last executing test programs:

14.408153136s ago: executing program 4 (id=2650):
r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000140)='asymmetric\x00', 0x0)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xffffffffffffffff, r3, 0x0)

14.382252759s ago: executing program 4 (id=2651):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10)
fsync(0xffffffffffffffff)

14.328111563s ago: executing program 4 (id=2652):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0)

13.912936062s ago: executing program 4 (id=2655):
r0 = syz_clone(0xaa106400, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000000000000000000000000400000000", @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x90, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
r5 = eventfd(0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)=<r8=>0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
read$eventfd(r5, &(0x7f00000001c0), 0x8)
ptrace(0x10, 0x1)
syz_usb_connect(0x0, 0x24, &(0x7f0000003cc0)=ANY=[], 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000080)={0x0, &(0x7f0000000280)})
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x2c, &(0x7f0000000400)=ANY=[@ANYRESDEC=r8], &(0x7f00000002c0)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r4, 0x0, 0x932}, 0x18)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
sched_setscheduler(0x0, 0x1, 0x0)
r10 = getpid()
sched_setscheduler(r10, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r11 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000100), 0x41, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y")
syz_emit_ethernet(0x52, &(0x7f0000000640)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYRES64=r6, @ANYRESDEC=r9, @ANYRES32=r2, @ANYRESDEC=r11, @ANYRES16=r0, @ANYBLOB="66dd3de60d718d8cbbcbb00f2d72baa2182857520e7c1c452777e98c6b"], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)

2.454917254s ago: executing program 1 (id=2782):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000005efe2100850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
sysfs$1(0x1, &(0x7f0000000600)='\x02v(,,@*\x00')

2.454026634s ago: executing program 1 (id=2783):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)=ANY=[@ANYBLOB="30000020000000001c"], 0x20)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x403, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pause()
r2 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)=ANY=[@ANYRESDEC=r2, @ANYRES8=r2, @ANYBLOB="62e4f1e239b3f07f58b667c0559876e34b72db091feb8ed4bfaa9f368cd82b4b8811c226ce86b44f99a5e310e1a11e14fca599d00248ed81b164a0e88270fba90577500c074d1c280edb49e0498b01aa9716ea36abbd3beb0edfde0c54e21c52652c8b7bb2c25056c8817f1b0092b21fe84538825706c85c281723dc", @ANYRESOCT=0x0, @ANYRES16=0x0, @ANYRES8=0x0], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000010000000018030000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r5 = gettid()
tkill(0x0, 0x12)
tkill(0x0, 0x1)
tkill(r5, 0x14)

2.300111759s ago: executing program 0 (id=2787):
r0 = syz_open_procfs(0x0, 0x0)
r1 = openat$ttyS3(0xffffff9c, &(0x7f0000000640), 0x0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000680)=0x2)
bind$unix(r0, 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0x40086610, 0x0)
r2 = perf_event_open$cgroup(0x0, r0, 0x10, r0, 0x1)
mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xd, 0x1010, r2, 0x3)
r3 = socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
write(0xffffffffffffffff, &(0x7f00000004c0)="c4f4773e338b868259630633418b192805c9277a24d955f3b19663ff94b223f3a23c51eb482927723fb28582f3995141ff004f8559378d4a7ce6a929e9dbc0f09afeafc64ca058341c8f4f17552d934b9d7a7f1c56213e77a0f0d36d188ddd38ec93b047b46e45018b2513bddd125b1138162cd3f758ee3390f661c4010ed99b5ea7a4b663543543b9dde17f2953fc27dcbf1cf829226ae766cbcefdb7e5c14901457a5708b104539e289f71d54e319117f0f94b7665fe417e75bf882af5c82eb41eb96d66286da547c3ec4ded7cdbd230", 0xd1)
setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f00000002c0)='cdg\x00', 0x4)
listen(r8, 0x0)
close(r8)
write$P9_RSYMLINK(r0, &(0x7f0000000080)={0x14, 0x11, 0x2, {0x0, 0x4, 0x8}}, 0x14)
writev(r6, &(0x7f0000000400)=[{&(0x7f0000000240)="f9c2c8ff", 0x4}, {0x0, 0xfcefff7f}], 0x2)
syz_emit_ethernet(0x56, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a800008100000086dd6076cd8a0018000020010000000000000000000000000000fe800000000000000000000000000000000100000000000005020000000100010000000000000000c2d5"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$tun(0xffffff9c, &(0x7f0000000180), 0xc0200, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, 0x0)
sendto$packet(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

1.95687189s ago: executing program 0 (id=2797):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="163e6cce65ffff000000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000882b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180"], 0x15)
r4 = dup(r1)
write$P9_RLERRORu(r4, &(0x7f0000000040)=ANY=[], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r4, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0xffff, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x30)
write$binfmt_elf64(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="7f450700000053c407cd"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000036c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}})
chdir(&(0x7f0000000200)='./file0\x00')
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xffffff19)

1.864898348s ago: executing program 0 (id=2801):
r0 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r0, &(0x7f0000000080)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x41, 0x2, 0x4}}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000100)="e56c7dca3b2d85ae7912f880a6177c1b2d94afd6268347612f41d8b9374671223b7fd89cd9b985b8b90560fafb5bea613188f56515526e4341415a7f87fb33e4eb6337d48a49bd6eedd3c46b9b5cb5a8263c", 0x52}, {&(0x7f0000000200)="3951b2afa063a921c66887e5f87baaa86c393ce98b472b18be4981db707264d44dcfcdcd8d7f024759640d5534f578114b3f681f94b693dc9013be93a245a90ed986af40adb50b62742e6d6cdd1d54fee87a442cb3", 0x55}, {&(0x7f00000003c0)="526f78a12948fdf1be4bfec20f3957b475e95489d4cf0a674595d9a06a237d90649e84c2e7a1c60e5c7619e5218c03eb8241202e1d2135ab1ec7236022a3fa1369e0699922949b28f5057da2eea4a78e4b556ed7b90be4374eb68e68b31483a5119e887b9737d59c56ef98d3ecdcb283c8ce478905c857e4785c5adfb8db72a2cb6f26f15e70e35a167501e94c59dd4cb821a4e1b3a2", 0x96}, {&(0x7f0000000500)="2bf72469a94c5ee716b35fe5f39c6f93ab5741ec024fc1466676021c2ab7c612895133f58d604f0de4da486bbe37a2d6ba4a97e6fce392f094fe5b90abb0f4f4b74938502c05cc220e89632f5a9855d1a2373fdcd24647933ef9b3c51be0ac3262d044ded87edd94724f228541967b91f76d4ff0090fd6a0e8855af78144bda6e8b2ba", 0x83}, {&(0x7f00000005c0)="0e39ecf9aa30b3b4700d1671c53fc3ee7cf9b5c71a00273ea52da858f2e364f0e24872660f3fbb99d379568b5e512f76c5ae92abce3508c7a42b9aa95d110edeb43374e6ea941d0009495b1fe5", 0x4d}], 0x5, &(0x7f0000001800)="ce9677a5dc9c166433ed0162a8dda14cd069c63c83ef2ef3042e0813d9e7b477464abb31400b3ce864cc0ce70d9b9d024b956bafc5ba3e7af563286f42f78cfc003afb20dcb02ec9f541256a396ca9673d61930bb2f3503b0e73b8920cafc4a7c1302059210797f0288f7350f7e0f73e7c52c68650f6c1036338f88b93cfb4000006f9ec9a04e5e11340900b03476ea3fc3b653526ee7019fee41171a887fa45451c57489d30e903b4cde0f8971b22cd1f21c4f6cd5b56928c73b63f3a39b6a67247412ea0a9c500af7635057cd3a07f90b8496960aa36172cdce906a8eec66410b6de432d93ba814ebe823ed6acc6c8352634d51632f985ef295db99668c2549d87febaba9e85459e22fc890946a8181d53595e46a2aa72db4cd222eeabc8248ef198e45db89b4dba288e2ab7d3fb1d58afe4ddc5dc3331ede26efb8bb52ae858b96c25baaaf28d3183cbdb83c69d9d9b89b69357b24d84b88d151246ebef713684eb99d30ad7c9986853716e7f528f16e7217fca0561ae662978c0a9d52daf6020347929ba77452e5a5c6235df2d9b17b466dfe03674788d6a817c0d5308b40a723e8160deb582a3501807fe09d7072a1f65c206d5d2c0bdff65c6f57aae13621d7c54a17e504a49d6ac066c3f06d8b5fcaa708838ff96a2e7b511d8c31a33bd896b0e8541576879fd21c7de27cc5bd660d86484c30e4b78bc0e7248e68266b1bb812b565befa06da2e49328e477fc4096322f6d6f0e925c0fe83c4df7c3a1cee56d59868448d71a343fb587df8e1197f400d7a0f78c14a34687e05a2d99a9b0037e19e58c805fcc973f80096a695d5d3ea40043bbb33be9506894f237446b34122e922f6d178072baefbdefe838c0dafdc16e8902fddbf8a07c2d5922f798dad118628a06edc67a7310865c47d77845cbd0f93467356ca856ca9e5ac1dc2ed613d443900eff69b9b2d5bbe8b6ba46169d7df074b01ac3f55ce325b6c2b098384a7986c99ec6fb4f314f5ca7edb92a6528a4cd4b6281b38242623fd6204006dfafe945746e1a12d632f2b9594666166f23bf92fdf55a554d8b6ec94fd86c12782ea876946ec6c31859b5a58e6ab3a18875b14e87aced7c1324e11fcdde8aea4481c5d2d9336fbe089215640fed765459174fce04bd9c74b4043ae7a44e439fc875382e6a5a78dad326845d8c20f6cfd0e5d8944cdf116f892950d6e8ccbe06e55cf95e9fc801515ee5da72db9a4f62bf8d717534d9dff2cd44ddde69b80cc7b172e11f26244fb80386cb330154404f48beaede3ebd38dba9e96e9c3b862f2f32b1f08ba326f566ef73324e64f75f77b88ca72cf5dd93b8f6cec41ba7d827f0cb013751fb4b7ab22c49cd51a40852c6805ac9438b2b4c2c25c8f2f931d49c194b99a2cd87c2a7af0edfa5971e03bc58bb468ec97be8e6a77d58aeff0c62fb7089ada41f70b277fea665926dd327e09632ddf0af4b662f84c27d1faa203c7d16bf04ca52ccd7f73752bf2a4e5fd3b63fe6eef24d0bd8c911a5bea4ed27292134ddc426d40f5b251672d5cb190e70a91affa1dabdf179a5f197e198cc430f87a78a51112ff03c7f7f116dbc78ba5fc8fe9d178b67cdae5a5d604621276a9f3c1d472de7f7fa7cb1fa260dfa64bdf7caa3bbb2498116b338f3fe8a6725619afef152c6d8946abf1d0472e9697806a4e48d6ed6b234465662dfb758082585a9639489e61ed6990c5e0572e58cb303e09902ed8c6fc054f8277253a87627749ca12c9899bc534a79f2c6a0354e4e40094ce2e41b93d635bc2e5006d87d0059fa32926c8f891fd87b52a059521497b5c7a8110e079e19cf8b766d5a898b492f83c019e0ab63ba4d11627eb512dac697d967e33e64d215b54e8a7a7ab4ff006e9fda96eed03367bc25eba0449777fd348d3f90579c5623c96ab172a1e09f1af27b822148a8176e2bb83cbe4a4c862737f7b10f1d3ba098dbddb893a3f38d895645490c8062e9659a3c6c63f076ab3015e1f3953497fbebb497f165ff61f59eb201969219f4e0b4db8f8d0c1983e8f346576aced62b5b25747c2ea62dc3c05244c4abc9ea683452fc47a7c1c492cbe4bfd50b2221fa5c53b079ff2c4a4fc4f56c10a74b75cfac96e4a4b12af91edc777bb4ebe9eb4678fb1183549bb00ed18ad570397f93d5a636fd2b231dc43926e2f8b972ea1f13bb7efc6b34486f1d6ebc6fddb77313465899654a3da3b728da2f51814a4173a9efefe5993e8747a80c0c9b34f2b27de0325ad75dfe9959204c1e042bf895dc7d9aaf50a2cc69f9f397845f2ffec83dfcbbc7d6416857d8334d7242d311b4ff395862d55a3dfe3b6af6a663b40d7114e78e6d70d3150b53ce42ec5d0d8530fb72b0f43e644e12219463d2593715d0595b6b0a47daad633bca7a040e5c1b9633f3b1d22d818024edb24f2c03cdfff420e75a4b62f3fc4014ea3b7ab20dc248e076cf020057a50808e6b93583fcf2534f08f256cf6174263944b482ec36b463fdbe50c3491d97b0b560433e1279a53eb0c4dbe3ba2e88c7841987d82fb9fea7554609ed8c5f0adb76cc5eac8b5c4dfbd13de9558b5a71a72efbd1729c08e0a5008307ac928cbc904c2d4f4fccf3aee2da30fd3a69d760debd96f64c15e716d7ce10b7671705ad0471d720a51937be6425659c722ba24326bc0e8a4d4b08410dcfdc168b524caec2e1637c7df502ecf15f63f3a67437d9f21116318d80ca984cd5e7fc44bbfb4d8fc052cfb18c37a473002fda6c1a290493aa9991986099c76d6db07e3575f94d4e44dae56d7f907e643f4b62dd8b693fca7174da8724b4dd1c30c08036281b87a034a17492c0fc1a43abc9db693f6dba957fb317cf16769127ea4bf4a6edc1c773872ee2678383c8ce57de722c52d72ab1339e5489967c487c6a0bea4f60e9d4b58a446bcc9cda82e810899806353421cf6d41b01e81977f6ef52d909ace8a86bbf7f2f03d8244535574ac19eb5144b7b5ae28a5ca03b7dd9a29522c0ebdbd7210ed8f20ccbd4f66a9ad7546b4933a23713d98b9195e8b21dd78e0e499de5feab2432acafa2b037b555328767bd590ef66ebbb93ceff4043609b4f52d840b2be209a1d22ccc2727d152d0741d3a1b994a7af0c70d4dc84cd80f19bde2a0fe693fe86411df1c75f61056a29785576dd512581924d274090457d9d97ad3738c8687b35671b3d3b3125f203bf2ef00a3d26da6f768dd19f452c16b55bbe19cd8e7fdc29e38670062c47eb8255563c819a24023e0233f0c49f1afcc109b1a0add2fc176483ca575795716864c4564c425c2ae8a0c6bf1dd95f22625edf8c995ddb3d29b52776341a73eacf77e78460fc43b1c0ffab74dd7336a85114c5706309e9f46d16f167b844a9f68d5f0436e73c4585f72a74674f85bbf7bcf0b762d3149d16993e9b444475ab86f21b623670f3500618ae159c67030ba87bd85ad5080892213b933a0b5fc1ae221e909889bbb0a0917cb7916a38b4d84a4b25e46f58d94fbe057ed0b2890b9be9f2e68e0d09cc520c4f0c118f68f9096c31e280b5cba125a03289fe0f432a2c82a4e0903e226f12bb799266f59b08d47efbd90003e9eb58cde72d3e27190943b92d458fc7d843d2212975bb7be60ace9ab59b018bcb35cee968dd236fb2814304594724e63c0aed9d6d8c3e0aee0c35b2a129e5fb7f67cafd5e8a14587f1af4a2cd2c3949cb061770bcdcccf68daaab9bd41a6c8e7221c3b738efe213f8613c04ff3087f1c23a339b270b6a7bfd348d2660994a5396d011fb103c9541032908a4074688bd9708356d83daeeb9c5dbf41a7c20acfc05fb7a0bfd0b9f531fab57611d28f146264cbf48cf6439050e179f494b71bda7477923b17e0bd75d27871b82f7c06c990393fcc1fc9e37ea10152c7861d3cb27ec69b7055079d60cba6b745ec05a58fc8b5b918b8bee1ccd0f836e8c1ef433697ed42e335697b432b70e86e9ab031ad4a5a37fff7df39e12049ed7c4aac824bad7bfd6d0a86a93ac42456cd404de145601a987f46afa2a4baf43c6c1a1f1f55b1e047368d2d4a77c46203227b56157d505bd8ea46cd517e6f8c5460a5829eb53175985f49a9f623dfdbaf2961e2a70a8100d45c6f53b22d3d7977b39c608e1279f95364bffabd6c1d292a6f58a25ef9696f2fbfa9bd7fbb31b624c6b02e6d2211a72465e23aa5123d339c6c49164a50cf848ac3a0ba9807dc65653a975e29954500f412d5ec1cbf14ab80d2da850a7a4e38cff1bdbf37227e3e37ed772af2340ada1a996ff98e27c5fbc9b1f94c4093c1a3c6fd0b466153d0fc614f0361b2f60041d7dcd1fc6f97c8fbda68c1db67def1a1e65aaeae701ede68f58d20f907372adf561857e4ea6281d9f88c9ab38d62e862acc25ddbaf9fca64bb29db68593dff82649b97d690a6e76dcc66ba1322f17ca31c0edfa38c942851a9e2d00b66541c15d8a75d2abfd31f03c7e744fe8f1c496e97bae6a561b4947cb54a7321fb63cdedef6aea319aad5541a9bd580eaef1e328c32a3d73eb5c4ce0744471f6f216ffe60f05a84b0307bcd0f051a973c2f9d2732e3033bf0a1dfcd7fd59bdefdf2172ebcffe529edbd78de035a53d9fcd35b8f84aa6938c83dc826d7de6ec6f2a33d75f588105771347651eb87861dfb6cba48e20e2c71ee52a85854d6183f40c00f3795486ddb53b934e967273119286255adc4654c3258cb08932e06f1fedb5dc4683dd0e4b5c1452875021250927b297605aab65e23b638b63d4a18ea9d765fc2973d2f1d9eb3c6b4681baa73f70e821e3b8ab1d5a79a3619f1e469e45fd59cadecf9641684af6b81510b044a311b8a0ae4415d086970be02d0c701283d74a2c8836cba2319fd035d8fb39f59854676b7e565d361a9ce655a181bdc3dc676460e23a5f505787fbbfce5002ffaa97645272c8c055c309c97294014195e43838f46f7ad277ea39e2e9e99bf15f3c64fa603257482f5204bc194105a3c215cbb2473f0c5d0aa140f8a105bcccd6994b6893a3070ef24e752254fd89d568a6cef1d872d8e4131d7c21125e21e18687ce54cb957e4cf53175bd1808b3d109d13b27cb365eff2c40efd4a15c0a15baf41a57f41516859abd728e9290cf4d984ffb6bbd717af40b5f606329873d869acaea7b27afe070de483b4f1d67a7c0be08e276f863cb857d19ba117c5d79771879bddc4b6cc52a34efd859d5211aadd13dba48d380046c7db560f98dba25891ac6113a229f24f9197de13faa9a9415156df18256ede2e1e51cbb43cdb36df877e6ff68e113fe392f03d42c24117842d2fb00eb80785b702d7082dcd8765be89694634472530725c91d5bee7766aee6747137c8b84e21c22260ecb2115afab2fbd0c4cda57ff2369a7e9cad35818a014ecd9b525879b20cb74d417cef35fdeb7eec69c8d45ba11917c2279a2dfa5b7b9f7666ffc7a7557c9f941d4d3b084e590ea9ae70e0c3710582a8c4cc670ed9f1021a2e5e3f537d978b01d0c9e3a14947af7806c7104b925dbb2a348ae8aed4af0a9ec6fb6ea0f4675e9383de9da3ea1ae2508f17c1d4ba1058a2966a9aaf4dd896f62f9a12df49c37591043ae125423fa708f051a93e2b6a4eb918fc6d526ba432f22c1d63a67226c304ba5c762c453b44964613761f99004c6eb01cd2dc0a0c4e6530ba47b0aa3f9169fa9c3134d1bcf5e4b3b199d49e2bf6c48c6309e4f66e7c6dde9fdca91eb96758fd81b762a0a47ec8e893370e9b57dccf5732539318be9f634535afdfcf528e126a5c6b959479bbd63", 0x1000, 0xc001}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000340)={@dev={0xfe, 0x80, '\x00', 0x32}, 0x57})
r2 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000000)={0x9, 'vlan1\x00', {0x10000}})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000280), 0x14)
write$binfmt_script(r3, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
write$eventfd(0xffffffffffffffff, 0x0, 0x0)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x20, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r6, &(0x7f0000000780)}, 0x20)
sendmsg$NL80211_CMD_GET_WIPHY(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01030000200000004000010000000800070000000000080003001e"], 0x30}}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "2a4001011f891d5b", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "fd6ed24e", "d4e9e1c90d89691c"}, 0x38)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x10, 0x4, 0x8, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r8}, &(0x7f0000000240), &(0x7f0000000280)}, 0x20)

1.782124236s ago: executing program 0 (id=2803):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000005efe2100850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
sysfs$1(0x1, &(0x7f0000000600)='\x02v(,,@*\x00')

1.781411456s ago: executing program 0 (id=2804):
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB='iocharset=cp865,utf8=1,utf8=0,utf8=1,iocharset=utf8,sys_immutable,uni_xlate=0,uni_xlate=1,uni_xlate=1,gid=', @ANYRESHEX, @ANYRES16=0x0], 0x1, 0x193, &(0x7f0000000b00)="$eJzs281qE10YB/B/+vataV0kC1fiYpauQtMrMEgFMSAoWSgIim1AOlKwENCF7c6FN+HluNUrcdmFMNJOYz9IQEGb2Px+m3ngzB+ec2A+zsA8v/V6Z2t3b/hs+DnNRiNLd1LksJF2ljJ2EADgKjmsqnyrqqq6dpDVT6mqatYdAQB/m+c/ACyex0+ePuj1+5uPiqKZlB9Gg9GgPtbjvWFepcx21tPK9xy9IJyo63v3+5vrxbF2Ppb7J/n90eC/8/luWmlPznfrfHE+/3/WzuY30sqNyfmNifmV3F45k++kla8vs5syWznKnubfd4vi7sP+hfz14/MAAADgKugUP03cv3c608brfK/xy98HLuyvl3NzebZzB4BFtff23c6Lstx+M6/Fl7W60XnpZ3oxXtJ56ef3i9XMRRt/sGgkmYM2/qGiOV6xGd6UgEtxevXPuhMAAAAAAAAAAAAAAGCay/ivaNZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDx/AgAAP//fVyNVw==")
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc53, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
r3 = open(&(0x7f0000000200)='./bus\x00', 0x161b42, 0x0)
sendfile(r3, r2, 0x0, 0x100800001)
r4 = socket$inet(0x2, 0x3, 0x33)
getsockopt$inet_mreqsrc(r4, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x34, 0x1, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x3, 0x4, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$tipc(0x1e, 0x2, 0x0)
fsopen(&(0x7f0000000080)='tracefs\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, 0x0, 0x0, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
semctl$IPC_RMID(0x0, 0x0, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r5, 0x0, 0x61, &(0x7f0000000440)={'filter\x00', 0x4}, 0x68)
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000200)={0x0, 0xa, 0x200, 0x7ffe, 0x6, "bf7f23c4266bb15082b3815068eaa5574b4c15", 0x8000, 0x9})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r6, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)

1.655644788s ago: executing program 0 (id=2805):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
mount$9p_fd(0x2500, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000b40)=ANY=[])

1.576572015s ago: executing program 1 (id=2808):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=<r1=>0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$kcm(0x10, 0x3, 0x10)
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x0, 0x0)
open(&(0x7f00000022c0)='./file2\x00', 0x40000, 0x36)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="1401000025000100000000000000000003"], 0x114}], 0x1}, 0x0)

1.436501338s ago: executing program 3 (id=2809):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080", @ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000041000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000000f400850000008600"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = epoll_create1(0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = msgget$private(0x0, 0x442)
msgrcv(r4, &(0x7f0000002ac0)={0x0, ""/159}, 0xa7, 0x1, 0x0)
socket$packet(0x11, 0x4000000000002, 0x300)
setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0xa0028000})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc}, @NFTA_LIMIT_UNIT={0xc}]}}}, {0x14, 0x1, 0x0, 0x1, @lookup={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe0}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a30"], 0x4b0}}, 0x0)

1.166095433s ago: executing program 4 (id=2770):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x8e, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
io_cancel(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x3, 0x9, r1, &(0x7f0000000600)="cce4e0dfc61bab44fb6bd6084c1c2172554a772f77fafd50cd7278641420bae939d230d0630a0d2626c11d8bc20910d76c019e5c2b56d09801df1ff7be6291214eb0ff046693651e13c4313ffc87932770aea94b2311beed008bdb115d171e6b465868c50bdedfb48927e53d70862d8eb317a046d99b3f010bf19231041c763ae6353a6c9682c98e639b7637c55f3d822fef5ebec9316902659f62dbc63c6fb3c49724761ff9f5044900cf92dc52bf87bcebcd884c5456a6993c5329dc49da2ca7215ee8d689de10", 0xc8, 0x0, 0x0, 0x3, r0}, &(0x7f0000000380))

1.150566144s ago: executing program 4 (id=2810):
rseq(0x0, 0x0, 0x100000000000, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$inet6_sctp(0xa, 0x801, 0x84)
mkdir(0x0, 0x0)
rename(0x0, 0x0)
inotify_init1(0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x4008031, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="180100001c0000000000000000100000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a010200000000000000000100000009000300739c7a320000000014000480080002401a00000008000140000000050900010073797a310000000044000000050a01020000000000000000010000000c00024000000000000000010900010073797a31"], 0xcc}}, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000680), 0xffffffffffffffff)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa1000000000000070100"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='ipi_raise\x00', r5}, 0x18)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000680)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
syz_genetlink_get_family_id$mptcp(0x0, r4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000006c0))
sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0, 0x24}}, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x0)

745.504921ms ago: executing program 2 (id=2814):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=', @ANYRESHEX]) (fail_nth: 12)

477.294836ms ago: executing program 2 (id=2815):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) (fail_nth: 10)

472.163037ms ago: executing program 3 (id=2816):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001240)={0x6, 0x6, &(0x7f0000000580)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x635}, [@cb_func={0x18, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}]}, &(0x7f0000000fc0)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000010c0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000001100)={0x0, 0xc, 0x4, 0xfffffffe}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000001140)=[0xffffffffffffffff], &(0x7f0000001180)=[{0x1, 0x5, 0x1, 0x6}, {0x1, 0x2, 0x5, 0x3}, {0x1, 0x5, 0xb, 0xa}, {0x0, 0x1, 0xd, 0x6}, {0x3, 0x3, 0x5, 0xb}], 0x10, 0xc0, @void, @value}, 0x94) (async, rerun: 64)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 64)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 32)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (rerun: 32)
fchdir(0xffffffffffffffff)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000000)={<r2=>0x0, @loopback, @local}, &(0x7f0000000040)=0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async, rerun: 32)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async, rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000003c0)='kmem_cache_free\x00'}, 0x18) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async)
r4 = openat$selinux_status(0xffffff9c, &(0x7f0000000400), 0x0, 0x0)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r4, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2002019}, 0xc, &(0x7f00000004c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="6c050000", @ANYRES16=r5, @ANYBLOB="04002bbd7000fedbdf250a00000030000180140002007465616d5f736c6176655f3100000000080001006964c62a7235b5910aff583e0416507e6888c37912160a5a618839d251d7cd3873b2bddf315f95fbe7d7defa7ade27cbb0c7508b75206d5d622e9159fcd2ceaeaddefe37a7322de1e0a5ebd7f3cbe1a7644a23945a6cdf15d3f1ae962be645a74aa7abc02117d1260b7d61b1a4354aecc8292e25460b964559e4e72ca298d4802a9cfea4", @ANYRES32=r2, @ANYBLOB="0800030002000000080003000200000028050280800003800c00018006000200250000003000018011000200233a2c2c237d5e2c282f2e2d0000000008000100f7ffffff060002002a000000040003000400030030000180040003000a0002005c5e2a2b7d0000000500020000000000080002007b2e230005000200000000000400030010000180060002004000000004000300840103801800018006000200230000000800010005000000040003004400018004000300040003000400030009000200e15d5c7b000000000c00020065727370616e300005000200000000000400030005000200000000000800010005000000140001800800010003000000080002002f2d2f004c0001800e00020073797a6b616c6c6572000000150002004c3a287d29402c7b29a85c2628262b2e000000000800010005000000050002000000000008000100000000000800010007000000180001800800010048c300000b0002002b3a012d2b290000240001800400030008000100070000000a000200212c2e2c2100000008000100ffffffff3000018008000100d92100000b00020066696c74657200001500020027b62d9a41482f3a2c5c462d21232c5b0000000020000180080001000d0000000800020047504c000a0002006b66726565000000380001800900020073797a30000000000500020000000000040003000800010001000080140002006b6d656d5f63616368655f66726565007800038018000180080001000500000008000100000004000400030050000180160002002f6465762f6c6f6f702d636f6e74726f6c00000004000300080001000800000004000300090002002a212440000000000400030009000200687372300000000008000100800000000c0001800500020000000000780004000f7c69770c075ed5fd4f51928de22e669b10a49211ad3529e8bd3c25007f8ce5d92fc994a6a74b07a3f56b67c498951beb1c670722f5f33805a246b0097235984e75996b569158ffdd5701bfe3a2108cec727907a6fb310585cdcc7a70c94f42d3c049608300871d3cb83fa9e0d08ccee320680504000100bc000380280001800e00020073797a6b616c6c657200000004000300080001000008000008000100ff07000038000180160002002f6465762f6c6f6f702d636f6e74726f6c00000008000100030000000400030006000200280000000400030004000300340001800e00020073797a6b616c6c65720000000400030008000100010000000a0002006b667265650000000800010029020000240001800b0002005b2f5b26282c00000400030008000100070000000400030004000300940003801800018008000100ad46ffff0a0002006b667265650000000c000180080001000100000014000180040003000400030004000300040003002c000180070002002d5c00000900020068737230000000001100020076657468305f746f5f687372000000002c000180140002006b6d656d5f63616368655f66726565000c00020065727370616e30000800010006000000dc0003802400018004000300040003000600020021000000060002002c00000008000100070000000800018004000300340001800800010006000000080001000a0000000800010005000000040003000c00020065727370616e3000080001000600000040000180040003000800010009000000080001000200000008000100070000000400030004000300080001000000000004000300040003000800010003000000380001800800010001040000070002002727000009000200687372300000000008000100000000000a0002002a2d235e7b00000004000300"], 0x56c}, 0x1, 0x0, 0x0, 0x4000}, 0x20008000) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) (async)
syz_read_part_table(0x593, &(0x7f00000005c0)="$eJzs0r1LK2kUB+A3A5c0e4lcLli4hWCwigqx0CIpRGJIY0RcsbAWLLQQLCwkEq39+AcUv0BsxD6lGEEUYiUpxXpBsUmVZdfZxmplUdnleZrhPefMHF5+E/hPi8Lv7XY7EUJoJ9//9m+nhbFS98TI5FQIiTAbQij8+stfnUQ88fdXz+NzOT6XktnG/vXo82nHTc9dPX0Yxf1aFMJaCGHh4Sj1b+/G/99Z/jK1vrFU3FzJz98XVx8H5/oKXVuFxZ2hg1xlujM3E/9Ytehz9qcbw8e37fLT7vf+b/VGK3sVz2USH7Ofr/U2/72f1Wa1Nd57sjyQ+dG8qGzHub/IHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GBn+cvU+sZScXMlP39fXH0cnOsrdG0VFneGDnKV6c7cTPQ6V4s+Z3+6MXx82y4/7X7v/1ZvtLJX8Vwm8TH7+Vpv89/7WW1WW+O9J8sDmR/Ni8p2nPuL/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf6gwVuqeGJmcCiERZkMIo1HH0Z/1dvK1n4jnzuNnOa6XktnG/vXo82nHTc9dPX04EddrUQhrIYSFh6PUp1+Gd/sjAAD///tch0s=")
r6 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
fallocate(r6, 0x100000011, 0x4, 0x2811fdff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'gretap0\x00'})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
getsockopt$ARPT_SO_GET_ENTRIES(r7, 0x0, 0x61, &(0x7f00000001c0)={'filter\x00', 0x15, "2f66c0250f04182b944bd46604db0aaa682c84639a"}, &(0x7f00000002c0)=0x39) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'hsr0\x00'})
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) (async)
r8 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001040)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_hsr\x00'}}]}, 0x38}}, 0x0) (async, rerun: 32)
sendmsg$NFT_BATCH(r0, 0x0, 0x0) (rerun: 32)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) (async)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2e0100, 0x0)

423.338781ms ago: executing program 2 (id=2817):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)
r1 = socket$inet6(0xa, 0x80002, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x2)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCFLSH(r4, 0x540b, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (fail_nth: 2)

422.783291ms ago: executing program 3 (id=2818):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11e0, &(0x7f00000036c0)="$eJzs3MGLG1UcB/Bf19rW1N2sWqstiA+96GVo9uBFL0G2IA0obSO0gjB1JxoyJiETFiJi9eTVv0M8ehPEm1724t/gbS8eK4gjJmq7JR6KsFPK53PJD977wu9lYOAN8+bwja8+Hg2qbJDPY+PEidiYRqQ7KVJsxD8+j1df//GnF67duHml2+vtXk3pcvd657WU0taL37/36Tcv/TA/++63W9+djoPt9w9/3fnl4PzBhcM/rn80rNKwSuPJPOXp1mQyz2+VRdobVqMspXfKIq+KNBxXxezI+KCcTKeLlI/3NlvTWVFVKR8v0qhYpPkkzWeLlH+YD8cpy7K02Qr+j/7Xd+q6jqjrx+NU1HVdPxGtOBtPxmZsRTu246l4Op6Jc/FsnI/n4vm4sJzVdN8AAAAAAAAAAAAAAAAAAADwaHH+HwAAAAAAAAAAAAAAAAAAAJp37cbNK91eb/dqSmciyi/3+/v91e9qvDuIYZRRxKVox++xPP2/sqovv9XbvZSWtuOL8vbf+dv7/ceO5jvLzwmszXdW+XQ0fzpa9+Z3oh3n1ud31ubPxCsv35PPoh0/fxCTKGMv/srezX/WSenNt3v35S8u5wEAAMCjIEv/Wrt/z7L/Gl/lH+D5wH3765Nx8WSzayeiWnwyysuymCke+uJUs238Vtd183+C4piKpu9MHIe7F73pTgAAAAAAAAAAAHgQx/E6YdNrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4kx04FgAAAAAQ5m+dRscGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAVwEAAP//zI7XaA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001f85236ccc4ce75fa61b6d6978d0", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r4 = open(&(0x7f0000000040)='./bus\x00', 0x864c42, 0x0)
fallocate(r4, 0x0, 0x0, 0x10001)
syz_genetlink_get_family_id$smc(&(0x7f00000001c0), r0)

421.963231ms ago: executing program 1 (id=2819):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
getrlimit(0x0, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r3 = socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000002c0))
r4 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$int_in(r5, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r5, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r6}], 0x2c, 0xffffffffffbffff8)
dup2(r5, r6)
fcntl$setown(r5, 0x8, r4)
tkill(r4, 0x13)
openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
writev(r3, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)

186.740903ms ago: executing program 1 (id=2820):
epoll_create1(0x0) (async)
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x20000000}) (async)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x20000000})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)={0xa0000001})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x8, 0x4, 0x7cb4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x275a, 0x0) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='\r'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
setsockopt$inet_udp_encap(r3, 0x11, 0x64, &(0x7f0000000000)=0x3, 0x4)

143.993157ms ago: executing program 2 (id=2821):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
getrlimit(0x0, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r3 = socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000002c0))
r4 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$int_in(r5, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r5, 0xa, 0x12)
poll(&(0x7f0000b2c000)=[{r6}], 0x2c, 0xffffffffffbffff8)
dup2(r5, r6)
fcntl$setown(r5, 0x8, r4)
tkill(r4, 0x13)
r7 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
pwrite64(r7, &(0x7f0000000140), 0x0, 0xfecc)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r3, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)

143.664117ms ago: executing program 1 (id=2822):
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r0=>0x0})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="51eee2b20f831b8bf625c24f4a336893b9c63560d4e7dbbc096d193f77219774029211e88a09a6ef847fc302222afa9fb204e833cf647a6c7c45c95bcc8af0a5ecc47a500d5eeff93f76811494092989af0b9c24c31bc6e14d29341debd9dae471dcead6d4211f8743eeb595afc90b0b14d6ec62", @ANYRES16=r2, @ANYRES32=r0, @ANYRES32=0x0, @ANYRES8=r3, @ANYBLOB='\x00'/28, @ANYRES32=r5], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe87, 0x0, 0x0, 0x0, 0x1ff, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10)
r8 = open(&(0x7f0000000200)='./bus\x00', 0x1612c2, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0)
sendfile(r8, r9, 0x0, 0x200)
syz_usb_connect$cdc_ncm(0x0, 0x76, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$sock_linger(r10, 0x1, 0xd, &(0x7f0000000000)={0x8000001, 0x1}, 0x8)
close(r10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r4}, 0x10)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x0, '.\x00'}})
sendmsg$IPVS_CMD_NEW_SERVICE(r1, 0x0, 0x0)
ioctl$TIOCMGET(r9, 0x5415, &(0x7f0000000240))
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x20000000000002c2, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000070000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6f, '\x00', r0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r11}, 0x10)
getpid()
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
openat$cgroup_ro(r12, &(0x7f00000003c0)='cgroup.events\x00', 0x275a, 0x0)
write$binfmt_elf64(r12, &(0x7f0000000140)=ANY=[], 0xfe6f)

85.401512ms ago: executing program 3 (id=2823):
r0 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r0, &(0x7f0000000080)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x41, 0x2, 0x4}}, 0x10, &(0x7f0000000640)=[{&(0x7f0000000100)="e56c7dca3b2d85ae7912f880a6177c1b2d94afd6268347612f41d8b9374671223b7fd89cd9b985b8b90560fafb5bea613188f56515526e4341415a7f87fb33e4eb6337d48a49bd6eedd3c46b9b5cb5a8263c", 0x52}, {&(0x7f0000000200)="3951b2afa063a921c66887e5f87baaa86c393ce98b472b18be4981db707264d44dcfcdcd8d7f024759640d5534f578114b3f681f94b693dc9013be93a245a90ed986af40adb50b62742e6d6cdd1d54fee87a442cb3", 0x55}, {&(0x7f00000003c0)="526f78a12948fdf1be4bfec20f3957b475e95489d4cf0a674595d9a06a237d90649e84c2e7a1c60e5c7619e5218c03eb8241202e1d2135ab1ec7236022a3fa1369e0699922949b28f5057da2eea4a78e4b556ed7b90be4374eb68e68b31483a5119e887b9737d59c56ef98d3ecdcb283c8ce478905c857e4785c5adfb8db72a2cb6f26f15e70e35a167501e94c59dd4cb821a4e1b3a2", 0x96}, {&(0x7f0000000500)="2bf72469a94c5ee716b35fe5f39c6f93ab5741ec024fc1466676021c2ab7c612895133f58d604f0de4da486bbe37a2d6ba4a97e6fce392f094fe5b90abb0f4f4b74938502c05cc220e89632f5a9855d1a2373fdcd24647933ef9b3c51be0ac3262d044ded87edd94724f228541967b91f76d4ff0090fd6a0e8855af78144bda6e8b2ba", 0x83}, {&(0x7f00000005c0)="0e39ecf9aa30b3b4700d1671c53fc3ee7cf9b5c71a00273ea52da858f2e364f0e24872660f3fbb99d379568b5e512f76c5ae92abce3508c7a42b9aa95d110edeb43374e6ea941d0009495b1fe5", 0x4d}], 0x5, &(0x7f0000001800)="ce9677a5dc9c166433ed0162a8dda14cd069c63c83ef2ef3042e0813d9e7b477464abb31400b3ce864cc0ce70d9b9d024b956bafc5ba3e7af563286f42f78cfc003afb20dcb02ec9f541256a396ca9673d61930bb2f3503b0e73b8920cafc4a7c1302059210797f0288f7350f7e0f73e7c52c68650f6c1036338f88b93cfb4000006f9ec9a04e5e11340900b03476ea3fc3b653526ee7019fee41171a887fa45451c57489d30e903b4cde0f8971b22cd1f21c4f6cd5b56928c73b63f3a39b6a67247412ea0a9c500af7635057cd3a07f90b8496960aa36172cdce906a8eec66410b6de432d93ba814ebe823ed6acc6c8352634d51632f985ef295db99668c2549d87febaba9e85459e22fc890946a8181d53595e46a2aa72db4cd222eeabc8248ef198e45db89b4dba288e2ab7d3fb1d58afe4ddc5dc3331ede26efb8bb52ae858b96c25baaaf28d3183cbdb83c69d9d9b89b69357b24d84b88d151246ebef713684eb99d30ad7c9986853716e7f528f16e7217fca0561ae662978c0a9d52daf6020347929ba77452e5a5c6235df2d9b17b466dfe03674788d6a817c0d5308b40a723e8160deb582a3501807fe09d7072a1f65c206d5d2c0bdff65c6f57aae13621d7c54a17e504a49d6ac066c3f06d8b5fcaa708838ff96a2e7b511d8c31a33bd896b0e8541576879fd21c7de27cc5bd660d86484c30e4b78bc0e7248e68266b1bb812b565befa06da2e49328e477fc4096322f6d6f0e925c0fe83c4df7c3a1cee56d59868448d71a343fb587df8e1197f400d7a0f78c14a34687e05a2d99a9b0037e19e58c805fcc973f80096a695d5d3ea40043bbb33be9506894f237446b34122e922f6d178072baefbdefe838c0dafdc16e8902fddbf8a07c2d5922f798dad118628a06edc67a7310865c47d77845cbd0f93467356ca856ca9e5ac1dc2ed613d443900eff69b9b2d5bbe8b6ba46169d7df074b01ac3f55ce325b6c2b098384a7986c99ec6fb4f314f5ca7edb92a6528a4cd4b6281b38242623fd6204006dfafe945746e1a12d632f2b9594666166f23bf92fdf55a554d8b6ec94fd86c12782ea876946ec6c31859b5a58e6ab3a18875b14e87aced7c1324e11fcdde8aea4481c5d2d9336fbe089215640fed765459174fce04bd9c74b4043ae7a44e439fc875382e6a5a78dad326845d8c20f6cfd0e5d8944cdf116f892950d6e8ccbe06e55cf95e9fc801515ee5da72db9a4f62bf8d717534d9dff2cd44ddde69b80cc7b172e11f26244fb80386cb330154404f48beaede3ebd38dba9e96e9c3b862f2f32b1f08ba326f566ef73324e64f75f77b88ca72cf5dd93b8f6cec41ba7d827f0cb013751fb4b7ab22c49cd51a40852c6805ac9438b2b4c2c25c8f2f931d49c194b99a2cd87c2a7af0edfa5971e03bc58bb468ec97be8e6a77d58aeff0c62fb7089ada41f70b277fea665926dd327e09632ddf0af4b662f84c27d1faa203c7d16bf04ca52ccd7f73752bf2a4e5fd3b63fe6eef24d0bd8c911a5bea4ed27292134ddc426d40f5b251672d5cb190e70a91affa1dabdf179a5f197e198cc430f87a78a51112ff03c7f7f116dbc78ba5fc8fe9d178b67cdae5a5d604621276a9f3c1d472de7f7fa7cb1fa260dfa64bdf7caa3bbb2498116b338f3fe8a6725619afef152c6d8946abf1d0472e9697806a4e48d6ed6b234465662dfb758082585a9639489e61ed6990c5e0572e58cb303e09902ed8c6fc054f8277253a87627749ca12c9899bc534a79f2c6a0354e4e40094ce2e41b93d635bc2e5006d87d0059fa32926c8f891fd87b52a059521497b5c7a8110e079e19cf8b766d5a898b492f83c019e0ab63ba4d11627eb512dac697d967e33e64d215b54e8a7a7ab4ff006e9fda96eed03367bc25eba0449777fd348d3f90579c5623c96ab172a1e09f1af27b822148a8176e2bb83cbe4a4c862737f7b10f1d3ba098dbddb893a3f38d895645490c8062e9659a3c6c63f076ab3015e1f3953497fbebb497f165ff61f59eb201969219f4e0b4db8f8d0c1983e8f346576aced62b5b25747c2ea62dc3c05244c4abc9ea683452fc47a7c1c492cbe4bfd50b2221fa5c53b079ff2c4a4fc4f56c10a74b75cfac96e4a4b12af91edc777bb4ebe9eb4678fb1183549bb00ed18ad570397f93d5a636fd2b231dc43926e2f8b972ea1f13bb7efc6b34486f1d6ebc6fddb77313465899654a3da3b728da2f51814a4173a9efefe5993e8747a80c0c9b34f2b27de0325ad75dfe9959204c1e042bf895dc7d9aaf50a2cc69f9f397845f2ffec83dfcbbc7d6416857d8334d7242d311b4ff395862d55a3dfe3b6af6a663b40d7114e78e6d70d3150b53ce42ec5d0d8530fb72b0f43e644e12219463d2593715d0595b6b0a47daad633bca7a040e5c1b9633f3b1d22d818024edb24f2c03cdfff420e75a4b62f3fc4014ea3b7ab20dc248e076cf020057a50808e6b93583fcf2534f08f256cf6174263944b482ec36b463fdbe50c3491d97b0b560433e1279a53eb0c4dbe3ba2e88c7841987d82fb9fea7554609ed8c5f0adb76cc5eac8b5c4dfbd13de9558b5a71a72efbd1729c08e0a5008307ac928cbc904c2d4f4fccf3aee2da30fd3a69d760debd96f64c15e716d7ce10b7671705ad0471d720a51937be6425659c722ba24326bc0e8a4d4b08410dcfdc168b524caec2e1637c7df502ecf15f63f3a67437d9f21116318d80ca984cd5e7fc44bbfb4d8fc052cfb18c37a473002fda6c1a290493aa9991986099c76d6db07e3575f94d4e44dae56d7f907e643f4b62dd8b693fca7174da8724b4dd1c30c08036281b87a034a17492c0fc1a43abc9db693f6dba957fb317cf16769127ea4bf4a6edc1c773872ee2678383c8ce57de722c52d72ab1339e5489967c487c6a0bea4f60e9d4b58a446bcc9cda82e810899806353421cf6d41b01e81977f6ef52d909ace8a86bbf7f2f03d8244535574ac19eb5144b7b5ae28a5ca03b7dd9a29522c0ebdbd7210ed8f20ccbd4f66a9ad7546b4933a23713d98b9195e8b21dd78e0e499de5feab2432acafa2b037b555328767bd590ef66ebbb93ceff4043609b4f52d840b2be209a1d22ccc2727d152d0741d3a1b994a7af0c70d4dc84cd80f19bde2a0fe693fe86411df1c75f61056a29785576dd512581924d274090457d9d97ad3738c8687b35671b3d3b3125f203bf2ef00a3d26da6f768dd19f452c16b55bbe19cd8e7fdc29e38670062c47eb8255563c819a24023e0233f0c49f1afcc109b1a0add2fc176483ca575795716864c4564c425c2ae8a0c6bf1dd95f22625edf8c995ddb3d29b52776341a73eacf77e78460fc43b1c0ffab74dd7336a85114c5706309e9f46d16f167b844a9f68d5f0436e73c4585f72a74674f85bbf7bcf0b762d3149d16993e9b444475ab86f21b623670f3500618ae159c67030ba87bd85ad5080892213b933a0b5fc1ae221e909889bbb0a0917cb7916a38b4d84a4b25e46f58d94fbe057ed0b2890b9be9f2e68e0d09cc520c4f0c118f68f9096c31e280b5cba125a03289fe0f432a2c82a4e0903e226f12bb799266f59b08d47efbd90003e9eb58cde72d3e27190943b92d458fc7d843d2212975bb7be60ace9ab59b018bcb35cee968dd236fb2814304594724e63c0aed9d6d8c3e0aee0c35b2a129e5fb7f67cafd5e8a14587f1af4a2cd2c3949cb061770bcdcccf68daaab9bd41a6c8e7221c3b738efe213f8613c04ff3087f1c23a339b270b6a7bfd348d2660994a5396d011fb103c9541032908a4074688bd9708356d83daeeb9c5dbf41a7c20acfc05fb7a0bfd0b9f531fab57611d28f146264cbf48cf6439050e179f494b71bda7477923b17e0bd75d27871b82f7c06c990393fcc1fc9e37ea10152c7861d3cb27ec69b7055079d60cba6b745ec05a58fc8b5b918b8bee1ccd0f836e8c1ef433697ed42e335697b432b70e86e9ab031ad4a5a37fff7df39e12049ed7c4aac824bad7bfd6d0a86a93ac42456cd404de145601a987f46afa2a4baf43c6c1a1f1f55b1e047368d2d4a77c46203227b56157d505bd8ea46cd517e6f8c5460a5829eb53175985f49a9f623dfdbaf2961e2a70a8100d45c6f53b22d3d7977b39c608e1279f95364bffabd6c1d292a6f58a25ef9696f2fbfa9bd7fbb31b624c6b02e6d2211a72465e23aa5123d339c6c49164a50cf848ac3a0ba9807dc65653a975e29954500f412d5ec1cbf14ab80d2da850a7a4e38cff1bdbf37227e3e37ed772af2340ada1a996ff98e27c5fbc9b1f94c4093c1a3c6fd0b466153d0fc614f0361b2f60041d7dcd1fc6f97c8fbda68c1db67def1a1e65aaeae701ede68f58d20f907372adf561857e4ea6281d9f88c9ab38d62e862acc25ddbaf9fca64bb29db68593dff82649b97d690a6e76dcc66ba1322f17ca31c0edfa38c942851a9e2d00b66541c15d8a75d2abfd31f03c7e744fe8f1c496e97bae6a561b4947cb54a7321fb63cdedef6aea319aad5541a9bd580eaef1e328c32a3d73eb5c4ce0744471f6f216ffe60f05a84b0307bcd0f051a973c2f9d2732e3033bf0a1dfcd7fd59bdefdf2172ebcffe529edbd78de035a53d9fcd35b8f84aa6938c83dc826d7de6ec6f2a33d75f588105771347651eb87861dfb6cba48e20e2c71ee52a85854d6183f40c00f3795486ddb53b934e967273119286255adc4654c3258cb08932e06f1fedb5dc4683dd0e4b5c1452875021250927b297605aab65e23b638b63d4a18ea9d765fc2973d2f1d9eb3c6b4681baa73f70e821e3b8ab1d5a79a3619f1e469e45fd59cadecf9641684af6b81510b044a311b8a0ae4415d086970be02d0c701283d74a2c8836cba2319fd035d8fb39f59854676b7e565d361a9ce655a181bdc3dc676460e23a5f505787fbbfce5002ffaa97645272c8c055c309c97294014195e43838f46f7ad277ea39e2e9e99bf15f3c64fa603257482f5204bc194105a3c215cbb2473f0c5d0aa140f8a105bcccd6994b6893a3070ef24e752254fd89d568a6cef1d872d8e4131d7c21125e21e18687ce54cb957e4cf53175bd1808b3d109d13b27cb365eff2c40efd4a15c0a15baf41a57f41516859abd728e9290cf4d984ffb6bbd717af40b5f606329873d869acaea7b27afe070de483b4f1d67a7c0be08e276f863cb857d19ba117c5d79771879bddc4b6cc52a34efd859d5211aadd13dba48d380046c7db560f98dba25891ac6113a229f24f9197de13faa9a9415156df18256ede2e1e51cbb43cdb36df877e6ff68e113fe392f03d42c24117842d2fb00eb80785b702d7082dcd8765be89694634472530725c91d5bee7766aee6747137c8b84e21c22260ecb2115afab2fbd0c4cda57ff2369a7e9cad35818a014ecd9b525879b20cb74d417cef35fdeb7eec69c8d45ba11917c2279a2dfa5b7b9f7666ffc7a7557c9f941d4d3b084e590ea9ae70e0c3710582a8c4cc670ed9f1021a2e5e3f537d978b01d0c9e3a14947af7806c7104b925dbb2a348ae8aed4af0a9ec6fb6ea0f4675e9383de9da3ea1ae2508f17c1d4ba1058a2966a9aaf4dd896f62f9a12df49c37591043ae125423fa708f051a93e2b6a4eb918fc6d526ba432f22c1d63a67226c304ba5c762c453b44964613761f99004c6eb01cd2dc0a0c4e6530ba47b0aa3f9169fa9c3134d1bcf5e4b3b199d49e2bf6c48c6309e4f66e7c6dde9fdca91eb96758fd81b762a0a47ec8e893370e9b57dccf5732539318be9f634535afdfcf528e126a5c6b959479bbd63", 0x1000, 0xc001}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000340)={@dev={0xfe, 0x80, '\x00', 0x32}, 0x57})
r2 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000000)={0x9, 'vlan1\x00', {0x10000}})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r3, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000280), 0x14)
write$binfmt_script(r3, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
write$eventfd(0xffffffffffffffff, 0x0, 0x0)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x20, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r6, &(0x7f0000000780)}, 0x20)
sendmsg$NL80211_CMD_GET_WIPHY(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01030000200000004000010000000800070000000000080003001e"], 0x30}}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "2a4001011f891d5b", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "fd6ed24e", "d4e9e1c90d89691c"}, 0x38)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000240), &(0x7f0000000280)=r8}, 0x20)

58.628235ms ago: executing program 2 (id=2824):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae091f75cd9701ffa62891f686bfbb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003875c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9e"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
r1 = syz_clone(0x20080000, &(0x7f00000001c0)="70539f1d4035fcf07942c2322ba1f39b6d0d2c85585d56855a628566563b0640421dfc62342c7ab9e6d4c263c75ecdb6604266ba16bd76ba3df970cd7712b0c699823afd9e81c8d7371c983f6988cf786725219cd36587d3d09cb6a6fc1eaff1d46086a016", 0x65, &(0x7f0000000140), &(0x7f0000000240), &(0x7f00000003c0)="19b49fe9871e11475e7a3ab40d2fbf27dce5934606ee560a26fbb8d3c523186ff14f13791f1c9662a7585fd5309e89fdbe108880bb1e0f1a9b299eeee6df242a99062c0cfc872cd5b8efce967206cf5f41e542e0cf2d09427659840d99cd12e60729e62bcc28fad39c6bf1ae5ae77fbc2c9460fb23c1c547442c4a64e2b01c5a6ed3f60b7b18b4dfb4fef6869c8001145c5041bb5d36c949c723ee12")
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)
sendmsg$tipc(r2, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x0, 0x4, 0x4}}, 0x10, 0x0}, 0x0)
r4 = openat$dir(0xffffff9c, &(0x7f0000000340)='./file0\x00', 0x402800, 0x101)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001580), 0xffffffffffffffff)
r6 = openat(r4, &(0x7f00000015c0)='./file1\x00', 0x6c200, 0x8)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f00000004c0)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r7, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000580)={0x1c, r8, 0x601, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x24008834)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001600)={'wpan1\x00', <r10=>0x0})
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f00000016c0)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x34, r5, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r6}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x34}, 0x1, 0x0, 0x0, 0x4006001}, 0x44090)
open_tree(r4, &(0x7f00000002c0)='./file0\x00', 0x81002)
ptrace$getregset(0x4204, r1, 0x200, &(0x7f0000000280)={&(0x7f0000001480)=""/192, 0xc0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r11}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
utimes(&(0x7f0000000180)='./file0\x00', 0x0)

11.036689ms ago: executing program 3 (id=2825):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xb, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r0}, &(0x7f0000000600), &(0x7f0000000640)}, 0x20)
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x42, 0x0, 0xfffffffffffffffc, 0x3f})

10.699419ms ago: executing program 3 (id=2826):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0)

0s ago: executing program 2 (id=2827):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080", @ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000041000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000000f400850000008600"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = epoll_create1(0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = msgget$private(0x0, 0x442)
msgrcv(r4, &(0x7f0000002ac0)={0x0, ""/159}, 0xa7, 0x1, 0x0)
socket$packet(0x11, 0x4000000000002, 0x300)
setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0xa0028000})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc}, @NFTA_LIMIT_UNIT={0xc}]}}}, {0x14, 0x1, 0x0, 0x1, @lookup={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe0}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a30"], 0x4b0}}, 0x0)

kernel console output (not intermixed with test programs):

.771318][T10370] chnl_net:caif_netlink_parms(): no params data found
[  221.786903][T10384] netlink: 'syz.4.2354': attribute type 10 has an invalid length.
[  221.794800][T10384] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2354'.
[  221.804911][T10384] bridge0: port 3(batadv0) entered blocking state
[  221.811417][T10384] bridge0: port 3(batadv0) entered disabled state
[  221.818778][T10384] batadv0: entered allmulticast mode
[  221.824694][T10384] batadv0: entered promiscuous mode
[  221.830067][T10384] bridge0: port 3(batadv0) entered blocking state
[  221.836551][T10384] bridge0: port 3(batadv0) entered forwarding state
[  221.880031][T10370] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.887144][T10370] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.894547][T10370] bridge_slave_0: entered allmulticast mode
[  221.900912][T10370] bridge_slave_0: entered promiscuous mode
[  221.909712][T10370] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.916951][T10370] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.924245][T10370] bridge_slave_1: entered allmulticast mode
[  221.930718][T10370] bridge_slave_1: entered promiscuous mode
[  221.949228][T10370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  221.959834][T10370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  221.974684][T10398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  221.983294][T10398] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.984385][T10370] team0: Port device team_slave_0 added
[  221.999758][T10370] team0: Port device team_slave_1 added
[  222.003171][T10398] loop3: detected capacity change from 0 to 2048
[  222.027321][T10370] batman_adv: batadv0: Adding interface: batadv_slave_0
[  222.034357][T10370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.060560][T10370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  222.074745][T10370] batman_adv: batadv0: Adding interface: batadv_slave_1
[  222.081715][T10370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.107635][T10370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  222.118889][T10339] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  222.119130][T10398] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.147950][T10339] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  222.162038][T10370] hsr_slave_0: entered promiscuous mode
[  222.168476][T10370] hsr_slave_1: entered promiscuous mode
[  222.174525][T10339] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  222.182787][T10339] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  222.238043][ T3292] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.265245][T10339] 8021q: adding VLAN 0 to HW filter on device bond0
[  222.274354][   T28] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  222.276194][T10339] 8021q: adding VLAN 0 to HW filter on device team0
[  222.283602][   T28] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  222.306647][ T3292] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.319140][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.326220][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.337076][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.344151][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.356019][ T3292] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.408863][ T3292] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.425333][T10339] 8021q: adding VLAN 0 to HW filter on device batadv0
[  222.459144][ T3292] bridge_slave_1: left allmulticast mode
[  222.464910][ T3292] bridge_slave_1: left promiscuous mode
[  222.470588][ T3292] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.479335][ T3292] bridge_slave_0: left allmulticast mode
[  222.485800][ T3292] bridge_slave_0: left promiscuous mode
[  222.491507][ T3292] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.576498][ T3292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  222.586698][ T3292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  222.596778][ T3292] bond0 (unregistering): Released all slaves
[  222.625179][T10339] veth0_vlan: entered promiscuous mode
[  222.633141][T10339] veth1_vlan: entered promiscuous mode
[  222.640790][T10401] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  222.645297][T10339] veth0_macvtap: entered promiscuous mode
[  222.665704][T10339] veth1_macvtap: entered promiscuous mode
[  222.675338][ T3292] hsr_slave_0: left promiscuous mode
[  222.681039][ T3292] hsr_slave_1: left promiscuous mode
[  222.687003][ T3292] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  222.694421][ T3292] batman_adv: batadv0: Removing interface: batadv_slave_0
[  222.702215][ T3292] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  222.709752][ T3292] batman_adv: batadv0: Removing interface: batadv_slave_1
[  222.719068][ T3292] veth1_macvtap: left promiscuous mode
[  222.724642][ T3292] veth0_macvtap: left promiscuous mode
[  222.730183][ T3292] veth1_vlan: left promiscuous mode
[  222.735423][ T3292] veth0_vlan: left promiscuous mode
[  222.807804][ T3292] team0 (unregistering): Port device team_slave_1 removed
[  222.817467][ T3292] team0 (unregistering): Port device team_slave_0 removed
[  222.856856][T10339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.867342][T10339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.878118][T10339] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.887993][T10339] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.898519][T10339] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.909095][T10339] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.918234][T10339] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.927239][T10339] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.936072][T10339] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.944810][T10339] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  223.052905][T10417] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2344'.
[  223.064009][T10417] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2344'.
[  223.072936][T10417] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  223.080520][T10417] batman_adv: batadv0: Removing interface: batadv_slave_0
[  223.088390][T10417] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  223.095866][T10417] batman_adv: batadv0: Removing interface: batadv_slave_1
[  223.122141][T10370] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  223.131096][T10370] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  223.140598][T10370] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  223.149037][T10370] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  223.181346][T10370] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.193271][T10370] 8021q: adding VLAN 0 to HW filter on device team0
[  223.202889][ T3292] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.210333][ T3292] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.220923][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.228072][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  223.286473][T10370] 8021q: adding VLAN 0 to HW filter on device batadv0
[  223.346544][T10370] veth0_vlan: entered promiscuous mode
[  223.354780][T10370] veth1_vlan: entered promiscuous mode
[  223.368913][T10370] veth0_macvtap: entered promiscuous mode
[  223.376108][T10370] veth1_macvtap: entered promiscuous mode
[  223.386108][T10370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  223.397589][T10370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.408365][T10370] batman_adv: batadv0: Interface activated: batadv_slave_0
[  223.419182][T10370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  223.429743][T10370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.440845][T10370] batman_adv: batadv0: Interface activated: batadv_slave_1
[  223.450627][T10370] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  223.459392][T10370] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  223.468297][T10370] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  223.477308][T10370] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  223.693871][T10443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  223.702618][T10443] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.718873][T10443] loop0: detected capacity change from 0 to 2048
[  223.735933][T10443] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  224.591476][T10457] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2364'.
[  224.750915][T10461] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2365'.
[  224.873179][ T9239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.890775][T10463] syz.3.2367[10463] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  224.890860][T10463] syz.3.2367[10463] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  224.902434][T10463] syz.3.2367[10463] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  224.926012][   T29] kauditd_printk_skb: 100 callbacks suppressed
[  224.926025][   T29] audit: type=1326 audit(1728290470.793:42639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  224.967399][   T29] audit: type=1326 audit(1728290470.793:42640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  224.991090][   T29] audit: type=1326 audit(1728290470.793:42641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  225.014771][   T29] audit: type=1326 audit(1728290470.793:42642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  225.038326][   T29] audit: type=1326 audit(1728290470.793:42643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  225.062044][   T29] audit: type=1326 audit(1728290470.793:42644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  225.085618][   T29] audit: type=1326 audit(1728290470.793:42645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  225.109545][   T29] audit: type=1326 audit(1728290470.793:42646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  225.133166][   T29] audit: type=1326 audit(1728290470.793:42647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  225.156721][   T29] audit: type=1326 audit(1728290470.793:42648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10464 comm="syz.3.2369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  225.233776][T10469] FAULT_INJECTION: forcing a failure.
[  225.233776][T10469] name failslab, interval 1, probability 0, space 0, times 0
[  225.246512][T10469] CPU: 0 UID: 0 PID: 10469 Comm: syz.3.2371 Not tainted 6.12.0-rc2-syzkaller #0
[  225.255616][T10469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  225.265681][T10469] Call Trace:
[  225.268940][T10469]  <TASK>
[  225.271856][T10469]  dump_stack_lvl+0xf2/0x150
[  225.276433][T10469]  dump_stack+0x15/0x20
[  225.280568][T10469]  should_fail_ex+0x223/0x230
[  225.285300][T10469]  ? skb_clone+0x154/0x1f0
[  225.289723][T10469]  should_failslab+0x8f/0xb0
[  225.294321][T10469]  kmem_cache_alloc_noprof+0x4c/0x290
[  225.299706][T10469]  skb_clone+0x154/0x1f0
[  225.303995][T10469]  __netlink_deliver_tap+0x2bd/0x4c0
[  225.309286][T10469]  netlink_unicast+0x64a/0x670
[  225.314060][T10469]  netlink_sendmsg+0x5cc/0x6e0
[  225.318865][T10469]  ? __pfx_netlink_sendmsg+0x10/0x10
[  225.324158][T10469]  __sock_sendmsg+0x140/0x180
[  225.328827][T10469]  ____sys_sendmsg+0x312/0x410
[  225.333619][T10469]  __sys_sendmsg+0x1d9/0x270
[  225.338230][T10469]  __x64_sys_sendmsg+0x46/0x50
[  225.342992][T10469]  x64_sys_call+0x2689/0x2d60
[  225.347665][T10469]  do_syscall_64+0xc9/0x1c0
[  225.352154][T10469]  ? clear_bhb_loop+0x55/0xb0
[  225.356830][T10469]  ? clear_bhb_loop+0x55/0xb0
[  225.361513][T10469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.367403][T10469] RIP: 0033:0x7f148cdddff9
[  225.371873][T10469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.391667][T10469] RSP: 002b:00007f148ba57038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  225.400108][T10469] RAX: ffffffffffffffda RBX: 00007f148cf95f80 RCX: 00007f148cdddff9
[  225.408076][T10469] RDX: 0000000020000010 RSI: 0000000020000200 RDI: 0000000000000007
[  225.416121][T10469] RBP: 00007f148ba57090 R08: 0000000000000000 R09: 0000000000000000
[  225.424166][T10469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  225.432123][T10469] R13: 0000000000000000 R14: 00007f148cf95f80 R15: 00007fff7a3d6f48
[  225.440089][T10469]  </TASK>
[  225.445290][T10469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2371'.
[  225.500669][T10476] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  225.508987][T10476] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  225.518984][T10476] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2373'.
[  225.548156][T10480] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2372'.
[  225.874563][T10446] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  226.237382][ T3366] bridge_slave_1: left allmulticast mode
[  226.243071][ T3366] bridge_slave_1: left promiscuous mode
[  226.248720][ T3366] bridge0: port 2(bridge_slave_1) entered disabled state
[  226.256876][ T3366] bridge_slave_0: left allmulticast mode
[  226.262566][ T3366] bridge_slave_0: left promiscuous mode
[  226.268368][ T3366] bridge0: port 1(bridge_slave_0) entered disabled state
[  226.370380][ T3366] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  226.405385][ T3366] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  226.415004][T10494] syz.1.2379[10494] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  226.415103][T10494] syz.1.2379[10494] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  226.416105][ T3366] bond0 (unregistering): Released all slaves
[  226.427557][T10495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  226.440909][T10494] syz.1.2379[10494] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  226.452706][T10495] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  226.486262][T10497] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2380'.
[  226.495296][T10495] loop4: detected capacity change from 0 to 2048
[  226.508738][T10497] hsr_slave_1 (unregistering): left promiscuous mode
[  226.516194][T10495] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  226.534100][ T3366] hsr_slave_0: left promiscuous mode
[  226.540926][ T3366] veth1_macvtap: left promiscuous mode
[  226.546744][ T3366] veth0_macvtap: left promiscuous mode
[  226.552325][ T3366] veth1_vlan: left promiscuous mode
[  226.557609][ T3366] veth0_vlan: left promiscuous mode
[  226.628473][ T3366] team0 (unregistering): Port device team_slave_1 removed
[  226.639186][ T3366] team0 (unregistering): Port device team_slave_0 removed
[  226.970149][T10513] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2384'.
[  227.250118][T10518] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2385'.
[  227.686513][T10525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.695987][T10525] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  227.705227][T10525] random: crng reseeded on system resumption
[  227.798173][T10520] chnl_net:caif_netlink_parms(): no params data found
[  227.829037][T10520] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.836164][T10520] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.843341][T10520] bridge_slave_0: entered allmulticast mode
[  227.849756][T10520] bridge_slave_0: entered promiscuous mode
[  227.856593][T10520] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.863631][T10520] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.870920][T10520] bridge_slave_1: entered allmulticast mode
[  227.877370][T10520] bridge_slave_1: entered promiscuous mode
[  227.893719][T10520] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  227.905036][T10520] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  227.920528][ T3366] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.936329][T10520] team0: Port device team_slave_0 added
[  227.942661][T10520] team0: Port device team_slave_1 added
[  227.955317][T10501] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  227.955378][ T3366] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.985142][T10520] batman_adv: batadv0: Adding interface: batadv_slave_0
[  227.992652][T10520] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  228.018608][T10520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  228.029902][T10520] batman_adv: batadv0: Adding interface: batadv_slave_1
[  228.036935][T10520] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  228.062970][T10520] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  228.091616][T10520] hsr_slave_0: entered promiscuous mode
[  228.097779][T10520] hsr_slave_1: entered promiscuous mode
[  228.103886][T10520] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  228.111520][T10520] Cannot create hsr debugfs directory
[  228.119508][ T3366] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.161801][ T3366] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.215506][ T3366] bridge_slave_1: left allmulticast mode
[  228.221156][ T3366] bridge_slave_1: left promiscuous mode
[  228.226822][ T3366] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.234424][ T3366] bridge_slave_0: left allmulticast mode
[  228.240062][ T3366] bridge_slave_0: left promiscuous mode
[  228.245859][ T3366] bridge0: port 1(bridge_slave_0) entered disabled state
[  228.318264][ T3366] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  228.328561][ T3366] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  228.339124][ T3366] bond0 (unregistering): Released all slaves
[  228.396920][ T3366] hsr_slave_0: left promiscuous mode
[  228.404413][ T3366] veth1_macvtap: left promiscuous mode
[  228.409988][ T3366] veth0_macvtap: left promiscuous mode
[  228.415648][ T3366] veth1_vlan: left promiscuous mode
[  228.420917][ T3366] veth0_vlan: left promiscuous mode
[  228.490253][ T3366] team0 (unregistering): Port device team_slave_1 removed
[  228.500231][ T3366] team0 (unregistering): Port device team_slave_0 removed
[  228.533044][T10543] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2389'.
[  228.656261][T10520] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  228.664409][T10520] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  228.672730][T10520] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  228.681794][T10520] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  228.713462][T10520] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.725142][T10520] 8021q: adding VLAN 0 to HW filter on device team0
[  228.734953][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[  228.742025][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[  228.757016][ T3292] bridge0: port 2(bridge_slave_1) entered blocking state
[  228.764093][ T3292] bridge0: port 2(bridge_slave_1) entered forwarding state
[  228.819125][T10520] 8021q: adding VLAN 0 to HW filter on device batadv0
[  228.878028][T10520] veth0_vlan: entered promiscuous mode
[  228.886385][T10520] veth1_vlan: entered promiscuous mode
[  228.900713][T10520] veth0_macvtap: entered promiscuous mode
[  228.908577][T10520] veth1_macvtap: entered promiscuous mode
[  228.918693][T10520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.929189][T10520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.939053][T10520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.949563][T10520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.961000][T10520] batman_adv: batadv0: Interface activated: batadv_slave_0
[  228.969163][T10520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.979658][T10520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.989465][T10520] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.999929][T10520] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.010743][T10520] batman_adv: batadv0: Interface activated: batadv_slave_1
[  229.011242][T10560] syz.3.2392[10560] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  229.018770][T10560] syz.3.2392[10560] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  229.030271][T10560] syz.3.2392[10560] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  229.057628][T10520] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  229.078359][T10520] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  229.087206][T10520] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  229.095924][T10520] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  229.137193][T10568] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2386'.
[  229.148610][T10568] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  229.156324][T10568] batman_adv: batadv0: Removing interface: batadv_slave_0
[  229.164268][T10568] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  229.171848][T10568] batman_adv: batadv0: Removing interface: batadv_slave_1
[  229.326247][T10255] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.476769][T10579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  229.486118][T10579] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  229.507275][T10579] loop1: detected capacity change from 0 to 2048
[  229.525596][T10579] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  229.965651][   T29] kauditd_printk_skb: 11847 callbacks suppressed
[  229.965675][   T29] audit: type=1326 audit(1728290475.833:54496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10587 comm="syz.3.2397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  230.045099][   T29] audit: type=1326 audit(1728290475.863:54497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10587 comm="syz.3.2397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  230.068817][   T29] audit: type=1326 audit(1728290475.863:54498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10587 comm="syz.3.2397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  230.092741][   T29] audit: type=1326 audit(1728290475.873:54499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10587 comm="syz.3.2397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  230.116539][   T29] audit: type=1326 audit(1728290475.873:54500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10587 comm="syz.3.2397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  230.140165][   T29] audit: type=1326 audit(1728290475.873:54501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10587 comm="syz.3.2397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  230.163973][   T29] audit: type=1326 audit(1728290475.873:54502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10587 comm="syz.3.2397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  230.187646][   T29] audit: type=1326 audit(1728290475.873:54503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10587 comm="syz.3.2397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  230.211410][   T29] audit: type=1326 audit(1728290475.873:54504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10587 comm="syz.3.2397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  230.240749][   T29] audit: type=1326 audit(1728290475.873:54505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10587 comm="syz.3.2397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  230.330338][T10600] syz.4.2403[10600] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  230.330434][T10600] syz.4.2403[10600] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  230.342374][T10600] syz.4.2403[10600] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  230.379886][T10610] __nla_validate_parse: 1 callbacks suppressed
[  230.379901][T10610] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2409'.
[  230.418184][T10611] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2407'.
[  230.442698][T10617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  230.443005][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.458888][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.466727][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.474566][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.482331][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.490098][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.497828][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.505735][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.513453][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.521354][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.529083][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.536842][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.544623][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.552507][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.560246][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.568051][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.575949][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.583665][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.591760][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: unknown main item tag 0x0
[  230.601075][T10617] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  230.601092][ T3344] hid-generic FFFC:0000:FFFFFFFF.0004: hidraw0: <UNKNOWN> HID v0.01 Device [syz0] on syz0
[  230.619280][T10617] loop4: detected capacity change from 0 to 128
[  231.955035][T10582] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  232.119893][T10623] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2413'.
[  232.125888][T10622] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2414'.
[  232.188186][T10635] syz.3.2419[10635] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.188251][T10635] syz.3.2419[10635] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.199923][T10635] syz.3.2419[10635] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  232.213218][T10636] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2415'.
[  232.379945][T10339] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.453948][T10651] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2423'.
[  232.996588][T10656] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2425'.
[  233.033065][T10656] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2425'.
[  233.054738][T10662] FAULT_INJECTION: forcing a failure.
[  233.054738][T10662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  233.067843][T10662] CPU: 0 UID: 0 PID: 10662 Comm: syz.2.2426 Not tainted 6.12.0-rc2-syzkaller #0
[  233.076863][T10662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  233.086983][T10662] Call Trace:
[  233.090249][T10662]  <TASK>
[  233.093212][T10662]  dump_stack_lvl+0xf2/0x150
[  233.097823][T10662]  dump_stack+0x15/0x20
[  233.102045][T10662]  should_fail_ex+0x223/0x230
[  233.106761][T10662]  should_fail+0xb/0x10
[  233.110911][T10662]  should_fail_usercopy+0x1a/0x20
[  233.116019][T10662]  _copy_from_iter+0xd3/0xd20
[  233.120749][T10662]  ? alloc_pages_mpol_noprof+0xd5/0x1e0
[  233.126299][T10662]  copy_page_from_iter+0x14f/0x280
[  233.131476][T10662]  tun_get_user+0x686/0x24e0
[  233.136051][T10662]  ? kstrtoull+0x110/0x140
[  233.140511][T10662]  ? ref_tracker_alloc+0x1f5/0x2f0
[  233.145611][T10662]  tun_chr_write_iter+0x188/0x240
[  233.150621][T10662]  vfs_write+0x76a/0x910
[  233.154851][T10662]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  233.160389][T10662]  ksys_write+0xeb/0x1b0
[  233.164711][T10662]  __x64_sys_write+0x42/0x50
[  233.169290][T10662]  x64_sys_call+0x27dd/0x2d60
[  233.173966][T10662]  do_syscall_64+0xc9/0x1c0
[  233.178462][T10662]  ? clear_bhb_loop+0x55/0xb0
[  233.183139][T10662]  ? clear_bhb_loop+0x55/0xb0
[  233.187812][T10662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.193828][T10662] RIP: 0033:0x7fe5b266cadf
[  233.198254][T10662] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  233.217844][T10662] RSP: 002b:00007fe5b12e1000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  233.226413][T10662] RAX: ffffffffffffffda RBX: 00007fe5b2825f80 RCX: 00007fe5b266cadf
[  233.234394][T10662] RDX: 000000000000003a RSI: 0000000020000000 RDI: 00000000000000c8
[  233.242371][T10662] RBP: 00007fe5b12e1090 R08: 0000000000000000 R09: 0000000000000000
[  233.250347][T10662] R10: 000000000000003a R11: 0000000000000293 R12: 0000000000000001
[  233.258310][T10662] R13: 0000000000000000 R14: 00007fe5b2825f80 R15: 00007ffde3433c28
[  233.266364][T10662]  </TASK>
[  233.274167][T10664] program syz.1.2427 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  233.336234][T10672] program syz.3.2431 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  233.345595][T10672] FAULT_INJECTION: forcing a failure.
[  233.345595][T10672] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  233.358682][T10672] CPU: 0 UID: 0 PID: 10672 Comm: syz.3.2431 Not tainted 6.12.0-rc2-syzkaller #0
[  233.367701][T10672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  233.377745][T10672] Call Trace:
[  233.381010][T10672]  <TASK>
[  233.383940][T10672]  dump_stack_lvl+0xf2/0x150
[  233.388531][T10672]  dump_stack+0x15/0x20
[  233.392674][T10672]  should_fail_ex+0x223/0x230
[  233.397348][T10672]  should_fail+0xb/0x10
[  233.401497][T10672]  should_fail_usercopy+0x1a/0x20
[  233.406556][T10672]  _copy_from_user+0x1e/0xd0
[  233.411202][T10672]  scsi_ioctl+0x11dc/0x1540
[  233.415698][T10672]  ? avc_has_perm+0xd4/0x160
[  233.420348][T10672]  ? file_has_perm+0x329/0x370
[  233.425141][T10672]  ? do_vfs_ioctl+0x96e/0x1530
[  233.429976][T10672]  sg_ioctl+0xda4/0x1870
[  233.434219][T10672]  ? __pfx_sg_ioctl+0x10/0x10
[  233.438981][T10672]  __se_sys_ioctl+0xcd/0x140
[  233.443629][T10672]  __x64_sys_ioctl+0x43/0x50
[  233.448211][T10672]  x64_sys_call+0x15cc/0x2d60
[  233.452886][T10672]  do_syscall_64+0xc9/0x1c0
[  233.457376][T10672]  ? clear_bhb_loop+0x55/0xb0
[  233.462047][T10672]  ? clear_bhb_loop+0x55/0xb0
[  233.466734][T10672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.472782][T10672] RIP: 0033:0x7f148cdddff9
[  233.477188][T10672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.496786][T10672] RSP: 002b:00007f148ba57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  233.505189][T10672] RAX: ffffffffffffffda RBX: 00007f148cf95f80 RCX: 00007f148cdddff9
[  233.513271][T10672] RDX: 0000000020000000 RSI: 0000000000000001 RDI: 0000000000000008
[  233.521273][T10672] RBP: 00007f148ba57090 R08: 0000000000000000 R09: 0000000000000000
[  233.529293][T10672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  233.537255][T10672] R13: 0000000000000000 R14: 00007f148cf95f80 R15: 00007fff7a3d6f48
[  233.545273][T10672]  </TASK>
[  233.591630][T10370] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.638282][T10683] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  233.646506][T10683] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  233.656379][T10683] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2433'.
[  233.693865][T10692] loop2: detected capacity change from 0 to 512
[  233.705735][T10692] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.719167][T10692] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  233.732997][T10699] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  233.741258][T10699] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  233.751255][T10699] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2435'.
[  233.772092][T10676] chnl_net:caif_netlink_parms(): no params data found
[  233.801570][T10676] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.808874][T10676] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.816226][T10676] bridge_slave_0: entered allmulticast mode
[  233.822616][T10676] bridge_slave_0: entered promiscuous mode
[  233.829799][T10676] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.837094][T10676] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.844462][T10676] bridge_slave_1: entered allmulticast mode
[  233.850804][T10676] bridge_slave_1: entered promiscuous mode
[  233.869481][T10676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  233.881530][T10676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  233.902124][ T3292] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  233.913561][T10676] team0: Port device team_slave_0 added
[  233.920263][T10676] team0: Port device team_slave_1 added
[  233.936341][T10676] batman_adv: batadv0: Adding interface: batadv_slave_0
[  233.943331][T10676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  233.969350][T10676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  233.980826][T10676] batman_adv: batadv0: Adding interface: batadv_slave_1
[  233.987830][T10676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.013864][T10676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  234.031105][ T3292] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.057256][T10676] hsr_slave_0: entered promiscuous mode
[  234.063406][T10676] hsr_slave_1: entered promiscuous mode
[  234.070250][T10676] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  234.078382][T10676] Cannot create hsr debugfs directory
[  234.087395][ T3292] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.129572][ T3292] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.190352][ T3292] bridge_slave_1: left allmulticast mode
[  234.196303][ T3292] bridge_slave_1: left promiscuous mode
[  234.201964][ T3292] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.210321][ T3292] bridge_slave_0: left allmulticast mode
[  234.216096][ T3292] bridge_slave_0: left promiscuous mode
[  234.221739][ T3292] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.296803][ T3292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  234.307553][ T3292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  234.317966][ T3292] bond0 (unregistering): Released all slaves
[  234.377233][ T3292] hsr_slave_0: left promiscuous mode
[  234.382840][ T3292] hsr_slave_1: left promiscuous mode
[  234.388527][ T3292] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  234.395931][ T3292] batman_adv: batadv0: Removing interface: batadv_slave_0
[  234.403288][ T3292] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  234.410812][ T3292] batman_adv: batadv0: Removing interface: batadv_slave_1
[  234.419562][ T3292] veth1_macvtap: left promiscuous mode
[  234.425124][ T3292] veth0_macvtap: left promiscuous mode
[  234.430595][ T3292] veth1_vlan: left promiscuous mode
[  234.436596][ T3292] veth0_vlan: left promiscuous mode
[  234.507575][ T3292] team0 (unregistering): Port device team_slave_1 removed
[  234.518937][ T3292] team0 (unregistering): Port device team_slave_0 removed
[  234.562471][T10520] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.586151][T10715] hsr_slave_1 (unregistering): left promiscuous mode
[  234.795883][T10676] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  234.804212][T10676] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  234.812617][T10676] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  234.821073][T10676] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  234.855790][T10676] 8021q: adding VLAN 0 to HW filter on device bond0
[  234.869382][T10676] 8021q: adding VLAN 0 to HW filter on device team0
[  234.879239][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.886305][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[  234.907657][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.914731][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  234.932429][T10676] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  234.943024][T10676] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  235.012123][T10676] 8021q: adding VLAN 0 to HW filter on device batadv0
[  235.083388][T10676] veth0_vlan: entered promiscuous mode
[  235.091813][T10676] veth1_vlan: entered promiscuous mode
[  235.113652][T10676] veth0_macvtap: entered promiscuous mode
[  235.122796][T10676] veth1_macvtap: entered promiscuous mode
[  235.133345][T10676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  235.143905][T10676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.154967][T10676] batman_adv: batadv0: Interface activated: batadv_slave_0
[  235.165222][T10676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  235.175722][T10676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  235.187183][T10676] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.197430][T10676] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.206298][T10676] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.215079][T10676] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.223769][T10676] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.242558][T10738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  235.251878][T10738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  235.272344][T10738] loop1: detected capacity change from 0 to 2048
[  235.305636][T10738] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  235.351501][   T29] kauditd_printk_skb: 240 callbacks suppressed
[  235.351516][   T29] audit: type=1326 audit(1728290481.213:54746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10756 comm="syz.0.2448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ec7ddff9 code=0x7ffc0000
[  235.381795][   T29] audit: type=1326 audit(1728290481.213:54747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10756 comm="syz.0.2448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f45ec7ddff9 code=0x7ffc0000
[  235.433414][T10761] __nla_validate_parse: 2 callbacks suppressed
[  235.433460][T10761] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2450'.
[  235.474842][   T29] audit: type=1326 audit(1728290481.343:54748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10768 comm="syz.4.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  235.499857][   T29] audit: type=1326 audit(1728290481.343:54749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10768 comm="syz.4.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  235.500497][T10770] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  235.523511][   T29] audit: type=1326 audit(1728290481.343:54750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10768 comm="syz.4.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  235.531692][T10770] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  235.555345][   T29] audit: type=1326 audit(1728290481.343:54751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10768 comm="syz.4.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  235.568411][T10771] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2451'.
[  235.587235][   T29] audit: type=1326 audit(1728290481.343:54752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10768 comm="syz.4.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  235.587268][   T29] audit: type=1326 audit(1728290481.343:54753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10768 comm="syz.4.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  235.643794][   T29] audit: type=1326 audit(1728290481.343:54754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10768 comm="syz.4.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  235.667348][   T29] audit: type=1326 audit(1728290481.343:54755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10768 comm="syz.4.2453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  235.761421][T10781] syz.2.2458[10781] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  235.761500][T10781] syz.2.2458[10781] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  235.773101][T10781] syz.2.2458[10781] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  235.817104][T10786] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2460'.
[  235.890533][T10792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2462'.
[  236.159925][T10804] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2466'.
[  236.282886][T10814] hub 9-0:1.0: USB hub found
[  236.287596][T10814] hub 9-0:1.0: 8 ports detected
[  236.874934][T10827] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2475'.
[  236.893869][T10831] loop2: detected capacity change from 0 to 128
[  237.311760][T10851] vxcan1: tx address claim with dest, not broadcast
[  237.464322][T10856] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2487'.
[  237.511161][T10863] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2486'.
[  237.778372][T10881] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2496'.
[  237.789558][T10881] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2496'.
[  237.798509][T10881] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  237.805957][T10881] batman_adv: batadv0: Removing interface: batadv_slave_0
[  237.822693][T10881] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  237.830268][T10881] batman_adv: batadv0: Removing interface: batadv_slave_1
[  237.841955][T10881] bridge0: port 3(batadv0) entered disabled state
[  237.850755][T10881] batadv0 (unregistering): left allmulticast mode
[  237.857328][T10881] batadv0 (unregistering): left promiscuous mode
[  237.863751][T10881] bridge0: port 3(batadv0) entered disabled state
[  237.982494][T10886] vxcan1: tx address claim with dest, not broadcast
[  238.092285][T10898] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=281 sclass=netlink_route_socket pid=10898 comm=syz.2.2500
[  238.108867][T10892] netlink: 'syz.2.2500': attribute type 10 has an invalid length.
[  238.118681][T10892] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[  238.127959][T10892] team0: Failed to send options change via netlink (err -105)
[  238.135458][T10892] team0: Port device netdevsim1 added
[  238.142005][   T28] team0: Failed to send port change of device netdevsim1 via netlink (err -105)
[  238.158555][T10900] loop4: detected capacity change from 0 to 256
[  238.231227][T10910] loop2: detected capacity change from 0 to 512
[  238.255736][T10910] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  238.268529][T10910] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.297584][T10520] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.429316][T10938] syz.2.2514[10938] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.429376][T10938] syz.2.2514[10938] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.440904][T10938] syz.2.2514[10938] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.739276][T10971] syz.3.2528[10971] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.766552][T10971] syz.3.2528[10971] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  238.778535][T10971] syz.3.2528[10971] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  239.186842][T11002] syz.0.2540[11002] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  239.323332][T11008] loop0: detected capacity change from 0 to 8192
[  239.522336][T11032] loop4: detected capacity change from 0 to 512
[  239.535200][T11032] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  239.547931][T11032] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.566928][T10255] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.583029][T11036] FAULT_INJECTION: forcing a failure.
[  239.583029][T11036] name failslab, interval 1, probability 0, space 0, times 0
[  239.595944][T11036] CPU: 1 UID: 0 PID: 11036 Comm: syz.4.2553 Not tainted 6.12.0-rc2-syzkaller #0
[  239.605005][T11036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  239.615059][T11036] Call Trace:
[  239.618318][T11036]  <TASK>
[  239.621231][T11036]  dump_stack_lvl+0xf2/0x150
[  239.625845][T11036]  dump_stack+0x15/0x20
[  239.630010][T11036]  should_fail_ex+0x223/0x230
[  239.634741][T11036]  ? __alloc_skb+0x10b/0x310
[  239.639332][T11036]  should_failslab+0x8f/0xb0
[  239.643917][T11036]  kmem_cache_alloc_node_noprof+0x51/0x2b0
[  239.649708][T11036]  __alloc_skb+0x10b/0x310
[  239.654112][T11036]  netlink_alloc_large_skb+0xad/0xe0
[  239.659543][T11036]  netlink_sendmsg+0x3b4/0x6e0
[  239.664352][T11036]  ? __pfx_netlink_sendmsg+0x10/0x10
[  239.669694][T11036]  __sock_sendmsg+0x140/0x180
[  239.674372][T11036]  ____sys_sendmsg+0x312/0x410
[  239.679135][T11036]  __sys_sendmsg+0x1d9/0x270
[  239.683738][T11036]  __x64_sys_sendmsg+0x46/0x50
[  239.688543][T11036]  x64_sys_call+0x2689/0x2d60
[  239.693252][T11036]  do_syscall_64+0xc9/0x1c0
[  239.697737][T11036]  ? clear_bhb_loop+0x55/0xb0
[  239.702494][T11036]  ? clear_bhb_loop+0x55/0xb0
[  239.707186][T11036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.713164][T11036] RIP: 0033:0x7f90c562dff9
[  239.717560][T11036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.737170][T11036] RSP: 002b:00007f90c42a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  239.745564][T11036] RAX: ffffffffffffffda RBX: 00007f90c57e5f80 RCX: 00007f90c562dff9
[  239.753585][T11036] RDX: 0000000000000000 RSI: 0000000020002980 RDI: 0000000000000006
[  239.761550][T11036] RBP: 00007f90c42a7090 R08: 0000000000000000 R09: 0000000000000000
[  239.769517][T11036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  239.777551][T11036] R13: 0000000000000000 R14: 00007f90c57e5f80 R15: 00007fff40e94608
[  239.785518][T11036]  </TASK>
[  239.794363][T10697] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  240.645462][T11065] __nla_validate_parse: 13 callbacks suppressed
[  240.645473][T11065] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2563'.
[  240.721644][   T29] kauditd_printk_skb: 265 callbacks suppressed
[  240.721659][   T29] audit: type=1326 audit(1728290486.583:55021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  240.726820][T11065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2563'.
[  240.727912][   T29] audit: type=1326 audit(1728290486.583:55022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  240.784304][   T29] audit: type=1326 audit(1728290486.623:55023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  240.808064][   T29] audit: type=1326 audit(1728290486.623:55024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  240.831662][   T29] audit: type=1326 audit(1728290486.623:55025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  240.855377][   T29] audit: type=1326 audit(1728290486.623:55026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  240.878982][   T29] audit: type=1326 audit(1728290486.623:55027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  240.883987][T11078] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2567'.
[  240.902601][   T29] audit: type=1326 audit(1728290486.623:55028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  240.935108][   T29] audit: type=1326 audit(1728290486.623:55029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  240.958710][   T29] audit: type=1326 audit(1728290486.623:55030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11073 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90c562dff9 code=0x7ffc0000
[  241.006936][T11082] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2570'.
[  241.089631][T11102] loop0: detected capacity change from 0 to 512
[  241.097624][T11103] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2573'.
[  241.115539][T11102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.117451][T11098] netlink: 'syz.3.2576': attribute type 4 has an invalid length.
[  241.128134][T11102] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  241.156707][T11098] netlink: 'syz.3.2576': attribute type 4 has an invalid length.
[  241.194815][T10676] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.217993][T11113] bpf_get_probe_write_proto: 5 callbacks suppressed
[  241.218009][T11113] syz.3.2581[11113] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  241.224962][T11113] syz.3.2581[11113] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  241.236786][T11113] syz.3.2581[11113] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  241.265029][T11119] loop3: detected capacity change from 0 to 512
[  241.285910][T11119] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  241.300092][T11119] ext4 filesystem being mounted at /151/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  241.317799][T11125] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2586'.
[  241.327845][ T9239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.947179][T11147] syz.0.2596[11147] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  241.947319][T11147] syz.0.2596[11147] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  241.960319][T11147] syz.0.2596[11147] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  241.989271][T11153] loop2: detected capacity change from 0 to 512
[  242.015913][T11153] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.028586][T11153] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  242.047208][T10520] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.451242][T11174] syz.4.2608[11174] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  242.451281][T11174] syz.4.2608[11174] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  242.462857][T11174] syz.4.2608[11174] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  242.539203][T11177] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2609'.
[  243.039876][T11189] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2615'.
[  243.080979][T11189] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2615'.
[  243.144880][T11208] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2619'.
[  243.233754][T11210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  243.242269][T11210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  243.258179][T11210] loop2: detected capacity change from 0 to 2048
[  243.285712][T11210] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  243.332200][T11214] loop4: detected capacity change from 0 to 512
[  243.345664][T11214] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.358358][T11214] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  243.377452][T10255] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.855142][T11247] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  244.862830][T11247] batman_adv: batadv0: Removing interface: batadv_slave_0
[  244.870606][T11247] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  244.878057][T11247] batman_adv: batadv0: Removing interface: batadv_slave_1
[  245.084928][T11259] syz.0.2641[11259] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  245.137739][T10339] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.276408][T11269] chnl_net:caif_netlink_parms(): no params data found
[  245.305510][T11269] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.312543][T11269] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.319850][T11269] bridge_slave_0: entered allmulticast mode
[  245.326232][T11269] bridge_slave_0: entered promiscuous mode
[  245.333310][T11269] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.340510][T11269] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.347634][T11269] bridge_slave_1: entered allmulticast mode
[  245.354220][T11269] bridge_slave_1: entered promiscuous mode
[  245.368044][   T50] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.384867][T11269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  245.395548][T11269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  245.413294][T11269] team0: Port device team_slave_0 added
[  245.419981][T11269] team0: Port device team_slave_1 added
[  245.432959][   T50] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.448759][T11269] batman_adv: batadv0: Adding interface: batadv_slave_0
[  245.456032][T11269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.482049][T11269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  245.496217][   T50] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.507377][T11269] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.514421][T11269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.540436][T11269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.561254][   T50] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.577980][T11269] hsr_slave_0: entered promiscuous mode
[  245.583960][T11269] hsr_slave_1: entered promiscuous mode
[  245.644965][   T50] bridge_slave_1: left allmulticast mode
[  245.650677][   T50] bridge_slave_1: left promiscuous mode
[  245.656466][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.664165][   T50] bridge_slave_0: left allmulticast mode
[  245.669852][   T50] bridge_slave_0: left promiscuous mode
[  245.675687][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.749361][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  245.759646][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  245.769508][   T50] bond0 (unregistering): Released all slaves
[  245.798122][   T50] hsr_slave_0: left promiscuous mode
[  245.805576][   T50] veth1_macvtap: left promiscuous mode
[  245.811032][   T50] veth0_macvtap: left promiscuous mode
[  245.816600][   T50] veth1_vlan: left promiscuous mode
[  245.821849][   T50] veth0_vlan: left promiscuous mode
[  245.892669][   T50] team0 (unregistering): Port device team_slave_1 removed
[  245.903042][   T50] team0 (unregistering): Port device team_slave_0 removed
[  246.037240][T11289] __nla_validate_parse: 4 callbacks suppressed
[  246.037255][T11289] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2648'.
[  246.096908][T11289] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2648'.
[  246.121924][T11269] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  246.175009][T11269] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  246.191521][T11269] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  246.207913][T11269] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  246.247739][T11269] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.260220][T11269] 8021q: adding VLAN 0 to HW filter on device team0
[  246.287509][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.294691][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  246.306710][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.313788][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  246.342958][T11269] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  246.353452][T11269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  246.424812][T11106] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  246.456400][T11269] 8021q: adding VLAN 0 to HW filter on device batadv0
[  246.546971][T11307] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2654'.
[  246.568679][T11269] veth0_vlan: entered promiscuous mode
[  246.576540][T11269] veth1_vlan: entered promiscuous mode
[  246.591011][T11269] veth0_macvtap: entered promiscuous mode
[  246.597947][T11307] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2654'.
[  246.607747][T11269] veth1_macvtap: entered promiscuous mode
[  246.619057][T11269] batman_adv: batadv0: Interface activated: batadv_slave_0
[  246.630230][T11269] batman_adv: batadv0: Interface activated: batadv_slave_1
[  246.640103][T11269] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  246.648986][T11269] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  246.657875][T11269] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  246.661683][T11328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  246.666592][T11269] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  246.684068][T11328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  246.713224][T11328] loop4: detected capacity change from 0 to 2048
[  246.723890][   T29] kauditd_printk_skb: 676 callbacks suppressed
[  246.723901][   T29] audit: type=1326 audit(1728290492.583:55707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.3.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  246.758194][T11328] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  246.762836][   T29] audit: type=1326 audit(1728290492.593:55708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.3.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  246.793866][   T29] audit: type=1326 audit(1728290492.593:55709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.3.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  246.817495][   T29] audit: type=1326 audit(1728290492.593:55710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.3.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  246.841138][   T29] audit: type=1326 audit(1728290492.593:55711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.3.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  246.864813][   T29] audit: type=1326 audit(1728290492.593:55712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.3.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  246.866504][T11346] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2645'.
[  246.888462][   T29] audit: type=1326 audit(1728290492.593:55713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.3.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  246.900219][T11350] loop0: detected capacity change from 0 to 128
[  246.920955][   T29] audit: type=1326 audit(1728290492.593:55714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.3.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  246.950842][   T29] audit: type=1326 audit(1728290492.593:55715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.3.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=139 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  246.952423][T11350] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  246.974422][   T29] audit: type=1326 audit(1728290492.593:55716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11333 comm="syz.3.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148cdddff9 code=0x7ffc0000
[  247.011680][T11350] ext4 filesystem being mounted at /63/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  247.053167][T10676] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  247.065651][T11357] IPv6: NLM_F_CREATE should be specified when creating new route
[  247.069879][T11360] bpf_get_probe_write_proto: 5 callbacks suppressed
[  247.069893][T11360] syz.0.2663[11360] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  247.080356][T11360] syz.0.2663[11360] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  247.091983][T11360] syz.0.2663[11360] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  247.242785][T11370] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2666'.
[  247.287980][T11374] loop3: detected capacity change from 0 to 164
[  247.295167][T11374] Unable to read rock-ridge attributes
[  247.306007][T11374] syzkaller0: entered allmulticast mode
[  247.313120][T11374] syzkaller0 (unregistering): left allmulticast mode
[  247.376014][T11375] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  247.511547][T11382] SET target dimension over the limit!
[  247.566448][T11384] can0: slcan on ttyS3.
[  247.570639][T11386] syz.1.2674[11386] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  247.570725][T11386] syz.1.2674[11386] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  247.582276][T11386] syz.1.2674[11386] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  247.606730][T11388] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2675'.
[  247.644404][T11383] can0 (unregistered): slcan off ttyS3.
[  247.802472][T11400] netlink: 'syz.3.2680': attribute type 10 has an invalid length.
[  248.549737][T11412] syz.1.2685[11412] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  248.549790][T11412] syz.1.2685[11412] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  248.561495][T11412] syz.1.2685[11412] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  248.701456][T11420] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2689'.
[  248.783116][T11427] loop0: detected capacity change from 0 to 512
[  248.819815][T11427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.833237][T11427] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.857608][T10676] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.894887][T11440] loop0: detected capacity change from 0 to 512
[  248.899230][T11443] syz.3.2697[11443] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  248.919371][T11446] loop1: detected capacity change from 0 to 512
[  248.942224][T11440] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.955030][T11440] ext4 filesystem being mounted at /69/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.971398][T11447] netlink: 'syz.3.2699': attribute type 4 has an invalid length.
[  248.976718][T11446] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.991819][T11446] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.992441][T10676] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.014749][T11447] netlink: 'syz.3.2699': attribute type 4 has an invalid length.
[  249.026807][T11269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.098850][T11461] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2701'.
[  249.138605][T11460] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2703'.
[  249.199284][T11468] FAULT_INJECTION: forcing a failure.
[  249.199284][T11468] name failslab, interval 1, probability 0, space 0, times 0
[  249.211978][T11468] CPU: 1 UID: 0 PID: 11468 Comm: syz.3.2705 Not tainted 6.12.0-rc2-syzkaller #0
[  249.220994][T11468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  249.231069][T11468] Call Trace:
[  249.234334][T11468]  <TASK>
[  249.237264][T11468]  dump_stack_lvl+0xf2/0x150
[  249.241855][T11468]  dump_stack+0x15/0x20
[  249.246037][T11468]  should_fail_ex+0x223/0x230
[  249.250705][T11468]  ? alloc_pipe_info+0x1cb/0x360
[  249.255678][T11468]  should_failslab+0x8f/0xb0
[  249.260505][T11468]  __kmalloc_noprof+0xa5/0x370
[  249.265320][T11468]  alloc_pipe_info+0x1cb/0x360
[  249.270065][T11468]  splice_direct_to_actor+0x60f/0x670
[  249.275476][T11468]  ? kstrtouint_from_user+0xb0/0xe0
[  249.280668][T11468]  ? __pfx_direct_splice_actor+0x10/0x10
[  249.286290][T11468]  ? 0xffffffff81000000
[  249.290470][T11468]  ? __rcu_read_unlock+0x4e/0x70
[  249.295542][T11468]  ? avc_policy_seqno+0x15/0x20
[  249.300382][T11468]  ? selinux_file_permission+0x22a/0x360
[  249.306175][T11468]  do_splice_direct+0xd7/0x150
[  249.310937][T11468]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  249.316879][T11468]  do_sendfile+0x39b/0x970
[  249.321307][T11468]  __x64_sys_sendfile64+0x110/0x150
[  249.326523][T11468]  x64_sys_call+0xed5/0x2d60
[  249.331235][T11468]  do_syscall_64+0xc9/0x1c0
[  249.335732][T11468]  ? clear_bhb_loop+0x55/0xb0
[  249.340441][T11468]  ? clear_bhb_loop+0x55/0xb0
[  249.345159][T11468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.351082][T11468] RIP: 0033:0x7f148cdddff9
[  249.355481][T11468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.375070][T11468] RSP: 002b:00007f148ba57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  249.383484][T11468] RAX: ffffffffffffffda RBX: 00007f148cf95f80 RCX: 00007f148cdddff9
[  249.391511][T11468] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  249.399479][T11468] RBP: 00007f148ba57090 R08: 0000000000000000 R09: 0000000000000000
[  249.407455][T11468] R10: 0000000024002de8 R11: 0000000000000246 R12: 0000000000000001
[  249.415406][T11468] R13: 0000000000000000 R14: 00007f148cf95f80 R15: 00007fff7a3d6f48
[  249.423418][T11468]  </TASK>
[  249.474315][T11106] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  249.531220][T11482] loop3: detected capacity change from 0 to 2048
[  249.564382][T11482]  loop3: p1 < > p2 < > p3 p4 < >
[  249.569455][T11482] loop3: partition table partially beyond EOD, truncated
[  249.576654][T11482] loop3: p1 start 2305 is beyond EOD, truncated
[  249.582931][T11482] loop3: p2 start 4294902784 is beyond EOD, truncated
[  249.589830][T11482] loop3: p3 start 3724543488 is beyond EOD, truncated
[  249.813780][T11494] loop3: detected capacity change from 0 to 512
[  249.825758][T11494] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.838363][T11494] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  249.858525][ T9239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.924553][T11507] FAULT_INJECTION: forcing a failure.
[  249.924553][T11507] name failslab, interval 1, probability 0, space 0, times 0
[  249.937277][T11507] CPU: 0 UID: 0 PID: 11507 Comm: syz.0.2721 Not tainted 6.12.0-rc2-syzkaller #0
[  249.946303][T11507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  249.956367][T11507] Call Trace:
[  249.959654][T11507]  <TASK>
[  249.962657][T11507]  dump_stack_lvl+0xf2/0x150
[  249.967253][T11507]  dump_stack+0x15/0x20
[  249.971465][T11507]  should_fail_ex+0x223/0x230
[  249.976195][T11507]  ? __get_vm_area_node+0xf7/0x1b0
[  249.981327][T11507]  should_failslab+0x8f/0xb0
[  249.985921][T11507]  __kmalloc_cache_node_noprof+0x50/0x2b0
[  249.991657][T11507]  __get_vm_area_node+0xf7/0x1b0
[  249.996598][T11507]  __vmalloc_node_range_noprof+0x2c3/0xec0
[  250.002427][T11507]  ? bpf_prog_alloc_no_stats+0x49/0x360
[  250.008020][T11507]  ? mod_objcg_state+0x2ea/0x4f0
[  250.012961][T11507]  ? __rcu_read_unlock+0x4e/0x70
[  250.018045][T11507]  ? bpf_prog_alloc_no_stats+0x49/0x360
[  250.023625][T11507]  __vmalloc_noprof+0x5e/0x70
[  250.028294][T11507]  ? bpf_prog_alloc_no_stats+0x49/0x360
[  250.033840][T11507]  bpf_prog_alloc_no_stats+0x49/0x360
[  250.039217][T11507]  ? bpf_prog_alloc+0x28/0x150
[  250.043977][T11507]  bpf_prog_alloc+0x3a/0x150
[  250.048620][T11507]  bpf_prog_create_from_user+0x73/0x240
[  250.054157][T11507]  ? __pfx_seccomp_check_filter+0x10/0x10
[  250.059873][T11507]  do_seccomp+0x648/0xa60
[  250.064251][T11507]  ? cap_task_prctl+0x234/0x5b0
[  250.069098][T11507]  prctl_set_seccomp+0x4d/0x70
[  250.073854][T11507]  __se_sys_prctl+0x27a/0x2000
[  250.078613][T11507]  ? _parse_integer_limit+0x167/0x180
[  250.084080][T11507]  ? kstrtoull+0x110/0x140
[  250.088582][T11507]  ? kstrtouint+0x77/0xc0
[  250.092905][T11507]  ? kstrtouint_from_user+0xb0/0xe0
[  250.098172][T11507]  ? 0xffffffff81000000
[  250.102315][T11507]  ? __rcu_read_unlock+0x4e/0x70
[  250.107333][T11507]  ? get_pid_task+0x8e/0xc0
[  250.111827][T11507]  ? proc_fail_nth_write+0x12a/0x150
[  250.117113][T11507]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  250.122737][T11507]  ? vfs_write+0x580/0x910
[  250.127227][T11507]  ? __fget_files+0x1d4/0x210
[  250.131965][T11507]  ? fput+0x14e/0x190
[  250.135937][T11507]  ? ksys_write+0x17a/0x1b0
[  250.140449][T11507]  __x64_sys_prctl+0x67/0x80
[  250.145101][T11507]  x64_sys_call+0x2ca1/0x2d60
[  250.149809][T11507]  do_syscall_64+0xc9/0x1c0
[  250.154445][T11507]  ? clear_bhb_loop+0x55/0xb0
[  250.159119][T11507]  ? clear_bhb_loop+0x55/0xb0
[  250.163833][T11507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.169783][T11507] RIP: 0033:0x7f45ec7ddff9
[  250.174236][T11507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.193921][T11507] RSP: 002b:00007f45eb451038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d
[  250.202331][T11507] RAX: ffffffffffffffda RBX: 00007f45ec995f80 RCX: 00007f45ec7ddff9
[  250.210374][T11507] RDX: 0000000020000400 RSI: 0000000000000002 RDI: 0000000000000016
[  250.218399][T11507] RBP: 00007f45eb451090 R08: 0000000000000000 R09: 0000000000000000
[  250.226358][T11507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  250.234372][T11507] R13: 0000000000000000 R14: 00007f45ec995f80 R15: 00007ffcee4fe5f8
[  250.242371][T11507]  </TASK>
[  250.245679][T11507] syz.0.2721: vmalloc error: size 4096, vm_struct allocation failed, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[  250.261387][T11507] CPU: 0 UID: 0 PID: 11507 Comm: syz.0.2721 Not tainted 6.12.0-rc2-syzkaller #0
[  250.270576][T11507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  250.280666][T11507] Call Trace:
[  250.283934][T11507]  <TASK>
[  250.286914][T11507]  dump_stack_lvl+0xf2/0x150
[  250.291497][T11507]  dump_stack+0x15/0x20
[  250.295771][T11507]  warn_alloc+0x145/0x1b0
[  250.300100][T11507]  ? __kmalloc_cache_node_noprof+0x50/0x2b0
[  250.306050][T11507]  __vmalloc_node_range_noprof+0x2e8/0xec0
[  250.311975][T11507]  ? mod_objcg_state+0x2ea/0x4f0
[  250.316991][T11507]  ? __rcu_read_unlock+0x4e/0x70
[  250.322015][T11507]  ? bpf_prog_alloc_no_stats+0x49/0x360
[  250.327741][T11507]  __vmalloc_noprof+0x5e/0x70
[  250.332415][T11507]  ? bpf_prog_alloc_no_stats+0x49/0x360
[  250.338101][T11507]  bpf_prog_alloc_no_stats+0x49/0x360
[  250.343479][T11507]  ? bpf_prog_alloc+0x28/0x150
[  250.348304][T11507]  bpf_prog_alloc+0x3a/0x150
[  250.352900][T11507]  bpf_prog_create_from_user+0x73/0x240
[  250.358494][T11507]  ? __pfx_seccomp_check_filter+0x10/0x10
[  250.364211][T11507]  do_seccomp+0x648/0xa60
[  250.368535][T11507]  ? cap_task_prctl+0x234/0x5b0
[  250.373403][T11507]  prctl_set_seccomp+0x4d/0x70
[  250.378164][T11507]  __se_sys_prctl+0x27a/0x2000
[  250.382924][T11507]  ? _parse_integer_limit+0x167/0x180
[  250.388302][T11507]  ? kstrtoull+0x110/0x140
[  250.392716][T11507]  ? kstrtouint+0x77/0xc0
[  250.397114][T11507]  ? kstrtouint_from_user+0xb0/0xe0
[  250.402410][T11507]  ? 0xffffffff81000000
[  250.406568][T11507]  ? __rcu_read_unlock+0x4e/0x70
[  250.411641][T11507]  ? get_pid_task+0x8e/0xc0
[  250.416186][T11507]  ? proc_fail_nth_write+0x12a/0x150
[  250.421461][T11507]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  250.427249][T11507]  ? vfs_write+0x580/0x910
[  250.431670][T11507]  ? __fget_files+0x1d4/0x210
[  250.436373][T11507]  ? fput+0x14e/0x190
[  250.440362][T11507]  ? ksys_write+0x17a/0x1b0
[  250.444867][T11507]  __x64_sys_prctl+0x67/0x80
[  250.449454][T11507]  x64_sys_call+0x2ca1/0x2d60
[  250.454229][T11507]  do_syscall_64+0xc9/0x1c0
[  250.458720][T11507]  ? clear_bhb_loop+0x55/0xb0
[  250.463454][T11507]  ? clear_bhb_loop+0x55/0xb0
[  250.468200][T11507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.474134][T11507] RIP: 0033:0x7f45ec7ddff9
[  250.478553][T11507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.498221][T11507] RSP: 002b:00007f45eb451038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d
[  250.506651][T11507] RAX: ffffffffffffffda RBX: 00007f45ec995f80 RCX: 00007f45ec7ddff9
[  250.514621][T11507] RDX: 0000000020000400 RSI: 0000000000000002 RDI: 0000000000000016
[  250.522587][T11507] RBP: 00007f45eb451090 R08: 0000000000000000 R09: 0000000000000000
[  250.530625][T11507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  250.538634][T11507] R13: 0000000000000000 R14: 00007f45ec995f80 R15: 00007ffcee4fe5f8
[  250.546599][T11507]  </TASK>
[  250.549700][T11507] Mem-Info:
[  250.553253][T11507] active_anon:6104 inactive_anon:0 isolated_anon:0
[  250.553253][T11507]  active_file:4468 inactive_file:16418 isolated_file:0
[  250.553253][T11507]  unevictable:0 dirty:355 writeback:0
[  250.553253][T11507]  slab_reclaimable:2641 slab_unreclaimable:15651
[  250.553253][T11507]  mapped:20939 shmem:3577 pagetables:656
[  250.553253][T11507]  sec_pagetables:0 bounce:0
[  250.553253][T11507]  kernel_misc_reclaimable:0
[  250.553253][T11507]  free:1895985 free_pcp:6488 free_cma:0
[  250.598355][T11507] Node 0 active_anon:24416kB inactive_anon:0kB active_file:17872kB inactive_file:65672kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:83756kB dirty:1420kB writeback:0kB shmem:14308kB writeback_tmp:0kB kernel_stack:4048kB pagetables:2624kB sec_pagetables:0kB all_unreclaimable? no
[  250.626191][T11507] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  250.653078][T11507] lowmem_reserve[]: 0 2866 7844 0
[  250.658124][T11507] Node 0 DMA32 free:2950372kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953904kB mlocked:0kB bounce:0kB free_pcp:3532kB local_pcp:3532kB free_cma:0kB
[  250.686808][T11507] lowmem_reserve[]: 0 0 4978 0
[  250.691592][T11507] Node 0 Normal free:4618208kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:24416kB inactive_anon:0kB active_file:17872kB inactive_file:65672kB unevictable:0kB writepending:1420kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:22384kB local_pcp:4940kB free_cma:0kB
[  250.721747][T11507] lowmem_reserve[]: 0 0 0 0
[  250.726375][T11507] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  250.739136][T11507] Node 0 DMA32: 3*4kB (M) 1*8kB (M) 3*16kB (M) 5*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 3*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950372kB
[  250.755335][T11507] Node 0 Normal: 84*4kB (UME) 81*8kB (UME) 156*16kB (UME) 193*32kB (UME) 48*64kB (UME) 154*128kB (UME) 105*256kB (UM) 40*512kB (UME) 32*1024kB (UM) 30*2048kB (UM) 1085*4096kB (UM) = 4618168kB
[  250.774379][T11507] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  250.783733][T11507] 24490 total pagecache pages
[  250.788410][T11507] 0 pages in swap cache
[  250.792534][T11507] Free swap  = 124704kB
[  250.796742][T11507] Total swap = 124996kB
[  250.800869][T11507] 2097051 pages RAM
[  250.804660][T11507] 0 pages HighMem/MovableOnly
[  250.809301][T11507] 80183 pages reserved
[  251.711324][T11534] loop0: detected capacity change from 0 to 512
[  251.725898][T11534] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  251.738394][T11534] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.755288][T11534] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  251.766310][   T29] kauditd_printk_skb: 114 callbacks suppressed
[  251.766323][   T29] audit: type=1400 audit(1728290497.633:55831): avc:  denied  { mounton } for  pid=11533 comm="syz.0.2732" path="/76/file0/bus" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  251.854206][T11534] loop0: detected capacity change from 512 to 511
[  251.861462][T11537] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2732: bg 0: block 16032: padding at end of block bitmap is not set
[  251.876263][T11537] EXT4-fs error (device loop0): ext4_discard_preallocations:5604: comm syz.0.2732: Error -117 reading block bitmap for 0
[  251.897665][T10676] EXT4-fs error (device loop0): ext4_readdir:261: inode #2: block 3: comm syz-executor: path /76/file0: bad entry in directory: directory entry overrun - offset=2016, inode=2, rec_len=2036, size=2048 fake=1
[  251.918416][T10676] EXT4-fs error (device loop0): ext4_lookup:1817: inode #2: comm syz-executor: deleted inode referenced: 12
[  251.930228][T10676] EXT4-fs error (device loop0): ext4_lookup:1817: inode #2: comm syz-executor: deleted inode referenced: 12
[  252.095386][T10676] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  252.105646][   T28] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.157489][   T28] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.175576][   T29] audit: type=1400 audit(1728290498.043:55832): avc:  denied  { create } for  pid=11543 comm="syz.1.2735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  252.181976][T11544] loop1: detected capacity change from 0 to 1024
[  252.216364][   T29] audit: type=1326 audit(1728290498.083:55833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11551 comm="syz.1.2736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  252.240032][   T29] audit: type=1326 audit(1728290498.083:55834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11551 comm="syz.1.2736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  252.265029][   T29] audit: type=1326 audit(1728290498.123:55835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11551 comm="syz.1.2736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  252.291838][   T28] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.317898][   T29] audit: type=1326 audit(1728290498.183:55836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11551 comm="syz.1.2736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  252.318477][T11557] loop1: detected capacity change from 0 to 512
[  252.341620][   T29] audit: type=1326 audit(1728290498.183:55837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11551 comm="syz.1.2736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  252.371894][T11557] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  252.374544][T11539] chnl_net:caif_netlink_parms(): no params data found
[  252.395126][   T28] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.436963][T11539] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.444007][T11539] bridge0: port 1(bridge_slave_0) entered disabled state
[  252.451474][T11539] bridge_slave_0: entered allmulticast mode
[  252.457851][T11539] bridge_slave_0: entered promiscuous mode
[  252.464642][T11539] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.471711][T11539] bridge0: port 2(bridge_slave_1) entered disabled state
[  252.478997][T11539] bridge_slave_1: entered allmulticast mode
[  252.485883][T11539] bridge_slave_1: entered promiscuous mode
[  252.496474][T11563] netlink: 'syz.1.2737': attribute type 4 has an invalid length.
[  252.514620][T11539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  252.523776][T11559] netlink: 'syz.1.2737': attribute type 4 has an invalid length.
[  252.547277][   T28] bridge_slave_1: left allmulticast mode
[  252.552940][   T28] bridge_slave_1: left promiscuous mode
[  252.558706][   T28] bridge0: port 2(bridge_slave_1) entered disabled state
[  252.568162][   T28] bridge_slave_0: left allmulticast mode
[  252.573801][   T28] bridge_slave_0: left promiscuous mode
[  252.579577][   T28] bridge0: port 1(bridge_slave_0) entered disabled state
[  252.942858][   T28] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  252.954267][   T28] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  252.965586][   T28] bond0 (unregistering): Released all slaves
[  252.976240][T11539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  252.999077][T11571] bpf_get_probe_write_proto: 2 callbacks suppressed
[  252.999161][T11571] syz.1.2739[11571] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  253.006781][T11571] syz.1.2739[11571] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  253.007415][T11539] team0: Port device team_slave_0 added
[  253.018331][T11571] syz.1.2739[11571] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  253.031033][T11539] team0: Port device team_slave_1 added
[  253.053621][T11571] __nla_validate_parse: 2 callbacks suppressed
[  253.053637][T11571] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2739'.
[  253.072646][   T28] hsr_slave_0: left promiscuous mode
[  253.078722][   T28] hsr_slave_1: left promiscuous mode
[  253.087372][   T28] veth1_macvtap: left promiscuous mode
[  253.092909][   T28] veth0_macvtap: left promiscuous mode
[  253.098494][   T28] veth1_vlan: left promiscuous mode
[  253.103853][   T28] veth0_vlan: left promiscuous mode
[  253.220827][T10520] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  253.271519][   T28] team0 (unregistering): Port device team_slave_1 removed
[  253.281297][   T28] team0 (unregistering): Port device team_slave_0 removed
[  253.318731][T11539] batman_adv: batadv0: Adding interface: batadv_slave_0
[  253.325816][T11539] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.351777][T11539] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  253.372939][T11539] batman_adv: batadv0: Adding interface: batadv_slave_1
[  253.380056][T11539] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.406080][T11539] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  253.445225][T11539] hsr_slave_0: entered promiscuous mode
[  253.451272][T11539] hsr_slave_1: entered promiscuous mode
[  253.457920][T11539] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  253.465719][T11539] Cannot create hsr debugfs directory
[  253.561088][T11582] chnl_net:caif_netlink_parms(): no params data found
[  253.594000][T11582] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.601441][T11582] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.608840][T11582] bridge_slave_0: entered allmulticast mode
[  253.615632][T11582] bridge_slave_0: entered promiscuous mode
[  253.622765][T11582] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.630190][T11582] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.637917][T11582] bridge_slave_1: entered allmulticast mode
[  253.644323][T11582] bridge_slave_1: entered promiscuous mode
[  253.661736][T11582] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  253.672430][T11582] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  253.691266][T11582] team0: Port device team_slave_0 added
[  253.698109][T11582] team0: Port device team_slave_1 added
[  253.714714][T11582] batman_adv: batadv0: Adding interface: batadv_slave_0
[  253.721656][T11582] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.747688][T11582] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  253.761052][T11582] batman_adv: batadv0: Adding interface: batadv_slave_1
[  253.768024][T11582] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.794038][T11582] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  253.818775][T11582] hsr_slave_0: entered promiscuous mode
[  253.824802][T11582] hsr_slave_1: entered promiscuous mode
[  253.830616][T11582] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  253.838167][T11582] Cannot create hsr debugfs directory
[  253.897080][   T50] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.987555][   T50] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.026948][   T50] team0: Port device netdevsim1 removed
[  254.033589][   T50] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.086597][   T50] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.135251][   T29] audit: type=1326 audit(1728290500.003:55838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11606 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  254.158889][   T29] audit: type=1326 audit(1728290500.003:55839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11606 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  254.182513][   T29] audit: type=1326 audit(1728290500.003:55840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11606 comm="syz.1.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  254.218233][T11609] loop1: detected capacity change from 0 to 512
[  254.224813][T11609] journal_path: Lookup failure for './file1'
[  254.230821][T11609] EXT4-fs: error: could not find journal device path
[  254.239651][   T50] bridge_slave_1: left allmulticast mode
[  254.242380][T11609] loop1: detected capacity change from 0 to 128
[  254.245483][   T50] bridge_slave_1: left promiscuous mode
[  254.257507][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  254.269846][   T50] bridge_slave_0: left allmulticast mode
[  254.275572][   T50] bridge_slave_0: left promiscuous mode
[  254.281266][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  254.374659][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  254.385223][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  254.395332][   T50] bond0 (unregistering): Released all slaves
[  254.428036][   T50] hsr_slave_0: left promiscuous mode
[  254.435617][   T50] veth1_macvtap: left promiscuous mode
[  254.441113][   T50] veth0_macvtap: left promiscuous mode
[  254.446716][   T50] veth1_vlan: left promiscuous mode
[  254.451928][   T50] veth0_vlan: left promiscuous mode
[  254.491185][T11611] loop3: detected capacity change from 0 to 512
[  254.509065][T11611] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.2748: Invalid inode bitmap blk 4 in block_group 0
[  254.522534][T11611] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.536006][   T50] team0 (unregistering): Port device team_slave_1 removed
[  254.546107][   T50] team0 (unregistering): Port device team_slave_0 removed
[  254.715527][T11539] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  254.724068][T11539] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  254.732518][T11539] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  254.742683][T11539] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  254.762254][T11582] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  254.771336][T11582] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  254.779612][T11582] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  254.788255][T11582] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  254.839866][T11539] 8021q: adding VLAN 0 to HW filter on device bond0
[  254.852383][T11582] 8021q: adding VLAN 0 to HW filter on device bond0
[  254.861271][T11539] 8021q: adding VLAN 0 to HW filter on device team0
[  254.872785][T11582] 8021q: adding VLAN 0 to HW filter on device team0
[  254.882803][ T3366] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.889901][ T3366] bridge0: port 1(bridge_slave_0) entered forwarding state
[  254.900300][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[  254.907356][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[  254.917802][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.924868][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  254.934098][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[  254.941227][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.019804][T11539] 8021q: adding VLAN 0 to HW filter on device batadv0
[  255.037056][T11582] 8021q: adding VLAN 0 to HW filter on device batadv0
[  255.105744][T11539] veth0_vlan: entered promiscuous mode
[  255.121492][T11582] veth0_vlan: entered promiscuous mode
[  255.127476][ T9239] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.128165][T11539] veth1_vlan: entered promiscuous mode
[  255.148317][T11582] veth1_vlan: entered promiscuous mode
[  255.163238][T11539] veth0_macvtap: entered promiscuous mode
[  255.172304][T11539] veth1_macvtap: entered promiscuous mode
[  255.184102][T11539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  255.194672][T11539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.206172][T11539] batman_adv: batadv0: Interface activated: batadv_slave_0
[  255.214629][T11539] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  255.225190][T11539] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.236284][T11539] batman_adv: batadv0: Interface activated: batadv_slave_1
[  255.249130][T11646] netlink: 'syz.3.2751': attribute type 4 has an invalid length.
[  255.262818][T11539] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  255.271613][T11539] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  255.280735][T11539] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  255.289441][T11539] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  255.301300][T11646] netlink: 'syz.3.2751': attribute type 4 has an invalid length.
[  255.321745][T11582] veth0_macvtap: entered promiscuous mode
[  255.331330][T11582] veth1_macvtap: entered promiscuous mode
[  255.349120][T11582] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  255.359585][T11582] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.369446][T11582] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  255.380001][T11582] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.392391][T11582] batman_adv: batadv0: Interface activated: batadv_slave_0
[  255.407515][T11582] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  255.408283][T11656] loop1: detected capacity change from 0 to 512
[  255.418064][T11582] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.434049][T11582] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  255.443867][T11656] EXT4-fs: Ignoring removed nomblk_io_submit option
[  255.444499][T11582] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  255.445761][T11582] batman_adv: batadv0: Interface activated: batadv_slave_1
[  255.470873][T11582] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  255.478431][T11656] EXT4-fs (loop1): orphan cleanup on readonly fs
[  255.479688][T11582] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  255.494693][T11582] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  255.495819][T11656] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 248: padding at end of block bitmap is not set
[  255.503397][T11582] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  255.519086][T11656] EXT4-fs error (device loop1): ext4_acquire_dquot:6879: comm +}[@: Failed to acquire dquot type 1
[  255.542537][T11656] EXT4-fs (loop1): 1 truncate cleaned up
[  255.551482][T11656] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  255.631878][T11651] netlink: 'syz.1.2753': attribute type 10 has an invalid length.
[  255.643687][T11651] team0: Port device netdevsim1 added
[  255.676874][T11656] +}[@ (11656) used greatest stack depth: 9384 bytes left
[  255.692554][T11269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.765939][T11677] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2761'.
[  255.777671][T11675] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2760'.
[  255.792347][T11675] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2760'.
[  255.801391][T11675] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  255.808873][T11675] batman_adv: batadv0: Removing interface: batadv_slave_0
[  255.817519][T11675] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  255.824945][T11675] batman_adv: batadv0: Removing interface: batadv_slave_1
[  255.918445][T11687] loop0: detected capacity change from 0 to 2048
[  255.964382][T11687]  loop0: p1 < > p2 < > p3 p4 < >
[  255.969575][T11687] loop0: partition table partially beyond EOD, truncated
[  255.977865][T11687] loop0: p1 start 2305 is beyond EOD, truncated
[  255.984310][T11687] loop0: p2 start 4294902784 is beyond EOD, truncated
[  255.991249][T11687] loop0: p3 start 3724543488 is beyond EOD, truncated
[  256.218157][T11689] netlink: 'syz.1.2766': attribute type 4 has an invalid length.
[  256.230917][T11689] netlink: 'syz.1.2766': attribute type 4 has an invalid length.
[  256.273644][T11697] loop1: detected capacity change from 0 to 2048
[  256.334993][T11697]  loop1: p1 < > p2 < > p3 p4 < >
[  256.340062][T11697] loop1: partition table partially beyond EOD, truncated
[  256.347311][T11697] loop1: p1 start 2305 is beyond EOD, truncated
[  256.353591][T11697] loop1: p2 start 4294902784 is beyond EOD, truncated
[  256.360413][T11697] loop1: p3 start 3724543488 is beyond EOD, truncated
[  256.725776][T10434] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.784734][T11708] loop1: detected capacity change from 0 to 512
[  256.791581][T11708] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  256.813498][T11708] EXT4-fs (loop1): 1 truncate cleaned up
[  256.819813][T11708] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  256.856057][T11714] pim6reg: entered allmulticast mode
[  256.865410][T11714] pim6reg: left allmulticast mode
[  256.899359][T11699] chnl_net:caif_netlink_parms(): no params data found
[  256.907118][T11269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.918912][   T29] kauditd_printk_skb: 104 callbacks suppressed
[  256.918925][   T29] audit: type=1400 audit(1728290502.793:55943): avc:  denied  { getopt } for  pid=11713 comm="syz.0.2773" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  257.079170][ T3292] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.098749][T11699] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.105965][T11699] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.114275][T11699] bridge_slave_0: entered allmulticast mode
[  257.120708][T11699] bridge_slave_0: entered promiscuous mode
[  257.129665][T11699] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.136774][T11699] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.146132][T11699] bridge_slave_1: entered allmulticast mode
[  257.152595][T11699] bridge_slave_1: entered promiscuous mode
[  257.177371][T11699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  257.189709][T11699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  257.202268][ T3292] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.226860][T11699] team0: Port device team_slave_0 added
[  257.233611][T11699] team0: Port device team_slave_1 added
[  257.249615][ T3292] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.268244][T11699] batman_adv: batadv0: Adding interface: batadv_slave_0
[  257.275305][T11699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.301244][T11699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  257.313433][T11699] batman_adv: batadv0: Adding interface: batadv_slave_1
[  257.320533][T11699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.346647][T11699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  257.365726][ T3292] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.388676][T11726] netlink: 'syz.3.2776': attribute type 4 has an invalid length.
[  257.416111][T11699] hsr_slave_0: entered promiscuous mode
[  257.422723][T11699] hsr_slave_1: entered promiscuous mode
[  257.459793][T11728] netlink: 'syz.0.2775': attribute type 30 has an invalid length.
[  257.508900][T11699] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  257.516580][T11699] Cannot create hsr debugfs directory
[  257.531120][T11726] netlink: 'syz.3.2776': attribute type 4 has an invalid length.
[  257.562287][ T3292] bridge_slave_1: left allmulticast mode
[  257.568052][ T3292] bridge_slave_1: left promiscuous mode
[  257.573740][ T3292] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.622623][ T3292] bridge_slave_0: left allmulticast mode
[  257.628360][ T3292] bridge_slave_0: left promiscuous mode
[  257.634052][ T3292] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.728410][T11735] loop3: detected capacity change from 0 to 128
[  257.728895][   T29] audit: type=1326 audit(1728290503.593:55944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11738 comm="syz.1.2780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  257.759824][   T29] audit: type=1326 audit(1728290503.603:55945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11738 comm="syz.1.2780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  257.783533][   T29] audit: type=1326 audit(1728290503.603:55946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11738 comm="syz.1.2780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  257.784613][T11735] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  257.807418][   T29] audit: type=1326 audit(1728290503.603:55947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11738 comm="syz.1.2780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  257.842743][   T29] audit: type=1326 audit(1728290503.603:55948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11738 comm="syz.1.2780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  257.866367][   T29] audit: type=1326 audit(1728290503.603:55949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11738 comm="syz.1.2780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  257.879680][T11735] ext4 filesystem being mounted at /218/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  257.889931][   T29] audit: type=1326 audit(1728290503.603:55950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11738 comm="syz.1.2780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  257.889954][   T29] audit: type=1326 audit(1728290503.603:55951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11738 comm="syz.1.2780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=139 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  257.968839][   T29] audit: type=1326 audit(1728290503.603:55952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11738 comm="syz.1.2780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712090dff9 code=0x7ffc0000
[  257.998482][ T3292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  258.016158][ T3292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  258.041574][ T3292] bond0 (unregistering): Released all slaves
[  258.090849][ T9239] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  258.119376][ T3292] hsr_slave_0: left promiscuous mode
[  258.127185][ T3292] veth1_macvtap: left promiscuous mode
[  258.132682][ T3292] veth0_macvtap: left promiscuous mode
[  258.138318][ T3292] veth1_vlan: left promiscuous mode
[  258.143668][ T3292] veth0_vlan: left promiscuous mode
[  258.226929][ T3292] team0 (unregistering): Port device team_slave_1 removed
[  258.236980][ T3292] team0 (unregistering): Port device team_slave_0 removed
[  258.274394][T11765] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2786'.
[  258.283416][T11775] netlink: '+}[@': attribute type 10 has an invalid length.
[  258.294027][T11775] team0: Port device netdevsim1 added
[  258.418439][T11783] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2794'.
[  258.462562][T11783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2794'.
[  258.609181][T11803] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2801'.
[  258.680213][T11699] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  258.689000][T11810] loop0: detected capacity change from 0 to 128
[  258.698578][T11699] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  258.705656][T11810] vfat: Bad value for 'gid'
[  258.710199][T11810] vfat: Bad value for 'gid'
[  258.718137][T11699] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  258.731205][T11699] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  258.805562][T11699] 8021q: adding VLAN 0 to HW filter on device bond0
[  258.821373][T11699] 8021q: adding VLAN 0 to HW filter on device team0
[  258.840113][  T244] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.847212][  T244] bridge0: port 1(bridge_slave_0) entered forwarding state
[  258.857675][  T244] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.864783][  T244] bridge0: port 2(bridge_slave_1) entered forwarding state
[  258.883888][T11699] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  258.894304][T11699] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  258.919106][T11814] netlink: 200 bytes leftover after parsing attributes in process `syz.3.2807'.
[  258.967347][T11699] 8021q: adding VLAN 0 to HW filter on device batadv0
[  259.037668][T11823] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2808'.
[  259.070948][T11699] veth0_vlan: entered promiscuous mode
[  259.076544][T11838] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2809'.
[  259.079466][T11699] veth1_vlan: entered promiscuous mode
[  259.102521][T11699] veth0_macvtap: entered promiscuous mode
[  259.110249][T11699] veth1_macvtap: entered promiscuous mode
[  259.120416][T11699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  259.130948][T11699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.140789][T11699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  259.151209][T11699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.162047][T11699] batman_adv: batadv0: Interface activated: batadv_slave_0
[  259.173592][T11699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  259.184062][T11699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.193881][T11699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  259.204413][T11699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.215776][T11699] batman_adv: batadv0: Interface activated: batadv_slave_1
[  259.225611][T11699] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  259.234431][T11699] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  259.243139][T11699] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  259.251869][T11699] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  259.369310][T11843] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2810'.
[  259.380386][T11843] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2810'.
[  259.389417][T11843] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  259.396885][T11843] batman_adv: batadv0: Removing interface: batadv_slave_0
[  259.405433][T11843] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  259.412855][T11843] batman_adv: batadv0: Removing interface: batadv_slave_1
[  259.511755][T11848] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2812'.
[  259.538324][T11850] syzkaller0: entered allmulticast mode
[  259.547348][T11850] syzkaller0 (unregistering): left allmulticast mode
[  259.707659][T11853] FAULT_INJECTION: forcing a failure.
[  259.707659][T11853] name failslab, interval 1, probability 0, space 0, times 0
[  259.720425][T11853] CPU: 1 UID: 0 PID: 11853 Comm: syz.2.2814 Not tainted 6.12.0-rc2-syzkaller #0
[  259.729449][T11853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  259.739497][T11853] Call Trace:
[  259.742792][T11853]  <TASK>
[  259.745714][T11853]  dump_stack_lvl+0xf2/0x150
[  259.750295][T11853]  dump_stack+0x15/0x20
[  259.754496][T11853]  should_fail_ex+0x223/0x230
[  259.759178][T11853]  ? p9_client_create+0x57/0xab0
[  259.764107][T11853]  should_failslab+0x8f/0xb0
[  259.768765][T11853]  __kmalloc_cache_noprof+0x4b/0x2a0
[  259.774219][T11853]  p9_client_create+0x57/0xab0
[  259.778982][T11853]  ? v9fs_session_init+0x79/0xda0
[  259.784010][T11853]  ? should_failslab+0x8f/0xb0
[  259.788849][T11853]  ? __kmalloc_node_track_caller_noprof+0x17e/0x380
[  259.795484][T11853]  v9fs_session_init+0xf9/0xda0
[  259.800328][T11853]  ? __rcu_read_unlock+0x4e/0x70
[  259.805355][T11853]  ? __rcu_read_unlock+0x4e/0x70
[  259.810293][T11853]  ? v9fs_mount+0x53/0x560
[  259.814707][T11853]  ? should_failslab+0x8f/0xb0
[  259.819481][T11853]  v9fs_mount+0x69/0x560
[  259.823743][T11853]  ? __pfx_v9fs_mount+0x10/0x10
[  259.828657][T11853]  legacy_get_tree+0x77/0xd0
[  259.833240][T11853]  vfs_get_tree+0x56/0x1e0
[  259.837698][T11853]  do_new_mount+0x227/0x690
[  259.842201][T11853]  path_mount+0x49b/0xb30
[  259.846527][T11853]  __se_sys_mount+0x27c/0x2d0
[  259.851285][T11853]  __x64_sys_mount+0x67/0x80
[  259.855948][T11853]  x64_sys_call+0x203e/0x2d60
[  259.860627][T11853]  do_syscall_64+0xc9/0x1c0
[  259.865157][T11853]  ? clear_bhb_loop+0x55/0xb0
[  259.869834][T11853]  ? clear_bhb_loop+0x55/0xb0
[  259.874541][T11853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.880435][T11853] RIP: 0033:0x7fb93ad4dff9
[  259.884931][T11853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.904594][T11853] RSP: 002b:00007fb9399c1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  259.913230][T11853] RAX: ffffffffffffffda RBX: 00007fb93af05f80 RCX: 00007fb93ad4dff9
[  259.921266][T11853] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000
[  259.929257][T11853] RBP: 00007fb9399c1090 R08: 0000000020000200 R09: 0000000000000000
[  259.937212][T11853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  259.945168][T11853] R13: 0000000000000000 R14: 00007fb93af05f80 R15: 00007ffde01adde8
[  259.953132][T11853]  </TASK>
[  259.978034][T11855] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  260.040737][T11862] FAULT_INJECTION: forcing a failure.
[  260.040737][T11862] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  260.053815][T11862] CPU: 0 UID: 0 PID: 11862 Comm: syz.2.2817 Not tainted 6.12.0-rc2-syzkaller #0
[  260.063112][T11862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  260.067074][T11864] loop3: detected capacity change from 0 to 8192
[  260.073154][T11862] Call Trace:
[  260.073162][T11862]  <TASK>
[  260.073171][T11862]  dump_stack_lvl+0xf2/0x150
[  260.090240][T11862]  dump_stack+0x15/0x20
[  260.094388][T11862]  should_fail_ex+0x223/0x230
[  260.099132][T11862]  should_fail+0xb/0x10
[  260.103286][T11862]  should_fail_usercopy+0x1a/0x20
[  260.108399][T11862]  strncpy_from_user+0x25/0x200
[  260.113262][T11862]  ? kmem_cache_alloc_noprof+0x10c/0x290
[  260.119009][T11862]  getname_flags+0xb0/0x3b0
[  260.123491][T11862]  getname+0x17/0x20
[  260.127362][T11862]  do_sys_openat2+0x67/0x120
[  260.131934][T11862]  __x64_sys_openat+0xf3/0x120
[  260.136708][T11862]  x64_sys_call+0x1025/0x2d60
[  260.141554][T11862]  do_syscall_64+0xc9/0x1c0
[  260.146140][T11862]  ? clear_bhb_loop+0x55/0xb0
[  260.150852][T11862]  ? clear_bhb_loop+0x55/0xb0
[  260.155614][T11862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.161610][T11862] RIP: 0033:0x7fb93ad4dff9
[  260.166058][T11862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.185774][T11862] RSP: 002b:00007fb9399c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  260.194295][T11862] RAX: ffffffffffffffda RBX: 00007fb93af05f80 RCX: 00007fb93ad4dff9
[  260.202279][T11862] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c
[  260.210317][T11862] RBP: 00007fb9399c1090 R08: 0000000000000000 R09: 0000000000000000
[  260.218299][T11862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.226274][T11862] R13: 0000000000000000 R14: 00007fb93af05f80 R15: 00007ffde01adde8
[  260.234251][T11862]  </TASK>
[  260.240679][T11866] netlink: 'syz.1.2819': attribute type 4 has an invalid length.
[  260.338140][T11875] netlink: 'syz.2.2821': attribute type 4 has an invalid length.
[  260.352475][T11875] netlink: 'syz.2.2821': attribute type 4 has an invalid length.
[  260.365551][T11879] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  260.373791][T11879] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  260.448513][T11582] ==================================================================
[  260.456628][T11582] BUG: KCSAN: data-race in shmem_add_to_page_cache / shmem_getattr
[  260.464536][T11582] 
[  260.466859][T11582] read-write to 0xffff888115a1f0c8 of 8 bytes by task 11884 on cpu 1:
[  260.475014][T11582]  shmem_add_to_page_cache+0x3b9/0x4b0
[  260.480565][T11582]  shmem_get_folio_gfp+0x4f6/0xd90
[  260.485693][T11582]  shmem_write_begin+0xa2/0x180
[  260.490560][T11582]  generic_perform_write+0x1a8/0x4a0
[  260.495854][T11582]  shmem_file_write_iter+0xc2/0xe0
[  260.500968][T11582]  __kernel_write_iter+0x24b/0x4e0
[  260.506106][T11582]  dump_user_range+0x3a7/0x550
[  260.510874][T11582]  elf_core_dump+0x1b66/0x1c60
[  260.515744][T11582]  do_coredump+0x1736/0x1ce0
[  260.520337][T11582]  get_signal+0xdc0/0x1070
[  260.524766][T11582]  arch_do_signal_or_restart+0x95/0x4b0
[  260.530315][T11582]  irqentry_exit_to_user_mode+0x9a/0x130
[  260.536126][T11582]  irqentry_exit+0x12/0x50
[  260.540552][T11582]  asm_exc_page_fault+0x26/0x30
[  260.545411][T11582] 
[  260.547730][T11582] read to 0xffff888115a1f0c8 of 8 bytes by task 11582 on cpu 0:
[  260.555355][T11582]  shmem_getattr+0x69/0x200
[  260.560035][T11582]  vfs_getattr+0x19b/0x1e0
[  260.564461][T11582]  vfs_statx+0x134/0x2f0
[  260.568779][T11582]  vfs_fstatat+0xec/0x110
[  260.573120][T11582]  __se_sys_newfstatat+0x58/0x260
[  260.578151][T11582]  __x64_sys_newfstatat+0x55/0x70
[  260.583179][T11582]  x64_sys_call+0x141f/0x2d60
[  260.587867][T11582]  do_syscall_64+0xc9/0x1c0
[  260.592372][T11582]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.598276][T11582] 
[  260.600602][T11582] value changed: 0x0000000000000281 -> 0x0000000000000282
[  260.607702][T11582] 
[  260.610014][T11582] Reported by Kernel Concurrency Sanitizer on:
[  260.616152][T11582] CPU: 0 UID: 0 PID: 11582 Comm: syz-executor Not tainted 6.12.0-rc2-syzkaller #0
[  260.625343][T11582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  260.635397][T11582] ==================================================================
[  260.737884][  T244] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.847778][  T244] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.937258][  T244] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.018660][  T244] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.119784][  T244] bridge_slave_1: left allmulticast mode
[  261.125532][  T244] bridge_slave_1: left promiscuous mode
[  261.131296][  T244] bridge0: port 2(bridge_slave_1) entered disabled state
[  261.164774][  T244] bridge_slave_0: left allmulticast mode
[  261.170459][  T244] bridge_slave_0: left promiscuous mode
[  261.176200][  T244] bridge0: port 1(bridge_slave_0) entered disabled state
[  261.328002][  T244] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  261.338202][  T244] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  261.348556][  T244] bond0 (unregistering): Released all slaves
[  261.408149][  T244] hsr_slave_0: left promiscuous mode
[  261.413926][  T244] hsr_slave_1: left promiscuous mode
[  261.419503][  T244] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  261.426901][  T244] batman_adv: batadv0: Removing interface: batadv_slave_0
[  261.434480][  T244] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  261.441932][  T244] batman_adv: batadv0: Removing interface: batadv_slave_1
[  261.451668][  T244] veth1_macvtap: left promiscuous mode
[  261.457167][  T244] veth0_macvtap: left promiscuous mode
[  261.462648][  T244] veth1_vlan: left promiscuous mode
[  261.467874][  T244] veth0_vlan: left promiscuous mode
[  261.557856][  T244] team0 (unregistering): Port device team_slave_1 removed
[  261.568661][  T244] team0 (unregistering): Port device team_slave_0 removed