last executing test programs:

5.041001025s ago: executing program 1 (id=159):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000002240)=@newtaction={0x898, 0x30, 0x12f, 0x0, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x90000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffda, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xffffffffffffffff}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x898}}, 0x0)

5.033167445s ago: executing program 1 (id=162):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000780)={'vxcan1\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000040)={0x1d, r2, 0x3}, 0x18)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r1)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r1)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$fou(&(0x7f0000005740), 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
sendmsg$FOU_CMD_ADD(r4, &(0x7f0000005800)={0x0, 0x0, &(0x7f00000057c0)={&(0x7f0000005780)={0x14, r5, 0x1}, 0x14}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}}, 0x0)

3.615474922s ago: executing program 2 (id=181):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x2000410, &(0x7f0000000000)={[{@commit={'commit', 0x3d, 0x5}}]}, 0x1, 0x79f, &(0x7f00000012c0)="$eJzs3ctrXFUYAPDvTl5NGk0EQesqIGigdGJrbBUUKi5EsFDQtW1IpqFmkimZSWlCwRYR3AgqLgTddO2j7sSdj63+Fy6kpWpbrLqQkTuPdtLMTDOkM1PI7wc3c869d+ac7577OJNzuRPArjWV/slE7IuID5OIidr8JCKGKqnBiKPV9W5dPz+fTkmUy2/8kVTWuXn9/Hw0vCe1t5Z5PCJ+fC9if2ZrucX1jaW5fD63WsvPlJbPzBTXNw6cXp5bzC3mVg4fnJ09dOS5I4fvX6x//bIxfvWjV5/++ui/7z52+YOfkjga47VljXHcL1MxVdsmQ+km3OSV+11YnyVtlr3Uw3rQmfTQHKge5bEvJmKgkmphtJc1AwC65Z2IKAMAu0zi+g8Au0xETEZt/Ks+9ft/Er107eWI2FONvz6+WV0yWBuz21MZBx27mWwaGUnqG26HpiLi82/f+jKdokvjkADNXLgYEScnp7ae/5Mt9yx06pl2C8sjlZepu2Y7/0HvfJ/2f55v1v/L3O7/RJP+T3r0TpXb3fWzPfc+/jNXdlxIG2n/78WGe9tuNcRfMzlQyz1U6fMNJadO53Ppue3hiJiOoZE0f7CyavPtMX3jvxutym/s//358dtfpOVvvgMnc2VwZPN7FuZKczsKusG1ixFPDDaLP7nd/kmL/u/xbZbx2gvvf9ZqWRp/Gnd9SstPX3cUVAfKlyKeatr+d9oyaXt/4kxld5ip7xRNfPPrp2Otym9s/3RKy69/F+iFtP3H2sc/mTTer1nsvIyfL0380GrZveNvvv8PJ29W0sO1eefmSqXVgxHDyetb5x+68956vr5+Gv/0k82P/3b7f/qd8OQ24x+8+vtXtY9qGn/Fhf61/0JH7d8mUb8e3LXo8q2lgVblb6/9Zyup6dqc7Zz/7lHTHezNAAAAAAAAAAAAAAAAAAAAAAAAANC5TESMR5LJ3k5nMtls9Te8H42xTL5QLO0/VVhbWYjx76rPP83UH3U50fA81PJA9Xn49fyh2Jx/NiIeiYhPRkYr+ex8Ib/Q7+ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGZvi9//T/020u/aAQBds6ffFQAAes71HwB2n86u/6NdqwcA0Dsdf/8vJ92pCADQM9u+/p/sbj0AgN4x/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECXHT92LJ3Kf18/P5/mF86ury0Vzh5YyBWXsstr89n5wuqZ7GKhsJjPZecLyy0/6EL1JV8onJmNlbVzM6VcsTRTXN84sVxYWymdOL08t5g7kRvqWWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsH3F9Y2luXw+tyrRNjH6YFSjh4nkn3brDEb/a7gbEsN9K73xLDHavxMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPu/wAAAP//wJMmNg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
statx(0xffffffffffffffff, &(0x7f0000000040)='\x00', 0x6000, 0x800, 0x0)
truncate(&(0x7f0000000140)='./file2\x00', 0x8000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x1ffffebf, &(0x7f0000000000)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000500000018"], 0x2c}}, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r2, 0x8982, &(0x7f00000000c0)={0x8, 'bridge0\x00', {'bond_slave_1\x00'}, 0x3})
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000900)="580000001400192340834b80040d8c560a066e0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200060c10000000010000000000", 0x58}], 0x1)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})

3.421134563s ago: executing program 2 (id=182):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ip_tables_targets\x00')
preadv(r0, &(0x7f0000002400)=[{&(0x7f0000001340)=""/4096, 0x1000}], 0x1, 0x39c5, 0x0)
socket$igmp(0x2, 0x3, 0x2)

3.415912693s ago: executing program 2 (id=183):
r0 = syz_io_uring_setup(0x24fd, &(0x7f00000002c0)={0x0, 0x0, 0x10100}, &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000140))
io_uring_enter(r0, 0x1d2d, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/tcp\x00')
close_range(r2, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000380)='generic_add_lease\x00', r2}, 0x18)
inotify_add_watch(r2, &(0x7f0000000040)='./file0\x00', 0x100)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x37)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$9p_tcp(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000100000000'])
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0xc0, &(0x7f0000000000), 0x0, 0x4)

3.386704663s ago: executing program 2 (id=184):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="38000000100025069f1d00000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="03000000000000001800128008000100677265000c00028008000700e0"], 0x38}}, 0x0)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x35d, &(0x7f0000000f00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPNiDurJvyeatLzFpfr/2+4GSycw8u7OZSXk27WYv3/3yo0rJ0kp6Q6JJJRERkSuRrEQlEPEfo245IWGH8srMnz+/uL5ZTHoVaiW/8WpOKTU3/8PHn6X8bmfTcpF9//KP3O8Xz148f/nvxodlS5UtVa01lK62a7829G3TULtlq6IptWoaumWoctUy6l77d/52zNreXlPp1d3Z9F7dsCylV5uqYjRVo6Ya9abSP9DLVaVpmppNC25SPF5b0/NDBu+MeDAYk3o9r0+JSKqnpXg8kQEBAICJ6s7/o05KP0z+vyVzhcLymnI6t/P/k5fOGzPvnM75+f9Zol/+/9ov3rY68n/ndKKd/9e884PSzfn/13KH/L83I3pchs7/s2MYDIYzn+ipinQ8c/L/tP/+dR29d7LoFsj/AQAAAAAAAAAAAAAAAAAAAAB4GlzZdsa27UzwGPy0LyHwn+NBGjT/0yKSdGbfZv4fsvXNLUm6F+45c2x+sV/cL3qPfodzETHF+Mfu5qyN4Moj5cjKj+aBH3+wX5xyW/IlKTvxsiQZybrrKRRv2ytvFZaXlMePb12mlA7H5yQjz4Tjv3dXpxOf64z395+QlxdC8Zpk5KcdqYkpu25ke/+fLyn15tuFrviU209Efrv3SQEAAAAAYMQ01dL3/F3TBrV73zKSL7kfExmyKBn5u//5/WLf8/NY5oXYpI8eAAAAAIDHwWp+WtElatTdgmn2K6RkYNMICrGOmriI9O2c6KqJX7flqdAR3nY8CfHuYPJ/j+ub4FW9S1TwjxTOwFtN/h1VZLjxBMfv1kRiw09T5FDcBXAYborKLcJj3YOfdypU384LA7dz5B9Iqyb42Cgx4HWW1d7tRK9ZCfGeGjsy3AJ47qtv/xrdG+T1U38FfHJz5yPTsA/kNpPSVXB20dsUH/svHgAAAAD3rp30BzVvhJvDNxIJ3yyHv9wDAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBCY/lKv67CpI8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFL8FwAA//8GuPOT")
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r2, 0x4, 0x6000)
socket$tipc(0x1e, 0x5, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r3, 0x1, &(0x7f0000000000)=[&(0x7f0000ff9000/0x2000)=nil], 0x0, &(0x7f0000000000), 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000001340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
unshare(0x2040400)
fstat(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_START_AP(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x4, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4010)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000007c0), r5)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000800)={0x20, r7, 0x901, 0x70bd28, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x480d0)
setuid(0x0)
io_setup(0x200, &(0x7f0000000140))
r8 = open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x39)
write$binfmt_script(r8, &(0x7f0000000080), 0x208e24b)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b000000002b816189a41c1d06eb61063f95b1f9000000200000000080000000000000f1118832f6cb2508730283c3f523cc9fcd7aba81e30212c135990764bb35c4de323b9d2d665b11f58fafc8db37f60c73e53399c6d584c280968c14000008000000000000bd9ae003f6dbc28079c52d76cf9b4a7547eb4992671098e5ba4cf52ab22ffdb2c2d9a507302dc0024c18f11ea7777446d641c83e7f29ea975057d7b1771e1579f2386806b58f2fdd15e9649952fe7591db4980d22edbc39cf37eec7b12dc", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000007f1600850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

3.349518653s ago: executing program 1 (id=185):
add_key(0x0, 0x0, &(0x7f0000000400)="010000000037a788a11d1f000000000000006923c63a4541062101a59ea9cba39a", 0x21, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
r0 = syz_usbip_server_init(0x4)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={<r1=>0x0}, 0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f00000007c0)={0x0, 0x0, 0x1, 0x7, r1})
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, 0x0, 0x0)
r3 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@orlov}, {@abort}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a6243c, &(0x7f0000000740)=ANY=[@ANYRESHEX=r3, @ANYRES64, @ANYRESDEC=r0, @ANYRESOCT=r2, @ANYRES64=r0, @ANYRESDEC=r0], 0x1, 0x0, &(0x7f0000000000))
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xb, 0xffffffff, 0x1, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000003c0), 0x5, r4}, 0x38)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000300851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.177191054s ago: executing program 2 (id=186):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa2003b974aac0c7171a400f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x37e2f4aba9289b81, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
mq_open(&(0x7f0000000380)=':#}:%]\x00', 0x40, 0x82, &(0x7f00000002c0)={0x7, 0x8, 0x0, 0x5})
set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x0, 0x0)

2.878228746s ago: executing program 2 (id=191):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x9, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=") (fail_nth: 36)

2.817797836s ago: executing program 32 (id=191):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
recvmmsg(r0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x9, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=") (fail_nth: 36)

2.637338897s ago: executing program 4 (id=194):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020641700000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r4=>0x0})
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f0000000000), 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\fk\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020100000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011001f"], 0x7c}}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000004640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000140a070300000000000000000700000008000340000000000900010073797a3000000000090002007f977a2600000000140000001100010000000000000000000000000a"], 0x5c}}, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000160000000000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r10 = dup2(r9, r6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r10}, 0x10)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x4, 0xf1, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x2, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r12, <r13=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32=r13, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r14 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b007106067b00"/20, @ANYRES32=r0, @ANYBLOB="0300"/20, @ANYRES32=r4, @ANYRES32, @ANYBLOB="04000000040000000400"/28], 0x50)
r15 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0d00000000000000b49800000000000010290400", @ANYRES32, @ANYBLOB="ff0700"/20, @ANYRES32=r4, @ANYRES32, @ANYBLOB="0500000100000000fa000000000000000000000000639a835134376e18f59dd829be135976b3d297e920ebad95d3927b8730048971c682792e641c27238a2055c6ebcc533fb81cc20f91100efed0482806864ad3d9211776516f3d3953cbacdab61ce22ac9a5fc1cd41994425cee40f3ae307970abcaf1608e3acd6e0b9c00"/141], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x2, &(0x7f0000000080)=@raw=[@jmp={0x5, 0x0, 0xd, 0x8, 0x8, 0xffffffffffffffe0, 0x10}, @ldst={0x2, 0x2, 0x0, 0x1, 0xa, 0xffffffffffffffdf, 0x1}], &(0x7f0000000180)='GPL\x00', 0x40000000, 0x1000, &(0x7f0000000c00)=""/4096, 0x40f00, 0x7a, '\x00', r4, 0x25, r10, 0x8, &(0x7f00000001c0)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x8, 0x7, 0x5}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000380)=[r11, r13, r14, r15], &(0x7f00000005c0)=[{0x1, 0x5, 0x0, 0xc}, {0x2, 0x1, 0xa, 0xb}, {0x1, 0x4, 0x9, 0x1}, {0x5, 0x3, 0x3, 0x6}, {0x2, 0x3, 0x6}], 0x10, 0x6, @void, @value}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r16=>0x0})
recvmsg$can_bcm(r5, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0)
sendmsg$can_bcm(r5, &(0x7f0000000480)={&(0x7f0000000700)={0x1d, r16}, 0x10, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[@ANYRES16=r1, @ANYRES16=r12, @ANYRES32=r0, @ANYRES64, @ANYRES64=0x0, @ANYRES64], 0x20000600}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
sendmsg$can_bcm(r5, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r16}, 0x10, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0300000047fe"], 0x80}}, 0x48000)

2.452978768s ago: executing program 0 (id=196):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000780)={'vxcan1\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000040)={0x1d, r2, 0x3}, 0x18)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r1)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r1)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$fou(&(0x7f0000005740), 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10)
sendmsg$FOU_CMD_ADD(r4, &(0x7f0000005800)={0x0, 0x0, &(0x7f00000057c0)={&(0x7f0000005780)={0x14, r5, 0x1}, 0x14}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9}}, 0x24}}, 0x0)

2.451845768s ago: executing program 1 (id=197):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f00000002c0)='cdg\x00', 0x4)
listen(r6, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x28, r8, 0x1, 0xffffffff, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}]}]}, 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r8, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000084}, 0x40)

2.431429778s ago: executing program 3 (id=198):
r0 = syz_open_dev$hiddev(&(0x7f0000000080), 0x100, 0x98040)
ioctl$HIDIOCGNAME(r0, 0x80404806, &(0x7f0000000180))
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000140)=0xffffff1f, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x3, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x31}}}}, 0x32)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x2, 0x0)
ioctl$EVIOCGKEYCODE_V2(r4, 0x80284504, &(0x7f00000001c0)=""/18)

2.378345998s ago: executing program 3 (id=199):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c000000100003e9ffffffffffffff0000000600", @ANYRES32=0x0, @ANYBLOB="00000000000300001c0012800b0001006d616373656300000c0002800500030004"], 0x3c}}, 0x0)

2.292728998s ago: executing program 3 (id=200):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYRESDEC=0x0, @ANYRESDEC=0x0], 0x48)
futex_waitv(&(0x7f0000002940), 0x0, 0x0, &(0x7f0000003300), 0x1)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
syz_io_uring_setup(0x10278e, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x2}, 0x3b)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f0000000000)={{0x80}, 'port1\x00', 0x0, 0x40409})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r4, 0x0, 0x5}, 0x18)
r5 = socket$kcm(0x10, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r6 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="62a02a3a3409776d0a89"], 0xa)
sendmsg$kcm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000500)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140643000000000e000a001000000086419820dd618929d4d8", 0x32}], 0x1}, 0x0)

2.154767609s ago: executing program 3 (id=201):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r0}, 0x10)
r1 = syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3E9rXFUUAPDzXiZp2sROKqK2CAakVhSnaVMUumpdiwq66LJjMikh0z9mIpjQRVr36kLERUH6EQT31oUrwUVdaP0ERSxSdNO6iLzJTDo0mSS2M7398/vBnbn33emcc+bReffCvATwxBovHvKIvRFxMosot47nETHU7A1HLBcvHIjbN89PFS2LlZX3/8oii4hbN89Ptd8raz2PtAbDEXH1rSye/nR93Mbi0ly1Xq/Nt8YHF06fO9hYXHp99nT1VO1U7cyRyTePTL4xOdnDWq+f+/DrF3555+WLlz+bePer3T9lcSxGW3OddfTKeIyvfSadShFR7XWwRAZa9XTWmZUSJgQAwKbyjjXcs1GOgbizeCvHj78mTQ4AAADoiZWBiBUAAADgMZfZ/wMAAMBjrv07gFs3z0+1W9pfJDxYN45HxNhq/e37m1dnSs3bniOGYzAidv2dRedtrdnqP7tv40Wk736uFS36dB/yZpYvRMTzG53/rFn/WPMu7vX15xEx0YP443eNH6X6j/Ugfur6AXgyXTm+eiFbf/3L19Y/scH1r7TBtetepL7+tdd/t9et/+7UP9Bl/ffeNmPs+/fVq93mOtd/Jz7/fbqIXzzfV1H/w40LEftKG9WfrdWfdan/5DZjjExdv9Rtrqi/qLfdHnT9K5cj9sfG9bdlm/19ooMzs/XaxOpjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWPsuT/3dpvbuv78j6Hsg2ZvqHXkk+rCwvyhiKHs7fXHD2+eS/s17fco6n/lpc3//29Uf/GdsNz6HIq9wIXWczG+eFfMkf2Hv733+vurqH/6Hs//F9uM8c33lz7qNpe6fgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeDXlEjEaWV9b6eV6pRIxExDOxK6+fbSy8NnP24zPTxVzEWAzmM7P12kRElFfHWTE+1OzfGR++azwZEXsi4svyzua4MnW2Pp26eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRMRoZHklIvKI+Kec55VK6qwAAACAnhtLnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEctHdzZbYag1N5g0M6Df8tQJAMkMpE4ASKaUOgEgGXt8INtifrjrzI6e5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAw+vA3ivXsohYPrqz2QpDrbnBpJkB/ZanTgBIZiB1AkAypdQJAMnY4wPZFvPDXWd29DwXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5eo82W5ZWIyJv9PK9UIp6KiLEYzGZm67WJiNgdEb+VB3cU40OpkwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDnGotLc9V6vTavo6Ojs9ZJ/c0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAKjcWluWq9XptvpM4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASK2xuDRXrddr833spK4RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB0/gsAAP//rDcGHA==")
r3 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
renameat2(r3, &(0x7f0000000180)='./file1\x00', r3, &(0x7f00000001c0)='./file0\x00', 0x2)
pipe(&(0x7f0000000540)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000240)={0x2, 0x5, 0x1, 0x7d, 0x1, 0xfffe})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a0102000000000000000002000000090001"], 0x1e4}}, 0x0)
write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc)
splice(r4, 0x0, r6, 0x0, 0x7fff, 0x4)

1.761118051s ago: executing program 4 (id=202):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000900)={r1}, 0x3)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
r3 = syz_io_uring_setup(0x5b9, &(0x7f0000000140)={0x0, 0x91da}, &(0x7f0000000240), &(0x7f0000000280))
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r4}, 0x10)
syz_clone(0x63008000, 0x0, 0x0, 0x0, 0x0, 0x0)

1.574044752s ago: executing program 1 (id=203):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="a800000038000900000000000000000001000000"], 0xa8}}, 0x0)

1.493086232s ago: executing program 1 (id=204):
syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000140)='./file1\x00', 0x1480e8, &(0x7f0000000880)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x9}}, {@data_err_abort}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x8}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x587, &(0x7f0000001240)="$eJzs3V9rW+UfAPDvSZOt+/P7rYMx1Asp7MLJXLq2/pkgbF6KDgd6P0ObldF0GU061jpwu3A33sgQRByIL8B7L4dvwFcx0MGQURT0pnLSky39k7RNs6Uznw+c7XnOOenzPHnO8+T75CQkgIE1mv6Ti3g5Ir5OIo60HMtHdnB09bzlxzen0i2JlZVP/kgiyfY1z0+y/w9lmZci4pcvI07lNpZbW1yaLVUq5fksP1afuzZWW1w6fWWuNFOeKV+dmJw8+9bkxLvvvN2ztr5+8a/vPr7/wdmvTix/+9PDo3eTOB+Hs2Ot7diFW62Z0RjNnpNCnF934ngPCttLkn5XgK4MZeO8EOkccCSGslEP/Pd9EREr3cvv5sFAvyWGMAyoZhzQXNv3aB38wnj0/uoCaGP786vvjcRwY210cDlZszJK17sjPSg/LePn3+/dTbfo8D7EgSxWW+PvHlQAGFi3bkfEmXx+4/yXZPNf98403jzubH0Zg/b6A/10P41/3tgs/sk9iX9ik/jn0CZjtxtbj//cwx4U01Ya/723afz7ZOoaGcpy/2vEfIXk8pVK+UxE/D8iTkZhf5rvdD/n7PKDlXbHWuO/dEvLb8aCWT0e5vevfcx0qV7aTZtbPbod8crT+DeJDfP/cCPWXd//6fNxcZtlHC/fe7Xdsa3b32pDBLxrKz9GvLZp/z+9o5V0vj851rgexppXxUZ/3jn+a7vyd9b+3kv7/2Dn9o8krfdrazsv44fhf8rtjnV7/e9LPm2k92X7bpTq9fnxiH3JR2m2sGb/xNPHNvPN89P2nzzRef7b7PpP12OfbbP9d47daXtqa/uHs3543v0/vaP+33niwYeff9+u/O31/5uN1Mlsz3bmv+1WcDfPHQAAAAAAAOw1uYg4HEmu+CSdyxWLq5/vOBYHc5VqrX7qcnXh6nQ0vis7EoVc8073kZbPQ4xnn4dt5ifW5Scj4mhEfDN0oJEvTlUr0/1uPAAAAAAAAAAAAAAAAAAAAOwRh9p8/z/121C/awc8c37yGwbXluO/F7/0BOxJXv9hcBn/MLiMfxhcxj8Mru7G//6e1wN4/rz+w+Ay/mFwGf8AAAAAAAAAAAAAAAAAAAAAAAAAAADQUxcvXEi3leXHN6fS/PT1xYXZ6vXT0+XabHFuYao4VZ2/VpypVmcq5eJUdW6rv1epVq+NT8TCjbF6uVYfqy0uXZqrLlytX7oyV5opXyoXnkurAAAAAAAAAAAAAAAAAAAA4MVSW1yaLVUq5XmJtolzsSeq0XUi2aqXz2UXQ1dF5PvfQIlnkOjzxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALf4NAAD//0B1MBQ=")
socket(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000840)='./file1\x00', 0x2, &(0x7f0000000940)={[{@abort}, {@nodiscard}, {@noquota}, {@init_itable}, {@noinit_itable}, {@resgid}, {@sysvgroups}, {@block_validity}, {@usrquota}]}, 0x10, 0x4e0, &(0x7f0000000d40)="$eJzs3d9rHFsdAPDvTLI3/ZF7k6s+XC9478VW0qLdTRrbBh9qBbFPBWt9rzHZhJBNNmQ3bROKpPiuIKKCTz75IvgHCNI/QYSCvksVRbTVBx/UlZ2drW2620S62anJ5wPTOWfO7n6/p+3OzJk57ARwbH0UEdciYiQizkfERL49zZfr7fabndc9fXJ/ob0k0Wrd+ksSSb6t+1lJvj4dEbsRcSIivnY94pvJy3Eb2zur87VadTOvV5prG5XG9s6FlbX55epydX12duby3JW5S3PTA+nnZERc/fIffvDdn37l6i8/d/d3t/907lvttMbz9uf7MUidrpeyv4uu0YjYPIxgBRjJ16U+7d8ZGWIyAADsq32O/7GI+HR2/j8RI9nZKQAAAHCUtL44Hv9MIloAAADAkZVmc2CTtJzPBRiPNC2XO3N4PxGn0lq90fzsUn1rfbEzV3YySunSSq06nc8VnoxS0q7P5HNsu/WLe+qzEfFuRHx/4mRWLy/Ua4tFX/wAAACAY+L0nvH/3yey8f9Y0XkBAAAAAzZZdAIAAADAoTP+BwAAgKPP+B8AAACOtK/euNFeWt3nXy/e2d5ard+5sFhtrJbXthbKC/XNjfJyvb6c/Wbf2n6fV6vXNz4f61v3Ks1qo1lpbO/cXqtvrTdvr7zwCGwAAABgiN798OFvk4jY/cLJbGl7q+ikgKFI9mnPHhLyOK/8fggJAUMzUnQCQGFGi04AKEyp6ASAwu13HaDv5J1fDT4XAADgcEx9sv/9f9cG4GhLi04AABg69//h+Cq9OAPwUnGZAEV5Z5/217//32r9TwkBAAADN54tSVrO7wWOR5qWyxFvZ48FKCVLK7XqdD4++M1Eaaxdn8nemew7ZxgAAAAAAAAAAAAAAAAAAAAAAAAA6Gi1kmgBAAAAR1pE+sck+zX/iKmJs+N7rw+8lfxjIltHxN0f3/rhvflmc3Omvf2vz7Y3f5Rvv1jEFQwAAABgr+44vTuOBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBBevrk/kJ3eanxncOL++cvRcRkz/gfnshWJ6IUEaf+lsToc+9LImJkAPF3H0TEe73iJ+20YjI6WfSKf/JQ4o/FQeKnEXF6APHhOHvY3v9c6/X9T+OjbN37+zeaL6+r//4vje7+b6TP/uftA8Z4/9HPK33jP4h4f7T3/q8bP+kT/8wB43/j6zs7/dpaP4mY6nn8SV6IVWmubVQa2zsXVtbml6vL1fXZ2ZnLc1fmLs1NV5ZWatX8z54xvvepX/z7Vf0/1Sf+5D79P3vA/v/r0b0nH+8US73inzvT+/j7Xu/42QGi/X/iM/lxoN0+1S3vdsrP++Bnv/7gVf1f7NP/Z//+PQ607ZjnDtj/8ze//fiALwUAhqCxvbM6X6tVN/8fC2m8EWkoDKQw9makodApFL1nAgAABu2/J/1FZwIAAAAAAAAAAAAAAAAAAADH1zB+TmxvzN1iugoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Er/CQAA//9nfti1")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x20075, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$inet6(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10)
sendto$inet6(r1, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

1.393521343s ago: executing program 4 (id=205):
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000000)={0x0, 0x7}, 0x8) (async)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000000)={0x0, 0x7}, 0x8)
r0 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000000c0)=0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@delqdisc={0x3c, 0x25, 0x2, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x6, 0xc}, {0x13}, {0xd, 0xc}}, [@TCA_RATE={0x6, 0x5, {0x1, 0x7}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004040}, 0x800) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@delqdisc={0x3c, 0x25, 0x2, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x6, 0xc}, {0x13}, {0xd, 0xc}}, [@TCA_RATE={0x6, 0x5, {0x1, 0x7}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004040}, 0x800)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0), 0x4) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000240)={'syztnl1\x00', &(0x7f0000000200)={'ip_vti0\x00', <r3=>r1, 0x8, 0x700, 0x60cf, 0x3, {{0x7, 0x4, 0x0, 0x1b, 0x1c, 0x66, 0x0, 0x7, 0x4, 0x0, @loopback, @broadcast, {[@ssrr={0x89, 0x7, 0x9, [@dev={0xac, 0x14, 0x14, 0xa}]}]}}}}})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x5, 0x4, 0x8, 0x24200, r2, 0x2, '\x00', r3, 0xffffffffffffffff, 0x1, 0x2, 0x5, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x5, 0x4, 0x8, 0x24200, r2, 0x2, '\x00', r3, 0xffffffffffffffff, 0x1, 0x2, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
bind$inet(r4, &(0x7f0000000300)={0x2, 0x4e20, @broadcast}, 0x10)
rt_sigtimedwait(&(0x7f0000000340)={[0x5]}, &(0x7f0000000380), &(0x7f0000000400)={0x0, 0x3938700}, 0x8)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_BT_FLUSHABLE(r5, 0x112, 0x8, &(0x7f0000000440)=0x5, &(0x7f0000000480)=0x4)
r6 = add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x1}, 0x0, 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f00000004c0), &(0x7f0000000500)={'fscrypt:', @desc3}, &(0x7f0000000540)={0x0, "a0a9f7cc0565c70dfd45f3e87d2120d15bafc31ecf48bb0d944f06e1f91735cc3b26e3b3a331c659168e2ed4e999dd8772351d25e2b682d03a79897c44bf5929", 0x1f}, 0x48, r6)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r7, &(0x7f0000000640)="0e80a7358b75d5cf7d1f137e09338bf8b2e3461751d831d5d70edc0a3a94a155795c3b6f22ef3f95616b6826bcdc647e58d08910833324845c313c8ea1b39a10893cda66ff2d9fa3ce8cfd799459ac20d6bd35e8240aaa62f6fe69f0109a95471ff65fb5db366fa4c24b5290d359e254b22fde42f304e224566ad23f2f527e77a28f9737e7bc8da3f21773daee8d38b09e973bbd0ccd4234207f73257282c812b1af0e1ce4ab7122a8b0eb3caf648cff7c99118cce05f83a43ab557e6fcb6308d5ef47fc715d4b", 0xc7, 0x4, &(0x7f0000000740)={0xa, 0x4e20, 0xa4fa, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}, 0x1c)
stat(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)) (async)
stat(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f0000000840)={{0x1, 0x1, 0x18, <r9=>r0, {<r10=>0xffffffffffffffff, 0xee01}}, './file0\x00'})
setresuid(r8, 0xee00, r10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000880)='mm_page_free\x00', r9, 0x0, 0xffff}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000880)='mm_page_free\x00', r9, 0x0, 0xffff}, 0x18)
r11 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000940), r9)
sendmsg$L2TP_CMD_SESSION_GET(r9, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x24, r11, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0xbb}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x3}]}, 0x24}}, 0x4040)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000a40)='rxrpc_retransmit\x00', 0xffffffffffffffff, 0x0, 0x6}, 0x18)
r12 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000ac0), 0x80, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000b00), r9)
ioctl$PPPIOCSDEBUG(r12, 0x40047440, &(0x7f0000000b40)=0xffffffff) (async)
ioctl$PPPIOCSDEBUG(r12, 0x40047440, &(0x7f0000000b40)=0xffffffff)
ioctl$TIOCGPGRP(r9, 0x540f, &(0x7f0000000b80)=<r13=>0x0)
ptrace$peeksig(0x4209, r13, &(0x7f0000000bc0)={0x1, 0x1, 0x9}, &(0x7f0000000c00)=[{}, {}, {}, {}, {}, {}, {}, {}, {}]) (async)
ptrace$peeksig(0x4209, r13, &(0x7f0000000bc0)={0x1, 0x1, 0x9}, &(0x7f0000000c00)=[{}, {}, {}, {}, {}, {}, {}, {}, {}])
keyctl$clear(0x7, r6)

1.286107813s ago: executing program 3 (id=206):
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f608ce27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e30400000000000000000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a95d32f46ed9bd1f00fb8191bbab2dc599dda61ee2010000294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bfe2777e808fcba821a00e8c5c39609ff854256cb490000000000c1fee30a3f7a85d1b2b458c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd210819203828b202779d386ed295f023c67d867014d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff00004043060000005dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df40600000000000000e9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b0600b805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1202000000b59fed817072a0da60160761fd3dffda0f7c742eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7000000000000000542954c167dd9b4acd946ffffffffffffffff1389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c9e281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b630500163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f700400fa0c61d5fe6d8ff353f631080405547d65375ae04f44f0c2543c772c5ccb137be7dc87746e1785a8214454d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b036e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e010000005a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb3985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1428c0805b4031a667e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a9cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab9100781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c1227c8bed10591958c906321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b863af34bac64c247672a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f27080ece2a94c360b002c77f82662675a7713c7067081cac1599a998c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc215a18ca0265400abf38e90000000000000000008faf2cddffbfa66bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942ce18e57bb7f337df5435bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de286553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c03f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c872a4882d21db2046a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265441d513a1294b8439276394945d94a589708e32a1cb30a8b07b391201385e0b92ecbb7b13d7a87284164018ace6ce58a82c5de321452461089cdd69259f5390f5f508646a524490583c30630bedb47e158ad41c0a653e86a4f4f255cd2a6e95f33b586823aef5564d9de1f5bdd8c80e193f0597b8003860302cd243c00bc5a82c52afb115d16258d507937966bb89409d6d47b8b652d0761d7c72875ae1efb9bc7c6807c2d783e31fd9cd7e84d3d50d8fc44ab8ac9ccd2c0d42e3bd4c029241320446bbf47e23d1320de30fbdf7ed13f80c28fb5c13fccc2e3f73509bdcddad8a2fe48cdd61f2f43611704af64eed8b0cbbd08754f93b8f3d6347aad5cde1ccc5cbd5eaa87e52cea257c856a4af5243eeb5e89f0000000000000000f420df5e4c6d856b3d55e455c08110b2ef4255a38f81555e8e1f22d59c0bc3c9013e66a1f5bda1b695e1602c0afb5c35b2f68f3b151b1e869f40ff4d1bef5e926e1ff95f6321131e4cb797f53455a093a95e67605222d6acc29c46e5db1ef3b8b07e2169fb24ced4b3ae87ebeca06df93212e465bbd1a7e41df2e1a0d508f86cfc7a469ac682685c44692877d03c34c23a65d2677acc73b5d276fdebd685c9b7a079eae228d8426188cb19b083548f5f29e493ab079f33d1965dcbb165015c46998ad410d60cc65fcfa73bd65a43fc024455c4bf530d663976cf71490577251780ab6b1cf8d397444b5be575229f687a3d95ea6b2aa62fce8acb3d4a6a130b4fefa55d0c1d6f3fa448ee24e588e2965c9a442f0baf90923dda91a6850fb7b9c7f432b63001423fedcf053fa28024cc9a178a07042dabc07176fc524032c2edb340c9c18a83565c431aeb0c869683507255254430f90f61e4eca9c8fa98c000b35fec357ee1ebd08439bd95c1ab0753dfd2603d1608bd8c589a1e160000a6ee0ad13346e08738c2d7b00b5d121d918f1dc8bceded939fa8605b54b37cdfcea0bf2bc63e655dc04a2e50212ff89d6587d49896ce18916cf3adc12839c345ca91bb232b891fae2fdd68aaa38281c0feb2c107af3e080d6cdd1c6646ec6804d7e9960c02aa0db9eda24bbcb287fd2a890fa7f9d6ae0c0b1f8dd1603c9ea2f66b572276f96a28b5b6dd9f9bf6ad4bdaa2139b90faf1f40b0f141258578bd825daaaf718d21b7ac05fe5d1b699e5422ca341fe1c944f68fe3a6d783dcf30b0e09d7688f696883b61cb64464b04d351a0a69b0733c348049b0430ed40e200f4ff0000000000000000000000996bcc1b721b152c892fab887e7d20466d90c049c0fdf51dcc16d226a2619c6f47bc25b7f5df5c09fed638922ed127ab36aa7b0c58a2ce5894b1b0f5375d340d96b69b966b05daaf585121a9c7605ed8e9964eef1f14b74cbb2ccdadc6d0b77cf0492b75e1cd11bfdcfddde91b20366715ba0cbe1041be2a65c25d7ca15ef8b71bd2ab9a4294899a1964b0152518fc2ac15a728bcb9e2bc4b551dfdf9011a2a607bc39ad2c4d7c64dcf967724e9b63c397d5265ad3f1da4395a5a800d8845257dcbf210d4f00fe0bd3deed05e506736e6bb6d40ee6cb960bcdb33633ee87f82beb665a9a4c2d4d2b06479ade3a4cd6bba765c9f52b52a0bdd0849ab92baae3775570accb5a57ee9f0035fc6d3df4eebec2e7eb4ff863d3979a20f4428ddca471037b49d4fd130743a97faa02c293b721e52bf53d64c6585e138162331ef98792e1e9b21a6a084fb7b42c64062ef1323a8a65a8ed6038f274f28ff4f78136a1ef108efbe8c4f4e347d50dcdbc33bf3ade4c3a39d316061930d7dd39b8acdecc3f27830e3eda40e648328d95a9aee65a9dd09fd4e96d5b852025dc53ec3f30cc753e6a796084b4e34f521dbb230ae0f3b79142073d437e1fd22d3b7503ffa95b1d5c7740b0ecbfd35dc0f8af895583dfcc2689f6e02c2dd4b57f3dcac54f40da013eb221fa3d65de760576031052c25a96ed4b20230b36d46d3d3fd6bb1d77cc8a48a6b10fa0149e55ccde4a2b26cca2d1ca9191c74ab006a602543fc24d1283e353cfb917620000000024bf3eed258c02a591ec4cd295212d9a98d38745f6f6c4530900000000000000f184f239098bf32551c7cf454e2865974f6520112743f73c619c3cab5609e00178f7393e53462f31559220c026bbde09837bf1b3ffe748a3247c9569f0c5e99f4494f93e0fa1badca90c888616eca97bddabd8003fc12a084d4b11d841979e161b998ddda92f194c4ec7947b7b303be11e0962d429a2c542a28c4932e14c123dfe2b8ec47a11cce134fd6e42a9f4e00ab6de6b45"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)="e9bed67a87ee4623d39c10780000000000000000", 0x14}}, 0x20040814)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x100000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900"], 0x48)
close(0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r6=>0x0})
r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r7, 0xee01, 0xee00)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001f80)={0x3, 0x4, 0x4, 0xa, 0x0, r4, 0x101, '\x00', r6, 0xffffffffffffffff, 0x3, 0x0, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000020c0)={0xa, 0x12, &(0x7f0000001a80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6}, {}, {}, [@map_val={0x18, 0xb, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x6}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x1, 0x0, 0x0, 0x41000, 0x45, '\x00', 0x0, @fallback=0x44eca38918759c12, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000002040), 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}}, &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
fcntl$notify(0xffffffffffffffff, 0x402, 0x5)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r5)

1.220739883s ago: executing program 4 (id=207):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10)
mmap(&(0x7f0000261000/0xc00000)=nil, 0xc00000, 0x3000003, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x100000000000000)

1.152462584s ago: executing program 4 (id=208):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'veth1_to_hsr\x00', <r2=>0x0})
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x35, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x1ff}, 0x0, 0xf5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="800000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e00000000400002800600010000000000340003800c00010000000000000000000c00010094040000000000000c00010000010000000000000c000100040000000000000008000500", @ANYRES32=r2, @ANYBLOB="080003"], 0x80}}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffeca50000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='kmem_cache_free\x00', r3}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000b3180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r6 = epoll_create(0x3)
epoll_pwait2(r6, &(0x7f0000000000)=[{}], 0x1, &(0x7f0000000180), 0x0, 0x0)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r4}, 0x10)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@generic={0x0, r7}, 0x18)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x1b, 0x2, 0x0, 0x8000, 0x40, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000000000100850000008600000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20002, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, @perf_config_ext={0x401, 0xff}, 0x100, 0x0, 0x100, 0x0, 0x3, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r11, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56)
listen(r11, 0x0)
connect$unix(r10, &(0x7f0000000140)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r12 = syz_io_uring_setup(0x10f, &(0x7f0000000140), &(0x7f0000000240)=<r13=>0x0, &(0x7f0000000280)=<r14=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r13, r14, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r12, 0x47f6, 0x0, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r9}, 0x10)

902.710535ms ago: executing program 0 (id=209):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r3, 0x0, 0xfffffffffffffffd}, 0x18)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x8)
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
splice(r5, 0x0, r4, 0x0, 0x1000, 0x0) (fail_nth: 41)
splice(r0, 0x0, r6, 0x0, 0x80, 0x0)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0x20)

256.922368ms ago: executing program 4 (id=210):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x2000000, &(0x7f00000003c0)={[], [{@uid_gt}, {@appraise}, {@uid_lt}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@context={'context', 0x3d, 'unconfined_u'}}]}, 0x1, 0x787, &(0x7f0000002dc0)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==")
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x100008, &(0x7f00000004c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
mq_open(0x0, 0x40, 0x91, 0x0)
openat$vcs(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYRES64=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r5 = open$dir(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0)={0x30000009})
epoll_pwait2(r6, &(0x7f0000000380)=[{}], 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000000, 0x10010, r5, 0xd2d9c000)
r7 = open$dir(&(0x7f0000000080)='./file0\x00', 0x7e, 0x0)
writev(r7, &(0x7f0000000280)=[{&(0x7f0000000300)="e7", 0x1}], 0x1)

256.318288ms ago: executing program 0 (id=211):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r3=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x4, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r3, 0xffffffffffffffff, 0x0, 0xfffffffe, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f00000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00\x00'], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@can_newroute={0x3c, 0x18, 0x1, 0x0, 0x0, {0x1d, 0x1, 0x2}, [@CGW_MOD_UID={0x8}, @CGW_CS_XOR={0x8, 0x5, {0xffffffffffffffff, 0x3}}, @CGW_MOD_AND={0x15, 0x1, {{{}, 0x0, 0x2, 0x0, 0x0, "ee1990a380ecab90"}, 0x5}}]}, 0x3c}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r7, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

250.475578ms ago: executing program 0 (id=212):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f00000002c0)='cdg\x00', 0x4)
listen(r6, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x28, r8, 0x1, 0xffffffff, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}]}]}, 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r8, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000084}, 0x40)

132.170778ms ago: executing program 0 (id=213):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r1 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x81)
sendfile(r1, r0, 0x0, 0x80000000)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)

1.382939ms ago: executing program 3 (id=214):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005002200000400000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r2}, &(0x7f0000000000), &(0x7f00000003c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x81e00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r5 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f00000002c0)={<r7=>0xffffffffffffffff})
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = socket(0x23, 0x5, 0x0)
listen(r10, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kmem_cache_free\x00', r9, 0x0, 0x400000000000000}, 0x18)
vmsplice(r7, &(0x7f00000001c0)=[{&(0x7f00000004c0)="7cd1f233f595b9483683fb7fcac2881731c46bffa49ed496fc644240945fc5df846ba39e38efc8aec53ef3336edc8b34345245ccb129039638ada63a724ef5a396879010187d3ce7b84dd94f77100f4f8c17cd3fa7c86bfd86df0591ab397de730befc33843cfd1c85cb8b50e796f64b76d3e3cb2c6f9d7b6822e32be3d26250d6", 0x81}], 0x1, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x900, &(0x7f0000000300)={0x0, 0x41, 0x20000}, 0x20)
syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')

0s ago: executing program 0 (id=215):
socket$netlink(0x10, 0x3, 0xf)
unshare(0x22020600)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00')
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x800004, &(0x7f00000002c0)={[{@nodiscard}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x200}}]}, 0x1, 0x57d, &(0x7f00000018c0)="$eJzs3c9vFFUcAPDvm/6gULSFGBUP2sQYSJSWFjDEeIA7Ifjj5sVKC0GWH6E12moiJHgxMV48mHjyIN79A5To1ZM3D148GRJiDEcTa2Y7Uxa6W9qy7bTM55NMO2/ebr5vdvPdN/P2zWwAtTWS/8ki9kXElRQx1FLXG0XlyOLj7v7zyZl8SbGw8NbfKVKxrXx8Kv4PFk8eiIjffk6xt2d53Jm5+QuTjcb01aI8NnvxytjM3PzB8xcnz02fm7408erEfJf39eSN9z8c+vzUO999828a//6PUymOx+6irnU/umUkRpZek1b563qs28Eq0lPsT+tbnHorbBBrUr5/fRHxTAxFT9x784biszcqbRywoRZSxAJQU0n+Q02VxwHluf1GnAcDW9OdE4sDAMvzv3dxbDAGmmMDu+6maB3WSRFxqAvx8xi//nLqRr7EBo3DAe1dux4Rz7bL/9TMzeHmKH6e/9l9+Z9FxOnif779zXXGH3mgLP9h8zxK/r/bkv/vrTO+/AcAAAAAAIDuuXUiIl5p9/1ftjT/J9rM/xmMiONdiP/w7/+y210IA7Rx50TE623n/2blQ4Z7itITzfkAfens+cb0oYh4MiIORN+OvDy+QoyDX+z9ulNd6/y/fMnjl3MBi3bc7t1x/3OmJmcnH2WfgUV3rkc813b+b1rq/1Ob/j//PLiyyhh7X7p5ulPdw/Mf2CgL30bsb9v/37tzRepwf45jR48cPTZ+aKx5PDBWHhUs9/zHX/7YKb78h+rk/f+ulfN/OLXer2dm7TEOz/UudKpb7/F/f3q7ecuZ/mLbR5Ozs1fHI/rTyeXbJ9beZngclflQ5kue/wdeXHn8r93x/86IuLbKmE//N/hnpzr9P1Qnz/+pNfX/a1+ZuDn8U6f4q+v/jzT79APFFuN/sLLVJmjV7QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7SiLiN2RstGl9SwbHY0YjIinYlfWuDwz+/LZyx9cmsrrmr//n5W/9Du0WE7l7/8Pt5QnHigfjog9EfFVz85mefTM5cZU1TsPAAAAAAAAAAAAAAAAAAAAW8Rgh+v/c3/1VN06YMP1Vt0AoDLL8z9V0g5g8+n/ob7kP9SX/If6kv9QX/IfausH+Q/1Jf+hvlbIf1MAAQAAAABg+9nzwq3fU0Rce21nc8n1F3V9lbYM2GjZjnZbP938hgCbzvf7UF+m/kF9OccHHnbDr4F1PxMAAAAAAAAAAAAA6Jb9+1z/D3WVVd0AoDKu/4f6cv0/1JdzfMD1/wAAAAAAAAAAAACw9c3MzV+YbDSmrz62KwMRsQWaYcXKtlqp+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo/R8AAP//cioirw==")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010"], 0x48}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000540)='inet_sock_set_state\x00', r2, 0x0, 0x9}, 0x18)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCFLSH(r3, 0x80045430, 0x300000000000000)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r5, 0x0, 0x5}, 0x18)
lsetxattr$system_posix_acl(0x0, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000000)=ANY=[], 0x1c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r0}, 0x18)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
recvmsg$unix(r7, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000340)=""/1, 0x1}, {&(0x7f00000003c0)=""/21, 0x15}, {&(0x7f0000000400)=""/6, 0x6}], 0x3, &(0x7f0000000600)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xd0}, 0x2003)
socket(0x10, 0x3, 0x9)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0xe1, &(0x7f00000001c0)=ANY=[], 0x1, 0x0, &(0x7f0000000000))

kernel console output (not intermixed with test programs):

[   25.760335][   T29] audit: type=1400 audit(1732307030.960:79): avc:  denied  { rlimitinh } for  pid=3302 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   25.764791][   T29] audit: type=1400 audit(1732307030.960:80): avc:  denied  { siginh } for  pid=3302 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.30' (ED25519) to the list of known hosts.
[   34.043663][   T29] audit: type=1400 audit(1732307039.250:81): avc:  denied  { mounton } for  pid=3312 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   34.044985][ T3312] cgroup: Unknown subsys name 'net'
[   34.066497][   T29] audit: type=1400 audit(1732307039.250:82): avc:  denied  { mount } for  pid=3312 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   34.093988][   T29] audit: type=1400 audit(1732307039.280:83): avc:  denied  { read } for  pid=3005 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   34.115931][   T29] audit: type=1400 audit(1732307039.280:84): avc:  denied  { unmount } for  pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   34.230069][ T3312] cgroup: Unknown subsys name 'cpuset'
[   34.236274][ T3312] cgroup: Unknown subsys name 'rlimit'
[   34.426851][   T29] audit: type=1400 audit(1732307039.630:85): avc:  denied  { setattr } for  pid=3312 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   34.450508][   T29] audit: type=1400 audit(1732307039.630:86): avc:  denied  { create } for  pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   34.471461][   T29] audit: type=1400 audit(1732307039.630:87): avc:  denied  { write } for  pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   34.490474][ T3315] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   34.491996][   T29] audit: type=1400 audit(1732307039.630:88): avc:  denied  { read } for  pid=3312 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   34.520845][   T29] audit: type=1400 audit(1732307039.650:89): avc:  denied  { mounton } for  pid=3312 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   34.541674][ T3312] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   34.545653][   T29] audit: type=1400 audit(1732307039.650:90): avc:  denied  { mount } for  pid=3312 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   35.705704][ T3322] chnl_net:caif_netlink_parms(): no params data found
[   35.790674][ T3323] chnl_net:caif_netlink_parms(): no params data found
[   35.837569][ T3324] chnl_net:caif_netlink_parms(): no params data found
[   35.853113][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.860756][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.867970][ T3322] bridge_slave_0: entered allmulticast mode
[   35.874562][ T3322] bridge_slave_0: entered promiscuous mode
[   35.882988][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.890152][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.897564][ T3322] bridge_slave_1: entered allmulticast mode
[   35.903971][ T3322] bridge_slave_1: entered promiscuous mode
[   35.938870][ T3321] chnl_net:caif_netlink_parms(): no params data found
[   35.948694][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   35.968900][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.022462][ T3323] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.029607][ T3323] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.036730][ T3323] bridge_slave_0: entered allmulticast mode
[   36.043373][ T3323] bridge_slave_0: entered promiscuous mode
[   36.050192][ T3323] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.057266][ T3323] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.064839][ T3323] bridge_slave_1: entered allmulticast mode
[   36.071500][ T3323] bridge_slave_1: entered promiscuous mode
[   36.078386][ T3322] team0: Port device team_slave_0 added
[   36.096683][ T3322] team0: Port device team_slave_1 added
[   36.123162][ T3324] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.130364][ T3324] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.137532][ T3324] bridge_slave_0: entered allmulticast mode
[   36.144070][ T3324] bridge_slave_0: entered promiscuous mode
[   36.151626][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.160924][ T3324] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.168163][ T3324] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.175779][ T3324] bridge_slave_1: entered allmulticast mode
[   36.182435][ T3324] bridge_slave_1: entered promiscuous mode
[   36.198799][ T3321] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.205903][ T3321] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.213378][ T3321] bridge_slave_0: entered allmulticast mode
[   36.219933][ T3321] bridge_slave_0: entered promiscuous mode
[   36.227246][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.245359][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.252377][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.279406][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.290466][ T3321] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.297667][ T3321] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.304985][ T3321] bridge_slave_1: entered allmulticast mode
[   36.311504][ T3321] bridge_slave_1: entered promiscuous mode
[   36.323072][ T3324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.337201][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.344421][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.372305][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.391114][ T3324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.405515][ T3323] team0: Port device team_slave_0 added
[   36.412462][ T3323] team0: Port device team_slave_1 added
[   36.426869][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   36.451238][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   36.461598][ T3324] team0: Port device team_slave_0 added
[   36.473264][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.480578][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.507078][ T3323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.529175][ T3324] team0: Port device team_slave_1 added
[   36.535434][ T3321] team0: Port device team_slave_0 added
[   36.546293][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.554455][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.581953][ T3323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.598706][ T3321] team0: Port device team_slave_1 added
[   36.611287][ T3322] hsr_slave_0: entered promiscuous mode
[   36.617321][ T3322] hsr_slave_1: entered promiscuous mode
[   36.637538][ T3324] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.644686][ T3324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.670942][ T3324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.695855][ T3324] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.702891][ T3324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.728890][ T3324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.739907][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_0
[   36.747477][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.774877][ T3321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   36.786553][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_1
[   36.793546][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   36.819688][ T3321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   36.837390][ T3323] hsr_slave_0: entered promiscuous mode
[   36.843984][ T3323] hsr_slave_1: entered promiscuous mode
[   36.849894][ T3323] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.857976][ T3323] Cannot create hsr debugfs directory
[   36.912587][ T3321] hsr_slave_0: entered promiscuous mode
[   36.918542][ T3321] hsr_slave_1: entered promiscuous mode
[   36.925153][ T3321] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.932903][ T3321] Cannot create hsr debugfs directory
[   36.945485][ T3324] hsr_slave_0: entered promiscuous mode
[   36.951737][ T3324] hsr_slave_1: entered promiscuous mode
[   36.957642][ T3324] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   36.965377][ T3324] Cannot create hsr debugfs directory
[   37.097092][ T3322] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   37.109791][ T3322] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   37.126558][ T3322] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   37.139866][ T3322] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   37.165208][ T3323] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   37.174491][ T3323] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   37.187763][ T3323] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   37.199136][ T3323] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   37.209909][ T3324] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   37.220906][ T3324] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   37.229930][ T3324] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   37.238523][ T3324] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   37.275922][ T3321] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   37.287025][ T3321] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   37.297377][ T3321] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   37.306990][ T3321] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   37.363229][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.382627][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.406692][ T3323] 8021q: adding VLAN 0 to HW filter on device team0
[   37.415880][ T3322] 8021q: adding VLAN 0 to HW filter on device team0
[   37.427941][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.436487][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.443660][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.457500][ T3321] 8021q: adding VLAN 0 to HW filter on device team0
[   37.466162][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.473443][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.485056][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.492188][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.511881][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.519003][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.532033][ T3324] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.541660][ T1968] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.548722][ T1968] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.558690][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.566095][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.577161][ T3322] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   37.595791][ T3324] 8021q: adding VLAN 0 to HW filter on device team0
[   37.625214][ T1968] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.632323][ T1968] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.662850][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.669999][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.702790][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.768680][ T3323] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.797864][ T3321] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.840448][ T3324] 8021q: adding VLAN 0 to HW filter on device batadv0
[   37.882723][ T3322] veth0_vlan: entered promiscuous mode
[   37.909845][ T3322] veth1_vlan: entered promiscuous mode
[   37.926879][ T3323] veth0_vlan: entered promiscuous mode
[   37.936457][ T3323] veth1_vlan: entered promiscuous mode
[   37.972236][ T3322] veth0_macvtap: entered promiscuous mode
[   37.978843][ T3323] veth0_macvtap: entered promiscuous mode
[   37.995070][ T3322] veth1_macvtap: entered promiscuous mode
[   38.001899][ T3324] veth0_vlan: entered promiscuous mode
[   38.008518][ T3323] veth1_macvtap: entered promiscuous mode
[   38.021246][ T3321] veth0_vlan: entered promiscuous mode
[   38.033479][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.042611][ T3322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.053153][ T3322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.064187][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.073000][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.080717][ T3322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.091432][ T3322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.102465][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.110287][ T3324] veth1_vlan: entered promiscuous mode
[   38.121728][ T3322] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.130531][ T3322] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.139310][ T3322] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.148042][ T3322] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.158863][ T3323] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.167949][ T3323] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.176823][ T3323] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.185781][ T3323] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.197407][ T3321] veth1_vlan: entered promiscuous mode
[   38.230645][ T3324] veth0_macvtap: entered promiscuous mode
[   38.238018][ T3324] veth1_macvtap: entered promiscuous mode
[   38.252597][ T3321] veth0_macvtap: entered promiscuous mode
[   38.266089][ T3323] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   38.272489][ T3324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.291124][ T3324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.301138][ T3324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.311608][ T3324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.322343][ T3324] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.330016][ T3321] veth1_macvtap: entered promiscuous mode
[   38.357067][ T3324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.367615][ T3324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.377645][ T3324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.388159][ T3324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.399425][ T3324] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.408385][ T3324] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.417322][ T3324] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.426089][ T3324] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.434910][ T3324] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.464506][ T3321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.475827][ T3321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.485666][ T3321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.496100][ T3321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.505925][ T3321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   38.516363][ T3321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.527473][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0
[   38.532800][ T3433] loop1: detected capacity change from 0 to 1024
[   38.545020][ T3433] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   38.545817][ T3321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.553461][ T3433] EXT4-fs (loop1): Number of reserved GDT blocks insanely large: 8192
[   38.572307][ T3321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.582238][ T3321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.592696][ T3321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.602528][ T3321] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   38.612985][ T3321] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   38.624409][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1
[   38.643060][ T3321] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   38.651884][ T3321] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   38.660756][ T3321] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   38.669614][ T3321] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   38.753841][ T3433] loop1: detected capacity change from 0 to 512
[   38.786452][ T3433] EXT4-fs error (device loop1): ext4_xattr_block_get:596: inode #2: comm syz.1.2: corrupted xattr block 255: invalid header
[   38.799835][ T3433] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117
[   38.808391][ T3433] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.821257][ T3433] EXT4-fs error (device loop1): ext4_xattr_block_get:596: inode #2: comm syz.1.2: corrupted xattr block 255: invalid header
[   38.834900][ T3433] SELinux: (dev loop1, type ext4) getxattr errno 117
[   38.842250][ T3433] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.517356][ T3451] loop3: detected capacity change from 0 to 512
[   46.520493][ T3447] loop0: detected capacity change from 0 to 512
[   46.525369][ T3451] =======================================================
[   46.525369][ T3451] WARNING: The mand mount option has been deprecated and
[   46.525369][ T3451]          and is ignored by this kernel. Remove the mand
[   46.525369][ T3451]          option from the mount to silence this warning.
[   46.525369][ T3451] =======================================================
[   46.570935][   T29] kauditd_printk_skb: 43 callbacks suppressed
[   46.570952][   T29] audit: type=1400 audit(1732307051.780:134): avc:  denied  { create } for  pid=3450 comm="syz.1.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   46.598195][ T3452] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   46.608197][ T3448] netlink: 'syz.2.7': attribute type 10 has an invalid length.
[   46.614518][   T29] audit: type=1400 audit(1732307051.800:135): avc:  denied  { bind } for  pid=3450 comm="syz.1.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   46.619949][ T3447] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.636893][   T29] audit: type=1400 audit(1732307051.800:136): avc:  denied  { create } for  pid=3450 comm="syz.1.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   46.652773][ T3451] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.668165][   T29] audit: type=1400 audit(1732307051.820:137): avc:  denied  { setopt } for  pid=3450 comm="syz.1.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   46.668197][   T29] audit: type=1400 audit(1732307051.820:138): avc:  denied  { write } for  pid=3450 comm="syz.1.6" path="socket:[4176]" dev="sockfs" ino=4176 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   46.711398][ T3451] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   46.723879][   T29] audit: type=1400 audit(1732307051.820:139): avc:  denied  { read } for  pid=3450 comm="syz.1.6" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[   46.757002][   T29] audit: type=1400 audit(1732307051.820:140): avc:  denied  { open } for  pid=3450 comm="syz.1.6" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[   46.783516][ T3448] 8021q: adding VLAN 0 to HW filter on device batadv0
[   46.791949][   T29] audit: type=1400 audit(1732307051.860:141): avc:  denied  { mount } for  pid=3445 comm="syz.0.5" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   46.792411][ T3447] Driver unsupported XDP return value 0 on prog  (id 6) dev N/A, expect packet loss!
[   46.813502][   T29] audit: type=1400 audit(1732307052.000:142): avc:  denied  { read } for  pid=3445 comm="syz.0.5" name="mISDNtimer" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   46.824511][ T3448] team0: Port device batadv0 added
[   46.845675][   T29] audit: type=1400 audit(1732307052.000:143): avc:  denied  { open } for  pid=3445 comm="syz.0.5" path="/dev/mISDNtimer" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   46.890280][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.900005][ T3462] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[   47.000357][ T3471] loop1: detected capacity change from 0 to 128
[   47.015001][ T3462] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[   47.085801][ T3471] syz.1.12: attempt to access beyond end of device
[   47.085801][ T3471] loop1: rw=2049, sector=177, nr_sectors = 1 limit=128
[   47.120423][ T3471] syz.1.12: attempt to access beyond end of device
[   47.120423][ T3471] loop1: rw=2049, sector=153, nr_sectors = 24 limit=128
[   47.155765][ T3471] syz.1.12: attempt to access beyond end of device
[   47.155765][ T3471] loop1: rw=2049, sector=177, nr_sectors = 1 limit=128
[   47.169193][ T3471] Buffer I/O error on dev loop1, logical block 177, lost async page write
[   47.178698][ T3324] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.253823][   T36] kworker/u8:2: attempt to access beyond end of device
[   47.253823][   T36] loop1: rw=1, sector=178, nr_sectors = 1 limit=128
[   47.267297][   T36] Buffer I/O error on dev loop1, logical block 178, lost async page write
[   47.270639][ T3486] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3486 comm=syz.3.18
[   47.275913][   T36] kworker/u8:2: attempt to access beyond end of device
[   47.275913][   T36] loop1: rw=1, sector=179, nr_sectors = 1 limit=128
[   47.275942][   T36] Buffer I/O error on dev loop1, logical block 179, lost async page write
[   47.310080][   T36] kworker/u8:2: attempt to access beyond end of device
[   47.310080][   T36] loop1: rw=1, sector=180, nr_sectors = 1 limit=128
[   47.323457][   T36] Buffer I/O error on dev loop1, logical block 180, lost async page write
[   47.332139][   T36] kworker/u8:2: attempt to access beyond end of device
[   47.332139][   T36] loop1: rw=1, sector=181, nr_sectors = 1 limit=128
[   47.345497][   T36] Buffer I/O error on dev loop1, logical block 181, lost async page write
[   47.354116][   T36] kworker/u8:2: attempt to access beyond end of device
[   47.354116][   T36] loop1: rw=1, sector=182, nr_sectors = 1 limit=128
[   47.367553][   T36] Buffer I/O error on dev loop1, logical block 182, lost async page write
[   47.376102][   T36] kworker/u8:2: attempt to access beyond end of device
[   47.376102][   T36] loop1: rw=1, sector=183, nr_sectors = 1 limit=128
[   47.389442][   T36] Buffer I/O error on dev loop1, logical block 183, lost async page write
[   47.398061][   T36] kworker/u8:2: attempt to access beyond end of device
[   47.398061][   T36] loop1: rw=1, sector=184, nr_sectors = 1 limit=128
[   47.411390][   T36] Buffer I/O error on dev loop1, logical block 184, lost async page write
[   47.421130][ T3455] chnl_net:caif_netlink_parms(): no params data found
[   47.486913][ T3491] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   47.500199][ T3488] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[   47.536640][ T3506] netlink: 100 bytes leftover after parsing attributes in process `\'.
[   47.590082][ T3455] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.597173][ T3455] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.604616][ T3455] bridge_slave_0: entered allmulticast mode
[   47.611376][ T3455] bridge_slave_0: entered promiscuous mode
[   47.618078][ T3455] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.625241][ T3455] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.631772][ T3514] netlink: 28 bytes leftover after parsing attributes in process `syz.0.25'.
[   47.632639][ T3455] bridge_slave_1: entered allmulticast mode
[   47.648127][ T3455] bridge_slave_1: entered promiscuous mode
[   47.674226][ T3455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.691925][ T3455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.712649][ T3455] team0: Port device team_slave_0 added
[   47.719351][ T3455] team0: Port device team_slave_1 added
[   47.735609][ T3455] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.742635][ T3455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.768902][ T3455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.782332][ T3455] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.789656][ T3455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.815648][ T3455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.852980][ T3523] loop1: detected capacity change from 0 to 512
[   47.854450][ T3455] hsr_slave_0: entered promiscuous mode
[   47.865671][ T3455] hsr_slave_1: entered promiscuous mode
[   47.871773][ T3455] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   47.879402][ T3455] Cannot create hsr debugfs directory
[   47.882189][ T3523] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.898357][ T3523] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   47.919665][ T3523] lo speed is unknown, defaulting to 1000
[   47.927229][ T3523] lo speed is unknown, defaulting to 1000
[   47.936292][ T3523] lo speed is unknown, defaulting to 1000
[   47.943470][ T3523] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   47.954998][ T3523] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   47.963045][ T3455] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   47.972724][ T3455] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   47.982106][ T3523] lo speed is unknown, defaulting to 1000
[   47.982392][ T3455] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   47.996768][ T3523] lo speed is unknown, defaulting to 1000
[   47.996925][ T3455] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   48.011246][ T3523] lo speed is unknown, defaulting to 1000
[   48.017713][ T3523] lo speed is unknown, defaulting to 1000
[   48.018715][ T3455] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.030647][ T3455] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.037975][ T3455] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.045220][ T3455] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.054161][ T3523] lo speed is unknown, defaulting to 1000
[   48.081358][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.085129][ T3455] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.103040][ T1968] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.111639][ T1968] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.127016][ T3455] 8021q: adding VLAN 0 to HW filter on device team0
[   48.130417][ T3529] Zero length message leads to an empty skb
[   48.141173][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.148271][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.161279][ T1968] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.168463][ T1968] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.250218][ T3455] 8021q: adding VLAN 0 to HW filter on device batadv0
[   48.392986][ T3455] veth0_vlan: entered promiscuous mode
[   48.412326][ T3455] veth1_vlan: entered promiscuous mode
[   48.442964][ T3455] veth0_macvtap: entered promiscuous mode
[   48.452565][ T3455] veth1_macvtap: entered promiscuous mode
[   48.456358][ T3564] loop2: detected capacity change from 0 to 512
[   48.476573][ T3455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   48.487131][ T3455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   48.497074][ T3455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   48.507601][ T3455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   48.517980][ T3455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   48.528548][ T3455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   48.538526][ T3455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   48.549072][ T3455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   48.562077][ T3455] batman_adv: batadv0: Interface activated: batadv_slave_0
[   48.582537][ T3564] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.602141][ T3455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   48.612844][ T3455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   48.622738][ T3455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   48.625241][ T3564] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   48.633470][ T3455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   48.653255][ T3455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   48.663716][ T3455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   48.673624][ T3455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   48.684133][ T3455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   48.694864][ T3455] batman_adv: batadv0: Interface activated: batadv_slave_1
[   48.710803][ T3455] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   48.719669][ T3455] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   48.728390][ T3455] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   48.737213][ T3455] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   48.748760][ T3386] IPVS: starting estimator thread 0...
[   48.780032][ T3585] loop3: detected capacity change from 0 to 512
[   48.820478][ T3585] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.825841][ T3593] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[   48.834447][ T3585] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.839439][ T3593] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   48.839637][ T3593] vhci_hcd vhci_hcd.0: Device attached
[   48.860456][ T3585] netlink: 'syz.3.41': attribute type 1 has an invalid length.
[   48.863534][ T3586] IPVS: using max 2496 ests per chain, 124800 per kthread
[   48.870583][ T3585] netlink: 224 bytes leftover after parsing attributes in process `syz.3.41'.
[   48.890466][ T3596] vhci_hcd: connection closed
[   48.890794][   T28] vhci_hcd: stop threads
[   48.899823][   T28] vhci_hcd: release socket
[   48.904361][   T28] vhci_hcd: disconnect device
[   48.932084][ T3603] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[   48.944037][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.953507][ T3599] ebtables: ebtables: counters copy to user failed while replacing table
[   49.003790][ T3603] loop4: detected capacity change from 0 to 512
[   49.014364][ T3610] netlink: 'syz.2.48': attribute type 10 has an invalid length.
[   49.040229][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.062190][ T3603] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.082422][ T3603] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.114804][ T3624] loop2: detected capacity change from 0 to 1024
[   49.135112][ T3624] EXT4-fs: Ignoring removed mblk_io_submit option
[   49.175642][ T3624] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.204511][ T3455] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.207509][ T3627] loop0: detected capacity change from 0 to 512
[   49.233853][ T3627] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[   49.238877][ T3635] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1042 sclass=netlink_route_socket pid=3635 comm=syz.3.54
[   49.267726][ T3627] EXT4-fs (loop0): Errors on filesystem, clearing orphan list.
[   49.287124][ T3627] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.324550][ T3627] EXT4-fs error (device loop0): ext4_add_entry:2444: inode #2: comm syz.0.52: Directory hole found for htree leaf block 0
[   49.327939][ T3643] loop3: detected capacity change from 0 to 512
[   49.366643][ T3627] bridge_slave_0: left allmulticast mode
[   49.372578][ T3627] bridge_slave_0: left promiscuous mode
[   49.378364][ T3627] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.391805][ T3627] bridge_slave_1: left allmulticast mode
[   49.397565][ T3627] bridge_slave_1: left promiscuous mode
[   49.403417][ T3627] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.507676][    C1] hrtimer: interrupt took 49728 ns
[   49.522120][ T3643] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.534776][ T3643] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.037289][ T3627] bond0: (slave bond_slave_0): Releasing backup interface
[   50.064781][ T3627] bond0: (slave bond_slave_1): Releasing backup interface
[   50.083010][ T3659] netlink: 'syz.1.60': attribute type 10 has an invalid length.
[   50.136286][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.152068][ T3627] team0: Port device team_slave_0 removed
[   50.352916][ T3627] team0: Port device team_slave_1 removed
[   50.365441][ T3627] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   50.373049][ T3627] batman_adv: batadv0: Removing interface: batadv_slave_0
[   50.406852][ T3627] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   50.414374][ T3627] batman_adv: batadv0: Removing interface: batadv_slave_1
[   50.434458][ T3651] netlink: 28 bytes leftover after parsing attributes in process `syz.4.57'.
[   50.443383][ T3651] netlink: 28 bytes leftover after parsing attributes in process `syz.4.57'.
[   50.465738][ T3627] syz.0.52 (3627) used greatest stack depth: 10448 bytes left
[   50.479682][ T3324] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.509516][ T3663] syz.2.61[3663] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   50.509658][ T3663] syz.2.61[3663] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   50.521024][ T3663] syz.2.61[3663] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   50.528913][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.561154][ T3659] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.569341][ T3659] team0: Port device batadv0 added
[   50.580300][ T3663] netlink: 28 bytes leftover after parsing attributes in process `syz.2.61'.
[   50.584093][ T3667] loop4: detected capacity change from 0 to 512
[   50.634912][ T3667] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.650750][ T3667] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.682454][ T3676] loop0: detected capacity change from 0 to 1024
[   50.696201][ T3676] EXT4-fs: Ignoring removed nomblk_io_submit option
[   50.699618][ T3667] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[   50.713687][ T3676] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   50.748419][ T3676] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   50.762956][ T3455] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.772347][ T3676] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[   50.783734][ T3676] netlink: 'syz.0.66': attribute type 10 has an invalid length.
[   50.795237][ T3689] loop3: detected capacity change from 0 to 512
[   50.802316][ T3689] journal_path: Lookup failure for './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[   50.826172][ T3689] EXT4-fs: error: could not find journal device path
[   50.836231][ T3676] geneve1: entered promiscuous mode
[   50.847249][ T3676] bond0: (slave geneve1): Enslaving as an active interface with an up link
[   50.945823][ T3692] lo speed is unknown, defaulting to 1000
[   50.964595][ T3324] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.027588][ T3699] loop3: detected capacity change from 0 to 2048
[   51.082383][ T3703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.73'.
[   51.094827][ T3699] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.122558][ T3703] ip6gretap1: entered promiscuous mode
[   51.128094][ T3703] ip6gretap1: entered allmulticast mode
[   51.135186][ T3695] EXT4-fs (loop3): shut down requested (0)
[   51.154584][ T3695] netlink: 8 bytes leftover after parsing attributes in process `syz.3.74'.
[   51.173434][ T3703] loop0: detected capacity change from 0 to 256
[   51.195571][ T3703] FAT-fs (loop0): Directory bread(block 64) failed
[   51.202241][ T3703] FAT-fs (loop0): Directory bread(block 65) failed
[   51.217730][ T3703] FAT-fs (loop0): Directory bread(block 66) failed
[   51.226916][ T3703] FAT-fs (loop0): Directory bread(block 67) failed
[   51.256993][ T3712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   51.257799][ T3703] FAT-fs (loop0): Directory bread(block 68) failed
[   51.267089][ T3712] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   51.273419][ T3703] FAT-fs (loop0): Directory bread(block 69) failed
[   51.286915][ T3703] FAT-fs (loop0): Directory bread(block 70) failed
[   51.293699][ T3703] FAT-fs (loop0): Directory bread(block 71) failed
[   51.300567][ T3703] FAT-fs (loop0): Directory bread(block 72) failed
[   51.307171][ T3703] FAT-fs (loop0): Directory bread(block 73) failed
[   51.326965][ T3710] netlink: 'syz.1.76': attribute type 10 has an invalid length.
[   51.341900][ T3703] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 326)
[   51.350159][ T3703] FAT-fs (loop0): Filesystem has been set read-only
[   51.366625][ T3703] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 326)
[   51.504075][ T3722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.82'.
[   51.572240][ T3726] syz.1.84: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[   51.586750][ T3726] CPU: 0 UID: 0 PID: 3726 Comm: syz.1.84 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[   51.596980][ T3726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   51.607079][ T3726] Call Trace:
[   51.610401][ T3726]  <TASK>
[   51.613359][ T3726]  dump_stack_lvl+0xf2/0x150
[   51.618034][ T3726]  dump_stack+0x15/0x20
[   51.622231][ T3726]  warn_alloc+0x145/0x1b0
[   51.626652][ T3726]  ? __vmalloc_node_range_noprof+0x88/0xec0
[   51.632804][ T3726]  ? common_lsm_audit+0x8d5/0xfc0
[   51.638010][ T3726]  ? __pfx_avc_audit_post_callback+0x10/0x10
[   51.644046][ T3726]  __vmalloc_node_range_noprof+0xaa/0xec0
[   51.649801][ T3726]  ? __rcu_read_unlock+0x4e/0x70
[   51.654793][ T3726]  ? __perf_event_task_sched_in+0x9ac/0xa10
[   51.660731][ T3726]  ? __dequeue_entity+0x22/0x310
[   51.665805][ T3726]  ? xskq_create+0x36/0xd0
[   51.670302][ T3726]  vmalloc_user_noprof+0x59/0x70
[   51.675286][ T3726]  ? xskq_create+0x79/0xd0
[   51.679757][ T3726]  xskq_create+0x79/0xd0
[   51.684311][ T3726]  xsk_init_queue+0x82/0xd0
[   51.688913][ T3726]  xsk_setsockopt+0x409/0x520
[   51.693637][ T3726]  ? __pfx_xsk_setsockopt+0x10/0x10
[   51.698904][ T3726]  __sys_setsockopt+0x187/0x200
[   51.703807][ T3726]  __x64_sys_setsockopt+0x66/0x80
[   51.708911][ T3726]  x64_sys_call+0x282e/0x2dc0
[   51.713680][ T3726]  do_syscall_64+0xc9/0x1c0
[   51.718224][ T3726]  ? clear_bhb_loop+0x55/0xb0
[   51.723004][ T3726]  ? clear_bhb_loop+0x55/0xb0
[   51.727789][ T3726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.733751][ T3726] RIP: 0033:0x7f08e893e819
[   51.738197][ T3726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.757914][ T3726] RSP: 002b:00007f08e6fb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   51.766586][ T3726] RAX: ffffffffffffffda RBX: 00007f08e8af5fa0 RCX: 00007f08e893e819
[   51.774698][ T3726] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000003
[   51.782797][ T3726] RBP: 00007f08e89b175e R08: 0000000000000020 R09: 0000000000000000
[   51.790843][ T3726] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000000
[   51.798930][ T3726] R13: 0000000000000000 R14: 00007f08e8af5fa0 R15: 00007fff5fb91fd8
[   51.806928][ T3726]  </TASK>
[   51.810176][ T3726] Mem-Info:
[   51.813295][ T3726] active_anon:20294 inactive_anon:0 isolated_anon:0
[   51.813295][ T3726]  active_file:11991 inactive_file:1944 isolated_file:0
[   51.813295][ T3726]  unevictable:0 dirty:1298 writeback:0
[   51.813295][ T3726]  slab_reclaimable:2697 slab_unreclaimable:13407
[   51.813295][ T3726]  mapped:36033 shmem:16730 pagetables:788
[   51.813295][ T3726]  sec_pagetables:0 bounce:0
[   51.813295][ T3726]  kernel_misc_reclaimable:0
[   51.813295][ T3726]  free:1891948 free_pcp:1536 free_cma:0
[   51.818105][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.858782][ T3726] Node 0 active_anon:81176kB inactive_anon:0kB active_file:47964kB inactive_file:7776kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:144132kB dirty:5192kB writeback:0kB shmem:66920kB writeback_tmp:0kB kernel_stack:2912kB pagetables:3152kB sec_pagetables:0kB all_unreclaimable? no
[   51.895328][ T3726] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   51.922388][ T3726] lowmem_reserve[]: 0 2866 7844 0
[   51.927606][ T3726] Node 0 DMA32 free:2950316kB boost:0kB min:4136kB low:7068kB high:10000kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953948kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:100kB free_cma:0kB
[   51.956326][ T3726] lowmem_reserve[]: 0 0 4978 0
[   51.959672][ T3729] netlink: 'syz.4.86': attribute type 153 has an invalid length.
[   51.962343][ T3726] Node 0 Normal free:4601516kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:72244kB inactive_anon:0kB active_file:48776kB inactive_file:7776kB unevictable:0kB writepending:5192kB present:5242880kB managed:5098208kB mlocked:0kB bounce:0kB free_pcp:11040kB local_pcp:1448kB free_cma:0kB
[   51.999318][ T3726] lowmem_reserve[]: 0 0 0 0
[   52.003886][ T3726] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   52.016763][ T3726] Node 0 DMA32: 3*4kB (M) 0*8kB 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 2*256kB (M) 2*512kB (M) 3*1024kB (M) 2*2048kB (M) 718*4096kB (M) = 2950316kB
[   52.032868][ T3726] Node 0 Normal: 39*4kB (UME) 18*8kB (UM) 7*16kB (UME) 3*32kB (UME) 3*64kB (UM) 3*128kB (UE) 0*256kB 1*512kB (E) 0*1024kB 2*2048kB (UM) 1122*4096kB (UM) = 4601404kB
[   52.049738][ T3726] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[   52.059177][ T3726] 29593 total pagecache pages
[   52.063886][ T3726] 0 pages in swap cache
[   52.068122][ T3726] Free swap  = 124996kB
[   52.072337][ T3726] Total swap = 124996kB
[   52.076511][ T3726] 2097051 pages RAM
[   52.080370][ T3726] 0 pages HighMem/MovableOnly
[   52.085061][ T3726] 80172 pages reserved
[   52.109985][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[   52.125146][ T3734] loop3: detected capacity change from 0 to 512
[   52.143021][   T29] kauditd_printk_skb: 340 callbacks suppressed
[   52.143039][   T29] audit: type=1400 audit(1732307057.350:484): avc:  denied  { setopt } for  pid=3731 comm="syz.4.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   52.170367][   T29] audit: type=1400 audit(1732307057.380:485): avc:  denied  { listen } for  pid=3731 comm="syz.4.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[   52.180586][ T3734] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.229251][ T3734] ext4 filesystem being mounted at /17/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   52.231350][ T3740] loop4: detected capacity change from 0 to 512
[   52.252130][ T3742] netlink: 'syz.2.89': attribute type 10 has an invalid length.
[   52.277958][ T3740] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   52.291126][ T3740] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   52.419800][ T3740] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.90: corrupted in-inode xattr: e_name out of bounds
[   52.422025][ T3752] loop0: detected capacity change from 0 to 512
[   52.444090][ T3740] EXT4-fs (loop4): Remounting filesystem read-only
[   52.450653][ T3740] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   52.582971][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.621471][ T3740] EXT4-fs (loop4): 1 truncate cleaned up
[   52.651566][ T3752] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   52.690468][ T3740] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.759523][ T3752] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.786855][ T3740] SELinux: (dev loop4, type ext4) getxattr errno 5
[   52.797531][ T3740] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.808517][ T3752] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.833528][   T29] audit: type=1326 audit(1732307058.030:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   52.856725][   T29] audit: type=1326 audit(1732307058.030:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   52.880254][   T29] audit: type=1326 audit(1732307058.030:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   52.903539][   T29] audit: type=1326 audit(1732307058.030:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=75 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   52.926836][   T29] audit: type=1326 audit(1732307058.030:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   52.950073][   T29] audit: type=1326 audit(1732307058.030:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   52.973335][   T29] audit: type=1326 audit(1732307058.030:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3751 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   53.010888][   T29] audit: type=1400 audit(1732307058.220:493): avc:  denied  { create } for  pid=3757 comm="syz.1.96" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   53.031807][ T3324] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.142923][ T3763] FAULT_INJECTION: forcing a failure.
[   53.142923][ T3763] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   53.156241][ T3763] CPU: 0 UID: 0 PID: 3763 Comm: syz.0.95 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[   53.166428][ T3763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   53.169839][ T3767] loop1: detected capacity change from 0 to 1024
[   53.176492][ T3763] Call Trace:
[   53.176506][ T3763]  <TASK>
[   53.183272][ T3767] EXT4-fs: Ignoring removed nobh option
[   53.186121][ T3763]  dump_stack_lvl+0xf2/0x150
[   53.189700][ T3767] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   53.194596][ T3763]  dump_stack+0x15/0x20
[   53.200386][ T3767] EXT4-fs error (device loop1): ext4_ext_check_inode:524: inode #11: comm syz.1.98: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[   53.209411][ T3763]  should_fail_ex+0x223/0x230
[   53.209451][ T3763]  should_fail+0xb/0x10
[   53.214219][ T3767] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.98: couldn't read orphan inode 11 (err -117)
[   53.232046][ T3763]  should_fail_usercopy+0x1a/0x20
[   53.232090][ T3763]  _copy_from_iter+0xd5/0xd00
[   53.238029][ T3767] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.240937][ T3763]  ? kmalloc_reserve+0x16e/0x190
[   53.260446][ T3767] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.98: Invalid block bitmap block 0 in block_group 0
[   53.262435][ T3763]  ? __virt_addr_valid+0x1ed/0x250
[   53.276107][ T3767] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.98: Failed to acquire dquot type 0
[   53.279870][ T3763]  ? __check_object_size+0x364/0x520
[   53.314753][ T3763]  pfkey_sendmsg+0x16c/0x970
[   53.319380][ T3763]  ? selinux_socket_sendmsg+0x185/0x1c0
[   53.324948][ T3763]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   53.330084][ T3763]  __sock_sendmsg+0x140/0x180
[   53.334778][ T3763]  ____sys_sendmsg+0x312/0x410
[   53.339636][ T3763]  __sys_sendmsg+0x19d/0x230
[   53.344374][ T3763]  __x64_sys_sendmsg+0x46/0x50
[   53.349185][ T3763]  x64_sys_call+0x2734/0x2dc0
[   53.353921][ T3763]  do_syscall_64+0xc9/0x1c0
[   53.358481][ T3763]  ? clear_bhb_loop+0x55/0xb0
[   53.363258][ T3763]  ? clear_bhb_loop+0x55/0xb0
[   53.368105][ T3763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.374086][ T3763] RIP: 0033:0x7f639eb0e819
[   53.378611][ T3763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   53.398258][ T3763] RSP: 002b:00007f639d181038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   53.406684][ T3763] RAX: ffffffffffffffda RBX: 00007f639ecc5fa0 RCX: 00007f639eb0e819
[   53.414662][ T3763] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000006
[   53.422731][ T3763] RBP: 00007f639d181090 R08: 0000000000000000 R09: 0000000000000000
[   53.431059][ T3763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   53.439067][ T3763] R13: 0000000000000000 R14: 00007f639ecc5fa0 R15: 00007ffe7560cb88
[   53.447076][ T3763]  </TASK>
[   53.504611][ T3771] FAULT_INJECTION: forcing a failure.
[   53.504611][ T3771] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   53.517899][ T3771] CPU: 0 UID: 0 PID: 3771 Comm: syz.4.90 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[   53.528115][ T3771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   53.538280][ T3771] Call Trace:
[   53.541577][ T3771]  <TASK>
[   53.544527][ T3771]  dump_stack_lvl+0xf2/0x150
[   53.549290][ T3771]  dump_stack+0x15/0x20
[   53.553555][ T3771]  should_fail_ex+0x223/0x230
[   53.558262][ T3771]  should_fail_alloc_page+0xfd/0x110
[   53.563686][ T3771]  __alloc_pages_noprof+0x109/0x340
[   53.568905][ T3771]  alloc_pages_mpol_noprof+0xb1/0x1e0
[   53.574400][ T3771]  folio_alloc_mpol_noprof+0x36/0x70
[   53.579743][ T3771]  shmem_get_folio_gfp+0x3d1/0xd90
[   53.584980][ T3771]  shmem_write_begin+0xa2/0x180
[   53.589873][ T3771]  generic_perform_write+0x1a8/0x4a0
[   53.595410][ T3771]  shmem_file_write_iter+0xc2/0xe0
[   53.600555][ T3771]  vfs_write+0x77f/0x920
[   53.604845][ T3771]  ? __pfx_shmem_file_write_iter+0x10/0x10
[   53.610720][ T3771]  ksys_write+0xe8/0x1b0
[   53.615008][ T3771]  __x64_sys_write+0x42/0x50
[   53.619690][ T3771]  x64_sys_call+0x287e/0x2dc0
[   53.624474][ T3771]  do_syscall_64+0xc9/0x1c0
[   53.629088][ T3771]  ? clear_bhb_loop+0x55/0xb0
[   53.633813][ T3771]  ? clear_bhb_loop+0x55/0xb0
[   53.638528][ T3771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   53.644449][ T3771] RIP: 0033:0x7ff5d547d2ff
[   53.648881][ T3771] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[   53.668535][ T3771] RSP: 002b:00007ff5d3aaedf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   53.677065][ T3771] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007ff5d547d2ff
[   53.685153][ T3771] RDX: 0000000000010000 RSI: 00007ff5cb68f000 RDI: 000000000000000b
[   53.693147][ T3771] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000002a2
[   53.701137][ T3771] R10: 00000000000001b8 R11: 0000000000000293 R12: 000000000000000b
[   53.709206][ T3771] R13: 00007ff5d3aaeef0 R14: 00007ff5d3aaeeb0 R15: 00007ff5cb68f000
[   53.717199][ T3771]  </TASK>
[   53.934908][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[   53.966627][ T3767] syz.1.98 (3767) used greatest stack depth: 10200 bytes left
[   54.011494][   T54] EXT4-fs error (device loop1): __ext4_get_inode_loc:4435: comm kworker/u8:4: Invalid inode table block 8589934593 in block_group 0
[   54.052732][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.198889][ T3769] hub 6-0:1.0: USB hub found
[   54.208919][ T3769] hub 6-0:1.0: 8 ports detected
[   54.624727][ T3815] loop3: detected capacity change from 0 to 512
[   54.632801][ T3815] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   54.642278][ T3815] EXT4-fs (loop3): orphan cleanup on readonly fs
[   54.649347][ T3815] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.110: bg 0: block 248: padding at end of block bitmap is not set
[   54.664770][ T3815] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.110: Failed to acquire dquot type 1
[   54.676871][ T3815] EXT4-fs (loop3): 1 truncate cleaned up
[   54.683186][ T3815] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   54.698291][ T3815] syz.3.110 (3815) used greatest stack depth: 9296 bytes left
[   54.708835][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.730286][ T3818] loop3: detected capacity change from 0 to 512
[   54.751307][ T3818] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.764242][ T3818] ext4 filesystem being mounted at /21/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   54.804351][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.830311][ T3822] loop3: detected capacity change from 0 to 512
[   54.852456][ T3822] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.863259][ T3825] can0: slcan on ttyS3.
[   54.868873][ T3822] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   54.915455][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.924501][ T3825] can0 (unregistered): slcan off ttyS3.
[   54.933808][ T3828] can0: slcan on ttyS3.
[   54.969483][ T3833] netlink: 12 bytes leftover after parsing attributes in process `syz.1.115'.
[   55.038611][ T3833] loop1: detected capacity change from 0 to 512
[   55.060541][ T3833] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[   55.083242][ T3833] EXT4-fs (loop1): corrupt root inode, run e2fsck
[   55.091159][ T3833] EXT4-fs (loop1): mount failed
[   55.110505][ T3833] loop1: detected capacity change from 0 to 512
[   55.132032][ T3833] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities
[   55.207318][ T3856] lo speed is unknown, defaulting to 1000
[   55.261579][ T3856] lo speed is unknown, defaulting to 1000
[   55.285864][ T3862] syz.1.121[3862] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   55.285967][ T3862] syz.1.121[3862] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   55.297528][ T3862] syz.1.121[3862] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   55.349774][ T3867] loop1: detected capacity change from 0 to 512
[   55.384147][ T3867] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.397048][ T3867] ext4 filesystem being mounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   55.473967][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.598256][ T3879] lo speed is unknown, defaulting to 1000
[   55.736648][ T3882] loop1: detected capacity change from 0 to 512
[   55.841807][ T3882] EXT4-fs (loop1): too many log groups per flexible block group
[   55.849560][ T3882] EXT4-fs (loop1): failed to initialize mballoc (-12)
[   55.862053][ T3882] EXT4-fs (loop1): mount failed
[   56.034692][ T3882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.126'.
[   56.049780][ T3823] can0 (unregistered): slcan off ttyS3.
[   56.053498][ T3882] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   56.063095][ T3882] batman_adv: batadv0: Removing interface: batadv_slave_0
[   56.090283][ T3882] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   56.097831][ T3882] batman_adv: batadv0: Removing interface: batadv_slave_1
[   56.120519][ T3900] FAULT_INJECTION: forcing a failure.
[   56.120519][ T3900] name failslab, interval 1, probability 0, space 0, times 0
[   56.133332][ T3900] CPU: 0 UID: 0 PID: 3900 Comm: syz.4.130 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[   56.143615][ T3900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   56.153789][ T3900] Call Trace:
[   56.157087][ T3900]  <TASK>
[   56.160064][ T3900]  dump_stack_lvl+0xf2/0x150
[   56.164740][ T3900]  dump_stack+0x15/0x20
[   56.168951][ T3900]  should_fail_ex+0x223/0x230
[   56.173738][ T3900]  ? sctp_add_bind_addr+0x6f/0x1e0
[   56.178892][ T3900]  should_failslab+0x8f/0xb0
[   56.183525][ T3900]  __kmalloc_cache_noprof+0x4b/0x2a0
[   56.188840][ T3900]  sctp_add_bind_addr+0x6f/0x1e0
[   56.193939][ T3900]  sctp_copy_local_addr_list+0x19b/0x220
[   56.199681][ T3900]  sctp_copy_one_addr+0x83/0x410
[   56.204731][ T3900]  sctp_bind_addr_copy+0x81/0x2b0
[   56.209782][ T3900]  sctp_assoc_set_bind_addr_from_ep+0xc0/0xd0
[   56.215947][ T3900]  sctp_connect_new_asoc+0x1d0/0x3b0
[   56.221292][ T3900]  __sctp_connect+0x41d/0x7a0
[   56.225999][ T3900]  sctp_getsockopt_connectx3+0x26e/0x350
[   56.231842][ T3900]  sctp_getsockopt+0x805/0xab0
[   56.236633][ T3900]  sock_common_getsockopt+0x5b/0x70
[   56.241853][ T3900]  ? __pfx_sock_common_getsockopt+0x10/0x10
[   56.247762][ T3900]  do_sock_getsockopt+0x1ca/0x260
[   56.252819][ T3900]  __x64_sys_getsockopt+0x18c/0x200
[   56.258265][ T3900]  x64_sys_call+0x1288/0x2dc0
[   56.262974][ T3900]  do_syscall_64+0xc9/0x1c0
[   56.267504][ T3900]  ? clear_bhb_loop+0x55/0xb0
[   56.272350][ T3900]  ? clear_bhb_loop+0x55/0xb0
[   56.277053][ T3900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.283069][ T3900] RIP: 0033:0x7ff5d547e819
[   56.287507][ T3900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   56.307137][ T3900] RSP: 002b:00007ff5d3af1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   56.315560][ T3900] RAX: ffffffffffffffda RBX: 00007ff5d5635fa0 RCX: 00007ff5d547e819
[   56.323585][ T3900] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000006
[   56.331600][ T3900] RBP: 00007ff5d3af1090 R08: 0000000020000180 R09: 0000000000000000
[   56.339741][ T3900] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000002
[   56.347732][ T3900] R13: 0000000000000000 R14: 00007ff5d5635fa0 R15: 00007ffc390d0698
[   56.355805][ T3900]  </TASK>
[   56.380210][ T3907] loop3: detected capacity change from 0 to 2048
[   56.420419][ T3882] team0: Port device batadv0 removed
[   56.479357][ T3918] FAULT_INJECTION: forcing a failure.
[   56.479357][ T3918] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   56.492514][ T3918] CPU: 1 UID: 0 PID: 3918 Comm: syz.0.135 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[   56.502852][ T3918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   56.512972][ T3918] Call Trace:
[   56.516324][ T3918]  <TASK>
[   56.519270][ T3918]  dump_stack_lvl+0xf2/0x150
[   56.523885][ T3918]  dump_stack+0x15/0x20
[   56.528201][ T3918]  should_fail_ex+0x223/0x230
[   56.532942][ T3918]  should_fail+0xb/0x10
[   56.537123][ T3918]  should_fail_usercopy+0x1a/0x20
[   56.542241][ T3918]  _copy_to_user+0x20/0xa0
[   56.546678][ T3918]  simple_read_from_buffer+0xa0/0x110
[   56.552089][ T3918]  proc_fail_nth_read+0xf9/0x140
[   56.557193][ T3918]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   56.563014][ T3918]  vfs_read+0x1a2/0x700
[   56.567834][ T3918]  ? __rcu_read_unlock+0x4e/0x70
[   56.572815][ T3918]  ? __fget_files+0x17c/0x1c0
[   56.577604][ T3918]  ksys_read+0xe8/0x1b0
[   56.581871][ T3918]  __x64_sys_read+0x42/0x50
[   56.586452][ T3918]  x64_sys_call+0x2874/0x2dc0
[   56.591199][ T3918]  do_syscall_64+0xc9/0x1c0
[   56.595782][ T3918]  ? clear_bhb_loop+0x55/0xb0
[   56.600562][ T3918]  ? clear_bhb_loop+0x55/0xb0
[   56.605317][ T3918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.611270][ T3918] RIP: 0033:0x7f639eb0d25c
[   56.615691][ T3918] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   56.635311][ T3918] RSP: 002b:00007f639d181030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   56.643798][ T3918] RAX: ffffffffffffffda RBX: 00007f639ecc5fa0 RCX: 00007f639eb0d25c
[   56.651803][ T3918] RDX: 000000000000000f RSI: 00007f639d1810a0 RDI: 0000000000000005
[   56.660037][ T3918] RBP: 00007f639d181090 R08: 0000000000000000 R09: 0000000000000000
[   56.668066][ T3918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   56.676144][ T3918] R13: 0000000000000000 R14: 00007f639ecc5fa0 R15: 00007ffe7560cb88
[   56.684171][ T3918]  </TASK>
[   56.708303][ T3919] FAULT_INJECTION: forcing a failure.
[   56.708303][ T3919] name failslab, interval 1, probability 0, space 0, times 0
[   56.721068][ T3919] CPU: 0 UID: 0 PID: 3919 Comm: syz.4.133 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[   56.731414][ T3919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   56.741513][ T3919] Call Trace:
[   56.744970][ T3919]  <TASK>
[   56.747921][ T3919]  dump_stack_lvl+0xf2/0x150
[   56.752562][ T3919]  dump_stack+0x15/0x20
[   56.756781][ T3919]  should_fail_ex+0x223/0x230
[   56.761497][ T3919]  ? getname_flags+0x81/0x3b0
[   56.766241][ T3919]  should_failslab+0x8f/0xb0
[   56.770886][ T3919]  kmem_cache_alloc_noprof+0x4c/0x290
[   56.776306][ T3919]  getname_flags+0x81/0x3b0
[   56.780896][ T3919]  user_path_at+0x26/0x120
[   56.785335][ T3919]  __se_sys_chroot+0x4c/0x180
[   56.790128][ T3919]  __x64_sys_chroot+0x1f/0x30
[   56.795001][ T3919]  x64_sys_call+0x2a0e/0x2dc0
[   56.799726][ T3919]  do_syscall_64+0xc9/0x1c0
[   56.804289][ T3919]  ? clear_bhb_loop+0x55/0xb0
[   56.809024][ T3919]  ? clear_bhb_loop+0x55/0xb0
[   56.813765][ T3919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.819774][ T3919] RIP: 0033:0x7ff5d547e819
[   56.824203][ T3919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   56.843943][ T3919] RSP: 002b:00007ff5d3af1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a1
[   56.852511][ T3919] RAX: ffffffffffffffda RBX: 00007ff5d5635fa0 RCX: 00007ff5d547e819
[   56.860492][ T3919] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000300
[   56.868504][ T3919] RBP: 00007ff5d3af1090 R08: 0000000000000000 R09: 0000000000000000
[   56.876500][ T3919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   56.884508][ T3919] R13: 0000000000000000 R14: 00007ff5d5635fa0 R15: 00007ffc390d0698
[   56.892538][ T3919]  </TASK>
[   56.955421][ T3923] 9pnet_fd: Insufficient options for proto=fd
[   57.018300][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[   57.082144][ T3933] FAULT_INJECTION: forcing a failure.
[   57.082144][ T3933] name failslab, interval 1, probability 0, space 0, times 0
[   57.090985][ T3923] loop1: detected capacity change from 0 to 164
[   57.094813][ T3933] CPU: 1 UID: 0 PID: 3933 Comm: syz.3.139 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[   57.102590][ T3930] loop4: detected capacity change from 0 to 1024
[   57.111243][ T3933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   57.111261][ T3933] Call Trace:
[   57.111269][ T3933]  <TASK>
[   57.111278][ T3933]  dump_stack_lvl+0xf2/0x150
[   57.127720][ T3933]  dump_stack+0x15/0x20
[   57.142840][ T3933]  should_fail_ex+0x223/0x230
[   57.147647][ T3933]  ? security_file_alloc+0x32/0x100
[   57.152880][ T3933]  should_failslab+0x8f/0xb0
[   57.157682][ T3933]  kmem_cache_alloc_noprof+0x4c/0x290
[   57.163098][ T3933]  security_file_alloc+0x32/0x100
[   57.168165][ T3933]  init_file+0x5b/0x1b0
[   57.172422][ T3933]  alloc_empty_file+0xea/0x200
[   57.177292][ T3933]  path_openat+0x6a/0x1fa0
[   57.181859][ T3933]  ? _parse_integer_limit+0x167/0x180
[   57.187322][ T3933]  ? _parse_integer+0x27/0x30
[   57.192013][ T3933]  ? kstrtoull+0x110/0x140
[   57.196590][ T3933]  ? kstrtouint+0x77/0xc0
[   57.200944][ T3933]  ? kstrtouint_from_user+0xb0/0xe0
[   57.206198][ T3933]  do_filp_open+0x107/0x230
[   57.210753][ T3933]  do_sys_openat2+0xab/0x120
[   57.215354][ T3933]  __x64_sys_openat+0xf3/0x120
[   57.220130][ T3933]  x64_sys_call+0x2b30/0x2dc0
[   57.224825][ T3933]  do_syscall_64+0xc9/0x1c0
[   57.229349][ T3933]  ? clear_bhb_loop+0x55/0xb0
[   57.234049][ T3933]  ? clear_bhb_loop+0x55/0xb0
[   57.238853][ T3933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.244822][ T3933] RIP: 0033:0x7f878af6e819
[   57.249284][ T3933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.269178][ T3933] RSP: 002b:00007f87895e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   57.277699][ T3933] RAX: ffffffffffffffda RBX: 00007f878b125fa0 RCX: 00007f878af6e819
[   57.285682][ T3933] RDX: 000000000000275a RSI: 0000000020000140 RDI: 0000000000000003
[   57.293718][ T3933] RBP: 00007f87895e7090 R08: 0000000000000000 R09: 0000000000000000
[   57.301697][ T3933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.309679][ T3933] R13: 0000000000000000 R14: 00007f878b125fa0 R15: 00007ffe9b545cf8
[   57.317707][ T3933]  </TASK>
[   57.349758][ T3923] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet.
[   57.379080][   T29] kauditd_printk_skb: 91 callbacks suppressed
[   57.379146][   T29] audit: type=1400 audit(1732307062.580:581): avc:  denied  { mount } for  pid=3922 comm="+}[@" name="/" dev="loop1" ino=1920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   57.420007][ T3930] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.491031][   T29] audit: type=1326 audit(1732307062.650:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3939 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   57.514332][   T29] audit: type=1326 audit(1732307062.650:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3939 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   57.537675][   T29] audit: type=1326 audit(1732307062.650:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3939 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   57.560961][   T29] audit: type=1326 audit(1732307062.650:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3939 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   57.584321][   T29] audit: type=1326 audit(1732307062.650:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3939 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   57.607721][   T29] audit: type=1326 audit(1732307062.650:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3939 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   57.631079][   T29] audit: type=1326 audit(1732307062.650:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3939 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   57.654405][   T29] audit: type=1326 audit(1732307062.650:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3939 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   57.700371][ T3930] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=3930 comm=syz.4.138
[   57.712955][   T29] audit: type=1400 audit(1732307062.910:590): avc:  denied  { nlmsg_write } for  pid=3929 comm="syz.4.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[   57.733996][ T3930] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   57.734238][ T3923] usb usb8: usbfs: process 3923 (+}[@) did not claim interface 0 before use
[   57.755896][ T3930] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.109317][ T3954] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3954 comm=syz.2.146
[   67.125342][ T3955] loop1: detected capacity change from 0 to 512
[   67.140439][ T3954] loop2: detected capacity change from 0 to 128
[   67.141803][ T3953] loop4: detected capacity change from 0 to 512
[   67.151889][ T3957] loop0: detected capacity change from 0 to 1024
[   67.175029][ T3954] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   67.175343][ T3953] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.201584][ T3955] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.207480][ T3953] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.215974][ T3955] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.224885][ T3954] ext4 filesystem being mounted at /20/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   67.268331][ T3957] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   67.294538][ T3957] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   67.305640][ T3455] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.316063][   T29] audit: type=1400 audit(1732307072.520:591): avc:  denied  { setattr } for  pid=3952 comm="syz.2.146" path="/20/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/hugetlb.2MB.rsvd.usage_in_bytes" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   67.322193][ T3957] ext4: Unknown parameter 'ÿÿÿÿÿÿÿÿO„]_Ë`}úÖ‰y߶!	a5ʧN¯§åeþÊÓ(ïŒ[Þ'
[   67.362994][   T29] audit: type=1400 audit(1732307072.520:592): avc:  denied  { execute } for  pid=3956 comm="syz.0.144" path="/34/file1/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   67.372495][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.426031][   T29] audit: type=1400 audit(1732307072.630:593): avc:  denied  { mounton } for  pid=3952 comm="syz.2.146" path="/20/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   67.491829][ T3954] 9pnet_fd: p9_fd_create_tcp (3954): problem connecting socket to 127.0.0.1
[   67.518469][ T3324] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.534096][ T3323] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   67.548564][ T3950] loop3: detected capacity change from 0 to 512
[   67.564826][ T3981] loop2: detected capacity change from 0 to 512
[   67.568824][ T3983] netlink: 'syz.0.151': attribute type 10 has an invalid length.
[   67.580440][ T3950] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   67.593753][ T3983] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.601855][   T29] audit: type=1400 audit(1732307072.800:594): avc:  denied  { connect } for  pid=3984 comm="syz.1.153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   67.619943][ T3983] team0: Port device batadv0 added
[   67.635862][ T3950] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.147: invalid indirect mapped block 4294967295 (level 0)
[   67.663752][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[   67.667506][ T3985] syz.1.153[3985] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   67.679345][ T3985] syz.1.153[3985] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   67.692695][ T3981] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.696132][   T29] audit: type=1400 audit(1732307072.900:595): avc:  denied  { setopt } for  pid=3984 comm="syz.1.153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   67.710227][ T3950] EXT4-fs (loop3): Remounting filesystem read-only
[   67.734668][ T3981] ext4 filesystem being mounted at /21/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   67.735841][ T3950] EXT4-fs (loop3): 1 orphan inode deleted
[   67.744285][ T3978] tmpfs: Unknown parameter '÷>˵g?Ô¶Ðrmpol'
[   67.752677][ T3950] EXT4-fs (loop3): 1 truncate cleaned up
[   67.770854][ T3950] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.783468][ T3950] SELinux: (dev loop3, type ext4) getxattr errno 5
[   67.792681][ T3950] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.867075][ T3995] loop0: detected capacity change from 0 to 1024
[   67.882674][ T3995] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.926298][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.943188][ T3950] loop3: detected capacity change from 0 to 512
[   67.993147][ T3950] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   68.054077][ T3995] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=3995 comm=syz.0.156
[   68.073545][ T3950] EXT4-fs (loop3): 1 truncate cleaned up
[   68.096907][ T3950] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.124138][ T4007] lo speed is unknown, defaulting to 1000
[   68.131609][   T29] audit: type=1400 audit(1732307073.340:596): avc:  denied  { remount } for  pid=3994 comm="syz.0.156" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   68.183636][ T3995] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.193259][ T3950] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   68.302095][   T29] audit: type=1400 audit(1732307073.510:597): avc:  denied  { write } for  pid=4024 comm="syz.1.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   68.348891][   T29] audit: type=1400 audit(1732307073.540:598): avc:  denied  { read } for  pid=4024 comm="syz.1.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   68.368344][   T29] audit: type=1400 audit(1732307073.550:599): avc:  denied  { ioctl } for  pid=4031 comm="syz.0.161" path="socket:[6201]" dev="sockfs" ino=6201 ioctlcmd=0x89f3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   68.420903][   T29] audit: type=1400 audit(1732307073.620:600): avc:  denied  { setopt } for  pid=4031 comm="syz.0.161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   68.457128][ T3321] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.479928][ T4043] loop2: detected capacity change from 0 to 512
[   68.504983][ T4040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.162'.
[   68.522483][ T4043] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.547446][ T4043] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   68.574603][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[   68.601183][ T4051] netlink: 132 bytes leftover after parsing attributes in process `syz.3.166'.
[   68.611901][ T4051] netlink: 8 bytes leftover after parsing attributes in process `syz.3.166'.
[   68.637410][ T4051] bond1: entered promiscuous mode
[   68.642516][ T4051] bond1: entered allmulticast mode
[   68.647942][ T4051] 8021q: adding VLAN 0 to HW filter on device bond1
[   68.648486][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.719003][ T4063] process 'syz.2.168' launched './file1' with NULL argv: empty string added
[   68.742164][ T4062] loop3: detected capacity change from 0 to 1024
[   68.756553][ T4062] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.773066][ T4065] loop0: detected capacity change from 0 to 128
[   68.782864][ T4073] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.793990][ T4065] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   68.814070][ T4065] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   68.825086][ T4065] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.172' sets config #1
[   68.843689][ T4062] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4062 comm=syz.3.171
[   68.850715][ T4074] netlink: 28 bytes leftover after parsing attributes in process `syz.4.175'.
[   68.866876][ T4065] syz.0.172 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   68.880506][ T4062] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[   68.884917][    C0] ------------[ cut here ]------------
[   68.896454][    C0] refcount_t: underflow; use-after-free.
[   68.899627][ T4078] loop2: detected capacity change from 0 to 512
[   68.902397][    C0] WARNING: CPU: 0 PID: 15 at lib/refcount.c:28 refcount_warn_saturate+0x1c6/0x230
[   68.917604][    C0] Modules linked in:
[   68.921571][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3 #0
[   68.925405][ T4074] loop4: detected capacity change from 0 to 512
[   68.931853][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   68.931871][    C0] RIP: 0010:refcount_warn_saturate+0x1c6/0x230
[   68.954393][    C0] Code: 72 ff ff ff e8 3b 5c 70 ff 48 c7 c7 e9 37 b3 86 e8 4f a6 89 ff c6 05 41 22 f3 04 01 90 48 c7 c7 7b 34 1c 86 e8 8b f5 51 ff 90 <0f> 0b 90 90 e9 43 ff ff ff e8 0c 5c 70 ff 48 c7 c7 e6 37 b3 86 e8
[   68.964560][ T4078] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.974403][    C0] RSP: 0018:ffffc900000879e8 EFLAGS: 00010246
[   68.974433][    C0] RAX: c36e7d6a1053f900 RBX: ffff888114905ce4 RCX: ffff8881001d0000
[   68.974450][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[   68.974469][    C0] RBP: 0000000000000003 R08: ffffffff81120ca7 R09: 0000000000000000
[   68.988628][ T4078] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   68.992981][    C0] R10: 0001ffffffffffff R11: 0001c90000087827 R12: 0000000000000001
[   68.993003][    C0] R13: ffff88811587e200 R14: ffff888114905ce4 R15: 0000000000000000
[   69.043301][    C0] FS:  0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[   69.052519][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.059618][    C0] CR2: 000000110c2765e9 CR3: 000000011838e000 CR4: 00000000003506f0
[   69.067644][    C0] DR0: 0100000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.075711][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
[   69.077403][ T4074] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.083717][    C0] Call Trace:
[   69.083727][    C0]  <TASK>
[   69.083738][    C0]  ? __warn+0x141/0x350
[   69.083765][    C0]  ? report_bug+0x315/0x420
[   69.098166][ T4074] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   69.099708][    C0]  ? refcount_warn_saturate+0x1c6/0x230
[   69.105418][ T4074] EXT4-fs error (device loop4): ext4_do_update_inode:5153: inode #2: comm syz.4.175: corrupted inode contents
[   69.106800][    C0]  ? handle_bug+0x60/0x90
[   69.112999][ T4074] EXT4-fs error (device loop4): ext4_dirty_inode:6041: inode #2: comm syz.4.175: mark_inode_dirty error
[   69.121605][    C0]  ? exc_invalid_op+0x1a/0x50
[   69.127617][ T4074] EXT4-fs error (device loop4): ext4_do_update_inode:5153: inode #2: comm syz.4.175: corrupted inode contents
[   69.138899][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[   69.138941][    C0]  ? __warn_printk+0x167/0x1b0
[   69.145001][ T4074] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.175: mark_inode_dirty error
[   69.154429][    C0]  ? refcount_warn_saturate+0x1c6/0x230
[   69.197489][    C0]  ? refcount_warn_saturate+0x1c5/0x230
[   69.202618][ T4074] netlink: 'syz.4.175': attribute type 10 has an invalid length.
[   69.203124][    C0]  sk_skb_reason_drop+0xe9/0x290
[   69.212313][ T4074] bridge0: port 3(team0) entered blocking state
[   69.215780][    C0]  j1939_xtp_rx_cts+0x3c4/0x6c0
[   69.222097][ T4074] bridge0: port 3(team0) entered disabled state
[   69.226933][    C0]  j1939_tp_recv+0x699/0xa80
[   69.234713][ T4074] team0: entered allmulticast mode
[   69.237821][    C0]  j1939_can_recv+0x45f/0x550
[   69.237855][    C0]  ? __pfx_j1939_can_recv+0x10/0x10
[   69.237876][    C0]  can_rcv_filter+0x225/0x4c0
[   69.242995][ T4074] team_slave_0: entered allmulticast mode
[   69.247676][    C0]  can_receive+0x182/0x1f0
[   69.247706][    C0]  ? __pfx_ip_rcv+0x10/0x10
[   69.252941][ T4074] team_slave_1: entered allmulticast mode
[   69.257597][    C0]  can_rcv+0xe7/0x180
[   69.266549][ T4074] team0: entered promiscuous mode
[   69.267737][    C0]  ? __pfx_can_rcv+0x10/0x10
[   69.272256][ T4074] team_slave_0: entered promiscuous mode
[   69.278001][    C0]  __netif_receive_skb+0x123/0x280
[   69.282141][ T4074] team_slave_1: entered promiscuous mode
[   69.287077][    C0]  process_backlog+0x22e/0x440
[   69.293684][ T4074] bridge0: port 3(team0) entered blocking state
[   69.297313][    C0]  __napi_poll+0x63/0x3c0
[   69.302482][ T4074] bridge0: port 3(team0) entered forwarding state
[   69.308088][    C0]  ? net_rx_action+0x376/0x7f0
[   69.308119][    C0]  net_rx_action+0x3a1/0x7f0
[   69.339954][    C0]  handle_softirqs+0xbf/0x280
[   69.344691][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[   69.350299][    C0]  run_ksoftirqd+0x1c/0x30
[   69.354856][    C0]  smpboot_thread_fn+0x31c/0x4c0
[   69.359930][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   69.365421][    C0]  kthread+0x1d1/0x210
[   69.369613][    C0]  ? __pfx_kthread+0x10/0x10
[   69.374467][    C0]  ret_from_fork+0x4b/0x60
[   69.378899][    C0]  ? __pfx_kthread+0x10/0x10
[   69.383566][    C0]  ret_from_fork_asm+0x1a/0x30
[   69.388392][    C0]  </TASK>
[   69.391573][    C0] ---[ end trace 0000000000000000 ]---
[   69.405907][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.427386][ T4062] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.506773][ T4087] loop2: detected capacity change from 0 to 512
[   69.551010][ T4087] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   69.572682][ T4090] loop0: detected capacity change from 0 to 1024
[   69.582768][ T4087] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   69.606637][ T4090] loop0: detected capacity change from 0 to 512
[   69.638777][ T4090] EXT4-fs (loop0): blocks per group (71) and clusters per group (20800) inconsistent
[   69.694037][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.733670][ T4095] netlink: 96 bytes leftover after parsing attributes in process `syz.0.180'.
[   69.736902][ T4094] loop2: detected capacity change from 0 to 2048
[   69.771739][ T4094] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.790234][ T4094] netlink: 24 bytes leftover after parsing attributes in process `syz.2.181'.
[   69.821266][ T4094] capability: warning: `syz.2.181' uses deprecated v2 capabilities in a way that may be insecure
[   69.844074][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.937717][ T4103] loop2: detected capacity change from 0 to 128
[   69.969308][ T4105] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[   69.975888][ T4105] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   69.983386][ T4105] vhci_hcd vhci_hcd.0: Device attached
[   69.998624][ T4105] loop1: detected capacity change from 0 to 512
[   70.012081][ T4105] EXT4-fs: Ignoring removed orlov option
[   70.021508][ T4105] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   70.032589][ T4105] EXT4-fs (loop1): orphan cleanup on readonly fs
[   70.035706][ T4103] netlink: 'syz.2.184': attribute type 11 has an invalid length.
[   70.047544][ T4105] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.185: bg 0: block 248: padding at end of block bitmap is not set
[   70.094917][ T4105] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.185: Failed to acquire dquot type 1
[   70.121531][ T4105] EXT4-fs (loop1): 1 truncate cleaned up
[   70.131191][ T4105] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   70.138664][ T3323] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   70.151476][ T3323] FAT-fs (loop2): Filesystem has been set read-only
[   70.164171][ T4105] ext4: Unknown parameter '0x0000000000000000ÿÿÿÿÿÿÿÿ0000000000000000000400000000000000000000005'
[   70.177538][ T4105] EXT4-fs: Ignoring removed orlov option
[   70.183428][ T4105] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   70.191040][ T3385] vhci_hcd: vhci_device speed not set
[   70.198211][ T4105] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[   70.219973][ T4105] EXT4-fs error (device loop1): __ext4_remount:6749: comm syz.1.185: Abort forced by user
[   70.230301][ T4105] EXT4-fs (loop1): Remounting filesystem read-only
[   70.236859][ T4105] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[   70.248635][ T4105] ext4 filesystem being remounted at /46/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   70.259486][ T3385] usb 3-1: new full-speed USB device number 2 using vhci_hcd
[   70.278712][ T4106] vhci_hcd: connection reset by peer
[   70.284418][   T36] vhci_hcd: stop threads
[   70.288700][   T36] vhci_hcd: release socket
[   70.293224][   T36] vhci_hcd: disconnect device
[   70.370720][ T4116] netlink: 'syz.3.189': attribute type 10 has an invalid length.
[   70.388175][ T4116] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.396679][ T4116] team0: Port device batadv0 added
[   70.434420][    C0] vcan0: j1939_tp_rxtimer: 0xffff88811587e200: rx timeout, send abort
[   70.443628][    C0] vcan0: j1939_tp_rxtimer: 0xffff88811581ee00: rx timeout, send abort
[   70.453021][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88811587e200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   70.467941][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88811581ee00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   70.514791][   T54] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.552889][ T3455] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.600699][   T54] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.653731][ T4118] loop3: detected capacity change from 0 to 128
[   70.687540][   T54] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.752055][   T54] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.795475][ T4121] lo speed is unknown, defaulting to 1000
[   70.818707][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.842638][ T4118] netlink: 12 bytes leftover after parsing attributes in process `syz.3.190'.
[   70.931665][   T54] bridge_slave_1: left allmulticast mode
[   70.938101][   T54] bridge_slave_1: left promiscuous mode
[   70.943800][   T54] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.973458][   T54] bridge_slave_0: left allmulticast mode
[   70.979341][   T54] bridge_slave_0: left promiscuous mode
[   70.982416][ T4153] netlink: 'syz.3.200': attribute type 10 has an invalid length.
[   70.985004][   T54] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.005485][ T4150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.196'.
[   71.101083][   T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   71.111321][   T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   71.121088][   T54] bond0 (unregistering): Released all slaves
[   71.143515][ T4121] chnl_net:caif_netlink_parms(): no params data found
[   71.166686][ T4167] loop3: detected capacity change from 0 to 128
[   71.176784][   T54] hsr_slave_0: left promiscuous mode
[   71.181078][ T4167] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   71.194667][   T54] hsr_slave_1: left promiscuous mode
[   71.194925][ T4167] ext4 filesystem being mounted at /41/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   71.233098][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   71.240597][   T54] batman_adv: batadv0: Removing interface: batadv_slave_0
[   71.248802][   T54] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   71.256347][   T54] batman_adv: batadv0: Removing interface: batadv_slave_1
[   71.266774][   T54] veth1_macvtap: left promiscuous mode
[   71.272424][   T54] veth0_macvtap: left promiscuous mode
[   71.278172][   T54] veth1_vlan: left promiscuous mode
[   71.283535][   T54] veth0_vlan: left promiscuous mode
[   71.326512][ T4169] netlink: 172 bytes leftover after parsing attributes in process `syz.3.201'.
[   71.357080][   T54] team0 (unregistering): Port device team_slave_1 removed
[   71.367253][   T54] team0 (unregistering): Port device team_slave_0 removed
[   71.393815][   T54] team0 (unregistering): Port device batadv0 removed
[   71.452481][ T4121] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.459754][ T4121] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.467220][ T4121] bridge_slave_0: entered allmulticast mode
[   71.474700][ T4121] bridge_slave_0: entered promiscuous mode
[   71.482588][ T4121] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.489821][ T4121] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.497730][ T4121] bridge_slave_1: entered allmulticast mode
[   71.504576][ T4121] bridge_slave_1: entered promiscuous mode
[   71.524384][ T4121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.555040][ T4121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.597758][ T4121] team0: Port device team_slave_0 added
[   71.606601][ T4187] lo speed is unknown, defaulting to 1000
[   71.607645][ T4121] team0: Port device team_slave_1 added
[   71.640191][ T4121] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.647206][ T4121] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.673439][ T4121] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.689213][ T4121] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.696199][ T4121] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.722223][ T4121] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.749490][ T4190] netlink: 144 bytes leftover after parsing attributes in process `syz.1.203'.
[   71.784616][ T4121] hsr_slave_0: entered promiscuous mode
[   71.790871][ T4121] hsr_slave_1: entered promiscuous mode
[   71.794401][ T4193] loop1: detected capacity change from 0 to 1024
[   71.803222][ T4121] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   71.816659][ T4121] Cannot create hsr debugfs directory
[   71.826897][ T4193] loop1: detected capacity change from 0 to 512
[   71.856094][ T4193] EXT4-fs (loop1): blocks per group (71) and clusters per group (20800) inconsistent
[   71.993522][ T4121] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   72.022765][ T3321] EXT4-fs error (device loop3): ext4_readdir:221: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[   72.052171][ T3321] EXT4-fs error (device loop3): ext4_readdir:221: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[   72.066617][ T4121] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   72.067055][ T3321] EXT4-fs error (device loop3): ext4_empty_dir:3124: inode #11: block 1: comm syz-executor: Directory block failed checksum
[   72.088742][ T3321] EXT4-fs error (device loop3): ext4_readdir:221: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[   72.090452][ T4121] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   72.110711][ T3321] EXT4-fs error (device loop3): ext4_readdir:221: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[   72.125566][ T3321] EXT4-fs error (device loop3): ext4_empty_dir:3124: inode #11: block 1: comm syz-executor: Directory block failed checksum
[   72.140364][ T3321] EXT4-fs error (device loop3): ext4_readdir:221: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[   72.157894][ T4121] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   72.184085][ T3321] EXT4-fs error (device loop3): ext4_readdir:221: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[   72.202039][ T3321] EXT4-fs error (device loop3): ext4_empty_dir:3124: inode #11: block 1: comm syz-executor: Directory block failed checksum
[   72.209149][ T4121] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.222048][ T4121] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.229473][ T4121] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.236576][ T4121] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.242583][ T3321] EXT4-fs error (device loop3): ext4_readdir:221: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[   72.315472][ T4121] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.326660][ T4121] 8021q: adding VLAN 0 to HW filter on device team0
[   72.339600][   T29] kauditd_printk_skb: 133 callbacks suppressed
[   72.339615][   T29] audit: type=1326 audit(1732307077.530:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4217 comm="syz.4.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d547e819 code=0x7ffc0000
[   72.369184][   T29] audit: type=1326 audit(1732307077.530:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4217 comm="syz.4.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5d547e819 code=0x7ffc0000
[   72.430951][   T29] audit: type=1326 audit(1732307077.620:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4225 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   72.432598][ T4226] FAULT_INJECTION: forcing a failure.
[   72.432598][ T4226] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.454301][   T29] audit: type=1326 audit(1732307077.620:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4225 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f639eb0d1b0 code=0x7ffc0000
[   72.467544][ T4226] CPU: 1 UID: 0 PID: 4226 Comm: syz.0.209 Tainted: G        W          6.12.0-syzkaller-07749-g28eb75e178d3 #0
[   72.490740][   T29] audit: type=1326 audit(1732307077.620:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4225 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f639eb0d2ff code=0x7ffc0000
[   72.502365][ T4226] Tainted: [W]=WARN
[   72.525440][   T29] audit: type=1326 audit(1732307077.620:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4225 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   72.529160][ T4226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   72.529178][ T4226] Call Trace:
[   72.529187][ T4226]  <TASK>
[   72.552594][   T29] audit: type=1326 audit(1732307077.630:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4225 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f639eb057e7 code=0x7ffc0000
[   72.562773][ T4226]  dump_stack_lvl+0xf2/0x150
[   72.562826][ T4226]  dump_stack+0x15/0x20
[   72.566607][   T29] audit: type=1326 audit(1732307077.630:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4225 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f639eaaa1a9 code=0x7ffc0000
[   72.569532][ T4226]  should_fail_ex+0x223/0x230
[   72.569574][ T4226]  should_fail+0xb/0x10
[   72.569611][ T4226]  should_fail_usercopy+0x1a/0x20
[   72.593078][   T29] audit: type=1326 audit(1732307077.630:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4225 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f639eb0e819 code=0x7ffc0000
[   72.597615][ T4226]  _copy_from_user+0x1e/0xb0
[   72.607526][   T29] audit: type=1326 audit(1732307077.640:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4225 comm="syz.0.209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f639eb057e7 code=0x7ffc0000
[   72.624817][ T4226]  restore_sigcontext+0x64/0x220
[   72.624862][ T4226]  __do_sys_rt_sigreturn+0xfd/0x160
[   72.654448][ T4121] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   72.662296][ T4226]  x64_sys_call+0x2982/0x2dc0
[   72.662338][ T4226]  do_syscall_64+0xc9/0x1c0
[   72.666951][ T4121] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   72.690035][ T4226]  ? clear_bhb_loop+0x55/0xb0
[   72.735069][ T4226]  ? clear_bhb_loop+0x55/0xb0
[   72.739773][ T4226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.745697][ T4226] RIP: 0033:0x7f639eaaa1a9
[   72.750197][ T4226] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[   72.770142][ T4226] RSP: 002b:00007f639d180a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[   72.778821][ T4226] RAX: ffffffffffffffda RBX: 00007f639ecc5fa0 RCX: 00007f639eaaa1a9
[   72.786834][ T4226] RDX: 00007f639d180a80 RSI: 00007f639d180bb0 RDI: 0000000000000021
[   72.795001][ T4226] RBP: 00007f639d181090 R08: 0000000000001000 R09: 0000000000000000
[   72.803016][ T4226] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002
[   72.811099][ T4226] R13: 0000000000000000 R14: 00007f639ecc5fa0 R15: 00007ffe7560cb88
[   72.819119][ T4226]  </TASK>
[   72.879258][ T4121] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.095451][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies.
[   73.113896][  T141] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.125386][ T3321] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   73.182495][  T141] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.211054][ T4254] loop4: detected capacity change from 0 to 2048
[   73.239521][ T4254] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[   73.306711][ T3312] ==================================================================
[   73.314823][ T3312] BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_disable_cb
[   73.323077][ T3312] 
[   73.325394][ T3312] write to 0xffff88810202cd78 of 2 bytes by interrupt on cpu 0:
[   73.333102][ T3312]  virtqueue_disable_cb+0x85/0x180
[   73.338223][ T3312]  skb_xmit_done+0x5f/0x140
[   73.342723][ T3312]  vring_interrupt+0x161/0x190
[   73.347489][ T3312]  __handle_irq_event_percpu+0x95/0x490
[   73.353275][ T3312]  handle_irq_event+0x64/0xf0
[   73.358059][ T3312]  handle_edge_irq+0x16d/0x5b0
[   73.362846][ T3312]  __common_interrupt+0x58/0xe0
[   73.367740][ T3312]  common_interrupt+0x7c/0x90
[   73.372473][ T3312]  asm_common_interrupt+0x26/0x40
[   73.377508][ T3312]  _raw_spin_unlock_irqrestore+0x3d/0x60
[   73.383262][ T3312]  bpf_lru_push_free+0x507/0x580
[   73.388209][ T3312]  __htab_lru_percpu_map_update_elem+0x532/0x630
[   73.394546][ T3312]  bpf_percpu_hash_update+0x5e/0xa0
[   73.399760][ T3312]  bpf_map_update_value+0x2ab/0x3b0
[   73.404967][ T3312]  generic_map_update_batch+0x401/0x520
[   73.410514][ T3312]  bpf_map_do_batch+0x28c/0x3f0
[   73.415391][ T3312]  __sys_bpf+0x2e5/0x7a0
[   73.419640][ T3312]  __x64_sys_bpf+0x43/0x50
[   73.424066][ T3312]  x64_sys_call+0x2914/0x2dc0
[   73.428765][ T3312]  do_syscall_64+0xc9/0x1c0
[   73.433273][ T3312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.439187][ T3312] 
[   73.441516][ T3312] read to 0xffff88810202cd78 of 2 bytes by task 3312 on cpu 1:
[   73.449083][ T3312]  virtqueue_disable_cb+0x63/0x180
[   73.454670][ T3312]  start_xmit+0x15c/0x1310
[   73.459208][ T3312]  dev_hard_start_xmit+0x119/0x3f0
[   73.464949][ T3312]  sch_direct_xmit+0x1a9/0x580
[   73.470114][ T3312]  __dev_queue_xmit+0xf6a/0x2090
[   73.475114][ T3312]  ip_finish_output2+0x721/0x890
[   73.480102][ T3312]  ip_finish_output+0x11a/0x2a0
[   73.485013][ T3312]  ip_output+0xab/0x170
[   73.489185][ T3312]  __ip_queue_xmit+0xbf2/0xc10
[   73.494069][ T3312]  ip_queue_xmit+0x38/0x50
[   73.498495][ T3312]  __tcp_transmit_skb+0x15ca/0x1980
[   73.503717][ T3312]  __tcp_send_ack+0x1de/0x300
[   73.508399][ T3312]  tcp_send_ack+0x27/0x30
[   73.512742][ T3312]  __tcp_cleanup_rbuf+0x149/0x280
[   73.517763][ T3312]  tcp_recvmsg_locked+0x1be3/0x2100
[   73.522962][ T3312]  tcp_recvmsg+0x13c/0x490
[   73.527383][ T3312]  inet_recvmsg+0xbd/0x290
[   73.531899][ T3312]  sock_recvmsg+0xfe/0x170
[   73.536450][ T3312]  sock_read_iter+0x14c/0x1a0
[   73.541159][ T3312]  vfs_read+0x5dc/0x700
[   73.545396][ T3312]  ksys_read+0xe8/0x1b0
[   73.549669][ T3312]  __x64_sys_read+0x42/0x50
[   73.554293][ T3312]  x64_sys_call+0x2874/0x2dc0
[   73.558993][ T3312]  do_syscall_64+0xc9/0x1c0
[   73.563808][ T3312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.569907][ T3312] 
[   73.572247][ T3312] value changed: 0x0000 -> 0x0001
[   73.577277][ T3312] 
[   73.579609][ T3312] Reported by Kernel Concurrency Sanitizer on:
[   73.585773][ T3312] CPU: 1 UID: 0 PID: 3312 Comm: syz-executor Tainted: G        W          6.12.0-syzkaller-07749-g28eb75e178d3 #0
[   73.597760][ T3312] Tainted: [W]=WARN
[   73.601566][ T3312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   73.611633][ T3312] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   73.728357][  T141] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.778738][ T4282] loop0: detected capacity change from 0 to 1024
[   73.810688][ T4282] /dev/loop0: Can't open blockdev
[   73.830943][  T141] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.942960][  T141] bridge_slave_1: left allmulticast mode
[   73.948707][  T141] bridge_slave_1: left promiscuous mode
[   73.954632][  T141] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.964562][  T141] bridge_slave_0: left allmulticast mode
[   73.970428][  T141] bridge_slave_0: left promiscuous mode
[   73.976299][  T141] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.072684][  T141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   74.082514][  T141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   74.092753][  T141] bond0 (unregistering): Released all slaves
[   74.101248][  T141] bond1 (unregistering): Released all slaves
[   74.133298][  T141] hsr_slave_0: left promiscuous mode
[   74.140698][  T141] hsr_slave_1: left promiscuous mode
[   74.146465][  T141] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   74.154003][  T141] batman_adv: batadv0: Removing interface: batadv_slave_0
[   74.181009][  T141] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   74.188524][  T141] batman_adv: batadv0: Removing interface: batadv_slave_1
[   74.222607][  T141] veth1_macvtap: left promiscuous mode
[   74.228308][  T141] veth0_macvtap: left promiscuous mode
[   74.233980][  T141] veth1_vlan: left promiscuous mode
[   74.239294][  T141] veth0_vlan: left promiscuous mode
[   74.302513][  T141] team0 (unregistering): Port device team_slave_1 removed
[   74.312147][  T141] team0 (unregistering): Port device team_slave_0 removed
[   74.334004][  T141] team0 (unregistering): Port device batadv0 removed
[   74.596894][  T141] IPVS: stop unused estimator thread 0...
[   74.662778][  T141] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.701672][  T141] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.752543][  T141] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.802570][  T141] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.877060][  T141] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.912740][  T141] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.982434][  T141] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.032667][  T141] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.118859][  T141] bridge_slave_1: left allmulticast mode
[   75.124749][  T141] bridge_slave_1: left promiscuous mode
[   75.130556][  T141] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.139755][  T141] bridge_slave_0: left allmulticast mode
[   75.145427][  T141] bridge_slave_0: left promiscuous mode
[   75.151164][  T141] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.240063][  T141] bond0 (unregistering): (slave geneve1): Releasing backup interface
[   75.330920][  T141] bond0 (unregistering): Released all slaves
[   75.339111][ T3385] usb 3-1: enqueue for inactive port 0
[   75.344609][ T3385] usb 3-1: enqueue for inactive port 0
[   75.344769][  T141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   75.360079][  T141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   75.369707][  T141] bond0 (unregistering): Released all slaves
[   75.404557][  T141] hsr_slave_0: left promiscuous mode
[   75.410390][  T141] hsr_slave_1: left promiscuous mode
[   75.418130][  T141] hsr_slave_0: left promiscuous mode
[   75.419167][ T3385] vhci_hcd: vhci_device speed not set
[   75.429768][  T141] hsr_slave_1: left promiscuous mode
[   75.439425][  T141] veth1_macvtap: left promiscuous mode
[   75.445086][  T141] veth0_macvtap: left promiscuous mode
[   75.450662][  T141] veth1_vlan: left promiscuous mode
[   75.455963][  T141] veth0_vlan: left promiscuous mode
[   75.462172][  T141] veth1_macvtap: left promiscuous mode
[   75.467726][  T141] veth0_macvtap: left promiscuous mode
[   75.473428][  T141] veth1_vlan: left promiscuous mode
[   75.478673][  T141] veth0_vlan: left promiscuous mode
[   75.584914][  T141] team0 (unregistering): Port device batadv0 removed
[   75.620383][  T141] team0 (unregistering): Port device team_slave_1 removed
[   75.630617][  T141] team0 (unregistering): Port device team_slave_0 removed
[   75.659297][ T3375] lo speed is unknown, defaulting to 1000
[   76.257264][  T141] bridge_slave_1: left allmulticast mode
[   76.263033][  T141] bridge_slave_1: left promiscuous mode
[   76.268811][  T141] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.277840][  T141] bridge_slave_0: left allmulticast mode
[   76.283577][  T141] bridge_slave_0: left promiscuous mode
[   76.289291][  T141] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.381174][  T141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   76.390955][  T141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   76.400617][  T141] bond0 (unregistering): Released all slaves
[   76.442835][  T141] hsr_slave_0: left promiscuous mode
[   76.448462][  T141] hsr_slave_1: left promiscuous mode
[   76.454656][  T141] batman_adv: batadv0: Removing interface: batadv_slave_0
[   76.463227][  T141] batman_adv: batadv0: Removing interface: batadv_slave_1
[   76.512887][  T141] team0 (unregistering): Port device team_slave_1 removed
[   76.522762][  T141] team0 (unregistering): Port device team_slave_0 removed