last executing test programs:

1m39.98634017s ago: executing program 4 (id=7370):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{}, 0x0, 0x0}, 0x20)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000280)={[{@quota}, {@resuid={'resuid', 0x3d, 0xee01}}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=")
r0 = socket(0x11, 0x3, 0x0)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000700)=0xe9, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
dup2(r0, r3)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r5, &(0x7f0000000200), 0xf000)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x800000000003}, 0x100000, 0x5dd8, 0x3, 0x0, 0x0, 0x8, 0xfffc, 0x0, 0x0, 0x0, 0xfedb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r6 = socket$caif_stream(0x25, 0x1, 0x0)
sendmmsg$inet(r6, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000000)="92", 0x1}], 0x1}}], 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
write$binfmt_script(r3, &(0x7f0000000240), 0xfecc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}]}]}], {0x14}}, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x0)

1m39.868303451s ago: executing program 4 (id=7372):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000900)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0xfffffffb, 0xeea07f4, 0x0, 0xffffffff, 0x4f77}}}}]}, 0x4c}}, 0x0)

1m39.78118038s ago: executing program 4 (id=7374):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x0, @fd_index=0x8, 0x7, 0x20000000, 0x20004, 0x0, 0x0, {0x1}})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000001c00000018000180140002007665746831"], 0x2c}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3e8, 0x0, 0x0, 0x130, 0x300, 0x300, 0x300, 0x7fffffe, 0x0, {[{{@arp={@local, @empty, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f67b23ffdfa27f907a03732da3acbc6518e62a77ca06f258762e88c0d9f9d2f413b94a105f4bdf01425ce81c5d000000000000000500ffffffff00"}}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)

1m39.702539201s ago: executing program 4 (id=7376):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=@newqdisc={0x24, 0x24, 0x400, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xe}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000014c0)=@deltfilter={0x24, 0x2d, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x3, 0x7}, {}, {0x6, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x40010)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0xfff2)

1m39.702163211s ago: executing program 4 (id=7377):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f00000001c0))
accept4$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @mcast2}, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000000780)=ANY=[@ANYBLOB="850000002e000000350000000000000085000000230000009500000000000000f4670880271e3503000ffa95a2c8c037c5fcadf78683149e17e24e96a142dfa8ba6287066c5197fabd5f7010e81ae0b737126ea6f7dc39cd34d5aeed8d38665c01002ff5dde54704d25c79949c23e2eb15d755a2350ea7c09c6db5640c11664baf8adb2142a9c28de194f44800000000b0d3712c7e93363af3c075ff1e23160104d95433bb755af3d57609d700ab56e77201bc692c5a2ad40709d031f40f3012e9576e51a7f550afc852003b2ff3462664c744ae6af3c037102124e25cec074c6949e1d76d067a97000247fe5f17fdab800f4104dbaba46aac3abe6c4d7f47ef6d02ba536cdacecf7eb6baaa4a9779f8555eaea76899f2c221c110ef050000000ee282ab76f593d928cf95846be6277cd8a4f8dc8dcba00b1b2d2547c45b0c52087b5efabf8496b9a9812ed03cee579251667dd58ea032eda2296efb19a34268335648e1f844ce328c10752a42dca52fb98c1452b651ebf942f7297f7b2744419a2f238f173d0cd46dafc6e9d929e03e5309ec91d83cf4fbd775e629b3000000000000000000000000000000000000000000000000004e410700ff9cfa139a35a8a669689144ff0173b15aa0f3794dbe2b0e6523155f5c4631f4cd2947de92f74fe3889ea5786118a4a8010e0de54a7d37885343e2545cffe14c8206da26a9ebf6cda6f5c081a320020bb82f56c0ab09797161997af2ad43ab7347a8c2ba7726a60459f43f8482482cc85096f11f14eecff54dca4a32ee9cfa02b397ef622284c5286e186cb7d73119c6a356722c890c9b06c42853c4043e9d44c306e7b1a03fb70317a75a013f617a834283a978fc460bdab3ba34e8336608eb0f591e4815ac1e51f1c20ef5"], &(0x7f0000000140)='GPL\x00', 0x8, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc38, 0x0, 0xffffffffffffffff, 0xffffffffffffffdc, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)
r2 = syz_io_uring_setup(0x1f85, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), &(0x7f0000000000))
ppoll(&(0x7f0000000040)=[{r2}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0xfffffffffffffe80, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000, 0x0, 0x0, 0x0, &(0x7f0000000240)="a4da57df712462aa0da7152f892444f624ca72c3ae1da8dc3a065519945631d50bc06e2b5ca04b349157652bb6b912ee5ec14ffd1159d51c0440a0009961b0bf80500850f60157c1f9e7eb4150cee1e98d13a7b79bf6bf2cf78e1148411375bbfb3916cc871e0fdfca0f39b57d3c3ad4550661475c2f8fade0bd6adf2e60716dcc9367223c11886db15f61a7d82f3ca6adb7"}, 0x28)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000040)=0x10)
setsockopt$packet_int(r3, 0x107, 0x10, &(0x7f0000000080)=0x3, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r4, 0xc018937e, &(0x7f0000001040)={{0x1, 0x1, 0x1018}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00'})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2)

1m38.792324252s ago: executing program 4 (id=7399):
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0xf2d5, 0x0, 0x9, 0x3, 0xe76a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

1m23.694088542s ago: executing program 32 (id=7399):
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0xf2d5, 0x0, 0x9, 0x3, 0xe76a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

2.460445277s ago: executing program 1 (id=9308):
mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, &(0x7f0000000000)=0x97, 0x41, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket(0x1, 0x2, 0x0)
bind$unix(r1, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x5452, &(0x7f0000000000)={'syztnl1\x00', 0x0})
sendmmsg$unix(r1, &(0x7f0000002100)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000080)='rxrpc_client\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00')
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000180), 0x4)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000014b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483f0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
preadv(r2, &(0x7f00000026c0), 0x0, 0x15f, 0x7c3c)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)

2.354670757s ago: executing program 1 (id=9311):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@quota}, {@oldalloc}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=")
r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r0, 0x2007ffc)
sendfile(r0, r0, 0x0, 0x800000009)
creat(&(0x7f00000000c0)='./file0\x00', 0x54)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0xfffffffd}}, 0x2e)
setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r3, 0x111, 0x3, 0x20000000, 0x4)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = socket(0x2c, 0x3, 0x0)
getpeername$qrtr(r6, 0x0, 0x0)
pipe2$9p(&(0x7f0000001900)={<r7=>0xffffffffffffffff}, 0x0)
r8 = dup(r4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r5}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r8, @ANYBLOB="2c6b44dc8e18b359aea1b22c74db3c0000000001000000d672a1bc17c894383a78a518c7d10100a57b66036145"])
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x7fffffff, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, r8, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$KDSKBLED(r0, 0x4b65, 0x5)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r10, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x1a, 0x20000002, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)="d593a26c96d4f5b1", 0x8, 0x20})

2.202780477s ago: executing program 5 (id=9316):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x18)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0)

2.185324507s ago: executing program 5 (id=9317):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r1 = inotify_init1(0x800)
inotify_add_watch(r1, &(0x7f00000002c0)='./file0\x00', 0x600010c)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0)

2.036946857s ago: executing program 5 (id=9321):
set_mempolicy(0x8002, &(0x7f00000000c0)=0x7, 0xf8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0a00000004000000f10000000500000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000e14a60850d79b9ea81e630d87090dc8a13cfa9157025cfc107001df4d2569ef51b30a8b583bb25a9868edb1060ba9466926156e4b735a4f2865a7bd10b086fa5bbc4cf5c5702b90aa85200a6b8421e0a000000000500000000187994bcdfb7b7a7b9a8ac050000001c401e81bf3970c4d2c4d37b28b3c5af48b1e330fe9e72423d054477c438a88be0ee23b053b500f7eaf1d17b919fa6272a9ac64a4d10a452bf73bf5e454fe237e05d65cc63bc426a8ce2ae5d903a377f7b143d42b50673d8e0a7822fa3bdba4b399432b0e20b694adb895b224af38b51b8aad7774294a76759be985d6a9ec1fca5bb32f8b95f49fab0f9e49cad4a31fd510539ef2347b90138b122d60c7010d247ca5ff2cc46a9cdbe667349b1a8fa2049b5492f882f2ed5dbfee52fd1a1da863c81c4ed39e1df52", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200))
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r1, 0x80045505, &(0x7f0000000000)=0x1)

2.016969038s ago: executing program 3 (id=9322):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="d5f2e3c3e94c52da140aa8e5a5a66b99993f56d7e76aabbf152d8bb4eef5f1af0e6091505332e378b3fb2ad25a985571d31c06e87317528793aed59f344462573d6e2edde138e2a1f6d8480eb2c8b7f6d09fe8ab8d15c5f045ed0f702b05a3e8c1240eb8ee15e71e9fa3aed751358fa0c04ab21e599581f383f4a5ccb275c421c441a6311652b31ebf0c006341a5a83020ef3e2a13771c9196b4d06067ddc8611300c7e43fe595281215bfc5535738452400ebf4095087e57292916950704b9158bdd76b98e0eab173922de59e2a002b7bb65dd8582ff5"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa0, 0xa0, 0x9, [@func={0xd, 0x0, 0x0, 0xc, 0x5}, @struct={0xa, 0x1, 0x0, 0x4, 0x1, 0x0, [{0x2, 0x2, 0x7}]}, @int={0xf, 0x0, 0x0, 0x1, 0x0, 0x6e, 0x0, 0x7c, 0x3}, @enum64={0x10, 0x4, 0x0, 0x13, 0x1, 0x4, [{0x3, 0x27, 0x7}, {0x9, 0x3, 0xffffff01}, {0xe, 0xffff, 0xb29}, {0xc, 0x9, 0x9a5}]}, @fwd={0x1}, @union={0x4, 0x1, 0x0, 0x5, 0x1, 0x60000, [{0x10, 0x5, 0xe}]}, @float={0xf, 0x0, 0x0, 0x10, 0x6}]}, {0x0, [0x0, 0x0, 0x0, 0x2e, 0x2e, 0x61, 0x0]}}, &(0x7f0000000080), 0xc1, 0x0, 0x1, 0x7, 0x0, @void, @value}, 0x28)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000640), 0x1040)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000680)={0x216, @tick=0x5, 0x1, {0xe3}, 0x81, 0x1, 0x19})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
io_setup(0x3fe, &(0x7f0000000100)=<r3=>0x0)
io_getevents(r3, 0x1, 0x1, &(0x7f0000004600)=[{}], 0x0)
io_submit(r3, 0x1, &(0x7f0000000000)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0}])

1.963836868s ago: executing program 5 (id=9323):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1600000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/18], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18)
unlink(&(0x7f00000000c0)='./file1\x00')
mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x103091, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='kmem_cache_free\x00'}, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x2)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_ethernet(0xb4, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8=r0, @ANYRES16=r1, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/oops_count', 0x0, 0x0)
preadv2(r7, &(0x7f0000000180)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0xa05fd, 0x0, 0x0)
fcntl$lock(r6, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r6, 0x26, &(0x7f0000000080))

1.854348128s ago: executing program 3 (id=9324):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000014000014b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538)

1.813358438s ago: executing program 3 (id=9325):
r0 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x21, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{}, {}]}, [{0x3}, {}, {}, {}, {}, {0x448eade7}, {0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x200000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x2}, {}, {0xfffffffc}, {0x0, 0xe}, {}, {}, {0x0, 0x4, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {0x0, 0x10}, {}, {}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xe10}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xefa6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x5}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)

1.794792358s ago: executing program 3 (id=9326):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001"], 0x118}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYRES32], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

1.743676308s ago: executing program 3 (id=9327):
mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, &(0x7f0000000000)=0x97, 0x41, 0x6)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRESOCT=r0], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x5452, &(0x7f0000000000)={'syztnl1\x00', 0x0})
sendmmsg$unix(r2, &(0x7f0000002100)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000080)='rxrpc_client\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00')
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000180), 0x4)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000014b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483f0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
preadv(r3, &(0x7f00000026c0), 0x0, 0x15f, 0x7c3c)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)

1.667913958s ago: executing program 3 (id=9329):
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4bafc4077e8f44ea)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=0xffffffffffffffff, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000001811040000030000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}}, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x3a)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAPCLR(r6, 0x4b68, 0x0)
connect$inet6(r0, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYRES64=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff66, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r7}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000c3020000000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x3, 0x8e, &(0x7f0000000080)=""/142, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r8 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003"], 0x4b0}, 0x1, 0x0, 0x0, 0x44}, 0x0)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90124fc600c05000f90c60100053582c137153e370a48018004f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x5}, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000cc0), r9)
sendmsg$IEEE802154_LIST_PHY(r9, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)={0x14, r10, 0x30b, 0x70bd28}, 0x14}}, 0x40000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x5, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x1}, {}]}]}, {0x0, [0x2e, 0x5f, 0x2e]}}, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)

1.467911808s ago: executing program 1 (id=9332):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000000f400850000008600"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
writev(r2, &(0x7f0000000480)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1.218407538s ago: executing program 1 (id=9336):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000040)={[{@nobh}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=")

1.173886659s ago: executing program 1 (id=9337):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000000c0)={'ip_vti0\x00', &(0x7f0000000280)={'tunl0\x00', <r1=>0x0, 0x7, 0x10, 0x40, 0x5, {{0x13, 0x4, 0x1, 0x5, 0x4c, 0x67, 0x0, 0x5, 0x29, 0x0, @multicast2, @empty, {[@lsrr={0x83, 0xb, 0x4c, [@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2]}, @generic={0x89, 0x8, "ab5de662592a"}, @timestamp_prespec={0x44, 0x24, 0x3e, 0x3, 0x4, [{@empty, 0xe}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xede9}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x7}, {@private=0xa010101, 0x2}]}, @noop]}}}}})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x12, 0x1cf9, 0x2, 0x7f2, 0x200, r0, 0x4a7, '\x00', r1, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10)
mkdir(&(0x7f0000000140)='./control\x00', 0x92)
close(r0)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
close(r4)
close(0xffffffffffffffff)
r5 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r5, 0x0)
r6 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000640), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r8}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000480)={0x1, &(0x7f0000000b00)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ff5}]})
r9 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r9, &(0x7f00000005c0)=""/188, 0xbc)
inotify_init1(0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x28, &(0x7f0000000000)='/proc\x00s%nN\xd4\xa2\x88\x00\xd1l,K*\xe4Y\xe1e\xac\x81Z*Q[\x00\x00\x05\x00'/42}, 0x30)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r10)
r11 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r11, &(0x7f0000000c80)=""/4079, 0xfef)
fcntl$setstatus(r0, 0x4, 0x2c00)

1.102604589s ago: executing program 5 (id=9339):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x67)

1.012374699s ago: executing program 5 (id=9341):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x2d)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='iD\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000040000ee0000000018110000", @ANYRES32=r1, @ANYRES8=r1], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000340)='block_rq_requeue\x00', r2, 0x0, 0x100}, 0x18)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400)
ioctl$TUNSETOFFLOAD(r0, 0x8004745a, 0x2000000c)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000001c0), 0x74)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x5, 0x0, 0x0, 0xe}]})
setregid(0x0, 0x0)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[], 0xd0}, 0x1, 0x0, 0x0, 0x4048015}, 0x20008845)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r6}, 0x18)
mkdirat(0xffffffffffffffff, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/kexec_loaded', 0x208600, 0x20)
chdir(&(0x7f0000000100)='./file0\x00')
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000580)={[{@stripe={'stripe', 0x3d, 0x3}}, {@abort}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x400000}}, {@noauto_da_alloc}, {@usrjquota}, {@dax_always}, {@oldalloc}, {@min_batch_time={'min_batch_time', 0x3d, 0x2}}]}, 0xfc, 0x565, &(0x7f0000001080)="$eJzs3c9rHFUcAPDvbJI2/aFNoRT1IIEerNRumsQfFTzUo2ixoPe6JNNQsumW7KY0sWB7sBcvUgQRC+If4N2Dh+I/4NG/oKCFIiXowcvKbGbTbbObX90kW/fzgWnfmzeb996++b59s7PLBtC3RrN/ChEvR8TXScSRlrLByAtHV45bfnRjKtuSqNc/+SuJJN/XPD7J/z+UZ16KiF+/jDhVWFtvdXFptlQup/N5fqw2d3Wsurh0+vJcaSadSa9MTE6efWty4t133u5aX1+/8M93H9/74OxXJ5a//enB0TtJnIvDeVlrP57BzdbMaIzmz8lQnHvqwPEuVNZLkr1uANsykMf5UGRzwJEYyKMe+P/7IiLqQJ9KxD/0qeY6oHlt36Xr4OfGw/dXLoDW9n9w5b2RGG5cGx1cTp64Msqud0e6UH9Wx89/3r2TbdG99yEANnTzVkScGRxcO/8l+fy3fWeyyXMDT9dh/oPdcy9b/7zRbv1TWF3/RJv1z6E2sbsdG8d/4UEXqukoW/+913b9u3rTamQgz73QWPMNJZcul9MzEfFiRJyMof1Zfr37OWeX79c7lbWu/7Itq7+5Fszb8WBw/5OPmS7VSs/S51YPb0W80nb9m6yOf9Jm/LPn48Im6zie3n21U9nG/d9Z9R8jXms7/o/vaCXr358ca5wPY82zYq2/bx//rVP9e93/bPwPrt//kaT1fm1163X8MPxv2qlsu+f/vuTTRnpfvu96qVabH4/Yl3y0dv/E48c2883js/6fPLH+/Nfu/D8QEZ9tsv+3j93ueGgvjP/0lsZ/64n7H37+faf6Nzf+bzZSJ/M9m5n/NtvAZ3nuAAAAAAAAoNcUIuJwJIXiarpQKBZXPt9xLA4WypVq7dSlysKV6Wh8V3YkhgrNO91HWj4PMZ5/HraZn3gqPxkRRyPim4EDjXxxqlKe3uvOAwAAAAAAAAAAAAAAAAAAQI84FDHc7vv/mT8G9rp1wI7zk9/Qv9rH/y+/1+t5STd+6QnoSV7/oX+Jf+hf4h/6l/iH/iX+oX+Jf+hfW4j/4Z1sB7D7vP4DAAAAAAAAAAAAAAAAAAAAAAAAAABAV104fz7b6suPbkxl+elriwuzlWunp9PqbHFuYao4VZm/WpypVGbKaXGqMrfR3ytXKlfHJ2Lh+lgtrdbGqotLF+cqC1dqFy/PlWbSi+nQrvQKAAAAAAAAAAAAAAAAAAAAni/VxaXZUrmczkvsaCLpjWbsQGKwN5oh0eXEXs9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDYfwEAAP//2HA78g==")
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000850000003f0000004000000042000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000001000"/28], 0x50)

869.031189ms ago: executing program 0 (id=9344):
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0}])

783.709129ms ago: executing program 0 (id=9346):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240)={0x9, &(0x7f0000000300)=[{0x2, 0x9, 0x3, 0x6}, {0x0, 0x6, 0x6, 0x800}, {0x3, 0x1, 0xd, 0x4}, {0x2, 0x6, 0x6, 0xfffffff9}, {0x8000, 0x9, 0x2, 0xfbcb}, {0xff7f, 0x75, 0x8, 0x4}, {0xa8, 0x4, 0x83, 0x40}, {0xfff7, 0x80, 0xa, 0x7fff}, {0x6, 0x40, 0x9c, 0xfffffff4}]})
unshare(0xc040400)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1200, 0x0, 0x3)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000200))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000010010800"/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r4, 0x84, 0x17, &(0x7f0000000e80)=ANY=[], 0x9)
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r1, &(0x7f0000000480)=[{&(0x7f0000000400)="00214717a707000000000306c72bda0ba6c4be6a2ab3", 0x16}], 0x1, 0x1000000, 0x0)
sendmsg$NFC_CMD_GET_SE(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000040}, 0x20008100)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r5)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000220000000a0001007770616e3000000005002000000004000500200000000000050020000000000009001f"], 0x44}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000073119e00000000008510000000850000007600000095000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r7, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="080028bd7000fcdbdf25080000003c000180060005004e210000060005004e200000060005004e1f000008000600100000000600010002000000080006001000000008000700", @ANYRES32=0x0, @ANYBLOB="08000300010000000400018014000180060005004e24000008000700", @ANYRES32=0x0, @ANYBLOB="0500050050000010"], 0x78}, 0x1, 0x0, 0x0, 0x4}, 0x2000c801)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)

651.532569ms ago: executing program 0 (id=9350):
set_mempolicy(0x8002, &(0x7f00000000c0)=0x7, 0xf8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r1, 0x80045505, &(0x7f0000000000)=0x1)

538.039509ms ago: executing program 2 (id=9351):
set_mempolicy(0x8002, &(0x7f00000000c0)=0x7, 0xf8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r1, 0x80045505, &(0x7f0000000000)=0x1)

537.46164ms ago: executing program 0 (id=9352):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201)
ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1600000000000000040000000100000000000000", @ANYRESOCT=r0, @ANYBLOB, @ANYRES32=0x0], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0)

505.216389ms ago: executing program 2 (id=9353):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)

477.120619ms ago: executing program 2 (id=9354):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x5, 0x6b0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x800000000003}, 0x100000, 0x5dd8, 0x3, 0x0, 0x0, 0x8, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x5, 0x6, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
r3 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r3, 0x18, &(0x7f0000000040)={0x3, 0xffffffffffffffff, 0x20, {0x5, 0x8000000000000001}, 0xf0}, 0x1)
socket$key(0xf, 0x3, 0x2)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

476.395319ms ago: executing program 0 (id=9355):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021940000000c0a01030000000000000000070000000900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b80200001800a00010071756f7461000000100002800c0001400000000000000000340001800a0001"], 0x118}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYRES32, @ANYBLOB], 0x48)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

245.22285ms ago: executing program 1 (id=9356):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x44040)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @loopback}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000480)={'syztnl0\x00', 0x0})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
set_robust_list(&(0x7f0000000400)={0x0, 0x800}, 0x18)
recvmmsg(r0, &(0x7f0000001140), 0x700, 0x2, 0x0)

229.87726ms ago: executing program 2 (id=9357):
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0}])

186.69695ms ago: executing program 2 (id=9358):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB], 0x48)
ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x5412, 0x0)
dup(0xffffffffffffffff)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000400)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x4, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x6, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @loopback, @multicast2}, "00186371ae9b1c03"}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x2, 0x2, 0x0, 0x3, 0x11, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}, @sadb_x_sa2={0x2, 0x9}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, @sadb_x_sec_ctx={0x1, 0x18, 0x4}]}, 0x88}}, 0x0)

10.22466ms ago: executing program 0 (id=9359):
set_mempolicy(0x8002, &(0x7f00000000c0)=0x7, 0xf8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010200000000000000020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a320000000014000480080001400000000008000240000000002c000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xb4}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0a00000004000000f10000000500000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000e14a60850d79b9ea81e630d87090dc8a13cfa9157025cfc107001df4d2569ef51b30a8b583bb25a9868edb1060ba9466926156e4b735a4f2865a7bd10b086fa5bbc4cf5c5702b90aa85200a6b8421e0a000000000500000000187994bcdfb7b7a7b9a8ac050000001c401e81bf3970c4d2c4d37b28b3c5af48b1e330fe9e72423d054477c438a88be0ee23b053b500f7eaf1d17b919fa6272a9ac64a4d10a452bf73bf5e454fe237e05d65cc63bc426a8ce2ae5d903a377f7b143d42b50673d8e0a7822fa3bdba4b399432b0e20b694adb895b224af38b51b8aad7774294a76759be985d6a9ec1fca5bb32f8b95f49fab0f9e49cad4a31fd510539ef2347b90138b122d60c7010d247ca5ff2cc46a9cdbe667349b1a8fa2049b5492f882f2ed5dbfee52fd1a1da863c81c4ed39e1df52", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200))
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r1, 0x80045505, &(0x7f0000000000)=0x1)

0s ago: executing program 2 (id=9360):
r0 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x6, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{}, {}]}, [{0x3}, {}, {}, {}, {}, {0x448eade7}, {0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x200000}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x2}, {}, {0xfffffffc}, {0x0, 0xe}, {}, {}, {0x0, 0x4, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {0x0, 0x10}, {}, {}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xe10}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xefa6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x5}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)

kernel console output (not intermixed with test programs):

0007fc6b66d7058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  392.935160][ T6155] RAX: ffffffffffffffda RBX: 00007fc6b8225fa0 RCX: 00007fc6b805fed9
[  392.943199][ T6155] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000006
[  392.951191][ T6155] RBP: 00007fc6b80d3cc8 R08: 0000000000000000 R09: 0000000000000000
[  392.959185][ T6155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  392.967193][ T6155] R13: 0000000000000000 R14: 00007fc6b8225fa0 R15: 00007fffb0e7f828
[  392.975225][ T6155]  </TASK>
[  392.978522][ T6155] memory: usage 307200kB, limit 307200kB, failcnt 340
[  392.986858][ T6155] memory+swap: usage 307404kB, limit 9007199254740988kB, failcnt 0
[  392.994815][ T6155] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0
[  393.002126][ T6155] Memory cgroup stats for /syz5:
[  393.027364][ T6155] cache 0
[  393.033559][ T6191] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8410'.
[  393.035392][ T6155] rss 0
[  393.035402][ T6155] shmem 0
[  393.050016][ T6155] mapped_file 0
[  393.053506][ T6155] dirty 0
[  393.056471][ T6155] writeback 0
[  393.059786][ T6155] workingset_refault_anon 147
[  393.064507][ T6155] workingset_refault_file 0
[  393.069045][ T6155] swap 208896
[  393.072347][ T6155] swapcached 0
[  393.075779][ T6155] pgpgin 59606
[  393.079199][ T6155] pgpgout 59606
[  393.082670][ T6155] pgfault 70434
[  393.086260][ T6155] pgmajfault 65
[  393.089783][ T6155] inactive_anon 0
[  393.093452][ T6155] active_anon 0
[  393.096948][ T6155] inactive_file 0
[  393.100582][ T6155] active_file 0
[  393.104182][ T6155] unevictable 0
[  393.107738][ T6155] hierarchical_memory_limit 314572800
[  393.113112][ T6155] hierarchical_memsw_limit 9223372036854771712
[  393.119450][ T6155] total_cache 0
[  393.122964][ T6155] total_rss 0
[  393.126417][ T6155] total_shmem 0
[  393.129910][ T6155] total_mapped_file 0
[  393.133963][ T6155] total_dirty 0
[  393.137571][ T6155] total_writeback 0
[  393.141537][ T6155] total_workingset_refault_anon 147
[  393.146816][ T6155] total_workingset_refault_file 0
[  393.151859][ T6155] total_swap 208896
[  393.155720][ T6155] total_swapcached 0
[  393.159635][ T6155] total_pgpgin 59606
[  393.163563][ T6155] total_pgpgout 59606
[  393.167704][ T6155] total_pgfault 70434
[  393.171822][ T6155] total_pgmajfault 65
[  393.175840][ T6155] total_inactive_anon 0
[  393.180054][ T6155] total_active_anon 0
[  393.184115][ T6155] total_inactive_file 0
[  393.188329][ T6155] total_active_file 0
[  393.192339][ T6155] total_unevictable 0
[  393.196452][ T6155] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.8396,pid=6154,uid=0
[  393.211168][ T6155] Memory cgroup out of memory: Killed process 6154 (syz.5.8396) total-vm:93280kB, anon-rss:596kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
[  393.303263][   T29] kauditd_printk_skb: 535 callbacks suppressed
[  393.303281][   T29] audit: type=1400 audit(1733527816.740:59276): avc:  denied  { create } for  pid=6197 comm="syz.3.8412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  393.329463][   T29] audit: type=1400 audit(1733527816.740:59277): avc:  denied  { bind } for  pid=6197 comm="syz.3.8412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  393.349381][   T29] audit: type=1400 audit(1733527816.740:59278): avc:  denied  { setopt } for  pid=6197 comm="syz.3.8412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  393.369512][   T29] audit: type=1326 audit(1733527816.790:59279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6194 comm="syz.2.8411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80e315fed9 code=0x7ffc0000
[  393.393022][   T29] audit: type=1326 audit(1733527816.790:59280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6194 comm="syz.2.8411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80e315fed9 code=0x7ffc0000
[  393.420865][   T29] audit: type=1326 audit(1733527816.910:59281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6203 comm="syz.3.8413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a584dfed9 code=0x7ffc0000
[  393.444352][   T29] audit: type=1326 audit(1733527816.910:59282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6203 comm="syz.3.8413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a584dfed9 code=0x7ffc0000
[  393.522400][ T6210] validate_nla: 1 callbacks suppressed
[  393.522412][ T6210] netlink: 'syz.1.8415': attribute type 10 has an invalid length.
[  393.536672][ T6210] macsec0: left allmulticast mode
[  393.542228][ T6210] xt_hashlimit: max too large, truncated to 1048576
[  393.563542][   T29] audit: type=1326 audit(1733527817.050:59283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6211 comm="syz.0.8416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdefaf4fed9 code=0x7ffc0000
[  393.596396][   T29] audit: type=1326 audit(1733527817.050:59284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6211 comm="syz.0.8416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdefaf4fed9 code=0x7ffc0000
[  393.619926][   T29] audit: type=1326 audit(1733527817.050:59285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6211 comm="syz.0.8416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdefaf4fed9 code=0x7ffc0000
[  393.663699][ T6220] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8421'.
[  393.691258][ T6227] random: crng reseeded on system resumption
[  393.761215][ T6227] syz.1.8423[6227] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  393.761343][ T6227] syz.1.8423[6227] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  393.797799][ T6233] FAULT_INJECTION: forcing a failure.
[  393.797799][ T6233] name failslab, interval 1, probability 0, space 0, times 0
[  393.821797][ T6233] CPU: 1 UID: 0 PID: 6233 Comm: syz.1.8424 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  393.832547][ T6233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  393.842597][ T6233] Call Trace:
[  393.845869][ T6233]  <TASK>
[  393.848950][ T6233]  dump_stack_lvl+0xf2/0x150
[  393.853565][ T6233]  dump_stack+0x15/0x1a
[  393.857781][ T6233]  should_fail_ex+0x223/0x230
[  393.862479][ T6233]  should_failslab+0x8f/0xb0
[  393.867173][ T6233]  kmem_cache_alloc_lru_noprof+0x57/0x320
[  393.872927][ T6233]  ? sock_alloc_inode+0x34/0xa0
[  393.877864][ T6233]  sock_alloc_inode+0x34/0xa0
[  393.882648][ T6233]  ? __pfx_sock_alloc_inode+0x10/0x10
[  393.888147][ T6233]  alloc_inode+0x3c/0x160
[  393.892493][ T6233]  new_inode_pseudo+0x15/0x20
[  393.897225][ T6233]  __sock_create+0x12b/0x5a0
[  393.901946][ T6233]  __sys_socketpair+0x17c/0x430
[  393.906838][ T6233]  __x64_sys_socketpair+0x52/0x60
[  393.911888][ T6233]  x64_sys_call+0x1cad/0x2dc0
[  393.916620][ T6233]  do_syscall_64+0xc9/0x1c0
[  393.921204][ T6233]  ? clear_bhb_loop+0x55/0xb0
[  393.925892][ T6233]  ? clear_bhb_loop+0x55/0xb0
[  393.930610][ T6233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.936624][ T6233] RIP: 0033:0x7f0b51ac1e2a
[  393.941116][ T6233] Code: 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 35 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.960797][ T6233] RSP: 002b:00007f0b50136f98 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  393.969249][ T6233] RAX: ffffffffffffffda RBX: 00007f0b51c85f00 RCX: 00007f0b51ac1e2a
[  393.977224][ T6233] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[  393.985226][ T6233] RBP: 00007f0b501370a0 R08: 0000000000000000 R09: 0000000000000000
[  393.993225][ T6233] R10: 00007f0b50136fb8 R11: 0000000000000246 R12: 0000000000000000
[  394.001202][ T6233] R13: 0000000000000000 R14: 00007f0b51c85fa0 R15: 00007ffdcb9973e8
[  394.009192][ T6233]  </TASK>
[  394.012317][ T6233] socket: no more sockets
[  394.041989][ T6239] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8426'.
[  394.050984][ T6239] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8426'.
[  394.060295][ T6239] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8426'.
[  394.100173][ T6239] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8426'.
[  394.109228][ T6239] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8426'.
[  394.119050][ T6239] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8426'.
[  394.149781][ T6239] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8426'.
[  394.192614][ T6249] xt_hashlimit: max too large, truncated to 1048576
[  394.506546][ T6262] random: crng reseeded on system resumption
[  394.680224][ T6262] syz.2.8434[6262] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  394.680294][ T6262] syz.2.8434[6262] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  394.842724][ T6270] netlink: 'syz.5.8437': attribute type 2 has an invalid length.
[  394.861797][ T6270] netlink: 'syz.5.8437': attribute type 8 has an invalid length.
[  394.959983][ T6270] netlink: 'syz.5.8437': attribute type 39 has an invalid length.
[  395.132998][T30270] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  395.143923][T30270] CPU: 0 UID: 0 PID: 30270 Comm: syz-executor Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  395.154973][T30270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  395.165038][T30270] Call Trace:
[  395.168325][T30270]  <TASK>
[  395.171265][T30270]  dump_stack_lvl+0xf2/0x150
[  395.175879][T30270]  dump_stack+0x15/0x1a
[  395.180051][T30270]  dump_header+0x83/0x2d0
[  395.184422][T30270]  oom_kill_process+0x341/0x4c0
[  395.189350][T30270]  out_of_memory+0x9af/0xbe0
[  395.193945][T30270]  ? css_next_descendant_pre+0x11c/0x140
[  395.199643][T30270]  mem_cgroup_out_of_memory+0x13e/0x190
[  395.205208][T30270]  try_charge_memcg+0x508/0x7f0
[  395.210074][T30270]  charge_memcg+0x50/0xc0
[  395.214555][T30270]  mem_cgroup_swapin_charge_folio+0xd0/0x150
[  395.220561][T30270]  __read_swap_cache_async+0x236/0x480
[  395.226158][T30270]  swap_cluster_readahead+0x279/0x3f0
[  395.231604][T30270]  swapin_readahead+0xe4/0x6f0
[  395.236373][T30270]  ? next_uptodate_folio+0x812/0x890
[  395.241737][T30270]  ? swap_cache_get_folio+0x77/0x210
[  395.247021][T30270]  do_swap_page+0x31b/0x2550
[  395.251630][T30270]  ? __rcu_read_lock+0x36/0x50
[  395.256395][T30270]  ? __pfx_default_wake_function+0x10/0x10
[  395.262199][T30270]  handle_mm_fault+0x8e4/0x2ac0
[  395.267113][T30270]  exc_page_fault+0x3b9/0x650
[  395.271802][T30270]  asm_exc_page_fault+0x26/0x30
[  395.276672][T30270] RIP: 0033:0x7fdefae25627
[  395.281138][T30270] Code: d7 82 de 1b 43 48 f7 a4 24 88 00 00 00 48 8b 05 7f 01 e2 00 48 69 8c 24 80 00 00 00 e8 03 00 00 48 c1 ea 12 48 01 ca 8b 48 08 <39> 4c 24 18 48 89 d0 4c 0f 45 ea 4c 29 f0 48 3b 05 64 00 e2 00 73
[  395.300745][T30270] RSP: 002b:00007fff0ad6a080 EFLAGS: 00010206
[  395.306806][T30270] RAX: 0000001b2ea20000 RBX: 00000000000004c4 RCX: 000000000000001c
[  395.314775][T30270] RDX: 000000000006073f RSI: 00007fff0ad6a100 RDI: 0000000000000001
[  395.322742][T30270] RBP: 00007fff0ad6a0ac R08: 00000000044a02b3 R09: 7fffffffffffffff
[  395.330706][T30270] R10: 00007fdefb0ea038 R11: 0000000000000010 R12: 0000000000000032
[  395.338748][T30270] R13: 0000000000060497 R14: 0000000000060423 R15: 00007fff0ad6a100
[  395.346779][T30270]  </TASK>
[  395.349828][T30270] memory: usage 307200kB, limit 307200kB, failcnt 491
[  395.356759][T30270] memory+swap: usage 307528kB, limit 9007199254740988kB, failcnt 0
[  395.364704][T30270] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0
[  395.371991][T30270] Memory cgroup stats for /syz0:
[  395.372332][T30270] cache 0
[  395.380271][T30270] rss 0
[  395.383045][T30270] shmem 0
[  395.386021][T30270] mapped_file 0
[  395.389580][T30270] dirty 0
[  395.392508][T30270] writeback 0
[  395.395828][T30270] workingset_refault_anon 86
[  395.400411][T30270] workingset_refault_file 2189
[  395.405211][T30270] swap 335872
[  395.408565][T30270] swapcached 0
[  395.411933][T30270] pgpgin 338802
[  395.415470][T30270] pgpgout 338802
[  395.419089][T30270] pgfault 409128
[  395.422635][T30270] pgmajfault 77
[  395.426161][T30270] inactive_anon 0
[  395.429871][T30270] active_anon 0
[  395.433346][T30270] inactive_file 0
[  395.437002][T30270] active_file 0
[  395.440457][T30270] unevictable 0
[  395.443932][T30270] hierarchical_memory_limit 314572800
[  395.449322][T30270] hierarchical_memsw_limit 9223372036854771712
[  395.455488][T30270] total_cache 0
[  395.458953][T30270] total_rss 0
[  395.462244][T30270] total_shmem 0
[  395.465751][T30270] total_mapped_file 0
[  395.469732][T30270] total_dirty 0
[  395.473191][T30270] total_writeback 0
[  395.477018][T30270] total_workingset_refault_anon 86
[  395.482194][T30270] total_workingset_refault_file 2189
[  395.487506][T30270] total_swap 335872
[  395.491384][T30270] total_swapcached 0
[  395.495369][T30270] total_pgpgin 338802
[  395.499384][T30270] total_pgpgout 338802
[  395.503444][T30270] total_pgfault 409128
[  395.507575][T30270] total_pgmajfault 77
[  395.511565][T30270] total_inactive_anon 0
[  395.515795][T30270] total_active_anon 0
[  395.519774][T30270] total_inactive_file 0
[  395.523935][T30270] total_active_file 0
[  395.527950][T30270] total_unevictable 0
[  395.531929][T30270] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.8431,pid=6253,uid=0
[  395.546659][T30270] Memory cgroup out of memory: Killed process 6253 (syz.0.8431) total-vm:93280kB, anon-rss:612kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000
[  395.651612][ T6327] random: crng reseeded on system resumption
[  395.745371][ T6333] syz.3.8447[6333] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  395.745461][ T6333] syz.3.8447[6333] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  395.988104][ T6357] siw: device registration error -23
[  396.317799][ T6373] +}[@: attempt to access beyond end of device
[  396.317799][ T6373] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  396.421188][ T6406] random: crng reseeded on system resumption
[  396.535333][ T6408] syz.3.8460[6408] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  396.535486][ T6408] syz.3.8460[6408] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  396.620938][ T6409] xt_hashlimit: max too large, truncated to 1048576
[  396.696558][ T6417] siw: device registration error -23
[  397.034725][ T6436] netlink: 'syz.3.8469': attribute type 10 has an invalid length.
[  397.042639][ T6436] geneve1: entered promiscuous mode
[  397.047875][ T6436] geneve1: left allmulticast mode
[  397.074515][ T6436] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  397.083283][ T6436] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  397.092203][ T6436] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  397.100970][ T6436] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  397.121375][ T6438] netlink: 'syz.1.8471': attribute type 39 has an invalid length.
[  397.134987][ T6436] geneve1: entered allmulticast mode
[  397.140749][ T6436] bond0: (slave geneve1): Enslaving as an active interface with an up link
[  397.354033][ T6434] +}[@: attempt to access beyond end of device
[  397.354033][ T6434] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  397.416281][ T6444] random: crng reseeded on system resumption
[  397.484760][ T6444] syz.2.8473[6444] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  397.484880][ T6444] syz.2.8473[6444] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  397.550381][ T6420] syz.0.8465 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000
[  397.576002][ T6420] CPU: 0 UID: 0 PID: 6420 Comm: syz.0.8465 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  397.586801][ T6420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  397.596869][ T6420] Call Trace:
[  397.600155][ T6420]  <TASK>
[  397.603099][ T6420]  dump_stack_lvl+0xf2/0x150
[  397.607771][ T6420]  dump_stack+0x15/0x1a
[  397.612001][ T6420]  dump_header+0x83/0x2d0
[  397.616346][ T6420]  oom_kill_process+0x341/0x4c0
[  397.621243][ T6420]  out_of_memory+0x9af/0xbe0
[  397.625850][ T6420]  ? css_next_descendant_pre+0x11c/0x140
[  397.631571][ T6420]  mem_cgroup_out_of_memory+0x13e/0x190
[  397.637153][ T6420]  try_charge_memcg+0x508/0x7f0
[  397.642035][ T6420]  obj_cgroup_charge_pages+0xbd/0x1a0
[  397.647465][ T6420]  __memcg_kmem_charge_page+0x9d/0x170
[  397.652945][ T6420]  __alloc_pages_noprof+0x1bc/0x340
[  397.658274][ T6420]  alloc_pages_mpol_noprof+0xb1/0x1e0
[  397.663695][ T6420]  alloc_pages_noprof+0xe1/0x100
[  397.668647][ T6420]  __vmalloc_node_range_noprof+0x6eb/0xe80
[  397.674551][ T6420]  __kvmalloc_node_noprof+0x121/0x170
[  397.679994][ T6420]  ? ip_set_alloc+0x1f/0x30
[  397.684529][ T6420]  ip_set_alloc+0x1f/0x30
[  397.688921][ T6420]  hash_netiface_create+0x273/0x730
[  397.694136][ T6420]  ? __nla_parse+0x40/0x60
[  397.698576][ T6420]  ? __pfx_hash_netiface_create+0x10/0x10
[  397.704377][ T6420]  ip_set_create+0x359/0x8a0
[  397.709011][ T6420]  ? memchr+0x1/0x50
[  397.713007][ T6420]  ? __nla_parse+0x40/0x60
[  397.717474][ T6420]  nfnetlink_rcv_msg+0x4a9/0x570
[  397.722549][ T6420]  netlink_rcv_skb+0x12c/0x230
[  397.727346][ T6420]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  397.732906][ T6420]  nfnetlink_rcv+0x16c/0x15d0
[  397.737698][ T6420]  ? obj_cgroup_charge_pages+0x13d/0x1a0
[  397.743380][ T6420]  ? __rcu_read_unlock+0x4e/0x70
[  397.748359][ T6420]  ? __alloc_pages_noprof+0x1bc/0x340
[  397.753800][ T6420]  ? alloc_pages_bulk_noprof+0x324/0x650
[  397.759462][ T6420]  ? policy_nodemask+0x2ba/0x3e0
[  397.764400][ T6420]  ? __vmap_pages_range_noflush+0x940/0x960
[  397.770308][ T6420]  ? cgroup_rstat_updated+0x9f/0x570
[  397.775657][ T6420]  ? __rb_insert_augmented+0x71/0x2d0
[  397.781087][ T6420]  ? should_fail_ex+0x31/0x230
[  397.785873][ T6420]  ? selinux_nlmsg_lookup+0x119/0x8c0
[  397.791281][ T6420]  ? __rcu_read_unlock+0x34/0x70
[  397.796232][ T6420]  ? __netlink_lookup+0x253/0x290
[  397.801337][ T6420]  netlink_unicast+0x599/0x670
[  397.806102][ T6420]  netlink_sendmsg+0x5cc/0x6e0
[  397.810882][ T6420]  ? __pfx_netlink_sendmsg+0x10/0x10
[  397.816222][ T6420]  __sock_sendmsg+0x140/0x180
[  397.820952][ T6420]  ____sys_sendmsg+0x312/0x410
[  397.825769][ T6420]  __sys_sendmsg+0x19d/0x230
[  397.830383][ T6420]  __x64_sys_sendmsg+0x46/0x50
[  397.835221][ T6420]  x64_sys_call+0x2734/0x2dc0
[  397.840036][ T6420]  do_syscall_64+0xc9/0x1c0
[  397.844542][ T6420]  ? clear_bhb_loop+0x55/0xb0
[  397.849221][ T6420]  ? clear_bhb_loop+0x55/0xb0
[  397.853898][ T6420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.859843][ T6420] RIP: 0033:0x7fdefaf4fed9
[  397.864262][ T6420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.883936][ T6420] RSP: 002b:00007fdef95c7058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  397.892410][ T6420] RAX: ffffffffffffffda RBX: 00007fdefb115fa0 RCX: 00007fdefaf4fed9
[  397.900395][ T6420] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000006
[  397.908413][ T6420] RBP: 00007fdefafc3cc8 R08: 0000000000000000 R09: 0000000000000000
[  397.916392][ T6420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  397.924394][ T6420] R13: 0000000000000000 R14: 00007fdefb115fa0 R15: 00007fff0ad69cf8
[  397.932376][ T6420]  </TASK>
[  397.935971][ T6420] memory: usage 307184kB, limit 307200kB, failcnt 828
[  397.942754][ T6420] memory+swap: usage 307504kB, limit 9007199254740988kB, failcnt 0
[  397.951103][ T6420] kmem: usage 307176kB, limit 9007199254740988kB, failcnt 0
[  397.958411][ T6420] Memory cgroup stats for /syz0:
[  397.958578][ T6420] cache 0
[  397.966553][ T6420] rss 0
[  397.969315][ T6420] shmem 0
[  397.972307][ T6420] mapped_file 0
[  397.975810][ T6420] dirty 0
[  397.978748][ T6420] writeback 0
[  397.982037][ T6420] workingset_refault_anon 114
[  397.986781][ T6420] workingset_refault_file 2317
[  397.991537][ T6420] swap 327680
[  397.994904][ T6420] swapcached 8192
[  397.998554][ T6420] pgpgin 339184
[  398.002137][ T6420] pgpgout 339182
[  398.005847][ T6420] pgfault 409788
[  398.009399][ T6420] pgmajfault 94
[  398.012865][ T6420] inactive_anon 8192
[  398.016826][ T6420] active_anon 0
[  398.020339][ T6420] inactive_file 0
[  398.024031][ T6420] active_file 0
[  398.027487][ T6420] unevictable 0
[  398.030939][ T6420] hierarchical_memory_limit 314572800
[  398.036326][ T6420] hierarchical_memsw_limit 9223372036854771712
[  398.042482][ T6420] total_cache 0
[  398.046080][ T6420] total_rss 0
[  398.049360][ T6420] total_shmem 0
[  398.052817][ T6420] total_mapped_file 0
[  398.056868][ T6420] total_dirty 0
[  398.060326][ T6420] total_writeback 0
[  398.064169][ T6420] total_workingset_refault_anon 114
[  398.069409][ T6420] total_workingset_refault_file 2317
[  398.074705][ T6420] total_swap 327680
[  398.078602][ T6420] total_swapcached 8192
[  398.082779][ T6420] total_pgpgin 339184
[  398.086765][ T6420] total_pgpgout 339182
[  398.090836][ T6420] total_pgfault 409788
[  398.094936][ T6420] total_pgmajfault 94
[  398.098917][ T6420] total_inactive_anon 8192
[  398.103326][ T6420] total_active_anon 0
[  398.107394][ T6420] total_inactive_file 0
[  398.111559][ T6420] total_active_file 0
[  398.115622][ T6420] total_unevictable 0
[  398.119719][ T6420] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.8465,pid=6419,uid=0
[  398.134368][ T6420] Memory cgroup out of memory: Killed process 6419 (syz.0.8465) total-vm:93280kB, anon-rss:740kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000
[  398.274094][ T6469] __nla_validate_parse: 26 callbacks suppressed
[  398.274108][ T6469] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8480'.
[  398.404127][   T29] kauditd_printk_skb: 222 callbacks suppressed
[  398.404141][   T29] audit: type=1400 audit(1733527821.890:59508): avc:  denied  { read } for  pid=6470 comm="syz.3.8483" name="event3" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  398.484084][   T29] audit: type=1400 audit(1733527821.920:59509): avc:  denied  { open } for  pid=6470 comm="syz.3.8483" path="/dev/input/event3" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  398.562073][   T29] audit: type=1400 audit(1733527822.050:59510): avc:  denied  { execute } for  pid=6479 comm="syz.0.8486" path="/516/hugetlb.1GB.usage_in_bytes" dev="tmpfs" ino=2708 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  398.600994][   T29] audit: type=1400 audit(1733527822.090:59511): avc:  denied  { create } for  pid=6479 comm="syz.0.8486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  398.611857][ T6480] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  398.628757][ T6480] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  398.639816][   T29] audit: type=1400 audit(1733527822.130:59512): avc:  denied  { read } for  pid=6479 comm="+}[@" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  398.685239][ T6482] syz.1.8487[6482] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  398.685302][ T6482] syz.1.8487[6482] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  398.692885][   T29] audit: type=1400 audit(1733527822.180:59513): avc:  denied  { ioctl } for  pid=6479 comm="+}[@" path="/dev/snapshot" dev="devtmpfs" ino=90 ioctlcmd=0x3314 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  398.737377][   T29] audit: type=1400 audit(1733527822.220:59514): avc:  denied  { create } for  pid=6485 comm="syz.5.8488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  398.741682][ T6486] bridge0: port 3(vlan0) entered blocking state
[  398.763457][ T6486] bridge0: port 3(vlan0) entered disabled state
[  398.770966][ T6474] +}[@: attempt to access beyond end of device
[  398.770966][ T6474] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  398.778278][ T6486] vlan0: entered allmulticast mode
[  398.801009][ T6486] vlan0: left allmulticast mode
[  398.817062][   T29] audit: type=1326 audit(1733527822.310:59515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6490 comm="syz.1.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b51abfed9 code=0x7ffc0000
[  398.840651][   T29] audit: type=1326 audit(1733527822.310:59516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6490 comm="syz.1.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b51abfed9 code=0x7ffc0000
[  398.864263][   T29] audit: type=1326 audit(1733527822.310:59517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6490 comm="syz.1.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0b51abfed9 code=0x7ffc0000
[  398.902999][ T6494] xt_hashlimit: max too large, truncated to 1048576
[  398.938385][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8493'.
[  398.947406][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8493'.
[  398.982950][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8493'.
[  399.019369][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8493'.
[  399.028441][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8493'.
[  399.037622][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8493'.
[  399.062752][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8493'.
[  399.071737][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8493'.
[  399.081004][ T6498] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8493'.
[  399.126222][ T6514] netlink: 'syz.2.8499': attribute type 10 has an invalid length.
[  399.134163][ T6514] macsec0: left allmulticast mode
[  399.242558][ T6521] random: crng reseeded on system resumption
[  399.352431][ T6528] netlink: 'syz.5.8503': attribute type 10 has an invalid length.
[  399.500021][ T6538] macsec0: entered allmulticast mode
[  399.536072][ T6536] sctp: [Deprecated]: syz.3.8504 (pid 6536) Use of int in maxseg socket option.
[  399.536072][ T6536] Use struct sctp_assoc_value instead
[  399.626063][ T6545] siw: device registration error -23
[  399.879496][ T6558] random: crng reseeded on system resumption
[  399.950888][ T6562] bpf_get_probe_write_proto: 5 callbacks suppressed
[  399.950906][ T6562] syz.2.8514[6562] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  399.985552][ T6562] syz.2.8514[6562] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  400.114975][ T6573] netlink: 'syz.2.8519': attribute type 10 has an invalid length.
[  400.162034][ T6573] macsec0: left allmulticast mode
[  400.202912][ T6578] xt_hashlimit: max too large, truncated to 1048576
[  400.210546][ T6576] macsec0: entered allmulticast mode
[  400.965384][ T6617] xt_hashlimit: max too large, truncated to 1048576
[  401.110242][ T6627] 9pnet_fd: Insufficient options for proto=fd
[  401.176535][ T6637] macsec0: entered allmulticast mode
[  401.237339][ T6639] ALSA: seq fatal error: cannot create timer (-22)
[  401.247955][ T6639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  401.283645][ T6639] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  401.379756][ T6643] netlink: 'syz.3.8542': attribute type 2 has an invalid length.
[  401.387536][ T6643] netlink: 'syz.3.8542': attribute type 8 has an invalid length.
[  401.407138][ T6647] siw: device registration error -23
[  401.455023][ T6643] netlink: 'syz.3.8542': attribute type 39 has an invalid length.
[  401.801136][ T6666] xt_hashlimit: max too large, truncated to 1048576
[  402.256375][ T6737] 9pnet_fd: Insufficient options for proto=fd
[  402.524507][ T6756] netlink: 'syz.1.8575': attribute type 2 has an invalid length.
[  402.532348][ T6756] netlink: 'syz.1.8575': attribute type 8 has an invalid length.
[  402.569999][ T6756] netlink: 'syz.1.8575': attribute type 39 has an invalid length.
[  402.739753][ T6780] ALSA: seq fatal error: cannot create timer (-22)
[  402.785760][ T6780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.822104][ T6780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  403.330149][ T6822] __nla_validate_parse: 25 callbacks suppressed
[  403.330165][ T6822] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8585'.
[  403.409522][ T6827] random: crng reseeded on system resumption
[  403.462416][ T6828] syz.2.8586[6828] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  403.462497][ T6828] syz.2.8586[6828] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  403.562388][ T6844] loop2: detected capacity change from 0 to 1024
[  403.564999][ T6840] netlink: 'syz.3.8592': attribute type 2 has an invalid length.
[  403.574255][ T6844] EXT4-fs: Ignoring removed orlov option
[  403.580096][ T6840] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8592'.
[  403.587905][ T6844] EXT4-fs: Ignoring removed nomblk_io_submit option
[  403.626265][ T6844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  403.638760][   T29] kauditd_printk_skb: 206 callbacks suppressed
[  403.638772][   T29] audit: type=1400 audit(1733527827.130:59724): avc:  denied  { mount } for  pid=6843 comm="syz.2.8593" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  403.667758][   T29] audit: type=1400 audit(1733527827.160:59725): avc:  denied  { write } for  pid=6843 comm="syz.2.8593" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  403.689562][   T29] audit: type=1400 audit(1733527827.160:59726): avc:  denied  { remove_name } for  pid=6843 comm="syz.2.8593" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  403.712307][   T29] audit: type=1400 audit(1733527827.160:59727): avc:  denied  { unlink } for  pid=6843 comm="syz.2.8593" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  403.734999][   T29] audit: type=1326 audit(1733527827.160:59728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.5.8595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6b805fed9 code=0x7ffc0000
[  403.752636][ T6844] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  403.758603][   T29] audit: type=1326 audit(1733527827.160:59729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.5.8595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6b805fed9 code=0x7ffc0000
[  403.790376][   T29] audit: type=1326 audit(1733527827.160:59730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.5.8595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6b805fed9 code=0x7ffc0000
[  403.813933][   T29] audit: type=1326 audit(1733527827.160:59731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.5.8595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6b805fed9 code=0x7ffc0000
[  403.837505][   T29] audit: type=1326 audit(1733527827.160:59732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.5.8595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6b805fed9 code=0x7ffc0000
[  403.860987][   T29] audit: type=1326 audit(1733527827.160:59733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6848 comm="syz.5.8595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc6b805fed9 code=0x7ffc0000
[  403.935010][ T6860] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8598'.
[  403.966986][ T6866] random: crng reseeded on system resumption
[  403.979840][ T6865] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8597'.
[  404.061558][ T6866] syz.5.8599[6866] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  404.061696][ T6866] syz.5.8599[6866] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  404.133933][ T6887] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8606'.
[  404.154241][ T6887] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8606'.
[  404.163434][ T6887] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8606'.
[  404.194790][ T6887] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8606'.
[  404.203740][ T6887] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8606'.
[  404.212768][ T6887] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8606'.
[  404.255647][ T6889] validate_nla: 2 callbacks suppressed
[  404.255658][ T6889] netlink: 'syz.3.8607': attribute type 2 has an invalid length.
[  404.268959][ T6889] netlink: 'syz.3.8607': attribute type 8 has an invalid length.
[  404.313414][ T6908] FAULT_INJECTION: forcing a failure.
[  404.313414][ T6908] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  404.326508][ T6908] CPU: 0 UID: 0 PID: 6908 Comm: syz.0.8609 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  404.336802][ T6889] netlink: 'syz.3.8607': attribute type 39 has an invalid length.
[  404.337176][ T6908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  404.355071][ T6908] Call Trace:
[  404.358349][ T6908]  <TASK>
[  404.361298][ T6908]  dump_stack_lvl+0xf2/0x150
[  404.365905][ T6908]  dump_stack+0x15/0x1a
[  404.370175][ T6908]  should_fail_ex+0x223/0x230
[  404.374853][ T6908]  should_fail+0xb/0x10
[  404.379041][ T6908]  should_fail_usercopy+0x1a/0x20
[  404.384081][ T6908]  _copy_from_iter+0xd5/0xd00
[  404.388801][ T6908]  ? __rcu_read_unlock+0x4e/0x70
[  404.393958][ T6908]  ? avc_has_perm_noaudit+0x1cc/0x210
[  404.399337][ T6908]  write_pool_user+0x80/0x1e0
[  404.404052][ T6908]  ? import_ubuf+0xec/0x130
[  404.408588][ T6908]  random_ioctl+0x2c6/0x3f0
[  404.413088][ T6908]  ? __pfx_random_ioctl+0x10/0x10
[  404.418198][ T6908]  __se_sys_ioctl+0xc9/0x140
[  404.422808][ T6908]  __x64_sys_ioctl+0x43/0x50
[  404.427425][ T6908]  x64_sys_call+0x1690/0x2dc0
[  404.432113][ T6908]  do_syscall_64+0xc9/0x1c0
[  404.436732][ T6908]  ? clear_bhb_loop+0x55/0xb0
[  404.441517][ T6908]  ? clear_bhb_loop+0x55/0xb0
[  404.446207][ T6908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.452187][ T6908] RIP: 0033:0x7fdefaf4fed9
[  404.456649][ T6908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.476345][ T6908] RSP: 002b:00007fdef95c7058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  404.484777][ T6908] RAX: ffffffffffffffda RBX: 00007fdefb115fa0 RCX: 00007fdefaf4fed9
[  404.492747][ T6908] RDX: 000000002000fec0 RSI: 0000000040085203 RDI: 000000000000000a
[  404.500766][ T6908] RBP: 00007fdef95c70a0 R08: 0000000000000000 R09: 0000000000000000
[  404.508743][ T6908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.516706][ T6908] R13: 0000000000000000 R14: 00007fdefb115fa0 R15: 00007fff0ad69cf8
[  404.524701][ T6908]  </TASK>
[  404.551101][T31135] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  404.674346][ T6936] random: crng reseeded on system resumption
[  404.745800][ T6936] syz.3.8617[6936] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  404.745872][ T6936] syz.3.8617[6936] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  404.784832][ T6944] netlink: 'syz.1.8619': attribute type 10 has an invalid length.
[  404.804223][ T6944] macsec0: left allmulticast mode
[  404.864002][ T6964] bond1: entered promiscuous mode
[  404.869233][ T6964] bond1: entered allmulticast mode
[  404.874636][ T6964] 8021q: adding VLAN 0 to HW filter on device bond1
[  404.883247][ T6964] bond1 (unregistering): Released all slaves
[  404.905984][ T6968] syz.1.8622[6968] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  404.906110][ T6968] syz.1.8622[6968] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  404.931902][ T6968] sctp: [Deprecated]: syz.1.8622 (pid 6968) Use of int in maxseg socket option.
[  404.931902][ T6968] Use struct sctp_assoc_value instead
[  404.984109][ T6971] x_tables: duplicate underflow at hook 3
[  405.039561][ T6981] x_tables: duplicate underflow at hook 3
[  405.046151][ T6983] random: crng reseeded on system resumption
[  405.070875][ T6985] netlink: 'syz.5.8633': attribute type 10 has an invalid length.
[  405.106949][ T6992] bpf_get_probe_write_proto: 1 callbacks suppressed
[  405.106965][ T6992] syz.0.8632[6992] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  405.113736][ T6992] syz.0.8632[6992] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  405.709952][ T7020] syz.0.8644[7020] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  405.726176][ T7020] syz.0.8644[7020] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  405.738135][ T7020] syz.0.8644[7020] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  405.877789][ T7029] random: crng reseeded on system resumption
[  406.019983][ T7029] syz.2.8647[7029] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.020159][ T7029] syz.2.8647[7029] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.113678][ T7042] xt_hashlimit: max too large, truncated to 1048576
[  406.313095][ T7041] +}[@: attempt to access beyond end of device
[  406.313095][ T7041] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  406.421853][ T7053] netlink: 'syz.3.8654': attribute type 10 has an invalid length.
[  406.490498][ T7065] random: crng reseeded on system resumption
[  406.559522][ T7065] syz.5.8659[7065] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.559594][ T7065] syz.5.8659[7065] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.587314][ T7073] FAULT_INJECTION: forcing a failure.
[  406.587314][ T7073] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  406.611853][ T7073] CPU: 1 UID: 0 PID: 7073 Comm: syz.3.8661 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  406.622539][ T7073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  406.632643][ T7073] Call Trace:
[  406.635997][ T7073]  <TASK>
[  406.638921][ T7073]  dump_stack_lvl+0xf2/0x150
[  406.643594][ T7073]  dump_stack+0x15/0x1a
[  406.647905][ T7073]  should_fail_ex+0x223/0x230
[  406.652594][ T7073]  should_fail+0xb/0x10
[  406.656759][ T7073]  should_fail_usercopy+0x1a/0x20
[  406.661832][ T7073]  _copy_from_user+0x1e/0xb0
[  406.666430][ T7073]  __sys_bpf+0x14e/0x7a0
[  406.670733][ T7073]  __x64_sys_bpf+0x43/0x50
[  406.675154][ T7073]  x64_sys_call+0x2914/0x2dc0
[  406.679965][ T7073]  do_syscall_64+0xc9/0x1c0
[  406.684496][ T7073]  ? clear_bhb_loop+0x55/0xb0
[  406.689195][ T7073]  ? clear_bhb_loop+0x55/0xb0
[  406.693869][ T7073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.699833][ T7073] RIP: 0033:0x7f1a584dfed9
[  406.704259][ T7073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.723984][ T7073] RSP: 002b:00007f1a56b57058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  406.732433][ T7073] RAX: ffffffffffffffda RBX: 00007f1a586a5fa0 RCX: 00007f1a584dfed9
[  406.740397][ T7073] RDX: 0000000000000050 RSI: 00000000200005c0 RDI: 0000000000000000
[  406.748362][ T7073] RBP: 00007f1a56b570a0 R08: 0000000000000000 R09: 0000000000000000
[  406.756326][ T7073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.764289][ T7073] R13: 0000000000000000 R14: 00007f1a586a5fa0 R15: 00007ffdac3f9d28
[  406.772276][ T7073]  </TASK>
[  406.853786][ T7090] netlink: 'syz.2.8666': attribute type 10 has an invalid length.
[  406.861721][ T7090] macsec0: left allmulticast mode
[  406.933455][ T7101] random: crng reseeded on system resumption
[  407.011723][ T7101] syz.2.8672[7101] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  407.050344][ T7107] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  407.069853][ T7107] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  407.144631][ T7128] xt_hashlimit: max too large, truncated to 1048576
[  407.761370][ T7157] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  407.769650][ T7157] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  407.829650][ T7161] xt_hashlimit: max too large, truncated to 1048576
[  408.216179][ T7191] netlink: 'syz.0.8703': attribute type 2 has an invalid length.
[  408.223927][ T7191] netlink: 'syz.0.8703': attribute type 8 has an invalid length.
[  408.236021][ T7182] +}[@: attempt to access beyond end of device
[  408.236021][ T7182] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  408.251136][ T7191] netlink: 'syz.0.8703': attribute type 39 has an invalid length.
[  408.294239][ T7193] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  408.302412][ T7193] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  408.359539][ T7204] __nla_validate_parse: 78 callbacks suppressed
[  408.359553][ T7204] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8708'.
[  408.374930][ T7204] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8708'.
[  408.393554][ T7204] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8708'.
[  408.432708][ T7215] random: crng reseeded on system resumption
[  408.438430][ T7204] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8708'.
[  408.447741][ T7204] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8708'.
[  408.466722][ T7204] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8708'.
[  408.521888][ T7204] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8708'.
[  408.530926][ T7204] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8708'.
[  408.544564][ T7204] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8708'.
[  408.581457][ T7222] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8714'.
[  408.732224][ T7235] FAULT_INJECTION: forcing a failure.
[  408.732224][ T7235] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.745330][ T7235] CPU: 0 UID: 0 PID: 7235 Comm: syz.0.8718 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  408.756053][ T7235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  408.766103][ T7235] Call Trace:
[  408.769424][ T7235]  <TASK>
[  408.772408][ T7235]  dump_stack_lvl+0xf2/0x150
[  408.777014][ T7235]  dump_stack+0x15/0x1a
[  408.781247][ T7235]  should_fail_ex+0x223/0x230
[  408.785932][ T7235]  should_fail+0xb/0x10
[  408.790188][ T7235]  should_fail_usercopy+0x1a/0x20
[  408.795221][ T7235]  strncpy_from_user+0x25/0x210
[  408.800111][ T7235]  ? kmem_cache_alloc_noprof+0x18e/0x320
[  408.805757][ T7235]  ? getname_flags+0x81/0x3b0
[  408.810428][ T7235]  getname_flags+0xb0/0x3b0
[  408.814998][ T7235]  getname+0x17/0x20
[  408.818927][ T7235]  __se_sys_quotactl+0x15b/0x660
[  408.823896][ T7235]  __x64_sys_quotactl+0x55/0x70
[  408.828742][ T7235]  x64_sys_call+0x826/0x2dc0
[  408.833395][ T7235]  do_syscall_64+0xc9/0x1c0
[  408.837922][ T7235]  ? clear_bhb_loop+0x55/0xb0
[  408.842600][ T7235]  ? clear_bhb_loop+0x55/0xb0
[  408.847313][ T7235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.853225][ T7235] RIP: 0033:0x7fdefaf4fed9
[  408.857640][ T7235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.877284][ T7235] RSP: 002b:00007fdef95c7058 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  408.885701][ T7235] RAX: ffffffffffffffda RBX: 00007fdefb115fa0 RCX: 00007fdefaf4fed9
[  408.893699][ T7235] RDX: 000000000000ee00 RSI: 0000000020000040 RDI: ffffffff80000701
[  408.901666][ T7235] RBP: 00007fdef95c70a0 R08: 0000000000000000 R09: 0000000000000000
[  408.909636][ T7235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.917704][ T7235] R13: 0000000000000000 R14: 00007fdefb115fa0 R15: 00007fff0ad69cf8
[  408.925742][ T7235]  </TASK>
[  408.994039][   T29] kauditd_printk_skb: 477 callbacks suppressed
[  408.994055][   T29] audit: type=1326 audit(1733527832.480:60211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7238 comm="syz.2.8720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80e315fed9 code=0x7ffc0000
[  409.023745][   T29] audit: type=1326 audit(1733527832.480:60212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7238 comm="syz.2.8720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f80e315fed9 code=0x7ffc0000
[  409.047355][   T29] audit: type=1326 audit(1733527832.480:60213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7238 comm="syz.2.8720" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80e315fed9 code=0x7ffc0000
[  409.070914][   T29] audit: type=1400 audit(1733527832.520:60214): avc:  denied  { watch } for  pid=7211 comm="syz.1.8711" path="/541/control" dev="tmpfs" ino=2802 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  409.121363][ T7246] xt_hashlimit: max too large, truncated to 1048576
[  409.129029][ T7224] +}[@: attempt to access beyond end of device
[  409.129029][ T7224] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  409.175139][ T7250] xt_hashlimit: max too large, truncated to 1048576
[  409.182945][ T7252] random: crng reseeded on system resumption
[  409.299929][   T29] audit: type=1326 audit(1733527832.790:60215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7267 comm="syz.2.8732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80e315fed9 code=0x7ffc0000
[  409.325037][   T29] audit: type=1326 audit(1733527832.790:60216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7267 comm="syz.2.8732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f80e315fed9 code=0x7ffc0000
[  409.348589][   T29] audit: type=1326 audit(1733527832.790:60217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7267 comm="syz.2.8732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80e315fed9 code=0x7ffc0000
[  409.372082][   T29] audit: type=1326 audit(1733527832.820:60218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7267 comm="syz.2.8732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80e315fed9 code=0x7ffc0000
[  409.394411][ T7274] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7274 comm=syz.2.8734
[  409.395816][   T29] audit: type=1326 audit(1733527832.820:60219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7261 comm="syz.1.8729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b51abfed9 code=0x7ffc0000
[  409.431451][   T29] audit: type=1326 audit(1733527832.820:60220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7261 comm="syz.1.8729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b51abfed9 code=0x7ffc0000
[  409.569262][ T7279] xt_hashlimit: max too large, truncated to 1048576
[  409.705686][ T7271] +}[@: attempt to access beyond end of device
[  409.705686][ T7271] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  409.777390][ T7290] random: crng reseeded on system resumption
[  410.139312][ T7317] +}[@: attempt to access beyond end of device
[  410.139312][ T7317] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  410.302283][ T7352] FAULT_INJECTION: forcing a failure.
[  410.302283][ T7352] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  410.315396][ T7352] CPU: 1 UID: 0 PID: 7352 Comm: syz.2.8765 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  410.326157][ T7352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  410.336224][ T7352] Call Trace:
[  410.339501][ T7352]  <TASK>
[  410.342449][ T7352]  dump_stack_lvl+0xf2/0x150
[  410.347119][ T7352]  dump_stack+0x15/0x1a
[  410.351324][ T7352]  should_fail_ex+0x223/0x230
[  410.356053][ T7352]  should_fail+0xb/0x10
[  410.360277][ T7352]  should_fail_usercopy+0x1a/0x20
[  410.365380][ T7352]  _copy_from_user+0x1e/0xb0
[  410.370024][ T7352]  copy_msghdr_from_user+0x54/0x2a0
[  410.375274][ T7352]  ? __fget_files+0x17c/0x1c0
[  410.379969][ T7352]  __sys_sendmsg+0x13e/0x230
[  410.384592][ T7352]  __x64_sys_sendmsg+0x46/0x50
[  410.389444][ T7352]  x64_sys_call+0x2734/0x2dc0
[  410.394145][ T7352]  do_syscall_64+0xc9/0x1c0
[  410.398752][ T7352]  ? clear_bhb_loop+0x55/0xb0
[  410.403500][ T7352]  ? clear_bhb_loop+0x55/0xb0
[  410.408182][ T7352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.414185][ T7352] RIP: 0033:0x7f80e315fed9
[  410.418643][ T7352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.438299][ T7352] RSP: 002b:00007f80e17d7058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  410.446777][ T7352] RAX: ffffffffffffffda RBX: 00007f80e3325fa0 RCX: 00007f80e315fed9
[  410.454818][ T7352] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
[  410.462806][ T7352] RBP: 00007f80e17d70a0 R08: 0000000000000000 R09: 0000000000000000
[  410.470787][ T7352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.478792][ T7352] R13: 0000000000000000 R14: 00007f80e3325fa0 R15: 00007fff23722848
[  410.486818][ T7352]  </TASK>
[  410.623500][ T7367] bond1: entered promiscuous mode
[  410.628655][ T7367] bond1: entered allmulticast mode
[  410.634535][ T7367] 8021q: adding VLAN 0 to HW filter on device bond1
[  410.649942][ T7367] bond1 (unregistering): Released all slaves
[  410.903566][ T7374] +}[@: attempt to access beyond end of device
[  410.903566][ T7374] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  411.242763][ T7391] siw: device registration error -23
[  411.341519][ T7396] bpf_get_probe_write_proto: 7 callbacks suppressed
[  411.341532][ T7396] syz.3.8782[7396] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  411.348522][ T7396] syz.3.8782[7396] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  411.360109][ T7396] syz.3.8782[7396] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  411.413039][ T7403] validate_nla: 6 callbacks suppressed
[  411.413051][ T7403] netlink: 'syz.3.8784': attribute type 10 has an invalid length.
[  411.490829][ T7409] netlink: 'syz.2.8786': attribute type 10 has an invalid length.
[  411.512089][ T7413] netlink: 'syz.3.8788': attribute type 2 has an invalid length.
[  411.519913][ T7413] netlink: 'syz.3.8788': attribute type 8 has an invalid length.
[  411.536054][ T7413] netlink: 'syz.3.8788': attribute type 39 has an invalid length.
[  411.594920][ T7427] random: crng reseeded on system resumption
[  411.680856][ T7427] syz.2.8793[7427] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  411.681088][ T7427] syz.2.8793[7427] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  411.724620][ T7438] xt_hashlimit: max too large, truncated to 1048576
[  411.866193][ T7432] +}[@: attempt to access beyond end of device
[  411.866193][ T7432] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  412.156386][ T7463] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  412.188521][ T7469] xt_hashlimit: max too large, truncated to 1048576
[  412.300994][ T7491] netlink: 'syz.0.8816': attribute type 10 has an invalid length.
[  412.388981][ T7504] sctp: [Deprecated]: syz.5.8819 (pid 7504) Use of int in maxseg socket option.
[  412.388981][ T7504] Use struct sctp_assoc_value instead
[  412.526110][ T7524] FAULT_INJECTION: forcing a failure.
[  412.526110][ T7524] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  412.539248][ T7524] CPU: 0 UID: 0 PID: 7524 Comm: syz.0.8824 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  412.549978][ T7524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  412.560027][ T7524] Call Trace:
[  412.563295][ T7524]  <TASK>
[  412.566218][ T7524]  dump_stack_lvl+0xf2/0x150
[  412.570847][ T7524]  dump_stack+0x15/0x1a
[  412.575048][ T7524]  should_fail_ex+0x223/0x230
[  412.579764][ T7524]  should_fail+0xb/0x10
[  412.583920][ T7524]  should_fail_usercopy+0x1a/0x20
[  412.588966][ T7524]  _copy_from_user+0x1e/0xb0
[  412.593588][ T7524]  copy_msghdr_from_user+0x54/0x2a0
[  412.598789][ T7524]  ? __fget_files+0x17c/0x1c0
[  412.603474][ T7524]  __sys_sendmsg+0x13e/0x230
[  412.608189][ T7524]  __x64_sys_sendmsg+0x46/0x50
[  412.612961][ T7524]  x64_sys_call+0x2734/0x2dc0
[  412.617641][ T7524]  do_syscall_64+0xc9/0x1c0
[  412.622170][ T7524]  ? clear_bhb_loop+0x55/0xb0
[  412.626840][ T7524]  ? clear_bhb_loop+0x55/0xb0
[  412.631509][ T7524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.637454][ T7524] RIP: 0033:0x7fdefaf4fed9
[  412.641871][ T7524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  412.661551][ T7524] RSP: 002b:00007fdef95c7058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  412.669957][ T7524] RAX: ffffffffffffffda RBX: 00007fdefb115fa0 RCX: 00007fdefaf4fed9
[  412.677990][ T7524] RDX: 0000000000000000 RSI: 0000000020001200 RDI: 0000000000000003
[  412.686007][ T7524] RBP: 00007fdef95c70a0 R08: 0000000000000000 R09: 0000000000000000
[  412.693996][ T7524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  412.701962][ T7524] R13: 0000000000000000 R14: 00007fdefb115fa0 R15: 00007fff0ad69cf8
[  412.709965][ T7524]  </TASK>
[  412.750412][ T7490] +}[@: attempt to access beyond end of device
[  412.750412][ T7490] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  412.962291][ T7550] loop2: detected capacity change from 0 to 256
[  413.013673][ T7550] FAT-fs (loop2): Directory bread(block 64) failed
[  413.020593][ T7550] FAT-fs (loop2): Directory bread(block 65) failed
[  413.028566][ T7550] FAT-fs (loop2): Directory bread(block 66) failed
[  413.038135][ T7550] FAT-fs (loop2): Directory bread(block 67) failed
[  413.044887][ T7550] FAT-fs (loop2): Directory bread(block 68) failed
[  413.060719][ T7550] FAT-fs (loop2): Directory bread(block 69) failed
[  413.070761][ T7550] FAT-fs (loop2): Directory bread(block 70) failed
[  413.077573][ T7550] FAT-fs (loop2): Directory bread(block 71) failed
[  413.087116][ T7550] FAT-fs (loop2): Directory bread(block 72) failed
[  413.095288][ T7550] FAT-fs (loop2): Directory bread(block 73) failed
[  413.236398][ T7555] +}[@: attempt to access beyond end of device
[  413.236398][ T7555] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  413.324507][ T7601] netlink: 'syz.3.8844': attribute type 10 has an invalid length.
[  413.481076][ T7631] xt_hashlimit: max too large, truncated to 1048576
[  413.517313][ T7629] __nla_validate_parse: 27 callbacks suppressed
[  413.517333][ T7629] netlink: 72 bytes leftover after parsing attributes in process `syz.2.8851'.
[  413.562472][ T7629] hub 1-0:1.0: USB hub found
[  413.567208][ T7629] hub 1-0:1.0: 8 ports detected
[  413.751153][ T7670] FAULT_INJECTION: forcing a failure.
[  413.751153][ T7670] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  413.764398][ T7670] CPU: 1 UID: 0 PID: 7670 Comm: syz.2.8869 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  413.775143][ T7670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  413.785264][ T7670] Call Trace:
[  413.788553][ T7670]  <TASK>
[  413.791478][ T7670]  dump_stack_lvl+0xf2/0x150
[  413.796084][ T7670]  dump_stack+0x15/0x1a
[  413.800247][ T7670]  should_fail_ex+0x223/0x230
[  413.804943][ T7670]  should_fail+0xb/0x10
[  413.809147][ T7670]  should_fail_usercopy+0x1a/0x20
[  413.814174][ T7670]  _copy_to_user+0x20/0xa0
[  413.818648][ T7670]  simple_read_from_buffer+0xa0/0x110
[  413.824074][ T7670]  proc_fail_nth_read+0xf9/0x140
[  413.829033][ T7670]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  413.834603][ T7670]  vfs_read+0x1a2/0x700
[  413.838761][ T7670]  ? __rcu_read_unlock+0x4e/0x70
[  413.843762][ T7670]  ? __fget_files+0x17c/0x1c0
[  413.848482][ T7670]  ksys_read+0xe8/0x1b0
[  413.852705][ T7670]  __x64_sys_read+0x42/0x50
[  413.857269][ T7670]  x64_sys_call+0x2874/0x2dc0
[  413.861951][ T7670]  do_syscall_64+0xc9/0x1c0
[  413.866466][ T7670]  ? clear_bhb_loop+0x55/0xb0
[  413.871138][ T7670]  ? clear_bhb_loop+0x55/0xb0
[  413.875850][ T7670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.881746][ T7670] RIP: 0033:0x7f80e315e8ec
[  413.886170][ T7670] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  413.905770][ T7670] RSP: 002b:00007f80e17d7050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  413.914222][ T7670] RAX: ffffffffffffffda RBX: 00007f80e3325fa0 RCX: 00007f80e315e8ec
[  413.922242][ T7670] RDX: 000000000000000f RSI: 00007f80e17d70b0 RDI: 0000000000000003
[  413.930212][ T7670] RBP: 00007f80e17d70a0 R08: 0000000000000000 R09: 0000000000000000
[  413.938231][ T7670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.946281][ T7670] R13: 0000000000000000 R14: 00007f80e3325fa0 R15: 00007fff23722848
[  413.954360][ T7670]  </TASK>
[  413.961000][ T7676] random: crng reseeded on system resumption
[  414.011416][   T29] kauditd_printk_skb: 402 callbacks suppressed
[  414.011430][   T29] audit: type=1400 audit(1733527837.500:60623): avc:  denied  { append } for  pid=7678 comm="syz.3.8873" name="hwrng" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  414.036542][ T7682] syz.0.8872[7682] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  414.041096][ T7682] syz.0.8872[7682] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  414.082712][   T29] audit: type=1400 audit(1733527837.520:60624): avc:  denied  { create } for  pid=7675 comm="syz.0.8872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  414.097679][ T7679] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8873'.
[  414.113663][   T29] audit: type=1400 audit(1733527837.530:60625): avc:  denied  { getopt } for  pid=7675 comm="syz.0.8872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  414.142131][   T29] audit: type=1400 audit(1733527837.550:60626): avc:  denied  { create } for  pid=7678 comm="syz.3.8873" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  414.163446][   T29] audit: type=1400 audit(1733527837.550:60627): avc:  denied  { map } for  pid=7678 comm="syz.3.8873" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=99228 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  414.187726][   T29] audit: type=1400 audit(1733527837.550:60628): avc:  denied  { read write } for  pid=7678 comm="syz.3.8873" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=99228 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  414.212688][   T29] audit: type=1400 audit(1733527837.550:60629): avc:  denied  { create } for  pid=7678 comm="syz.3.8873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  414.232421][   T29] audit: type=1400 audit(1733527837.550:60630): avc:  denied  { ioctl } for  pid=7678 comm="syz.3.8873" path="socket:[99230]" dev="sockfs" ino=99230 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  414.257361][   T29] audit: type=1400 audit(1733527837.550:60631): avc:  denied  { mounton } for  pid=7675 comm="syz.0.8872" path="/573/file0" dev="tmpfs" ino=3004 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  414.280111][   T29] audit: type=1400 audit(1733527837.550:60632): avc:  denied  { module_request } for  pid=7678 comm="syz.3.8873" kmod="netdev-veth0_vlan" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  414.399664][ T7699] loop2: detected capacity change from 0 to 2048
[  414.428723][ T7699] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  414.500298][ T7709] syz.3.8882[7709] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  414.500353][ T7709] syz.3.8882[7709] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  414.520958][ T7699] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  414.547555][ T7709] syz.3.8882[7709] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  414.552404][ T7709] bridge0: port 3(vlan0) entered blocking state
[  414.554430][ T7699] EXT4-fs (loop2): Delayed block allocation failed for inode 16 at logical offset 1344 with max blocks 2 with error 28
[  414.563775][ T7709] bridge0: port 3(vlan0) entered disabled state
[  414.569930][ T7699] EXT4-fs (loop2): This should not happen!! Data will be lost
[  414.569930][ T7699] 
[  414.583987][ T7709] vlan0: entered allmulticast mode
[  414.588643][ T7699] EXT4-fs (loop2): Total free blocks count 0
[  414.588661][ T7699] EXT4-fs (loop2): Free/Dirty block details
[  414.605476][ T7701] +}[@: attempt to access beyond end of device
[  414.605476][ T7701] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  414.609386][ T7699] EXT4-fs (loop2): free_blocks=2415919104
[  414.633625][ T7699] EXT4-fs (loop2): dirty_blocks=16
[  414.638759][ T7699] EXT4-fs (loop2): Block reservation details
[  414.644759][ T7699] EXT4-fs (loop2): i_reserved_data_blocks=1
[  414.651014][ T7709] vlan0: left allmulticast mode
[  414.685085][T31135] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  414.715228][ T7719] random: crng reseeded on system resumption
[  414.757108][ T7721] siw: device registration error -23
[  415.144668][ T7747] +}[@: attempt to access beyond end of device
[  415.144668][ T7747] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  415.215038][ T7754] netlink: 'syz.0.8898': attribute type 10 has an invalid length.
[  415.295037][ T7763] random: crng reseeded on system resumption
[  415.369755][ T7761] bond1: entered promiscuous mode
[  415.374950][ T7761] bond1: entered allmulticast mode
[  415.380532][ T7761] 8021q: adding VLAN 0 to HW filter on device bond1
[  415.389360][ T7761] bond1 (unregistering): Released all slaves
[  415.606583][ T7818] netlink: 'syz.3.8910': attribute type 10 has an invalid length.
[  415.698090][ T7798] +}[@: attempt to access beyond end of device
[  415.698090][ T7798] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  415.866502][ T7840] netlink: 72 bytes leftover after parsing attributes in process `syz.2.8916'.
[  415.913668][ T7840] hub 1-0:1.0: USB hub found
[  415.921525][ T7840] hub 1-0:1.0: 8 ports detected
[  416.009563][ T7849] loop2: detected capacity change from 0 to 1024
[  416.016937][ T7849] EXT4-fs: Ignoring removed orlov option
[  416.022678][ T7849] EXT4-fs: Ignoring removed nomblk_io_submit option
[  416.078606][ T7849] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  416.082003][ T7855] netlink: 'syz.1.8921': attribute type 10 has an invalid length.
[  416.172866][ T7849] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  416.244641][ T7878] netlink: 72 bytes leftover after parsing attributes in process `syz.5.8927'.
[  416.337604][ T7887] netlink: 72 bytes leftover after parsing attributes in process `syz.5.8928'.
[  416.387543][ T7900] xt_hashlimit: max too large, truncated to 1048576
[  416.413140][ T7866] +}[@: attempt to access beyond end of device
[  416.413140][ T7866] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  416.444688][ T7907] random: crng reseeded on system resumption
[  416.527452][ T7913] bpf_get_probe_write_proto: 4 callbacks suppressed
[  416.527471][ T7913] syz.5.8931[7913] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  416.537063][ T7919] program syz.0.8935 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  416.559329][ T7913] syz.5.8931[7913] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  416.646981][ T7935] netlink: 'syz.5.8939': attribute type 2 has an invalid length.
[  416.666189][ T7935] netlink: 'syz.5.8939': attribute type 8 has an invalid length.
[  416.673910][ T7935] netlink: 32 bytes leftover after parsing attributes in process `syz.5.8939'.
[  416.698694][ T7946] random: crng reseeded on system resumption
[  416.710511][ T7935] netlink: 'syz.5.8939': attribute type 39 has an invalid length.
[  416.771342][ T7946] syz.0.8944[7946] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  416.771485][ T7946] syz.0.8944[7946] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  416.846710][T31135] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.026391][ T8006] xt_hashlimit: max too large, truncated to 1048576
[  417.036263][ T8000] random: crng reseeded on system resumption
[  417.066555][ T8004] netlink: 'syz.3.8961': attribute type 2 has an invalid length.
[  417.074347][ T8004] netlink: 'syz.3.8961': attribute type 8 has an invalid length.
[  417.082117][ T8004] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8961'.
[  417.094170][ T8004] netlink: 'syz.3.8961': attribute type 39 has an invalid length.
[  417.140361][ T8000] syz.0.8958[8000] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  417.140423][ T8000] syz.0.8958[8000] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  417.247181][ T8035] netlink: 'syz.1.8974': attribute type 10 has an invalid length.
[  417.293169][ T8041] xt_hashlimit: max too large, truncated to 1048576
[  417.302661][ T8046] random: crng reseeded on system resumption
[  417.359108][ T8049] netlink: 'syz.3.8981': attribute type 2 has an invalid length.
[  417.366958][ T8049] netlink: 'syz.3.8981': attribute type 8 has an invalid length.
[  417.374702][ T8049] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8981'.
[  417.384233][ T8051] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.8975'.
[  417.396196][ T8049] netlink: 'syz.3.8981': attribute type 39 has an invalid length.
[  417.397423][ T8037] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.8975'.
[  417.414857][ T8046] syz.1.8979[8046] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  417.414911][ T8046] syz.1.8979[8046] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  417.516802][ T8071] xt_hashlimit: max too large, truncated to 1048576
[  417.583437][ T8077] random: crng reseeded on system resumption
[  417.646542][ T8083] syz.0.8994[8083] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  417.646620][ T8083] syz.0.8994[8083] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  417.882090][ T8114] random: crng reseeded on system resumption
[  418.276430][ T4073] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.322478][ T8174] random: crng reseeded on system resumption
[  418.348282][ T4073] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.417357][ T4073] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.498180][ T4073] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  418.512993][ T8143] chnl_net:caif_netlink_parms(): no params data found
[  418.572332][ T8195] xt_hashlimit: max too large, truncated to 1048576
[  418.665619][ T4073] bridge_slave_1: left promiscuous mode
[  418.671455][ T4073] bridge0: port 2(bridge_slave_1) entered disabled state
[  418.704711][ T4073] bridge_slave_0: left promiscuous mode
[  418.710596][ T4073] bridge0: port 1(bridge_slave_0) entered disabled state
[  418.753426][ T8212] loop2: detected capacity change from 0 to 512
[  418.761523][ T8212] EXT4-fs: Ignoring removed orlov option
[  418.767260][ T8212] ext4: Unknown parameter 'fsmagic'
[  418.793139][ T4073] bond0 (unregistering): (slave geneve1): Releasing backup interface
[  418.801476][ T4073] geneve1 (unregistering): left allmulticast mode
[  418.835597][ T4073] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  418.846536][ T4073] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  418.861985][ T4073] bond0 (unregistering): Released all slaves
[  418.880864][ T8143] bridge0: port 1(bridge_slave_0) entered blocking state
[  418.888090][ T8143] bridge0: port 1(bridge_slave_0) entered disabled state
[  418.895436][ T8143] bridge_slave_0: entered allmulticast mode
[  418.901870][ T8143] bridge_slave_0: entered promiscuous mode
[  418.912261][ T8212] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  418.920465][ T8212] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  418.929152][ T8143] bridge0: port 2(bridge_slave_1) entered blocking state
[  418.936368][ T8143] bridge0: port 2(bridge_slave_1) entered disabled state
[  418.943601][ T8143] bridge_slave_1: entered allmulticast mode
[  418.950148][ T8143] bridge_slave_1: entered promiscuous mode
[  418.957947][ T4073] hsr_slave_0: left promiscuous mode
[  418.964117][ T4073] hsr_slave_1: left promiscuous mode
[  418.991312][ T4073] team0 (unregistering): Port device team_slave_1 removed
[  419.001534][ T4073] team0 (unregistering): Port device team_slave_0 removed
[  419.032471][ T8236] __nla_validate_parse: 1 callbacks suppressed
[  419.032488][ T8236] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9034'.
[  419.048488][ T8230] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9034'.
[  419.068418][ T8143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  419.079097][ T8143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  419.106161][ T8143] team0: Port device team_slave_0 added
[  419.112896][ T8143] team0: Port device team_slave_1 added
[  419.134815][ T8143] batman_adv: batadv0: Adding interface: batadv_slave_0
[  419.141757][ T8143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  419.167688][ T8143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  419.178932][ T8143] batman_adv: batadv0: Adding interface: batadv_slave_1
[  419.185908][ T8143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  419.211822][ T8143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  419.223535][ T8256] netlink: 96 bytes leftover after parsing attributes in process `syz.1.9041'.
[  419.232138][   T29] kauditd_printk_skb: 762 callbacks suppressed
[  419.232231][   T29] audit: type=1400 audit(1733527842.720:61395): avc:  denied  { ioctl } for  pid=8248 comm="syz.2.9038" path="socket:[101001]" dev="sockfs" ino=101001 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  419.232497][ T8256] netlink: 96 bytes leftover after parsing attributes in process `syz.1.9041'.
[  419.239963][   T29] audit: type=1400 audit(1733527842.740:61396): avc:  denied  { mount } for  pid=8248 comm="syz.2.9038" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  419.364351][   T29] audit: type=1400 audit(1733527842.800:61397): avc:  denied  { unmount } for  pid=31135 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  419.385036][ T8143] hsr_slave_0: entered promiscuous mode
[  419.392917][ T8143] hsr_slave_1: entered promiscuous mode
[  419.404784][ T8143] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  419.412592][ T8143] Cannot create hsr debugfs directory
[  419.425370][ T8272] netlink: 72 bytes leftover after parsing attributes in process `syz.5.9048'.
[  419.425500][ T8269] netlink: 72 bytes leftover after parsing attributes in process `syz.2.9047'.
[  419.434558][   T29] audit: type=1400 audit(1733527842.920:61398): avc:  denied  { append } for  pid=8271 comm="syz.5.9048" name="001" dev="devtmpfs" ino=147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  419.478389][   T29] audit: type=1400 audit(1733527842.970:61399): avc:  denied  { create } for  pid=8271 comm="syz.5.9048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  419.483929][ T8272] hub 1-0:1.0: USB hub found
[  419.544686][   T29] audit: type=1400 audit(1733527843.010:61400): avc:  denied  { create } for  pid=8267 comm="syz.2.9047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  419.567786][ T8272] hub 1-0:1.0: 8 ports detected
[  419.588311][ T8292] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.9047' sets config #1
[  419.609170][   T29] audit: type=1400 audit(1733527843.100:61401): avc:  denied  { create } for  pid=8293 comm="syz.0.9051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  419.632151][   T29] audit: type=1400 audit(1733527843.120:61402): avc:  denied  { create } for  pid=8293 comm="syz.0.9051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  419.652724][   T29] audit: type=1400 audit(1733527843.120:61403): avc:  denied  { write } for  pid=8293 comm="syz.0.9051" path="socket:[100302]" dev="sockfs" ino=100302 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  419.677249][   T29] audit: type=1400 audit(1733527843.120:61404): avc:  denied  { create } for  pid=8293 comm="syz.0.9051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  419.677537][ T8296] siw: device registration error -23
[  419.765992][ T8307] FAULT_INJECTION: forcing a failure.
[  419.765992][ T8307] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  419.779070][ T8307] CPU: 0 UID: 0 PID: 8307 Comm: syz.5.9056 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  419.789754][ T8307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  419.799812][ T8307] Call Trace:
[  419.803094][ T8307]  <TASK>
[  419.806030][ T8307]  dump_stack_lvl+0xf2/0x150
[  419.810680][ T8307]  dump_stack+0x15/0x1a
[  419.814946][ T8307]  should_fail_ex+0x223/0x230
[  419.819636][ T8307]  should_fail+0xb/0x10
[  419.823807][ T8307]  should_fail_usercopy+0x1a/0x20
[  419.828857][ T8307]  _copy_from_user+0x1e/0xb0
[  419.833466][ T8307]  copy_msghdr_from_user+0x54/0x2a0
[  419.838673][ T8307]  ? __fget_files+0x17c/0x1c0
[  419.843372][ T8307]  __sys_sendmsg+0x13e/0x230
[  419.845713][ T8303] netlink: 96 bytes leftover after parsing attributes in process `syz.2.9054'.
[  419.847975][ T8307]  __x64_sys_sendmsg+0x46/0x50
[  419.848003][ T8307]  x64_sys_call+0x2734/0x2dc0
[  419.856981][ T8303] netlink: 96 bytes leftover after parsing attributes in process `syz.2.9054'.
[  419.861688][ T8307]  do_syscall_64+0xc9/0x1c0
[  419.879858][ T8307]  ? clear_bhb_loop+0x55/0xb0
[  419.884541][ T8307]  ? clear_bhb_loop+0x55/0xb0
[  419.889235][ T8307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.895225][ T8307] RIP: 0033:0x7fc6b805fed9
[  419.899644][ T8307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.919263][ T8307] RSP: 002b:00007fc6b66d7058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  419.927682][ T8307] RAX: ffffffffffffffda RBX: 00007fc6b8225fa0 RCX: 00007fc6b805fed9
[  419.935660][ T8307] RDX: 0000000000000000 RSI: 0000000020001200 RDI: 0000000000000003
[  419.943627][ T8307] RBP: 00007fc6b66d70a0 R08: 0000000000000000 R09: 0000000000000000
[  419.951631][ T8307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.959628][ T8307] R13: 0000000000000000 R14: 00007fc6b8225fa0 R15: 00007fffb0e7f828
[  419.967641][ T8307]  </TASK>
[  420.107745][ T8340] netlink: 72 bytes leftover after parsing attributes in process `syz.0.9063'.
[  420.136566][ T8340] hub 1-0:1.0: USB hub found
[  420.141355][ T8340] hub 1-0:1.0: 8 ports detected
[  420.174341][ T8364] netlink: 96 bytes leftover after parsing attributes in process `syz.2.9069'.
[  420.279053][ T8380] loop2: detected capacity change from 0 to 512
[  420.299796][ T8380] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  420.330916][ T8380] EXT4-fs (loop2): 1 truncate cleaned up
[  420.337362][ T8143] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  420.360039][ T8380] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  420.404401][ T8143] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  420.420126][ T8143] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  420.439869][ T8143] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  420.514762][T31135] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  420.521595][ T8143] 8021q: adding VLAN 0 to HW filter on device bond0
[  420.536603][ T8143] 8021q: adding VLAN 0 to HW filter on device team0
[  420.545749][ T7566] bridge0: port 1(bridge_slave_0) entered blocking state
[  420.552843][ T7566] bridge0: port 1(bridge_slave_0) entered forwarding state
[  420.565512][T11910] bridge0: port 2(bridge_slave_1) entered blocking state
[  420.572715][T11910] bridge0: port 2(bridge_slave_1) entered forwarding state
[  420.658260][ T8412] hub 1-0:1.0: USB hub found
[  420.664871][ T8412] hub 1-0:1.0: 8 ports detected
[  420.714070][ T8143] 8021q: adding VLAN 0 to HW filter on device batadv0
[  420.870158][ T8454] random: crng reseeded on system resumption
[  420.875880][ T8143] veth0_vlan: entered promiscuous mode
[  420.892069][ T8143] veth1_vlan: entered promiscuous mode
[  420.904301][ T8143] veth0_macvtap: entered promiscuous mode
[  420.911237][ T8143] veth1_macvtap: entered promiscuous mode
[  420.921934][ T8143] batman_adv: batadv0: Interface activated: batadv_slave_0
[  420.943121][ T8143] batman_adv: batadv0: Interface activated: batadv_slave_1
[  420.952618][ T8143] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  420.961431][ T8143] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  420.970353][ T8143] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  420.979068][ T8143] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  421.206223][ T8494] FAULT_INJECTION: forcing a failure.
[  421.206223][ T8494] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  421.219318][ T8494] CPU: 1 UID: 0 PID: 8494 Comm: syz.1.9102 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  421.230162][ T8494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  421.240345][ T8494] Call Trace:
[  421.243676][ T8494]  <TASK>
[  421.246606][ T8494]  dump_stack_lvl+0xf2/0x150
[  421.251210][ T8494]  dump_stack+0x15/0x1a
[  421.255435][ T8494]  should_fail_ex+0x223/0x230
[  421.260116][ T8494]  should_fail+0xb/0x10
[  421.264272][ T8494]  should_fail_usercopy+0x1a/0x20
[  421.269385][ T8494]  strncpy_from_user+0x25/0x210
[  421.274282][ T8494]  ? kmem_cache_alloc_noprof+0x18e/0x320
[  421.279910][ T8494]  ? getname_flags+0x81/0x3b0
[  421.284609][ T8494]  getname_flags+0xb0/0x3b0
[  421.289152][ T8494]  getname+0x17/0x20
[  421.293039][ T8494]  __se_sys_quotactl+0x15b/0x660
[  421.297987][ T8494]  __x64_sys_quotactl+0x55/0x70
[  421.302927][ T8494]  x64_sys_call+0x826/0x2dc0
[  421.307636][ T8494]  do_syscall_64+0xc9/0x1c0
[  421.312194][ T8494]  ? clear_bhb_loop+0x55/0xb0
[  421.316863][ T8494]  ? clear_bhb_loop+0x55/0xb0
[  421.321558][ T8494]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.327543][ T8494] RIP: 0033:0x7f0b51abfed9
[  421.331958][ T8494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.351648][ T8494] RSP: 002b:00007f0b50137058 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[  421.360058][ T8494] RAX: ffffffffffffffda RBX: 00007f0b51c85fa0 RCX: 00007f0b51abfed9
[  421.368038][ T8494] RDX: 000000000000ee00 RSI: 0000000020000040 RDI: ffffffff80000701
[  421.376086][ T8494] RBP: 00007f0b501370a0 R08: 0000000000000000 R09: 0000000000000000
[  421.384108][ T8494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  421.392088][ T8494] R13: 0000000000000000 R14: 00007f0b51c85fa0 R15: 00007ffdcb9973e8
[  421.400059][ T8494]  </TASK>
[  421.429595][ T8501] random: crng reseeded on system resumption
[  421.669386][ T8526] hub 1-0:1.0: USB hub found
[  421.674187][ T8526] hub 1-0:1.0: 8 ports detected
[  421.710857][ T8495] chnl_net:caif_netlink_parms(): no params data found
[  421.798557][   T50] bridge_slave_1: left promiscuous mode
[  421.804369][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  421.835339][   T50] bridge_slave_0: left promiscuous mode
[  421.840972][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  421.856028][ T8559] random: crng reseeded on system resumption
[  421.940075][ T8559] bpf_get_probe_write_proto: 8 callbacks suppressed
[  421.940087][ T8559] syz.5.9121[8559] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  421.946790][ T8559] syz.5.9121[8559] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  421.995751][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  422.024637][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  422.037687][   T50] bond0 (unregistering): Released all slaves
[  422.080796][ T8585] siw: device registration error -23
[  422.086910][ T8495] bridge0: port 1(bridge_slave_0) entered blocking state
[  422.094089][ T8495] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.107137][ T8495] bridge_slave_0: entered allmulticast mode
[  422.114537][ T8495] bridge_slave_0: entered promiscuous mode
[  422.156506][   T50] hsr_slave_0: left promiscuous mode
[  422.162265][   T50] hsr_slave_1: left promiscuous mode
[  422.193623][   T50] team0 (unregistering): Port device team_slave_1 removed
[  422.203107][   T50] team0 (unregistering): Port device team_slave_0 removed
[  422.231215][ T8495] bridge0: port 2(bridge_slave_1) entered blocking state
[  422.238437][ T8495] bridge0: port 2(bridge_slave_1) entered disabled state
[  422.245741][ T8495] bridge_slave_1: entered allmulticast mode
[  422.253071][ T8495] bridge_slave_1: entered promiscuous mode
[  422.299508][ T8495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  422.334799][ T8495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  422.371723][ T8495] team0: Port device team_slave_0 added
[  422.390399][ T8495] team0: Port device team_slave_1 added
[  422.450352][ T8495] batman_adv: batadv0: Adding interface: batadv_slave_0
[  422.457377][ T8495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  422.483378][ T8495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  422.486720][ T8627] xt_hashlimit: max too large, truncated to 1048576
[  422.542128][   T50] IPVS: stop unused estimator thread 0...
[  422.556564][ T8495] batman_adv: batadv0: Adding interface: batadv_slave_1
[  422.563531][ T8495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  422.589568][ T8495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  422.630671][ T8638] hub 1-0:1.0: USB hub found
[  422.642317][ T8638] hub 1-0:1.0: 8 ports detected
[  422.653826][ T8495] hsr_slave_0: entered promiscuous mode
[  422.675629][ T8495] hsr_slave_1: entered promiscuous mode
[  422.694860][ T8495] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  422.708365][ T8495] Cannot create hsr debugfs directory
[  422.811346][ T8673] xt_hashlimit: max too large, truncated to 1048576
[  422.954406][ T8695] loop2: detected capacity change from 0 to 1024
[  422.967544][ T8693] hub 1-0:1.0: USB hub found
[  422.973350][ T8693] hub 1-0:1.0: 8 ports detected
[  422.982026][ T8695] EXT4-fs: Ignoring removed orlov option
[  422.987756][ T8695] EXT4-fs: Ignoring removed nomblk_io_submit option
[  423.045791][ T8695] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  423.067389][ T8714] siw: device registration error -23
[  423.125588][ T8495] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  423.148222][ T8695] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  423.159788][ T8721] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  423.172603][ T8695] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  423.188001][ T8721] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  423.230648][ T8495] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  423.246718][ T8495] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  423.256198][ T8495] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  423.270225][ T8745] siw: device registration error -23
[  423.348268][ T8495] 8021q: adding VLAN 0 to HW filter on device bond0
[  423.376392][ T8745] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  423.383831][ T8745] batman_adv: batadv0: Removing interface: batadv_slave_0
[  423.402989][ T8745] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  423.410454][ T8745] batman_adv: batadv0: Removing interface: batadv_slave_1
[  423.434191][ T8495] 8021q: adding VLAN 0 to HW filter on device team0
[  423.443222][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.450291][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  423.461703][ T7567] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.468783][ T7567] bridge0: port 2(bridge_slave_1) entered forwarding state
[  423.505635][ T8495] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  423.566201][ T8495] 8021q: adding VLAN 0 to HW filter on device batadv0
[  423.619421][ T8747] +}[@: attempt to access beyond end of device
[  423.619421][ T8747] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  423.685435][ T8495] veth0_vlan: entered promiscuous mode
[  423.696253][ T8495] veth1_vlan: entered promiscuous mode
[  423.721613][ T8495] veth0_macvtap: entered promiscuous mode
[  423.730252][ T8495] veth1_macvtap: entered promiscuous mode
[  423.744725][ T8495] batman_adv: batadv0: Interface activated: batadv_slave_0
[  423.756912][ T8495] batman_adv: batadv0: Interface activated: batadv_slave_1
[  423.766827][ T8495] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  423.775580][ T8495] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  423.784400][ T8495] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  423.793083][ T8495] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  423.807056][T31135] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  423.872131][ T8804] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  423.880413][ T8804] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  423.986810][ T8812] loop2: detected capacity change from 0 to 1024
[  423.993746][ T8812] EXT4-fs: dax option not supported
[  424.413503][   T29] kauditd_printk_skb: 503 callbacks suppressed
[  424.413519][   T29] audit: type=1400 audit(1733527847.890:61908): avc:  denied  { create } for  pid=8836 comm="syz.2.9195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  424.440378][   T29] audit: type=1400 audit(1733527847.890:61909): avc:  denied  { write } for  pid=8836 comm="syz.2.9195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  424.460870][   T29] audit: type=1400 audit(1733527847.890:61910): avc:  denied  { read } for  pid=8836 comm="syz.2.9195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  424.481259][   T29] audit: type=1400 audit(1733527847.890:61911): avc:  denied  { mount } for  pid=8836 comm="syz.2.9195" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  424.503524][   T29] audit: type=1400 audit(1733527847.890:61912): avc:  denied  { watch } for  pid=8836 comm="syz.2.9195" path="/606/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  424.526018][   T29] audit: type=1400 audit(1733527847.910:61913): avc:  denied  { nlmsg_write } for  pid=8838 comm="syz.0.9196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  424.548037][   T29] audit: type=1400 audit(1733527848.040:61914): avc:  denied  { read } for  pid=2982 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  424.570187][   T29] audit: type=1400 audit(1733527848.040:61915): avc:  denied  { search } for  pid=2982 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  424.591905][   T29] audit: type=1400 audit(1733527848.040:61916): avc:  denied  { open } for  pid=2982 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=15 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  424.614645][   T29] audit: type=1400 audit(1733527848.040:61917): avc:  denied  { getattr } for  pid=2982 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=15 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  424.646392][ T8821] chnl_net:caif_netlink_parms(): no params data found
[  424.760717][ T8821] bridge0: port 1(bridge_slave_0) entered blocking state
[  424.767841][ T8821] bridge0: port 1(bridge_slave_0) entered disabled state
[  424.775165][ T8821] bridge_slave_0: entered allmulticast mode
[  424.781576][ T8821] bridge_slave_0: entered promiscuous mode
[  424.790794][ T8821] bridge0: port 2(bridge_slave_1) entered blocking state
[  424.797873][ T8821] bridge0: port 2(bridge_slave_1) entered disabled state
[  424.805111][ T8821] bridge_slave_1: entered allmulticast mode
[  424.811638][ T8821] bridge_slave_1: entered promiscuous mode
[  424.837809][ T8821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  424.858262][ T8821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  424.872354][ T8853] loop2: detected capacity change from 0 to 1024
[  424.884803][ T8853] EXT4-fs: Ignoring removed orlov option
[  424.890509][ T8853] EXT4-fs: Ignoring removed nomblk_io_submit option
[  424.902023][ T8821] team0: Port device team_slave_0 added
[  424.909040][ T8821] team0: Port device team_slave_1 added
[  424.926931][ T8853] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  424.941937][ T8821] batman_adv: batadv0: Adding interface: batadv_slave_0
[  424.948994][ T8821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  424.975101][ T8821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  424.988247][ T8821] batman_adv: batadv0: Adding interface: batadv_slave_1
[  424.995231][ T8821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  425.014537][ T8853] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  425.021164][ T8821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  425.194656][ T8821] hsr_slave_0: entered promiscuous mode
[  425.202359][ T8821] hsr_slave_1: entered promiscuous mode
[  425.213513][ T8821] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  425.221170][ T8821] Cannot create hsr debugfs directory
[  425.281543][ T8884] netlink: 'syz.0.9201': attribute type 10 has an invalid length.
[  425.299651][ T8884] veth1_macvtap: left promiscuous mode
[  425.403376][ T8899] __nla_validate_parse: 24 callbacks suppressed
[  425.403427][ T8899] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9202'.
[  425.419436][ T8893] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9202'.
[  425.483362][ T8868] +}[@: attempt to access beyond end of device
[  425.483362][ T8868] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  425.583882][ T8821] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  425.592729][ T8821] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  425.604143][ T8821] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  425.612652][ T8821] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  425.636200][ T8924] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9208'.
[  425.661004][ T8921] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9208'.
[  425.685603][ T8821] 8021q: adding VLAN 0 to HW filter on device bond0
[  425.697624][ T8821] 8021q: adding VLAN 0 to HW filter on device team0
[  425.713856][T31135] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  425.735721][T11910] bridge0: port 1(bridge_slave_0) entered blocking state
[  425.742761][T11910] bridge0: port 1(bridge_slave_0) entered forwarding state
[  425.807997][T11910] bridge0: port 2(bridge_slave_1) entered blocking state
[  425.815082][T11910] bridge0: port 2(bridge_slave_1) entered forwarding state
[  425.832425][ T8937] netlink: 133492 bytes leftover after parsing attributes in process `syz.3.9211'.
[  425.851908][ T8821] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  425.879721][ T8940] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9212'.
[  425.912892][ T8936] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.9212'.
[  426.035844][ T8957] FAULT_INJECTION: forcing a failure.
[  426.035844][ T8957] name failslab, interval 1, probability 0, space 0, times 0
[  426.048498][ T8957] CPU: 1 UID: 0 PID: 8957 Comm: syz.0.9214 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  426.059217][ T8957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  426.062120][ T8821] 8021q: adding VLAN 0 to HW filter on device batadv0
[  426.069264][ T8957] Call Trace:
[  426.069273][ T8957]  <TASK>
[  426.082244][ T8957]  dump_stack_lvl+0xf2/0x150
[  426.086862][ T8957]  dump_stack+0x15/0x1a
[  426.091096][ T8957]  should_fail_ex+0x223/0x230
[  426.095782][ T8957]  should_failslab+0x8f/0xb0
[  426.100432][ T8957]  kmem_cache_alloc_node_noprof+0x59/0x320
[  426.106312][ T8957]  ? __alloc_skb+0x10b/0x310
[  426.110937][ T8957]  __alloc_skb+0x10b/0x310
[  426.115382][ T8957]  netlink_alloc_large_skb+0xad/0xe0
[  426.120685][ T8957]  netlink_sendmsg+0x3b4/0x6e0
[  426.125491][ T8957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  426.130898][ T8957]  __sock_sendmsg+0x140/0x180
[  426.135668][ T8957]  ____sys_sendmsg+0x312/0x410
[  426.140453][ T8957]  __sys_sendmsg+0x19d/0x230
[  426.145063][ T8957]  __x64_sys_sendmsg+0x46/0x50
[  426.149999][ T8957]  x64_sys_call+0x2734/0x2dc0
[  426.154709][ T8957]  do_syscall_64+0xc9/0x1c0
[  426.159226][ T8957]  ? clear_bhb_loop+0x55/0xb0
[  426.163914][ T8957]  ? clear_bhb_loop+0x55/0xb0
[  426.168606][ T8957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.174530][ T8957] RIP: 0033:0x7ffae319fed9
[  426.179061][ T8957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  426.198731][ T8957] RSP: 002b:00007ffae1817058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  426.207173][ T8957] RAX: ffffffffffffffda RBX: 00007ffae3365fa0 RCX: 00007ffae319fed9
[  426.215157][ T8957] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[  426.223140][ T8957] RBP: 00007ffae18170a0 R08: 0000000000000000 R09: 0000000000000000
[  426.231157][ T8957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  426.239146][ T8957] R13: 0000000000000000 R14: 00007ffae3365fa0 R15: 00007ffd2fd84dd8
[  426.247142][ T8957]  </TASK>
[  426.280593][ T8967] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9213'.
[  426.320792][ T8821] veth0_vlan: entered promiscuous mode
[  426.364128][ T8821] veth1_vlan: entered promiscuous mode
[  426.437271][ T8821] veth0_macvtap: entered promiscuous mode
[  426.469996][ T8821] veth1_macvtap: entered promiscuous mode
[  426.497363][ T8982] netlink: 'syz.0.9216': attribute type 10 has an invalid length.
[  426.520240][ T8821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  426.530705][ T8821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  426.585196][ T8821] batman_adv: batadv0: Interface activated: batadv_slave_0
[  426.612393][ T8821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  426.622918][ T8821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  426.664770][ T8821] batman_adv: batadv0: Interface activated: batadv_slave_1
[  426.689328][ T8821] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  426.698103][ T8821] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  426.706888][ T8821] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  426.715687][ T8821] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  426.978071][ T9013] xt_hashlimit: max too large, truncated to 1048576
[  427.091176][ T9028] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.9223'.
[  427.110650][ T9020] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.9223'.
[  427.289182][ T9024] +}[@: attempt to access beyond end of device
[  427.289182][ T9024] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  427.406068][ T8931] syz.3.9211 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  427.417128][ T8931] CPU: 1 UID: 0 PID: 8931 Comm: syz.3.9211 Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  427.427878][ T8931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  427.438009][ T8931] Call Trace:
[  427.441368][ T8931]  <TASK>
[  427.444305][ T8931]  dump_stack_lvl+0xf2/0x150
[  427.448970][ T8931]  dump_stack+0x15/0x1a
[  427.453137][ T8931]  dump_header+0x83/0x2d0
[  427.457508][ T8931]  oom_kill_process+0x341/0x4c0
[  427.462443][ T8931]  out_of_memory+0x9af/0xbe0
[  427.467123][ T8931]  ? css_next_descendant_pre+0x11c/0x140
[  427.472843][ T8931]  mem_cgroup_out_of_memory+0x13e/0x190
[  427.478488][ T8931]  try_charge_memcg+0x508/0x7f0
[  427.483353][ T8931]  charge_memcg+0x50/0xc0
[  427.487772][ T8931]  mem_cgroup_swapin_charge_folio+0xd0/0x150
[  427.493798][ T8931]  __read_swap_cache_async+0x236/0x480
[  427.499260][ T8931]  swap_cluster_readahead+0x279/0x3f0
[  427.504686][ T8931]  swapin_readahead+0xe4/0x6f0
[  427.509462][ T8931]  ? __lruvec_stat_mod_folio+0xdb/0x120
[  427.515038][ T8931]  ? swap_cache_get_folio+0x77/0x210
[  427.520406][ T8931]  do_swap_page+0x31b/0x2550
[  427.524998][ T8931]  ? __rcu_read_lock+0x36/0x50
[  427.529800][ T8931]  ? __pfx_default_wake_function+0x10/0x10
[  427.535630][ T8931]  handle_mm_fault+0x8e4/0x2ac0
[  427.540563][ T8931]  exc_page_fault+0x3b9/0x650
[  427.545301][ T8931]  asm_exc_page_fault+0x26/0x30
[  427.550155][ T8931] RIP: 0033:0x7f456a8d2733
[  427.554581][ T8931] Code: 8f 07 00 48 8d 3d 16 90 07 00 e8 28 49 f6 ff 0f 1f 84 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 <80> 3d fe ed 15 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 c3 66 2e 0f
[  427.574194][ T8931] RSP: 002b:00007ffcdd0aec18 EFLAGS: 00010293
[  427.580254][ T8931] RAX: 00000000fffffffa RBX: 00007f456aa65fa0 RCX: 0000000000000000
[  427.588329][ T8931] RDX: 00007ffcdd0aec30 RSI: 0000000000000000 RDI: 0000000000000000
[  427.596313][ T8931] RBP: 00007f456aa67ba0 R08: 000000001572eb66 R09: 7fffffffffffffff
[  427.604280][ T8931] R10: 0000000000000000 R11: 0000000000000010 R12: 0000000000068b9a
[  427.612335][ T8931] R13: 00007f456aa66080 R14: 0000000000000032 R15: ffffffffffffffff
[  427.620306][ T8931]  </TASK>
[  427.623382][ T8931] memory: usage 307200kB, limit 307200kB, failcnt 1455
[  427.630572][ T8931] memory+swap: usage 307364kB, limit 9007199254740988kB, failcnt 0
[  427.638519][ T8931] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0
[  427.645836][ T8931] Memory cgroup stats for /syz3:
[  427.651617][ T8931] cache 0
[  427.652070][ T9048] +}[@: attempt to access beyond end of device
[  427.652070][ T9048] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  427.656610][ T8931] rss 0
[  427.656635][ T8931] shmem 0
[  427.677666][ T8931] mapped_file 0
[  427.681125][ T8931] dirty 0
[  427.684095][ T8931] writeback 8192
[  427.687643][ T8931] workingset_refault_anon 165
[  427.692376][ T8931] workingset_refault_file 448
[  427.697093][ T8931] swap 167936
[  427.700379][ T8931] swapcached 32768
[  427.704132][ T8931] pgpgin 369267
[  427.707660][ T8931] pgpgout 369259
[  427.711203][ T8931] pgfault 505427
[  427.714756][ T8931] pgmajfault 109
[  427.718355][ T8931] inactive_anon 32768
[  427.722377][ T8931] active_anon 0
[  427.725853][ T8931] inactive_file 0
[  427.729488][ T8931] active_file 0
[  427.732938][ T8931] unevictable 0
[  427.736441][ T8931] hierarchical_memory_limit 314572800
[  427.741805][ T8931] hierarchical_memsw_limit 9223372036854771712
[  427.748071][ T8931] total_cache 0
[  427.751537][ T8931] total_rss 0
[  427.754850][ T8931] total_shmem 0
[  427.758333][ T8931] total_mapped_file 0
[  427.762317][ T8931] total_dirty 0
[  427.765842][ T8931] total_writeback 8192
[  427.770028][ T8931] total_workingset_refault_anon 165
[  427.775247][ T8931] total_workingset_refault_file 448
[  427.780476][ T8931] total_swap 167936
[  427.784349][ T8931] total_swapcached 32768
[  427.788589][ T8931] total_pgpgin 369267
[  427.792564][ T8931] total_pgpgout 369259
[  427.796660][ T8931] total_pgfault 505427
[  427.800775][ T8931] total_pgmajfault 109
[  427.804859][ T8931] total_inactive_anon 32768
[  427.809446][ T8931] total_active_anon 0
[  427.813423][ T8931] total_inactive_file 0
[  427.817614][ T8931] total_active_file 0
[  427.821594][ T8931] total_unevictable 0
[  427.825767][ T8931] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.9211,pid=8931,uid=0
[  427.840494][ T8931] Memory cgroup out of memory: Killed process 8931 (syz.3.9211) total-vm:93280kB, anon-rss:616kB, file-rss:22308kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  427.939281][ T9080] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  428.334840][ T9115] netlink: get zone limit has 8 unknown bytes
[  428.533321][ T9142] syz.3.9238: attempt to access beyond end of device
[  428.533321][ T9142] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  428.781450][ T9156] random: crng reseeded on system resumption
[  428.790228][   T50] bridge_slave_1: left promiscuous mode
[  428.796025][   T50] bridge0: port 2(bridge_slave_1) entered disabled state
[  428.823754][   T50] bridge_slave_0: left promiscuous mode
[  428.829487][   T50] bridge0: port 1(bridge_slave_0) entered disabled state
[  428.839429][ T9157] syz.3.9240[9157] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  428.839496][ T9157] syz.3.9240[9157] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  429.016992][   T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  429.047292][   T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  429.061240][   T50] bond0 (unregistering): Released all slaves
[  429.076783][ T9177] hub 1-0:1.0: USB hub found
[  429.081416][ T9177] hub 1-0:1.0: 8 ports detected
[  429.111504][ T9182] random: crng reseeded on system resumption
[  429.166979][ T9188] syz.0.9251[9188] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  429.167037][ T9188] syz.0.9251[9188] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  429.177936][ T9120] chnl_net:caif_netlink_parms(): no params data found
[  429.219404][   T50] hsr_slave_0: left promiscuous mode
[  429.247263][   T50] hsr_slave_1: left promiscuous mode
[  429.312236][   T50] team0 (unregistering): Port device team_slave_1 removed
[  429.335291][ T9169] program syz.3.9246 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  429.349828][   T50] team0 (unregistering): Port device team_slave_0 removed
[  429.441086][ T9120] bridge0: port 1(bridge_slave_0) entered blocking state
[  429.448237][ T9120] bridge0: port 1(bridge_slave_0) entered disabled state
[  429.466714][ T9120] bridge_slave_0: entered allmulticast mode
[  429.490327][ T9120] bridge_slave_0: entered promiscuous mode
[  429.542318][ T9120] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.549480][ T9120] bridge0: port 2(bridge_slave_1) entered disabled state
[  429.561218][ T9120] bridge_slave_1: entered allmulticast mode
[  429.567219][   T29] kauditd_printk_skb: 424 callbacks suppressed
[  429.567231][   T29] audit: type=1326 audit(1733527853.050:62342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9229 comm="syz.1.9263" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fec8a16fed9 code=0x0
[  429.645745][ T9120] bridge_slave_1: entered promiscuous mode
[  429.707228][   T29] audit: type=1400 audit(1733527853.100:62343): avc:  denied  { mounton } for  pid=9229 comm="syz.1.9263" path="/proc/31/task/32/net" dev="proc" ino=104178 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  429.730601][   T29] audit: type=1400 audit(1733527853.110:62344): avc:  denied  { write } for  pid=9229 comm="syz.1.9263" name="net" dev="proc" ino=104178 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  429.752386][   T29] audit: type=1400 audit(1733527853.110:62345): avc:  denied  { add_name } for  pid=9229 comm="syz.1.9263" name="memory.events" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  429.773257][   T29] audit: type=1400 audit(1733527853.110:62346): avc:  denied  { create } for  pid=9229 comm="syz.1.9263" name="memory.events" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[  429.794298][   T29] audit: type=1400 audit(1733527853.110:62347): avc:  denied  { associate } for  pid=9229 comm="syz.1.9263" name="memory.events" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  429.816072][   T29] audit: type=1400 audit(1733527853.130:62348): avc:  denied  { shutdown } for  pid=9224 comm="syz.0.9260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  429.836266][   T29] audit: type=1400 audit(1733527853.160:62349): avc:  denied  { read write } for  pid=9224 comm="syz.0.9260" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  429.860866][   T29] audit: type=1400 audit(1733527853.160:62350): avc:  denied  { open } for  pid=9224 comm="syz.0.9260" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  429.871417][ T9120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  429.895873][ T9120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  429.923822][ T9120] team0: Port device team_slave_0 added
[  429.940608][ T9120] team0: Port device team_slave_1 added
[  429.971800][ T9120] batman_adv: batadv0: Adding interface: batadv_slave_0
[  429.978848][ T9120] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  430.005143][ T9120] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  430.035911][ T9120] batman_adv: batadv0: Adding interface: batadv_slave_1
[  430.042889][ T9120] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  430.068916][ T9120] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  430.152627][   T29] audit: type=1400 audit(1733527853.640:62351): avc:  denied  { write } for  pid=9268 comm="syz.5.9272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  430.185827][ T9120] hsr_slave_0: entered promiscuous mode
[  430.192092][ T9120] hsr_slave_1: entered promiscuous mode
[  430.198425][ T9120] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  430.206047][ T9120] Cannot create hsr debugfs directory
[  430.297273][ T9261] +}[@: attempt to access beyond end of device
[  430.297273][ T9261] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  430.404518][ T9295] siw: device registration error -23
[  430.482036][ T9303] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  430.489472][ T9303] batman_adv: batadv0: Removing interface: batadv_slave_0
[  430.545335][ T9303] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  430.552752][ T9303] batman_adv: batadv0: Removing interface: batadv_slave_1
[  430.655077][ T9334] __nla_validate_parse: 3 callbacks suppressed
[  430.655092][ T9334] netlink: 112 bytes leftover after parsing attributes in process `+}[@'.
[  430.726093][ T9120] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  430.736862][ T9120] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  430.745479][ T9120] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  430.800442][ T9120] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  430.867450][ T9345] syz.0.9288[9345] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  430.867530][ T9345] syz.0.9288[9345] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  430.892405][ T9120] 8021q: adding VLAN 0 to HW filter on device bond0
[  430.904468][ T9345] syz.0.9288[9345] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  430.918608][ T9120] 8021q: adding VLAN 0 to HW filter on device team0
[  430.940533][ T4079] bridge0: port 1(bridge_slave_0) entered blocking state
[  430.947615][ T4079] bridge0: port 1(bridge_slave_0) entered forwarding state
[  430.975203][ T4079] bridge0: port 2(bridge_slave_1) entered blocking state
[  430.982333][ T4079] bridge0: port 2(bridge_slave_1) entered forwarding state
[  436.049002][ T9120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  436.153527][ T9390] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9297'.
[  436.162538][ T9390] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9297'.
[  436.172007][ T9390] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9297'.
[  436.185294][   T29] kauditd_printk_skb: 115 callbacks suppressed
[  436.185313][   T29] audit: type=1326 audit(1733527859.680:62467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.1.9296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8a16fed9 code=0x7ffc0000
[  436.233909][   T29] audit: type=1400 audit(1733527859.680:62468): avc:  denied  { sqpoll } for  pid=9395 comm="syz.0.9298" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  436.253300][   T29] audit: type=1326 audit(1733527859.710:62469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.1.9296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec8a16fed9 code=0x7ffc0000
[  436.276793][   T29] audit: type=1326 audit(1733527859.710:62470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.1.9296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8a16fed9 code=0x7ffc0000
[  436.300254][   T29] audit: type=1326 audit(1733527859.710:62471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.1.9296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fec8a16fed9 code=0x7ffc0000
[  436.323774][   T29] audit: type=1326 audit(1733527859.710:62472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.1.9296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8a16fed9 code=0x7ffc0000
[  436.347256][   T29] audit: type=1326 audit(1733527859.710:62473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.1.9296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7fec8a16fed9 code=0x7ffc0000
[  436.399671][   T29] audit: type=1326 audit(1733527859.760:62474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.1.9296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8a16fed9 code=0x7ffc0000
[  436.401796][ T9120] 8021q: adding VLAN 0 to HW filter on device batadv0
[  436.423187][   T29] audit: type=1326 audit(1733527859.760:62475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.1.9296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec8a16fed9 code=0x7ffc0000
[  436.441508][ T9390] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9297'.
[  436.453498][   T29] audit: type=1326 audit(1733527859.770:62476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.1.9296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec8a16fed9 code=0x7ffc0000
[  436.462498][ T9390] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9297'.
[  436.504154][ T9390] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9297'.
[  436.534084][ T9414] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9302'.
[  436.559326][ T9390] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9297'.
[  436.568391][ T9390] netlink: 36 bytes leftover after parsing attributes in process `syz.3.9297'.
[  436.599109][ T9417] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9303'.
[  436.749326][ T9120] veth0_vlan: entered promiscuous mode
[  436.786214][ T9120] veth1_vlan: entered promiscuous mode
[  436.828547][ T9120] veth0_macvtap: entered promiscuous mode
[  436.843612][ T9120] veth1_macvtap: entered promiscuous mode
[  436.867766][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  436.878248][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  436.911863][ T9120] batman_adv: batadv0: Interface activated: batadv_slave_0
[  436.940733][ T9457] bond1: entered promiscuous mode
[  436.945829][ T9457] bond1: entered allmulticast mode
[  436.953907][ T9457] 8021q: adding VLAN 0 to HW filter on device bond1
[  436.982939][ T9457] bond1 (unregistering): Released all slaves
[  437.026016][ T9469] netlink: 'syz.1.9308': attribute type 10 has an invalid length.
[  437.028614][ T9120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  437.044262][ T9120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  437.054821][ T9120] batman_adv: batadv0: Interface activated: batadv_slave_1
[  437.062956][ T9120] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  437.071680][ T9120] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  437.080500][ T9120] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  437.089303][ T9120] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  437.104604][ T9469] veth1_macvtap: left promiscuous mode
[  437.113101][ T9455] delete_channel: no stack
[  437.177270][ T9480] siw: device registration error -23
[  437.181642][ T9466] xt_NFQUEUE: number of total queues is 0
[  437.192590][ T9481] SELinux: syz.2.9236 (9481) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  437.358294][ T9501] loop2: detected capacity change from 0 to 1024
[  437.372494][ T9501] EXT4-fs: Ignoring removed orlov option
[  437.378241][ T9501] EXT4-fs: Ignoring removed nomblk_io_submit option
[  437.485721][ T9501] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  437.525054][ T9512] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.9321' sets config #1
[  437.609051][ T9517] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  437.675909][ T9527] xt_hashlimit: max too large, truncated to 1048576
[  437.778295][ T9507] +}[@: attempt to access beyond end of device
[  437.778295][ T9507] md34: rw=2048, sector=0, nr_sectors = 8 limit=0
[  437.795370][ T9545] netlink: 'syz.3.9327': attribute type 10 has an invalid length.
[  437.808136][ T9545] veth1_macvtap: left promiscuous mode
[  438.198178][ T9120] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  438.305145][ T9607] xt_hashlimit: max too large, truncated to 1048576
[  438.528672][ T9633] hub 1-0:1.0: USB hub found
[  438.547779][ T9633] hub 1-0:1.0: 8 ports detected
[  438.801544][ T9647] xt_hashlimit: max too large, truncated to 1048576
[  438.885301][ T9650] loop2: detected capacity change from 0 to 1024
[  438.892158][ T9650] SELinux: security_context_str_to_sid () failed with errno=-22
[  438.902675][ T9651] hub 1-0:1.0: USB hub found
[  438.942612][ T9651] hub 1-0:1.0: 8 ports detected
[  438.984556][ T9653] hub 1-0:1.0: USB hub found
[  438.989263][ T9653] hub 1-0:1.0: 8 ports detected
[  439.069620][ T8143] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  439.080611][ T8143] CPU: 0 UID: 0 PID: 8143 Comm: syz-executor Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  439.091883][ T8143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  439.101941][ T8143] Call Trace:
[  439.105221][ T8143]  <TASK>
[  439.108161][ T8143]  dump_stack_lvl+0xf2/0x150
[  439.112867][ T8143]  dump_stack+0x15/0x1a
[  439.117029][ T8143]  dump_header+0x83/0x2d0
[  439.121364][ T8143]  oom_kill_process+0x341/0x4c0
[  439.126294][ T8143]  out_of_memory+0x9af/0xbe0
[  439.130875][ T8143]  ? css_next_descendant_pre+0x11c/0x140
[  439.136625][ T8143]  mem_cgroup_out_of_memory+0x13e/0x190
[  439.142242][ T8143]  try_charge_memcg+0x508/0x7f0
[  439.147194][ T8143]  charge_memcg+0x50/0xc0
[  439.151637][ T8143]  __mem_cgroup_charge+0x29/0xb0
[  439.156576][ T8143]  filemap_add_folio+0x53/0x1b0
[  439.161431][ T8143]  __filemap_get_folio+0x2f1/0x5b0
[  439.166593][ T8143]  filemap_fault+0x46d/0xb30
[  439.171177][ T8143]  __do_fault+0xb6/0x200
[  439.175414][ T8143]  handle_mm_fault+0xe98/0x2ac0
[  439.180304][ T8143]  exc_page_fault+0x3b9/0x650
[  439.184978][ T8143]  asm_exc_page_fault+0x26/0x30
[  439.189974][ T8143] RIP: 0033:0x7f456a775624
[  439.194391][ T8143] Code: db 34 b6 d7 82 de 1b 43 48 f7 a4 24 88 00 00 00 48 8b 05 7f 01 e2 00 48 69 8c 24 80 00 00 00 e8 03 00 00 48 c1 ea 12 48 01 ca <8b> 48 08 39 4c 24 18 48 89 d0 4c 0f 45 ea 4c 29 f0 48 3b 05 64 00
[  439.214010][ T8143] RSP: 002b:00007ffcdd0aee80 EFLAGS: 00010206
[  439.220110][ T8143] RAX: 0000001b30520000 RBX: 0000000000000079 RCX: 000000000006b2d8
[  439.228077][ T8143] RDX: 000000000006b2f9 RSI: 00007ffcdd0aef00 RDI: 0000000000000001
[  439.236048][ T8143] RBP: 00007ffcdd0aeeac R08: 000000000202fa2c R09: 7fffffffffffffff
[  439.244024][ T8143] R10: 00007f456b59e038 R11: 0000000000000010 R12: 0000000000000032
[  439.252022][ T8143] R13: 000000000006aeaa R14: 000000000006ae5f R15: 00007ffcdd0aef00
[  439.259988][ T8143]  </TASK>
[  439.263186][ T8143] memory: usage 307200kB, limit 307200kB, failcnt 1593
[  439.271560][ T8143] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0
[  439.279832][ T8143] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0
[  439.287590][ T8143] Memory cgroup stats for /syz3:
[  439.290640][ T8143] cache 0
[  439.298651][ T8143] rss 0
[  439.301458][ T8143] shmem 0
[  439.304465][ T8143] mapped_file 0
[  439.307935][ T8143] dirty 0
[  439.310880][ T8143] writeback 0
[  439.314263][ T8143] workingset_refault_anon 189
[  439.318946][ T8143] workingset_refault_file 452
[  439.323649][ T8143] swap 212992
[  439.326960][ T8143] swapcached 0
[  439.330563][ T8143] pgpgin 375151
[  439.334071][ T8143] pgpgout 375151
[  439.337930][ T8143] pgfault 513657
[  439.341485][ T8143] pgmajfault 128
[  439.345063][ T8143] inactive_anon 0
[  439.348811][ T8143] active_anon 0
[  439.352317][ T8143] inactive_file 0
[  439.356089][ T8143] active_file 0
[  439.359658][ T8143] unevictable 0
[  439.363187][ T8143] hierarchical_memory_limit 314572800
[  439.368608][ T8143] hierarchical_memsw_limit 9223372036854771712
[  439.374813][ T8143] total_cache 0
[  439.378292][ T8143] total_rss 0
[  439.381597][ T8143] total_shmem 0
[  439.385095][ T8143] total_mapped_file 0
[  439.389075][ T8143] total_dirty 0
[  439.392546][ T8143] total_writeback 0
[  439.396411][ T8143] total_workingset_refault_anon 189
[  439.401690][ T8143] total_workingset_refault_file 452
[  439.406977][ T8143] total_swap 212992
[  439.410878][ T8143] total_swapcached 0
[  439.414826][ T8143] total_pgpgin 375151
[  439.418809][ T8143] total_pgpgout 375151
[  439.422916][ T8143] total_pgfault 513657
[  439.427031][ T8143] total_pgmajfault 128
[  439.431109][ T8143] total_inactive_anon 0
[  439.435293][ T8143] total_active_anon 0
[  439.439358][ T8143] total_inactive_file 0
[  439.443545][ T8143] total_active_file 0
[  439.447605][ T8143] total_unevictable 0
[  439.451632][ T8143] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.9329,pid=9557,uid=0
[  439.466436][ T8143] Memory cgroup out of memory: Killed process 9557 (syz.3.9329) total-vm:95328kB, anon-rss:616kB, file-rss:22472kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  439.544104][ T8143] ==================================================================
[  439.552210][ T8143] BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
[  439.562046][ T8143] 
[  439.564361][ T8143] read-write to 0xffffffff866089c0 of 8 bytes by interrupt on cpu 1:
[  439.572427][ T8143]  tick_do_update_jiffies64+0x112/0x1b0
[  439.577998][ T8143]  tick_nohz_handler+0x7c/0x2d0
[  439.582870][ T8143]  __hrtimer_run_queues+0x20d/0x5e0
[  439.588086][ T8143]  hrtimer_interrupt+0x235/0x4a0
[  439.593054][ T8143]  __sysvec_apic_timer_interrupt+0x5c/0x1d0
[  439.598963][ T8143]  sysvec_apic_timer_interrupt+0x6e/0x80
[  439.604621][ T8143]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  439.610624][ T8143]  __rcu_read_unlock+0x0/0x70
[  439.615324][ T8143]  __vmalloc_node_range_noprof+0xa7a/0xe80
[  439.621139][ T8143]  __kvmalloc_node_noprof+0x121/0x170
[  439.626533][ T8143]  ip_set_alloc+0x1f/0x30
[  439.630873][ T8143]  hash_netiface_create+0x273/0x730
[  439.636082][ T8143]  ip_set_create+0x359/0x8a0
[  439.640687][ T8143]  nfnetlink_rcv_msg+0x4a9/0x570
[  439.645635][ T8143]  netlink_rcv_skb+0x12c/0x230
[  439.650403][ T8143]  nfnetlink_rcv+0x16c/0x15d0
[  439.655079][ T8143]  netlink_unicast+0x599/0x670
[  439.659842][ T8143]  netlink_sendmsg+0x5cc/0x6e0
[  439.664605][ T8143]  __sock_sendmsg+0x140/0x180
[  439.669300][ T8143]  ____sys_sendmsg+0x312/0x410
[  439.674064][ T8143]  __sys_sendmsg+0x19d/0x230
[  439.678647][ T8143]  __x64_sys_sendmsg+0x46/0x50
[  439.683408][ T8143]  x64_sys_call+0x2734/0x2dc0
[  439.688089][ T8143]  do_syscall_64+0xc9/0x1c0
[  439.692592][ T8143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.698490][ T8143] 
[  439.700808][ T8143] read to 0xffffffff866089c0 of 8 bytes by task 8143 on cpu 0:
[  439.708359][ T8143]  mem_cgroup_flush_stats_ratelimited+0x29/0x70
[  439.714610][ T8143]  count_shadow_nodes+0x6b/0x230
[  439.719541][ T8143]  do_shrink_slab+0x5a/0x680
[  439.724149][ T8143]  shrink_slab+0x4ea/0x850
[  439.728573][ T8143]  shrink_node+0x63f/0x1d80
[  439.733077][ T8143]  do_try_to_free_pages+0x3c6/0xc50
[  439.738289][ T8143]  try_to_free_mem_cgroup_pages+0x1e3/0x490
[  439.744197][ T8143]  try_charge_memcg+0x2bc/0x7f0
[  439.749040][ T8143]  charge_memcg+0x50/0xc0
[  439.753364][ T8143]  __mem_cgroup_charge+0x29/0xb0
[  439.758321][ T8143]  filemap_add_folio+0x53/0x1b0
[  439.763184][ T8143]  __filemap_get_folio+0x2f1/0x5b0
[  439.768308][ T8143]  filemap_fault+0x46d/0xb30
[  439.772894][ T8143]  __do_fault+0xb6/0x200
[  439.777137][ T8143]  handle_mm_fault+0xe98/0x2ac0
[  439.781989][ T8143]  exc_page_fault+0x3b9/0x650
[  439.786690][ T8143]  asm_exc_page_fault+0x26/0x30
[  439.791549][ T8143] 
[  439.793859][ T8143] value changed: 0x000000010000365b -> 0x000000010000365c
[  439.800959][ T8143] 
[  439.803271][ T8143] Reported by Kernel Concurrency Sanitizer on:
[  439.809412][ T8143] CPU: 0 UID: 0 PID: 8143 Comm: syz-executor Not tainted 6.13.0-rc1-syzkaller-00239-g9a6e8c7c3a02 #0
[  439.820251][ T8143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  439.830321][ T8143] ==================================================================
[  439.844174][ T9675] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.9359' sets config #1