump_stack+0x1d/0x30
[  229.095749][T14277]  dump_stack_lvl+0xe8/0x140
[  229.095771][T14277]  dump_stack+0x15/0x1b
[  229.095790][T14277]  should_fail_ex+0x265/0x280
[  229.095893][T14277]  should_fail+0xb/0x20
[  229.095913][T14277]  should_fail_usercopy+0x1a/0x20
[  229.095938][T14277]  _copy_to_user+0x20/0xa0
[  229.095971][T14277]  simple_read_from_buffer+0xb5/0x130
[  229.096030][T14277]  proc_fail_nth_read+0x10e/0x150
[  229.096121][T14277]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  229.096271][T14277]  vfs_read+0x1a8/0x770
[  229.096295][T14277]  ? __rcu_read_unlock+0x4f/0x70
[  229.096319][T14277]  ? __fget_files+0x184/0x1c0
[  229.096349][T14277]  ksys_read+0xda/0x1a0
[  229.096375][T14277]  __x64_sys_read+0x40/0x50
[  229.096477][T14277]  x64_sys_call+0x27bc/0x2ff0
[  229.096502][T14277]  do_syscall_64+0xd2/0x200
[  229.096592][T14277]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[  229.096684][T14277]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[  229.096711][T14277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.096736][T14277] RIP: 0033:0x7f0e28a3d5fc
[  229.096754][T14277] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  229.096774][T14277] RSP: 002b:00007f0e2747e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  229.096795][T14277] RAX: ffffffffffffffda RBX: 00007f0e28c66090 RCX: 00007f0e28a3d5fc
[  229.096879][T14277] RDX: 000000000000000f RSI: 00007f0e2747e0a0 RDI: 0000000000000007
[  229.096894][T14277] RBP: 00007f0e2747e090 R08: 0000000000000000 R09: 0000000000000000
[  229.096951][T14277] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
[  229.096983][T14277] R13: 00007f0e28c66128 R14: 00007f0e28c66090 R15: 00007fff8ac521f8
[  229.097003][T14277]  </TASK>
[  229.179081][T14284] netlink: 28 bytes leftover after parsing attributes in process `syz.9.3632'.
[  229.186069][T14281] EXT4-fs (loop6): 1 truncate cleaned up
[  229.321239][T14281] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.427581][T14298] loop9: detected capacity change from 0 to 128
[  229.463713][T14301] netlink: 'syz.6.3631': attribute type 27 has an invalid length.
[  229.486874][T14304] loop2: detected capacity change from 0 to 512
[  229.500270][T14304] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  229.522764][T14304] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  229.565381][T14304] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.593339][T13094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  229.618629][T14317] loop2: detected capacity change from 0 to 1024
[  229.626157][T14317] EXT4-fs: Ignoring removed nobh option
[  229.631834][T14317] EXT4-fs: inline encryption not supported
[  229.651599][T14317] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.669451][T14317] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.3644: Allocating blocks 385-513 which overlap fs metadata
[  229.781528][T14339] loop9: detected capacity change from 0 to 128
[  229.834807][T14345] loop9: detected capacity change from 0 to 512
[  229.851691][T14345] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  229.864264][T14345] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.882019][T14345] EXT4-fs error (device loop9): ext4_do_update_inode:5653: inode #2: comm syz.9.3655: corrupted inode contents
[  229.899744][T14345] EXT4-fs error (device loop9): ext4_dirty_inode:6538: inode #2: comm syz.9.3655: mark_inode_dirty error
[  229.920119][T14345] EXT4-fs error (device loop9): ext4_do_update_inode:5653: inode #2: comm syz.9.3655: corrupted inode contents
[  229.947143][ T8022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.957169][T14345] EXT4-fs error (device loop9): __ext4_ext_dirty:206: inode #2: comm syz.9.3655: mark_inode_dirty error
[  229.973159][T14348] __nla_validate_parse: 1 callbacks suppressed
[  229.973248][T14348] netlink: 272 bytes leftover after parsing attributes in process `syz.9.3655'.
[  230.019383][T14350] loop8: detected capacity change from 0 to 512
[  230.028533][T14350] journal_path: Non-blockdev passed as './bus'
[  230.034737][T14350] EXT4-fs: error: could not find journal device path
[  230.079502][T13929] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.291175][T14379] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3668'.
[  230.316018][T14379] loop8: detected capacity change from 0 to 512
[  230.329952][T14379] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  230.350501][T14379] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  230.361463][T14379] System zones: 0-2, 18-18, 34-34
[  230.370113][T14379] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.382942][T14379] ext4 filesystem being mounted at /328/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.413103][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.442169][T14316] EXT4-fs (loop2): pa ffff888107273230: logic 16, phys. 129, len 24
[  230.450277][T14316] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  230.468174][T14387] loop8: detected capacity change from 0 to 512
[  230.481007][T14388] netlink: 24 bytes leftover after parsing attributes in process `syz.9.3667'.
[  230.497337][T14387] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.513383][T13094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.535635][T14387] ext4 filesystem being mounted at /329/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.551402][T14392] loop2: detected capacity change from 0 to 512
[  230.560924][T14392] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  230.576566][T14387] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #2: comm syz.8.3669: corrupted inode contents
[  230.590639][T14387] EXT4-fs error (device loop8): ext4_dirty_inode:6538: inode #2: comm syz.8.3669: mark_inode_dirty error
[  230.602222][T14387] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #2: comm syz.8.3669: corrupted inode contents
[  230.620731][T14392] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[  230.629362][T14392] FAT-fs (loop2): Filesystem has been set read-only
[  230.638556][T14387] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #2: comm syz.8.3669: mark_inode_dirty error
[  230.676484][T14393] netlink: 272 bytes leftover after parsing attributes in process `syz.8.3669'.
[  230.782096][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.801753][   T29] kauditd_printk_skb: 125 callbacks suppressed
[  230.801769][   T29] audit: type=1400 audit(1754806743.372:11113): avc:  denied  { execute } for  pid=14397 comm="syz.7.3682" name="file0" dev="tmpfs" ino=2341 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  230.813363][T14400] netlink: 36 bytes leftover after parsing attributes in process `syz.8.3672'.
[  230.869788][   T29] audit: type=1400 audit(1754806743.372:11114): avc:  denied  { execute_no_trans } for  pid=14397 comm="syz.7.3682" path="/441/file0" dev="tmpfs" ino=2341 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  230.893503][   T29] audit: type=1400 audit(1754806743.382:11115): avc:  denied  { create } for  pid=14399 comm="syz.8.3672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  230.901946][T14400] loop8: detected capacity change from 0 to 512
[  230.914291][   T29] audit: type=1400 audit(1754806743.382:11116): avc:  denied  { write } for  pid=14399 comm="syz.8.3672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  230.946244][T14400] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  230.956470][   T29] audit: type=1400 audit(1754806743.442:11117): avc:  denied  { sqpoll } for  pid=14401 comm="syz.7.3673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  231.034482][T14400] EXT4-fs (loop8): 1 truncate cleaned up
[  231.040711][T14400] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.074207][T14409] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3675'.
[  231.122839][   T29] audit: type=1326 audit(1754806743.692:11118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14413 comm="syz.6.3678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  231.279739][T14419] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(12)
[  231.286432][T14419] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  231.293982][T14419] vhci_hcd vhci_hcd.0: Device attached
[  231.338649][T14420] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63650 sclass=netlink_route_socket pid=14420 comm=syz.6.3679
[  231.351779][   T29] audit: type=1326 audit(1754806743.712:11119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14413 comm="syz.6.3678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  231.358426][T14426] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3677'.
[  231.375403][   T29] audit: type=1326 audit(1754806743.712:11120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14413 comm="syz.6.3678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  231.389372][T14425] loop9: detected capacity change from 0 to 1024
[  231.407841][   T29] audit: type=1326 audit(1754806743.712:11121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14413 comm="syz.6.3678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  231.407877][   T29] audit: type=1326 audit(1754806743.712:11122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14413 comm="syz.6.3678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bd3b3ebe9 code=0x7ffc0000
[  231.443213][T14419] netlink: 'syz.8.3672': attribute type 27 has an invalid length.
[  231.489693][T14425] EXT4-fs: Ignoring removed nobh option
[  231.495356][T14425] EXT4-fs: inline encryption not supported
[  231.572582][T14425] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.588305][  T887] usb 17-1: new low-speed USB device number 4 using vhci_hcd
[  231.614407][T14425] EXT4-fs error (device loop9): ext4_mb_mark_diskspace_used:4183: comm syz.9.3680: Allocating blocks 385-513 which overlap fs metadata
[  231.860364][T14421] vhci_hcd: connection reset by peer
[  231.872443][   T31] vhci_hcd: stop threads
[  231.876752][   T31] vhci_hcd: release socket
[  231.881194][   T31] vhci_hcd: disconnect device
[  232.161558][T14424] EXT4-fs (loop9): pa ffff888107273850: logic 16, phys. 129, len 24
[  232.169590][T14424] EXT4-fs error (device loop9): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  232.234992][T13929] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.309288][T14465] loop9: detected capacity change from 0 to 128
[  232.365646][ T9890] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.429773][ T3529] usb 19-1: enqueue for inactive port 0
[  232.445621][ T3529] usb 19-1: enqueue for inactive port 0
[  232.538858][ T3529] vhci_hcd: vhci_device speed not set
[  232.637275][T14501] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3711'.
[  232.649667][T14503] netlink: 28 bytes leftover after parsing attributes in process `syz.9.3710'.
[  232.672808][T14501] loop6: detected capacity change from 0 to 512
[  232.681586][T14501] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  232.698923][T14501] EXT4-fs (loop6): 1 truncate cleaned up
[  232.730334][T14501] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.754240][T14505] loop9: detected capacity change from 0 to 4096
[  232.791787][T14505] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.831707][T14522] loop2: detected capacity change from 0 to 512
[  232.859718][T14501] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(12)
[  232.866406][T14501] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  232.874144][T14501] vhci_hcd vhci_hcd.0: Device attached
[  232.884493][T14522] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.3717: bg 0: block 16: invalid block bitmap
[  232.897905][T14501] netlink: 'syz.6.3711': attribute type 27 has an invalid length.
[  232.906654][T14523] vhci_hcd: connection closed
[  232.907431][T14522] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  232.908672][T12208] vhci_hcd: stop threads
[  232.912949][T14522] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.3717: invalid indirect mapped block 5 (level 0)
[  232.921088][T12208] vhci_hcd: release socket
[  232.939920][T14522] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.3717: invalid indirect mapped block 4294967295 (level 1)
[  232.942795][T12208] vhci_hcd: disconnect device
[  232.968910][T14527] loop8: detected capacity change from 0 to 128
[  232.976989][T14522] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.3717: invalid indirect mapped block 4294967295 (level 2)
[  232.998150][T14522] EXT4-fs (loop2): 1 truncate cleaned up
[  233.022057][T14522] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.025534][T14531] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3721'.
[  233.063828][T14531] sd 0:0:1:0: device reset
[  233.290492][T13094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.348960][T14555] lo speed is unknown, defaulting to 1000
[  233.484135][ T8022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.569242][T14566] netlink: 'syz.7.3734': attribute type 27 has an invalid length.
[  233.585799][   T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  233.593687][   T36] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  233.604060][T13929] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.681773][T14574] IPVS: Error connecting to the multicast addr
[  233.862299][T14597] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[  234.330155][T14647] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14647 comm=syz.8.3764
[  234.423349][T14653] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14653 comm=syz.7.3776
[  235.340395][T14698] loop2: detected capacity change from 0 to 128
[  235.456026][T14711] loop2: detected capacity change from 0 to 1024
[  235.523156][T14711] EXT4-fs: Ignoring removed nobh option
[  235.528836][T14711] EXT4-fs: inline encryption not supported
[  235.552864][T14711] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.614962][T14711] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.3787: Allocating blocks 385-513 which overlap fs metadata
[  235.803423][T14722] __nla_validate_parse: 9 callbacks suppressed
[  235.803439][T14722] netlink: 36 bytes leftover after parsing attributes in process `syz.9.3790'.
[  235.853575][T14722] loop9: detected capacity change from 0 to 512
[  235.863890][T14722] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  235.885293][T14722] EXT4-fs (loop9): 1 truncate cleaned up
[  235.892989][T14722] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.050513][T14727] netlink: 'syz.9.3790': attribute type 27 has an invalid length.
[  236.144883][   T29] kauditd_printk_skb: 3440 callbacks suppressed
[  236.144899][   T29] audit: type=1326 audit(1754806748.712:14563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14734 comm="syz.7.3795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  236.180926][   T29] audit: type=1326 audit(1754806748.712:14564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14734 comm="syz.7.3795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  236.204625][   T29] audit: type=1326 audit(1754806748.712:14565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14734 comm="syz.7.3795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  236.228311][   T29] audit: type=1326 audit(1754806748.712:14566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14734 comm="syz.7.3795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  236.251883][   T29] audit: type=1326 audit(1754806748.712:14567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14734 comm="syz.7.3795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  236.275436][   T29] audit: type=1326 audit(1754806748.712:14568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14734 comm="syz.7.3795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  236.299071][   T29] audit: type=1326 audit(1754806748.712:14569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14734 comm="syz.7.3795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  236.322639][   T29] audit: type=1326 audit(1754806748.712:14570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14734 comm="syz.7.3795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  236.346364][   T29] audit: type=1326 audit(1754806748.712:14571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14734 comm="syz.7.3795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  236.346828][T14710] EXT4-fs (loop2): pa ffff8881072daee0: logic 16, phys. 129, len 24
[  236.369954][   T29] audit: type=1326 audit(1754806748.712:14572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14734 comm="syz.7.3795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f9f0469ebe9 code=0x7ffc0000
[  236.401736][T14710] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8
[  236.441164][T13094] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  236.467506][T14739] loop2: detected capacity change from 0 to 128
[  236.592042][T14752] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3801'.
[  236.609733][T14752] loop6: detected capacity change from 0 to 512
[  236.617769][T14752] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  236.630585][T14752] EXT4-fs (loop6): 1 truncate cleaned up
[  236.648327][T14752] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  236.668587][  T887] usb 17-1: enqueue for inactive port 0
[  236.676133][  T887] usb 17-1: enqueue for inactive port 0
[  236.744944][T14752] ==================================================================
[  236.753072][T14752] BUG: KCSAN: data-race in __filemap_add_folio / filemap_write_and_wait_range
[  236.761955][T14752] 
[  236.764287][T14752] read-write to 0xffff888100671438 of 8 bytes by task 14756 on cpu 1:
[  236.772446][T14752]  __filemap_add_folio+0x5b9/0x7d0
[  236.777587][T14752]  filemap_add_folio+0x98/0x1b0
[  236.782450][T14752]  page_cache_ra_unbounded+0x1f3/0x380
[  236.787936][T14752]  page_cache_sync_ra+0x6ad/0x6c0
[  236.792975][T14752]  filemap_get_pages+0x2d0/0x1150
[  236.798007][T14752]  filemap_splice_read+0x3a9/0x740
[  236.803132][T14752]  ext4_file_splice_read+0x8f/0xb0
[  236.808254][T14752]  splice_direct_to_actor+0x26f/0x680
[  236.813622][T14752]  do_splice_direct+0xda/0x150
[  236.818380][T14752]  do_sendfile+0x380/0x650
[  236.822798][T14752]  __x64_sys_sendfile64+0x105/0x150
[  236.827996][T14752]  x64_sys_call+0x2bb0/0x2ff0
[  236.832668][T14752]  do_syscall_64+0xd2/0x200
[  236.837177][T14752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.843061][T14752] 
[  236.845369][T14752] read to 0xffff888100671438 of 8 bytes by task 14752 on cpu 0:
[  236.853003][T14752]  filemap_write_and_wait_range+0x59/0x340
[  236.858815][T14752]  ext4_file_write_iter+0xe04/0xf00
[  236.864015][T14752]  iter_file_splice_write+0x666/0x9e0
[  236.869378][T14752]  direct_splice_actor+0x153/0x2a0
[  236.874481][T14752]  splice_direct_to_actor+0x30f/0x680
[  236.879845][T14752]  do_splice_direct+0xda/0x150
[  236.884599][T14752]  do_sendfile+0x380/0x650
[  236.889275][T14752]  __x64_sys_sendfile64+0x105/0x150
[  236.894479][T14752]  x64_sys_call+0x2bb0/0x2ff0
[  236.899148][T14752]  do_syscall_64+0xd2/0x200
[  236.903665][T14752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.909561][T14752] 
[  236.911878][T14752] value changed: 0x0000000000000000 -> 0x0000000000000001
[  236.918972][T14752] 
[  236.921279][T14752] Reported by Kernel Concurrency Sanitizer on:
[  236.927424][T14752] CPU: 0 UID: 0 PID: 14752 Comm: syz.6.3801 Not tainted 6.16.0-syzkaller-12256-g561c80369df0 #0 PREEMPT(voluntary) 
[  236.939574][T14752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  236.949641][T14752] ==================================================================
[  236.960091][  T887] vhci_hcd: vhci_device speed not set
[  236.991912][T13929] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.006415][T14757] netlink: 'syz.6.3801': attribute type 27 has an invalid length.
[  237.437100][ T8022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.