last executing test programs:

1m23.770299921s ago: executing program 3 (id=1868):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000faffffff00000000000000000000000000000000000000001abd3dbca124cd13a72698cdc31c9876d38de3cbf87f9386eeb33eac940022326bf4fc1002bdbfc8ef40fc161fb1b0e8e69067293879183c049202a5f30cd904e54fd99958816693defff047938195056fcb018f7408b7946826077a35d20ae3ac5ec317946bfbafc6427f83fefd96015d978c134771d1dad58d88ceb57c3500eea914c8db684b11a71e5e64e8e7014690c94baa1882a8d132748b4661c187ed659baa4520a0d39d5a36aa0df6f573fa3380daf4288c97751ea7b113417a5ca08fc3effc3fae862c"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000a932a0000000000000000018120000b564f8eab7ca17c7e1f9b8870bf3ec55bcab204caf52bc16a1478b8553ac4fcb7a9398cb837dc49cd8ae0e09de", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000"], 0x0, 0x884, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_procfs(0x0, &(0x7f0000000040)='attr/exec\x00')
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000380)='asymmetric\x00', &(0x7f0000000500)=@keyring)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000280)={[{@stripe={'stripe', 0x3d, 0x10}}, {@stripe={'stripe', 0x3d, 0x7}}, {@dioread_nolock}, {@mblk_io_submit}, {@discard}, {@nogrpid}]}, 0x1, 0x408, &(0x7f0000001180)="$eJzs3M1uG1UbAOB3JrHTpD/OJ3XxqbCIBIIgaFIHAhQhKGz52QAXECVpqUibqgkSDVkUVDasWCB2LHoDLJDYVhVCQuIWuAFUqUJpFrALGnsmcWs72Ikdp+R5pNGcMz7ue94Zd3TOxD4BHFkTEXEhIoYiYiYiKvnxNN/iZn3L2j3YWJ/f3FifT2Jr64M/k0jyY8W/leT743llMo1Ib0U8cbM57sqNtU/mlpYWr+f16dUr16ZXbqydvXxl7tLipcWr1VfOV6uzM69WX+pZrt89/dz5obcvnPn+98rd2XJ5NOvvify1xjx6ZSImts9JYSrfz/Y62ICVB90BAAA6kuZj/+Ha+L8SQ7VSXSWm1wfaOQAAAKAntt7M93tybI/vAwAAAA5W0mIOXzKvBwAAgP+QUv49gAcb6/PFNsjvIxy0+29FxPjOb5s3t/MfjmN5m1Iff986ERHXnkkq2RZ9+h0yAECju9n451yr8V8a/29oNxJRGw+N9jj+xCP15vFPeq/HIR+Sjf9ej4jNpvFfWjQZH8prJ2tDxVJy8fLS4rmIOBURk1EayerVXWK889cP77d7Lcv/l+TkqWLL4mf7nRbpveGRh9+zMLc6t5+cG93/IuLMcKv8k+3xbxIRY/uIMfT57dfavfbv+ffX1u2IZ1te/52Ve5Ld1yearn0epotPRbO/v/zxvXbxW+U/HAeXf3b9x3bPfzxpXK9ppfsYdz7+7claoUVWjfOfbj7/5eTDWrmYl302t7p6vRpRTt5tPj6z896iXrTP8p98qvX//+L+l+RrWp3I7wHd+vqbn1/YvUU9/2zL4hdzwcxXM7fW9hCyY1n+C11d/+4LL9/59aN28Ruvf6v869e/vgbYZH6kk/tfpx3cz7kDAACAx0Vae66RpFPb5TSdmqo/7zgdY+nS8srq8xeXP726UH/+MR6ltHjSVWl4Hlqt/xl9uz7zSP3FiPhfRHxbGa3Vp+aXlxYGnTwAAAAcEcfbzP8zf1QG3TsAAACgZ8YH3QEAAACg7/L5/9nTg+4IAAAA0A/7Wdfv6BayM9dp43Icjj4fzsIbP4XzcygLg74zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPN7+CQAA//8e+LAL")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000640)='host1x_cdma_push_gather\x00', r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
sync()
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000040000000000000000000000d500000000000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='signal_generate\x00', r3, 0x0, 0xfffffffffffffffe}, 0x18)
r4 = open(0x0, 0x14927e, 0x0)
ftruncate(r4, 0x8012007ffb)
r5 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}], 0x1}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)
socket$inet_sctp(0x2, 0x1, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
lsm_list_modules(&(0x7f0000000380)=[0x0, 0x0, 0x0], &(0x7f00000003c0)=0x18, 0x0)

1m23.481123826s ago: executing program 3 (id=1873):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="190000000400000008000000ff"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = epoll_create(0x7)
r3 = epoll_create1(0x0)
r4 = epoll_create(0x7)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000180))
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000000c0))
r5 = epoll_create1(0x0)
r6 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000100))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r8, &(0x7f0000000080))
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000200))

1m23.447181547s ago: executing program 3 (id=1875):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
r2 = getpgid(0x0)
r3 = syz_pidfd_open(r2, 0x0)
pidfd_send_signal(r3, 0x21, 0x0, 0x4)

1m23.400980707s ago: executing program 3 (id=1878):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
getpgid(0x0)

1m23.400709897s ago: executing program 3 (id=1879):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r2)
execve(&(0x7f0000000300)='./file0\x00', 0x0, 0x0)

1m23.380896217s ago: executing program 3 (id=1881):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10)
request_key(0x0, 0x0, 0x0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x3, 0x13, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000900000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000000000bf090000000000005509010000000000852000000300000095"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])

1m8.33419439s ago: executing program 32 (id=1881):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10)
request_key(0x0, 0x0, 0x0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x3, 0x13, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000900000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000000000bf090000000000005509010000000000852000000300000095"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])

23.269490459s ago: executing program 0 (id=3326):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000340)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000580)='rss_stat\x00', r0, 0x0, 0x6a}, 0x18)
socket$inet_udp(0x2, 0x2, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000000840)={0x2, 0x80, 0xbe, 0x1, 0x0, 0x0, 0x0, 0x400000005, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_bp={0x0, 0xc}, 0x2501, 0x5dd8, 0x3, 0x5, 0x0, 0x8, 0xff7b, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
socket$nl_xfrm(0x10, 0x3, 0x6)
creat(&(0x7f0000000000)='./bus\x00', 0x8)
openat$vcsu(0xffffff9c, &(0x7f0000000080), 0x88080, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f00000007c0)=ANY=[@ANYRES32=r1], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000))

23.23425032s ago: executing program 0 (id=3327):
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000a50000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="757466382c626c6f636b3d307830303030303030303030303030323030006e6f726f636b2c63727566742c6d61703d6f66662c646d6f64653d3078303430303030303030303030303063664173657373696f6e3d3078303030303030303030303030303033382c756e686964652c756e686964652c6769643d29e0cd5c372ab078c28fb05c6421428d066455368833565fd726743513f4466efa8d4fba06d57341875f5775ab343c0f6bc59fbde784ec3597e0e286d8d0dbf360afa3bc5c145b6e4f8b0305932fb55ff13f9fcb5035769f5fca33ac02bdeacb24c58103edc3d8b46df7614aa493952584ee662174309b11a4ad19e64dcdeeca1c148170b8d1aaf26082364b0d90d63d8502ffa63dde945e4612ac134315f389af667a04931ad25ff10b9b5107e517dbbcf5dcb60f564f54b344218d9325b53e829c38c96c69adc9e745202923a1b8124333cce0a8f1c748d42a272eb3e5502051090f1ac34fe5e8f038", @ANYRESHEX=0x0, @ANYRESOCT], 0x2, 0x699, &(0x7f0000000140)="$eJzs3V9rG9n9x/HPyLIte3+E5dcSQsifk6QLDk2VkbxxMCl01dHInlbSiBm52FBY0o29hMjZNkmh8c3WN/0D2yfQu970og+i0Ot9Fr0pLSztXaE3KnNmJEvRv3ijOLvN+2V2NTrznTnfmaPoy9iaIwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADle1XVLjupBc2fXTOZVo7AxZX26t0XdTBduzuxXcpL/VCjoQtp04Zsnq88n/7uuS+mzSyokDwUdvXP+3XvfyOd6209J6MvQaXf49PnRo/udzv6Tl4hd0Kl3/yYp11taycZkTNCW3wziMGhUtnwTxKHZ3Nhwb2/XYlML6n68F7f9hvEiP9cOI7Pm3TSlzc114xf3wp3mVrVS93uNd79Tdt0N84PldKAlFWNvO6jXg+aWjUlWJzF3zWc/TgP8SsOYg4ed/fVZR5IElV4mqDwrqOyWy6VSuVzauLN5567r5kca3ITj9mkkYu4vWnzNzOeNG5iDXFL//+pIdRXU1I52Zcb+eKoqUqjGhPWZXv1/77Y/td/B+t+r8hek72WrL8rW/yvpsyuT6v+EXIyM3WDcGmdC++l+Fm1GRk/1XEd6pPvqqKN9PZnDvo3M1bns5Qx+tuSrqUCxQgVqqGJbTNZitKkNbcjVh9pWTbGMagpUl69Ye4rVlm9fUZ4i+aqorVCRjNbk6aaMStrUptZl5KuoPYXaUVNbqqqif3e73QM9tOd9fUqO6gWVJgQsDwaVp+xpUv3/yafp6zSr/y71/22Vvg6W04fPp8UAXwHd7Pp/UG72ZldfX0YAAAAAAGDeHPvbd8f+7f6ypK5qQd1333RaAAAAAABgjhx1l3VJTnL9L+myHK7/AQAAAAD4X+PYe+wcSav2Q/3OyZ1QL/NLgIUzSBEAAAAAALwie+f/lSWpayetuCrnVNf/AAAAAADga+A3A3Ps53tz7HZ7f9bPSYpby86f/7msaNE5bu1+yzmsJGsqh1nMyCcA2rWLzrlsol77sCTJPvP8S07WWzYJZn/ewS8OZs3170QvJLC0MLiDCQk4Sc8b+eyZPtO1dJNr2TzzD45ysmvSXlZrQd0vemH9XkmVyrlc299t//zxw19IUf84Dx529osffdJ5YHM5TpqOD5OdfjqUTm78yTjJ5Zmdb8HeczHuiFdU63X522Zj1bH9ur3jX1DlMDfY0bQBOOnzV7qejtn11TR29ag/435y/IXk+EtFO2RDRx8tOidZlF488nEDMSGLgs3iRhpzY+2Gyn9Ll/ujkHMK316QysXRMRjKojyYxexz4fxr5FwMZGEfemsGzsV6ksVfkh1NyGL9dFmMjAgAvCkHuiz7LnRZdhLzfhUqZHW3Vx56b2pfqu7Mru4fDFf3Z7/vdu0GC1I++9vE1F4KSt7R1xxbh5bSQ8pfHPOO7mZ1paAJ7+juK1S3pK8/nXwHUpb2SBb/6Xa790q239+9UFX/MNTdSL9xvbyQnMLbzw5/aifAT3y8//H+43J5fcN933XvlLVoDyN7WBC1BwAwYvZ37MyMcN7XtTTi2oN/vJcuDVW8/+9/pKCoj/SJOnqgW72vELg6fq+rAx9DuJVetWrgqtWcf/ee/V664diSbk28qrO1dCC23I9dVG+T4Up9Erv+mkcBAICzdX1GHR5f/wtD9f+W1tKItYtjr7uHa3l2ddy/pJ8UW5qd/AfzPhsAALwd/OgLZ7X9ayeKgtaHpc3NUqW97Zso9H5ooqC65Zug2fYjb7vS3PJNKwrboRfWTSvSclD1YxPvtFph1Da1MDKtMA527Te/m+yr32O/UWm2Ay9u1f1K7BsvbLYrXttUg9gzrZ3v14N424/sxnHL94Ja4FXaQdg0cbgTeX7RmNj3BwKDqt9sB7UgWWyaVhQ0KtGe+VFY32n4purHXhS02mG6w15fQbMWRg2722K+O+7zAgAAvHWePj96dL/T2X/y4sJKcmmethxrQszowpKePk+uypOWfLaKOYIAAPiKOSngp9io8BoTAgAAAAAAAAAAAAAAAAAAAAAAI2bf0nfKhcVxNwtK/Zafncta9Eud3GI4sh9H807sNAu5027VuyXi6NHnU4JX+i290z8Yc3xmB/j3/5PesS1KW/Lz72tlyuC+joXvHqRndGJMsnLsquX+WOTn/88hWXj8xwmrut1ud/rmy8PncGnaAQ4v5CU9WXqFITj79yIAZ+u/AQAA//9b5DOa")
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000840)={0x3, {{0x2, 0x4e24, @broadcast}}}, 0x88)
r3 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x2)
write$binfmt_script(r3, &(0x7f0000000080)={'#! ', './file0'}, 0xb)
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

23.161165891s ago: executing program 0 (id=3328):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[], 0x15)
r3 = dup(r2)
write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)

23.160448151s ago: executing program 0 (id=3329):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x10004, &(0x7f00000000c0), 0x0, 0x4c0, &(0x7f0000000540)="$eJzs3d9rXFUeAPDvnWSStJ1u0t3C/njZbtvdLpTOZLKk0IVlW/ZhF9aC2D+gxmQaQyaZkJnUJBRM/wUVLfggIvjki6DvRcRXfRH1QXzxSRAtFRF8GJk7kzZNMklImkzNfD5wuPfcO5nvORnu+c6cSe4JoGudioiViOiLiGcjYrB1PGmVuNwsjcfdv3drvFGSqNevfZek5xv1WPMzDcdazzkQEc/8N+K5ZGPc6tLy9Fi5XJpv1Qu1mblCdWn5wtTM2GRpsjQ7Mjx6abR4sVgsPra+vvRj7venP7j8rzeeeuvjt99bXEzW9HdtP3ZrZZNjza5nI7fmWG9E/H+vwZ4QPa3+9HW6IexKJiJ+GxGn0+t/MHrSVxMAOMzq9cGoD66tAwCHXePzfy6STL41F5CLTCafb87hnYyjmXKlWjt/o7IwOxHpHNZQZDM3psql4dbc2VBkk0a9mO4/rI+sq/8jIk5ExCv9R9J6frxSnujkGx8A6GLH1uX/H/qb+R8AOOQGOt0AAODAyf8A0H3kfwDoPvI/AHQf+R8Auo/8DwDdR/4HgK7y9NWrjVJfvf/1xM2lhenKzQsTpep0fmZhPD9emZ/LT1Yqk+k9e2a2e75ypTJ3MWYXFgu1UrVWqC4tX5+pLMzWrqf39b5eyh5IrwCArZz4890vkohY+eeRtMSatRzkajjcMp1uANAxPZ1uANAxVvuC7uUzPrDJEr1rZNv/idCd3cc09wCdde6P5v+hW8nB0L3M/0P3Mv8P3ateT6z5DwBdZjdz/Jf34X0I0Dlbf/+/xS1C9vD9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPza5dKSZPKttcBzkcnk8xHHI2IossmNqXJpOCJ+ExGf92f7G/VipxsNAOxR5puktf7XucGzufVn+5Kf+tNtRLzw+rXXFsdqtfli4/j3D47X7rSOj3Si/QDAdlbz9GoeX3X/3q3x1XKQ7fn2SnNx0Y3xe6M33Q5ENiKO3k9a9abG+5WexxB/5XZE/GGz+EnkIo4MtVY+XR+/Efv4/sePh/Ezj8TPpOea28bv4nePoS3Qbe5eaS5ovvH6y8SpdLv59T+QjlB71378yzwY/3rajH+ndtrHjwb/1zb+7Yg/9W4+/qzGT9rEP7vD+F9Xvny53bn6mxHnNs0/ySOxCrWZuUJ1afnC1MzYZGmyNDsyPHpptHixWCwW0jnqwupM9Ub/fvWzF7fq/9E28Qe26f9fd9j/rz75z4d/2SL+389s/vqf3CJ+Iyf+bYfx3znz/vPtzjXiT7Tp/3av//kdxr/76bs/7/ChAMABqC4tT4+Vy6V5O3b2c6fvyWiGnZ3udHpkAvbbw4u+0y0BAAAAAAAAAAAAAADaOYh/J+p0HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi8fgkAAP//ZCDc4A==")
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x8, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0xfffffffffffffea7, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x8, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0xfffffffffffffea7, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket(0x10, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x303}, "0400", "0d00e8ffff1a8600", "fdfff7ff", "8657e22727751fe4"}, 0x28) (async)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x303}, "0400", "0d00e8ffff1a8600", "fdfff7ff", "8657e22727751fe4"}, 0x28)
write$binfmt_script(r3, &(0x7f0000000780)={'#! ', './file0'}, 0xb)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000240)=0x40)
close_range(r2, r3, 0x0)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r4, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4000010) (async)
sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r4, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4000010)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='kfree\x00', r6}, 0x10)
syz_emit_ethernet(0x76, &(0x7f0000000600)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00 \x00', 0x40, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @local, {[], @time_exceed={0x3, 0x0, 0x0, 0xb2, '\x00', {0xe, 0x6, "cb8a57", 0x4, 0x21, 0x1, @empty, @rand_addr=' \x01\x00', [], "93b966d623503423f18401345cd580e7"}}}}}}}, 0x0) (async)
syz_emit_ethernet(0x76, &(0x7f0000000600)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00 \x00', 0x40, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @local, {[], @time_exceed={0x3, 0x0, 0x0, 0xb2, '\x00', {0xe, 0x6, "cb8a57", 0x4, 0x21, 0x1, @empty, @rand_addr=' \x01\x00', [], "93b966d623503423f18401345cd580e7"}}}}}}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010200000000000000020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000001400048008000140000000000800024000000b002c000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xb4}}, 0x0) (async)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010200000000000000020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000001400048008000140000000000800024000000b002c000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xb4}}, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x3b0, 0x0, 0x43, 0xa0, 0x1d0, 0x98, 0x318, 0x178, 0x178, 0x318, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1b0, 0x1d0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x410)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})

22.954419604s ago: executing program 0 (id=3330):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x3, 0x13, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000900000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000000000bf090000000000005509010000000000852000000300000095"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)

22.909139065s ago: executing program 0 (id=3331):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r5, &(0x7f0000000280)=ANY=[@ANYBLOB="1e0308003c5c980128876360864668f82ffdeefa000000000000ffd2acb165fe580cd568cd1f31b87b548cb74136f366da0abe01880b"], 0xfdef)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0c01000002010103000000000000000001000002240019"], 0x10c}, 0x1, 0x0, 0x0, 0x24000840}, 0x48006)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x54, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, r2, 0x800, 0x55007}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x24, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x8}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x6}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r6, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r8 = socket$kcm(0x2, 0xa, 0x2)
setsockopt$inet6_udp_encap(r6, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r7, &(0x7f0000000140)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0000b110000000000000000000000000000000000ff0200000000000000000000000000014f1c4e20", @ANYRES16=r7], 0xd6)

22.888628735s ago: executing program 33 (id=3331):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r5, &(0x7f0000000280)=ANY=[@ANYBLOB="1e0308003c5c980128876360864668f82ffdeefa000000000000ffd2acb165fe580cd568cd1f31b87b548cb74136f366da0abe01880b"], 0xfdef)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0c01000002010103000000000000000001000002240019"], 0x10c}, 0x1, 0x0, 0x0, 0x24000840}, 0x48006)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x54, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, r2, 0x800, 0x55007}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x24, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x8}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x6}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r6, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r8 = socket$kcm(0x2, 0xa, 0x2)
setsockopt$inet6_udp_encap(r6, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r7, &(0x7f0000000140)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0000b110000000000000000000000000000000000ff0200000000000000000000000000014f1c4e20", @ANYRES16=r7], 0xd6)

3.394438287s ago: executing program 1 (id=3815):
r0 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e24, 0x8, @remote, 0x3}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRES32=r0], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c00)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x0)
r3 = syz_io_uring_setup(0x7d9b, &(0x7f00000008c0)={0x0, 0xe90f, 0x4, 0xfffffffe, 0x294}, &(0x7f0000000280)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000240)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x14a8}})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x26001, 0x0)
socket(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r7 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
write$qrtrtun(r7, &(0x7f0000000300)="ca0e808b", 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r7}, &(0x7f0000000140), &(0x7f0000000380)=r2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r8, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33cb95d66a1781f31bf07fd2ae874", "62266bd8", "d1b29b99d21d88a2"}, 0x28)
write$binfmt_script(r8, &(0x7f0000000780)={'#! ', './file0'}, 0xb)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r8, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000240)=0x40)
writev(r8, &(0x7f00000030c0)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r9 = msgget(0x0, 0x2c4)
msgsnd(r9, &(0x7f0000000700)=ANY=[@ANYRESOCT=r9], 0x2000, 0x0)

1.878851241s ago: executing program 1 (id=3827):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x20, r1, 0xc4fc9e906872338b, 0x0, 0x0, {{0x15}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x4040)

1.605677915s ago: executing program 1 (id=3831):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r1)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40045304, &(0x7f0000000100)={{}, {0x0, 0x3}, 0x2})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f0000000180)={0x80, 0x1, 'client0\x00', 0x1, "896c81dd59ff28d2", "e5dbc741536b0e2fbb12e9338ec8dcb3e07c903fc30e8a11d477e3fb04eb2f74", 0x3, 0x4})
ioctl$TCGETS2(0xffffffffffffffff, 0x5434, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r0}, 0x8)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
utime(&(0x7f0000000200)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r3 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
r5 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r5, 0x0)
write$selinux_load(r3, &(0x7f0000000000)=ANY=[], 0x6000)

1.506745467s ago: executing program 1 (id=3833):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
setreuid(0xee00, 0x0)

1.361571598s ago: executing program 1 (id=3836):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x7400}, 0x4000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0x1}, 0x18)
bind$can_j1939(r2, &(0x7f0000000180)={0x1d, r3, 0x0, {0x1, 0x1, 0x4}, 0xfe}, 0x18)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
gettid()
sendmsg$rds(r1, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x4, @local}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@rdma_args={0x48, 0x114, 0x1, {{0x5}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000000880)=""/4096, 0x1000}], 0x1}}], 0x48}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x1, 0x20}, 0xc)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f3, &(0x7f0000000080))

831.934157ms ago: executing program 6 (id=3852):
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000600)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = syz_open_dev$sg(0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fcntl$dupfd(r2, 0x0, r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, 0x0, 0x20000000)
r4 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10000, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
r9 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r9, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00'}, 0x18)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r7, &(0x7f0000000340)={0x0, 0x1c, &(0x7f0000000480)={&(0x7f0000000000)={0x34, r8, 0xc4fc9e906872338b, 0x0, 0x0, {{0x15}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14}]}]}, 0x34}}, 0x4040)

576.035571ms ago: executing program 6 (id=3859):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)

541.465362ms ago: executing program 6 (id=3860):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x200000000200}, 0x18)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r3 = socket$inet6_dccp(0xa, 0x6, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xfffffff5}, 0x1c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025797a31000000000900010073797a3000000000080005400000001c"], 0xe8}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
pipe2(&(0x7f0000000000)={0x0, <r7=>0x0}, 0x0)
r8 = socket(0x2c, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r8}, 0x20)
close_range(r7, 0xffffffffffffffff, 0x0)

459.366993ms ago: executing program 4 (id=3865):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000001c0)='kfree\x00', r0, 0x0, 0x1000000}, 0x18)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
mount(0x0, &(0x7f0000001fc0)='./file0\x00', &(0x7f0000002000)='devtmpfs\x00', 0x8, &(0x7f0000002040)='dirsync')

440.018963ms ago: executing program 5 (id=3866):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x5, 0xc, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r2, 0x0, 0x178}, 0x18)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x70, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0x4}, {}, {0x5, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{0xfffb, 0x4, 0x2}, [@TCA_EM_META_HDR={0xc, 0x1, {{}, {0x5, 0x8}}}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x400c021}, 0x20040054)

434.299173ms ago: executing program 6 (id=3867):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x50}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES8=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)

420.175783ms ago: executing program 2 (id=3868):
socket$inet(0x10, 0x3, 0x0)
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x6, 0x62200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x104040, 0x0, 0x0, 0x2, 0x5, 0x15, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0xfe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x405d, 0x0, 0x4, 0x8, 0x7, 0x100, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, 0xffffffffffffffff, r0, 0x2)
fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg(r1, &(0x7f00000092c0), 0x0, 0x44000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)
unshare(0x2040400)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_ACTIVATE(r4, 0x4b4a, 0xffffffffffffff15)

398.472484ms ago: executing program 6 (id=3869):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r1)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40045304, &(0x7f0000000100)={{}, {0x0, 0x3}, 0x2})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f0000000180)={0x80, 0x1, 'client0\x00', 0x1, "896c81dd59ff28d2", "e5dbc741536b0e2fbb12e9338ec8dcb3e07c903fc30e8a11d477e3fb04eb2f74", 0x3, 0x4})
ioctl$TCGETS2(0xffffffffffffffff, 0x5434, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r0}, 0x8)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
utime(&(0x7f0000000200)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
r5 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r5, 0x0)
write$selinux_load(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x6000)

397.423354ms ago: executing program 4 (id=3870):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)

328.594195ms ago: executing program 6 (id=3871):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r1 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_register(r1, &(0x7f0000000340)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0xbccc, 0x3a, '/+]&:!\\.', 0x3a, 'SMC_PNETID\x00\xdel1WQ\f\xbb\xaa\xaah\x00\x00\xc2c\xd4\x12\xee\xecz\xb11\xc5\n\xb2\xae\xfb\xe1\x0f\xa0\xe6\x81z\xa1\xcf\x87~<yoom\xeaG\xe7c\x81\x7f\xed\xfc\xbc\xbcM\xb9\x98L\xcd\xb9Prh\xbe\x95\t\xf93n\xb772?\xf4\xb4\xe8w\x9a\x9a5\x8dR\x9eH\xed\xb5\xca\xc0*_K\xde?s\xe3=F\x94\f\x11;Fg\xb1\xec{\x14\xb5Y\x7f\x11\xb9\x9cQ\x1f\xae\x96]\xc6\x9a\x11_Iy\x16Y\xc1\xa2\x8d,%\xaaj\n\xfb\xe6\x86\x9fL\xf2\xc9\xd7\x8b\xc6\x00\x91\xd6T:\x7f\xf5\x9a\x99\x87J_\x95\x80\xdfV\xd34\x85\x92^\x03\x05\x1c\xe4\xbd\xaa\x86V\xf9b\x19\x1c\\\xc4\xb1\xc4\x93\xd8\x9d\xf5\xdez\xc7\x9eE\xcb\x95\xc6', 0x3a, './file0'}, 0xf8)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000540)=""/100, 0x64}, {&(0x7f0000000180)=""/98, 0x62}, {&(0x7f0000001fc0)=""/4096, 0x1000}, {&(0x7f0000000000)=""/108, 0x6c}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/62, 0x3e}, {&(0x7f0000000080)=""/138, 0x8a}, {&(0x7f0000000140)=""/26, 0x1a}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x0, 0x989680})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000)
ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000280))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r3, 0x0, 0x2}, 0x18)
r4 = io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0x572c, 0x800, 0x400006, 0xfffffffe})
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[], 0x0)
close_range(r4, 0xffffffffffffffff, 0x200000000000000)
remap_file_pages(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x3800004, 0x5, 0x1)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000300)={0x3, [0x8, 0x80, 0x279]}, 0xa)

328.076375ms ago: executing program 4 (id=3872):
r0 = memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x58, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x80000000000a}, 0x2004, 0x5dd8, 0x3, 0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x200000000000002}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r1}, &(0x7f0000000780), &(0x7f00000007c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
syz_clone3(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, {0x8}, 0x0, 0x0, 0x0, &(0x7f0000000680)=[0x0], 0x1}, 0x58)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r4=>0x0})
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6, 0x0, {0x0, 0x0, 0x1}, 0x1}, 0x18)
connect$can_j1939(r5, &(0x7f0000000040)={0x1d, r6}, 0x18)
bind$can_j1939(r3, &(0x7f00000000c0)={0x1d, r4, 0x0, {}, 0xfe}, 0x18)
sendmsg$can_j1939(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)="8ba1835fdb98d51a4c", 0x9}, 0x1, 0x0, 0x0, 0x2400c840}, 0x48010)
sendmmsg(r3, &(0x7f00000004c0)=[{{&(0x7f0000000100)=@can={0x1d, r4}, 0x80, &(0x7f0000000200)=[{&(0x7f00000001c0)="99e11ccfe06480b7c6", 0x9}], 0x1}}], 0x1, 0x0)
ftruncate(r0, 0x80079a0)
lseek(r0, 0x0, 0x4)
iopl(0x3)
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f00000002c0)='./file0\x00', 0xc80, &(0x7f0000000180)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b26209f1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc563b62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x1, 0x266, &(0x7f0000000340)="$eJzs281OE1EYxvGHDwVBmCqKgjG+0Y1uJlCvoCGQGJtokBo/EpNBptp0aEmnwdQYYefW6yAu3ZkYb4CNV+DCHRuXLIxjmKnQlhrDQiba/29zXnJ4mnP6njZn0dl58Ha1XAzdoldXf59pUNrUrpRRvwaU6GuO/XF9Uq02dWMi/+XyvYePbufy+flFs4Xc0s2smY1f+fji1burn+qj99+PfxjSdubJzrfs1+3J7amdH0vPS6GVQqtU6+bZcrVa95YD31ZKYdk1uxv4XuhbqRL6tbb5YlBdW2uYV1kZG1mr+WFoXqVhZb9h9arVaw3znnmlirmua2Mjwp8UthYXvVzaq8DfVavlvDlJ04dmClupLAgAAKSK+38v4/7fC/bu/4+bn9923P8BAAAAAAAAAAAAAAAAAAAAAPgX7EaRE0WR82s8IcVP+ETNv09JGpE0Kum0pDFJ45IcSRlJZySdlTQh6Zyk85ImJV2QdFHSVMtrpb1XHEb/exv97230v7e1PLg7LK2+WS+sF5Ixmc8VVVIgXzNy9D3uZVNSL9zKz89YLKNLqxvN/MZ6YaA9Pytn78B0y88meWvPD8Xnbj+flbN3wLrls13zw7p+rSXvytHnp6oq0Ep8Jg/yr2fN5u7kO/LT8f/971zb17V/rvu7+SR/hPPR8f4Oanow3b1DChsvy14Q+DUKCgqK/SLtbyYch4Omp70SAAAAAAAAAAAAAAAAAMBRHMfPCdPeIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnX4GAAD//5KSYE0=")
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000006440)={&(0x7f0000006340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x6, [@enum={0x4, 0x1, 0x0, 0x6, 0x4, [{0x1, 0x8}]}]}, {0x0, [0x61, 0x5f, 0x10, 0x61]}}, 0x0, 0x32, 0x0, 0x1, 0x8, 0x0, @void, @value}, 0x28)
renameat2(r7, &(0x7f0000000000)='./file0\x00', r7, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

326.835675ms ago: executing program 2 (id=3873):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r1}, 0x18)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0)
set_mempolicy_home_node(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0)

299.449386ms ago: executing program 5 (id=3874):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="757466382c626c6f636b3d307830303030303030303030303030323030006e6f726f636b2c63727566742c6d61703d6f66662c646d6f64653d3078303430303030303030303030303063664173657373696f6e3d3078303030303030303030303030303033382c756e686964652c756e686964652c6769643d29e0cd5c372ab078c28fb05c6421428d066455368833565fd726743513f4466efa8d4fba06d57341875f5775ab343c0f6bc59fbde784ec3597e0e286d8d0dbf360afa3bc5c145b6e4f8b0305932fb55ff13f9fcb5035769f5fca33ac02bdeacb24c58103edc3d8b46df7614aa493952584ee662174309b11a4ad19e64dcdeeca1c148170b8d1aaf26082364b0d90d63d8502ffa63dde945e4612ac134315f389af667a04931ad25ff10b9b5107e517dbbcf5dcb60f564f54b344218d9325b53e829c38c96c69adc9e745202923a1b8124333cce0a8f1c748d42a272eb3e5502051090f1ac34fe5e8f038", @ANYRESHEX=0x0, @ANYRESOCT], 0x2, 0x699, &(0x7f0000000140)="$eJzs3V9rG9n9x/HPyLIte3+E5dcSQsifk6QLDk2VkbxxMCl01dHInlbSiBm52FBY0o29hMjZNkmh8c3WN/0D2yfQu970og+i0Ot9Fr0pLSztXaE3KnNmJEvRv3ijOLvN+2V2NTrznTnfmaPoy9iaIwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADle1XVLjupBc2fXTOZVo7AxZX26t0XdTBduzuxXcpL/VCjoQtp04Zsnq88n/7uuS+mzSyokDwUdvXP+3XvfyOd6209J6MvQaXf49PnRo/udzv6Tl4hd0Kl3/yYp11taycZkTNCW3wziMGhUtnwTxKHZ3Nhwb2/XYlML6n68F7f9hvEiP9cOI7Pm3TSlzc114xf3wp3mVrVS93uNd79Tdt0N84PldKAlFWNvO6jXg+aWjUlWJzF3zWc/TgP8SsOYg4ed/fVZR5IElV4mqDwrqOyWy6VSuVzauLN5567r5kca3ITj9mkkYu4vWnzNzOeNG5iDXFL//+pIdRXU1I52Zcb+eKoqUqjGhPWZXv1/77Y/td/B+t+r8hek72WrL8rW/yvpsyuT6v+EXIyM3WDcGmdC++l+Fm1GRk/1XEd6pPvqqKN9PZnDvo3M1bns5Qx+tuSrqUCxQgVqqGJbTNZitKkNbcjVh9pWTbGMagpUl69Ye4rVlm9fUZ4i+aqorVCRjNbk6aaMStrUptZl5KuoPYXaUVNbqqqif3e73QM9tOd9fUqO6gWVJgQsDwaVp+xpUv3/yafp6zSr/y71/22Vvg6W04fPp8UAXwHd7Pp/UG72ZldfX0YAAAAAAGDeHPvbd8f+7f6ypK5qQd1333RaAAAAAABgjhx1l3VJTnL9L+myHK7/AQAAAAD4X+PYe+wcSav2Q/3OyZ1QL/NLgIUzSBEAAAAAALwie+f/lSWpayetuCrnVNf/AAAAAADga+A3A3Ps53tz7HZ7f9bPSYpby86f/7msaNE5bu1+yzmsJGsqh1nMyCcA2rWLzrlsol77sCTJPvP8S07WWzYJZn/ewS8OZs3170QvJLC0MLiDCQk4Sc8b+eyZPtO1dJNr2TzzD45ysmvSXlZrQd0vemH9XkmVyrlc299t//zxw19IUf84Dx529osffdJ5YHM5TpqOD5OdfjqUTm78yTjJ5Zmdb8HeczHuiFdU63X522Zj1bH9ur3jX1DlMDfY0bQBOOnzV7qejtn11TR29ag/435y/IXk+EtFO2RDRx8tOidZlF488nEDMSGLgs3iRhpzY+2Gyn9Ll/ujkHMK316QysXRMRjKojyYxexz4fxr5FwMZGEfemsGzsV6ksVfkh1NyGL9dFmMjAgAvCkHuiz7LnRZdhLzfhUqZHW3Vx56b2pfqu7Mru4fDFf3Z7/vdu0GC1I++9vE1F4KSt7R1xxbh5bSQ8pfHPOO7mZ1paAJ7+juK1S3pK8/nXwHUpb2SBb/6Xa790q239+9UFX/MNTdSL9xvbyQnMLbzw5/aifAT3y8//H+43J5fcN933XvlLVoDyN7WBC1BwAwYvZ37MyMcN7XtTTi2oN/vJcuDVW8/+9/pKCoj/SJOnqgW72vELg6fq+rAx9DuJVetWrgqtWcf/ee/V664diSbk28qrO1dCC23I9dVG+T4Up9Erv+mkcBAICzdX1GHR5f/wtD9f+W1tKItYtjr7uHa3l2ddy/pJ8UW5qd/AfzPhsAALwd/OgLZ7X9ayeKgtaHpc3NUqW97Zso9H5ooqC65Zug2fYjb7vS3PJNKwrboRfWTSvSclD1YxPvtFph1Da1MDKtMA527Te/m+yr32O/UWm2Ay9u1f1K7BsvbLYrXttUg9gzrZ3v14N424/sxnHL94Ja4FXaQdg0cbgTeX7RmNj3BwKDqt9sB7UgWWyaVhQ0KtGe+VFY32n4purHXhS02mG6w15fQbMWRg2722K+O+7zAgAAvHWePj96dL/T2X/y4sJKcmmethxrQszowpKePk+uypOWfLaKOYIAAPiKOSngp9io8BoTAgAAAAAAAAAAAAAAAAAAAAAAI2bf0nfKhcVxNwtK/Zafncta9Eud3GI4sh9H807sNAu5027VuyXi6NHnU4JX+i290z8Yc3xmB/j3/5PesS1KW/Lz72tlyuC+joXvHqRndGJMsnLsquX+WOTn/88hWXj8xwmrut1ud/rmy8PncGnaAQ4v5CU9WXqFITj79yIAZ+u/AQAA//9b5DOa")
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000840)={0x3, {{0x2, 0x4e24, @broadcast}}}, 0x88)
r1 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x2)
write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file0'}, 0xb)
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, 0x0)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

265.350805ms ago: executing program 2 (id=3875):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r3, 0x0, 0x178}, 0x18)
kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x3e00, 0x116094000, 0x41000000}], 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'ipvlan1\x00', 0x8000})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x70, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r4, {0xc, 0x4}, {}, {0x5, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{0xfffb, 0x4, 0x2}, [@TCA_EM_META_HDR={0xc, 0x1, {{}, {0x5, 0x8}}}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x400c021}, 0x20040054)

263.141536ms ago: executing program 5 (id=3876):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x3, 0x13, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000900000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000000000bf090000000000005509010000000000852000000300000095"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)

213.351906ms ago: executing program 5 (id=3877):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x200000000200}, 0x18)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r3 = socket$inet6_dccp(0xa, 0x6, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xfffffff5}, 0x1c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025797a31000000000900010073797a3000000000080005400000001c"], 0xe8}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
pipe2(&(0x7f0000000000)={0x0, <r7=>0x0}, 0x0)
r8 = socket(0x2c, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r8}, 0x20)
close_range(r7, 0xffffffffffffffff, 0x0)

130.981758ms ago: executing program 1 (id=3878):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0x700}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

130.194178ms ago: executing program 2 (id=3879):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0}, 0x4) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000b1a342eda4eca8837e0000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0xa2, 0x7}}, './file0\x00'})
sendmsg$OSF_MSG_REMOVE(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000680)={0x964, 0x1, 0x5, 0x201, 0x0, 0x0, {0x3, 0x0, 0xa}, [{{0x254, 0x1, {{0x1, 0xb}, 0x1, 0xa, 0x81, 0x7, 0xa, 'syz0\x00', "e1d59b50828e246fae05f6024db8681a3dbd611412340a6f497d000ff6d01f04", "7f86c80d87bf9b0ea6e3ab6a063d56adf06c58f612422f007dad3c4a84d33c33", [{0x6, 0x6, {0x2, 0x7}}, {0x9, 0x2, {0x0, 0x3}}, {0xf001, 0x6, {0x0, 0x6}}, {0x4, 0xf, {0x2, 0x5}}, {0x2, 0x4e6c, {0x2}}, {0x6f, 0x3, {0x1, 0x9}}, {0xc723, 0x400, {0x1, 0x7}}, {0xa, 0x8, {0x0, 0xb3b}}, {0x92, 0xe41, {0x2}}, {0x1, 0x8, {0x1, 0x7c1}}, {0x7, 0x508, {0x0, 0x1}}, {0x3, 0xf2, {0x1, 0x1}}, {0x200, 0x1fa7, {0x1, 0x712f}}, {0x0, 0x4, {0x1, 0xfcc}}, {0x7, 0x0, {0x0, 0xfe000000}}, {0x8, 0x7, {0xd542073941fe3a77, 0x7}}, {0x9, 0x9, {0x3, 0x5b0}}, {0x4, 0x1ff, {0x2, 0x2}}, {0x9479, 0x2, {0x1}}, {0x3, 0x7fff, {0x1, 0x10c}}, {0xf712, 0xfff, {0x0, 0x6}}, {0xff, 0x3a, {0x1, 0xfff}}, {0x4, 0x72f1, {0x1, 0x4}}, {0x0, 0xfe04, {0x0, 0x1077}}, {0x832f, 0xa30, {0x3, 0xd}}, {0x6, 0xac}, {0x4, 0x2, {0x0, 0xffff}}, {0xb, 0x6, {0x3, 0x7}}, {0x5, 0x4, {0x1, 0x2}}, {0x7, 0x1, {0x1, 0x6}}, {0x0, 0x4, {0x2, 0x80000000}}, {0xe3cf, 0xc136, {0x2, 0x8}}, {0x8, 0x200, {0x0, 0xffffff81}}, {0x2, 0x3ff, {0x0, 0x671}}, {0x7, 0xd, {0x0, 0x2}}, {0xbf5, 0x6, {0x0, 0x80000001}}, {0x401, 0x0, {0x2, 0x1}}, {0x0, 0xf, {0x1, 0x9}}, {0x414, 0x2, {0x3, 0x5}}, {0x3, 0x10, {0x3, 0x5}}]}}}, {{0x254, 0x1, {{}, 0x40, 0x81, 0x1, 0x40, 0x24, 'syz1\x00', "f92c1ac4f1bf7cc21f6d13549c47c1f9ad908f5d9002cbf938c2d6ae10b82a7e", "c69610d13efb715c1ee20c4031e2f8abdabfb573371ca2d674178b94c7b14fcc", [{0x8, 0x1, {0x2, 0x8}}, {0x0, 0x4, {0x3, 0xa9}}, {0x7, 0x2, {0x0, 0xe}}, {0xf, 0x9, {0x1, 0x5}}, {0x9, 0x401}, {0x7, 0x7, {0x1, 0x7}}, {0x101, 0x9, {0x1, 0xe}}, {0x4, 0x824, {0x3, 0x3}}, {0x6, 0x5, {0x3, 0x294a}}, {0x7f, 0x437, {0x3, 0x5}}, {0x7, 0x1000, {0x3}}, {0xffff, 0x2, {0x1, 0x101}}, {0x1000, 0x834, {0x0, 0x4}}, {0x7ff, 0x7, {0x3, 0xff}}, {0x4af, 0x0, {0x2, 0x2}}, {0x3, 0x2, {0x1, 0x1}}, {0x4, 0x0, {0x1, 0x4}}, {0x1, 0x9d9, {0x2, 0xe6}}, {0x7, 0xa0b7, {0x3, 0x4}}, {0x6, 0x3, {0x0, 0x3}}, {0x7, 0x8000, {0x3, 0x2}}, {0x401, 0x8, {0x1, 0x8}}, {0x3, 0x8, {0x2, 0x2}}, {0xfffa, 0xfff5, {0x3, 0x5}}, {0x3, 0x2, {0x2, 0x3}}, {0x99d, 0x85, {0x1, 0x10000}}, {0xd, 0x9, {0x3, 0x2}}, {0x700, 0x0, {0x3, 0x4}}, {0x8, 0x2018, {0x1, 0x9}}, {0xff, 0x6, {0x2, 0x3a}}, {0xb, 0x80, {0x3, 0x5}}, {0x6, 0xb388, {0x2, 0x2}}, {0x8000, 0x6, {0x2, 0x8}}, {0x6, 0x5, {0x1, 0xbca}}, {0x2, 0x7ff, {0x0, 0xdb50}}, {0x1, 0x3}, {0x5, 0x8, {0x0, 0x7}}, {0x0, 0x3, {0x3, 0x5}}, {0xd8d, 0xd, {0x3, 0x6}}, {0x6, 0x9, {0x2, 0xfffffffd}}]}}}, {{0x254, 0x1, {{0x2, 0x3}, 0xff, 0x6, 0x80, 0x3, 0x10, 'syz0\x00', "0538841937349179b92527d5ecb4860684dea7c3118553b5440519fa6515299d", "ee67c068e18a0c10f90af624c8262d1763382946bba53c7c4cefbe7c2e2201af", [{0x3, 0x6, {0x3, 0x8}}, {0x3, 0x0, {0x1, 0x10001}}, {0x1, 0x2, {0x2, 0x10d0}}, {0x7, 0x644, {0x2, 0x8e000000}}, {0xdaa5, 0x4, {0x0, 0x2}}, {0x1, 0x2, {0x1, 0x4}}, {0x3, 0x3, {0x1, 0x8}}, {0xf30, 0x7074, {0x1, 0x5}}, {0x101, 0x7ff, {0x2, 0x2}}, {0x4, 0x2, {0x1, 0xb3}}, {0x0, 0xc8c, {0x0, 0x4}}, {0x7, 0xfff7, {0x1, 0x38e}}, {0x8001, 0x9, {0x2, 0x2}}, {0x6, 0x3, {0x2, 0x5}}, {0x4b, 0x5, {0x3, 0xd52}}, {0xb05f, 0x7ff, {0x1, 0xcb7}}, {0x5d, 0x9, {0x1, 0xfe}}, {0x200b, 0x8, {0x2, 0x4}}, {0x4, 0x200, {0x3, 0x36}}, {0x6, 0x40, {0x1, 0x1}}, {0x65, 0x2, {0x2, 0x3d}}, {0xecf0, 0xffff, {0x2, 0xa6}}, {0x2, 0x9, {0x2, 0xa}}, {0x5, 0x1631, {0x3, 0xced}}, {0x5, 0x1, {0x0, 0x5}}, {0x4, 0x0, {0x1, 0x1}}, {0x4, 0x5, {0x2, 0x2}}, {0x0, 0x5, {0x1, 0xffffffff}}, {0xe4, 0x1, {0x3, 0x8}}, {0xc88, 0x3, {0x3, 0x100}}, {0x2, 0x3, {0x2, 0xd97}}, {0x1732, 0x8001, {0x3, 0x3}}, {0xfad, 0x7, {0x1, 0x9}}, {0x101, 0x0, {0x1, 0x8001}}, {0x2, 0x0, {0x2, 0xb}}, {0x84, 0x9, {0x2}}, {0x3, 0x2, {0x2, 0x80}}, {0x43, 0x8, {0x2, 0xd6}}, {0x1000, 0x9, {0x3, 0x200}}, {0x7, 0x6, {0x2, 0xbf9}}]}}}, {{0x254, 0x1, {{0x1, 0x9}, 0xb0, 0xf9, 0x0, 0x8638, 0x1d, 'syz1\x00', "1c3dd313f5c736ef5fbe75004913d35601c8e6495bcfda4f687afc089b77e488", "6b9365787e6aea6a8d250b358f6d4687bdc102c6f1256912e9ec491d2c67b78f", [{0x14c6, 0x81, {0x0, 0x8001}}, {0x8, 0x7, {0x0, 0x9}}, {0x6, 0x0, {0x0, 0x80}}, {0x7, 0x7, {0x3, 0x7ff}}, {0x0, 0x8, {0x1, 0x400}}, {0x5, 0x5, {0x1, 0x1}}, {0x800, 0xd, {0x3, 0x5}}, {0xd942, 0x3, {0x3, 0x8}}, {0x6, 0x7, {0x0, 0x1ff}}, {0xc, 0x3, {0x3, 0x101}}, {0x2, 0x4, {0x1, 0x2}}, {0xcd2d, 0xa, {0x0, 0x3}}, {0x8374, 0x7, {0x3, 0x3f0d}}, {0x0, 0xb, {0x1, 0x6}}, {0x4, 0x23, {0x0, 0x9}}, {0x3, 0x5, {0x0, 0x7ff}}, {0x1000, 0x4, {0x2, 0x5}}, {0x6, 0x9, {0x0, 0x64f9f50c}}, {0x9ea8, 0x1, {0x3, 0x8}}, {0x901f, 0x6, {0x1, 0x1}}, {0x2, 0xfff9, {0x2, 0x3}}, {0x2a00, 0x3d, {0x1, 0x6}}, {0x2, 0x3, {0x0, 0x7}}, {0x8, 0x67c8, {0x1, 0x3}}, {0x7, 0xf, {0x2, 0x4}}, {0x4, 0x8, {0x2, 0x5}}, {0x2, 0x10, {0x0, 0x12000000}}, {0xb4c, 0xfff, {0x3, 0x7ff}}, {0x2, 0x18, {0x0, 0xffffffcb}}, {0x4, 0x0, {0x3, 0xa}}, {0x1ff, 0x7, {0x3, 0xf7e}}, {0x9, 0x4, {0x3, 0x5}}, {0x9461, 0x1, {0x0, 0x244d}}, {0x5, 0x7, {0x2, 0xbdd0}}, {0x8000, 0x6, {0x3, 0x6}}, {0x3, 0x8, {0x1, 0xa259}}, {0xffc0, 0x7ff, {0x2, 0xfffffff9}}, {0xb, 0x6, {0x0, 0x8}}, {0x8, 0x1, {0x2, 0xc0e8}}, {0x2, 0x2, {0x0, 0x9}}]}}}]}, 0x964}, 0x1, 0x0, 0x0, 0x20040000}, 0x80)
r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_GET_VERSION_NUM(r3, 0x2284, &(0x7f0000000080))

129.537368ms ago: executing program 5 (id=3880):
socket$inet(0x2b, 0x801, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x62000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100000, 0x0, 0x0, 0x6, 0x3, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = socket(0x2, 0x5, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @rand_addr=0x64010101}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000200)="f9", 0x1}], 0x1, 0x0, 0x0, 0x80020}], 0x1, 0x40c0)

86.128668ms ago: executing program 4 (id=3881):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)

85.564028ms ago: executing program 4 (id=3882):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095000000000000002d55715f11e961d1fde85cda4c8aae3a0c64e30cd8655910b3eb2d1451a6bf4b04dc0af703f4c87963ba"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000040)={[{@norecovery}, {@grpquota}, {@debug}, {@discard}]}, 0xee, 0x498, &(0x7f0000001b40)="$eJzs3E1sFFUcAPD/bL/5kIr4AYJW8YOotLR8yMGLRhMPmpjoAeOplkKQQg2tiZBG0QMeDYl349HEu4knvRj1YEy86t2QENML6GnMzM4s23a3n0sX3N8v2e17M7N97z9vXuf1vd0NoGMNZU9JxLaI+CMidlSzCw8Yqv64OT838c/83EQSafrm30l+3I35uYny0PJ1W6uZNI3oy5J9Dcq98k7E+NTU5IUiPzJ77v2RmYuXDp45N3568vTk+bHjx48c3td7bOxovj9dZ3yV4mcW1409H03v3f3q21dfnzhx9d2fv8nqu63YXx/HuqRLazhUPbuLPZo9Pbmhwu4ov2ZP2+s2JN3NDx7ehAqxel0RkTVXT55LoisGavt2xCuftrFqwG2Wpmna6P4cdfftFPifSvRv6FDlvT77/7d8bM7I485w/cWIOFhk5ucmbtbi767NHfQs+v+2lYYi4sTlf7/MHtGKeQgAgBV8n41/nms0/qvEA3XH3VOsoQxGxL0RsTMi7ouIXRFxf0R+7IMR5x5aY/mLV0iWjn8q19YV2Cpl478XirWtmwvGf+XoLwa7itz2PP6e5NSZqclDxTk5ED19WX50mTJ+ePn3z8t0/6J99eO/7JGVX44Fi3pc6140QXdyfHY8T6Rp+vHGwo/rn0Ts6W4UfxLlMk4SEbsjYs86yzjzzNd7m+1bOf5lLLPOtFrpVxFPV9v/8sLx/62mSurXJwciorY+Ofr8sbGjI/0xNXlopLwqlvrltytvNCt/Q/G3QNb+Wxpe/7VV4MGkP2Lm4qWz+XrtzNrLuPLnZ3V9esHqchZ/5duINV//vclbebq32Pbh+OzshdGI3uS1pdvHbr22zJfHZ/Ef2N+4/++sq/HDEZFdxPsi4pFiETdru8ci4vGI2L9M/D+99MR7zfY1b/9ms/Ktdb04Ucu2f9S3/9oTXWd//K5Z+UPFGmQU56Fx+x/JUweKLbW/f8tYbQXXddIAAADgLlPJ3wOfVIZr6UpleLj6Hv5dsaUyNT0z++yp6Q/On6y+V34weirlTNeOuvnQ0WJuuMyPLcofLuaNv+gayPPDE9NTJ9sdPHS4rU36f+avrnbXDrjtWrCOBtyl9H/oXPo/dC79HzqX/g+dq1H/3+gHC4C7g/s/dK68/z91ud3VANrA/R86l/4PHanpZ+MrG/rIf9NE0upf2DBRfnfCZpS1cqL8LopNL31g3S/vX/nURaW9Z7VjEt1L2iK6W1pEX8NdbfyjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0EL/BQAA///5etKr")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
getdents(r1, 0x0, 0x0)

52.801769ms ago: executing program 2 (id=3883):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e"], 0x15)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)

52.198269ms ago: executing program 2 (id=3884):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x5, 0xc, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r2, 0x0, 0x178}, 0x18)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x70, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0x4}, {}, {0x5, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{0xfffb, 0x4, 0x2}, [@TCA_EM_META_HDR={0xc, 0x1, {{}, {0x5, 0x8}}}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x400c021}, 0x20040054)

1.24747ms ago: executing program 4 (id=3885):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r1}, 0x18)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0)
set_mempolicy_home_node(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0)

0s ago: executing program 5 (id=3886):
r0 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) (async)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1}) (async)
io_uring_enter(r0, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$KDSKBLED(r3, 0x4b65, 0x2)

kernel console output (not intermixed with test programs):

294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10852 comm="syz.2.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff23e6dd169 code=0x7ffc0000
[  154.162531][   T29] audit: type=1326 audit(1742798694.830:4671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10852 comm="syz.2.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff23e6dd169 code=0x7ffc0000
[  154.186180][   T29] audit: type=1326 audit(1742798694.840:4672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10852 comm="syz.2.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff23e6dd169 code=0x7ffc0000
[  154.209719][   T29] audit: type=1326 audit(1742798694.840:4673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10852 comm="syz.2.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff23e6dd169 code=0x7ffc0000
[  154.233290][   T29] audit: type=1326 audit(1742798694.840:4674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10852 comm="syz.2.2828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff23e6dd169 code=0x7ffc0000
[  154.377217][T10878] FAULT_INJECTION: forcing a failure.
[  154.377217][T10878] name failslab, interval 1, probability 0, space 0, times 0
[  154.390075][T10878] CPU: 0 UID: 0 PID: 10878 Comm: syz.5.2835 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  154.390106][T10878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  154.390151][T10878] Call Trace:
[  154.390159][T10878]  <TASK>
[  154.390167][T10878]  dump_stack_lvl+0xf2/0x150
[  154.390200][T10878]  dump_stack+0x15/0x1a
[  154.390221][T10878]  should_fail_ex+0x24a/0x260
[  154.390252][T10878]  should_failslab+0x8f/0xb0
[  154.390349][T10878]  kmem_cache_alloc_node_noprof+0x59/0x320
[  154.390378][T10878]  ? __alloc_skb+0x10b/0x310
[  154.390406][T10878]  __alloc_skb+0x10b/0x310
[  154.390428][T10878]  netlink_alloc_large_skb+0xad/0xe0
[  154.390459][T10878]  netlink_sendmsg+0x3b4/0x6e0
[  154.390487][T10878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  154.390510][T10878]  __sock_sendmsg+0x140/0x180
[  154.390551][T10878]  ____sys_sendmsg+0x326/0x4b0
[  154.390587][T10878]  __sys_sendmsg+0x19d/0x230
[  154.390716][T10878]  __x64_sys_sendmsg+0x46/0x50
[  154.390744][T10878]  x64_sys_call+0x2734/0x2dc0
[  154.390817][T10878]  do_syscall_64+0xc9/0x1c0
[  154.390907][T10878]  ? clear_bhb_loop+0x55/0xb0
[  154.390941][T10878]  ? clear_bhb_loop+0x55/0xb0
[  154.390976][T10878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.391009][T10878] RIP: 0033:0x7f96bdbbd169
[  154.391055][T10878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.391180][T10878] RSP: 002b:00007f96bc221038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.391202][T10878] RAX: ffffffffffffffda RBX: 00007f96bddd5fa0 RCX: 00007f96bdbbd169
[  154.391218][T10878] RDX: 0000000020040054 RSI: 0000200000006040 RDI: 0000000000000004
[  154.391283][T10878] RBP: 00007f96bc221090 R08: 0000000000000000 R09: 0000000000000000
[  154.391294][T10878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.391334][T10878] R13: 0000000000000000 R14: 00007f96bddd5fa0 R15: 00007fffca81bdb8
[  154.391419][T10878]  </TASK>
[  154.655538][T10888] __nla_validate_parse: 11 callbacks suppressed
[  154.655553][T10888] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2843'.
[  154.706961][T10890] validate_nla: 1 callbacks suppressed
[  154.706996][T10890] netlink: 'syz.0.2844': attribute type 21 has an invalid length.
[  154.723088][T10890] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2844'.
[  154.768019][T10900] ipt_ECN: cannot use operation on non-tcp rule
[  154.923178][T10915] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2856'.
[  154.954439][T10917] 9pnet_fd: Insufficient options for proto=fd
[  155.038496][T10929] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2863'.
[  155.047986][T10929] 0ªX¹¦À: renamed from caif0
[  155.052831][T10929] FAULT_INJECTION: forcing a failure.
[  155.052831][T10929] name failslab, interval 1, probability 0, space 0, times 0
[  155.065593][T10929] CPU: 1 UID: 0 PID: 10929 Comm: syz.1.2863 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  155.065656][T10929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  155.065712][T10929] Call Trace:
[  155.065781][T10929]  <TASK>
[  155.065789][T10929]  dump_stack_lvl+0xf2/0x150
[  155.065828][T10929]  dump_stack+0x15/0x1a
[  155.065861][T10929]  should_fail_ex+0x24a/0x260
[  155.065901][T10929]  should_failslab+0x8f/0xb0
[  155.065935][T10929]  __kmalloc_node_track_caller_noprof+0xa8/0x410
[  155.066036][T10929]  ? sprintf+0x89/0xb0
[  155.066096][T10929]  ? kstrdup_const+0x3e/0x50
[  155.066124][T10929]  kstrdup+0x3d/0xd0
[  155.066155][T10929]  kstrdup_const+0x3e/0x50
[  155.066180][T10929]  kobject_rename+0x168/0x350
[  155.066204][T10929]  ? sysfs_rename_link_ns+0x105/0x120
[  155.066313][T10929]  device_rename+0x12a/0x1a0
[  155.066346][T10929]  dev_change_name+0x1e2/0x6a0
[  155.066377][T10929]  ? vprintk_emit+0x67b/0x690
[  155.066402][T10929]  ? vprintk_default+0x26/0x30
[  155.066477][T10929]  ? __rcu_read_unlock+0x4e/0x70
[  155.066504][T10929]  ? nla_strscpy+0xed/0x120
[  155.066599][T10929]  do_setlink+0x5f3/0x2370
[  155.066640][T10929]  ? _raw_spin_unlock+0x26/0x50
[  155.066680][T10929]  ? finish_task_switch+0xb5/0x2b0
[  155.066755][T10929]  rtnl_setlink+0x2f9/0x430
[  155.066814][T10929]  ? security_capable+0x81/0x90
[  155.066960][T10929]  ? ns_capable+0x7d/0xb0
[  155.066988][T10929]  ? __pfx_rtnl_setlink+0x10/0x10
[  155.067074][T10929]  rtnetlink_rcv_msg+0x651/0x710
[  155.067104][T10929]  ? avc_has_perm_noaudit+0x1cc/0x210
[  155.067132][T10929]  netlink_rcv_skb+0x12c/0x230
[  155.067172][T10929]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  155.067252][T10929]  rtnetlink_rcv+0x1c/0x30
[  155.067283][T10929]  netlink_unicast+0x599/0x670
[  155.067322][T10929]  netlink_sendmsg+0x5cc/0x6e0
[  155.067381][T10929]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.067410][T10929]  __sock_sendmsg+0x140/0x180
[  155.067443][T10929]  sock_write_iter+0x15e/0x1a0
[  155.067555][T10929]  do_iter_readv_writev+0x403/0x4b0
[  155.067593][T10929]  vfs_writev+0x2d9/0x880
[  155.067637][T10929]  ? get_pid_task+0x8e/0xc0
[  155.067671][T10929]  ? proc_fail_nth_write+0x12a/0x150
[  155.067737][T10929]  do_writev+0xf4/0x220
[  155.067837][T10929]  __x64_sys_writev+0x45/0x50
[  155.067948][T10929]  x64_sys_call+0x1fab/0x2dc0
[  155.068007][T10929]  do_syscall_64+0xc9/0x1c0
[  155.068183][T10929]  ? clear_bhb_loop+0x55/0xb0
[  155.068212][T10929]  ? clear_bhb_loop+0x55/0xb0
[  155.068342][T10929]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.068370][T10929] RIP: 0033:0x7f6d9937d169
[  155.068385][T10929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.068445][T10929] RSP: 002b:00007f6d979e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  155.068468][T10929] RAX: ffffffffffffffda RBX: 00007f6d99595fa0 RCX: 00007f6d9937d169
[  155.068483][T10929] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000008
[  155.068497][T10929] RBP: 00007f6d979e7090 R08: 0000000000000000 R09: 0000000000000000
[  155.068526][T10929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.068540][T10929] R13: 0000000000000000 R14: 00007f6d99595fa0 R15: 00007ffe6684c498
[  155.068561][T10929]  </TASK>
[  155.498768][T10944] loop0: detected capacity change from 0 to 512
[  155.524211][T10944] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.538832][T10944] ext4 filesystem being mounted at /598/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  155.542081][T10951] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2871'.
[  155.605456][ T3298] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.769938][T10972] lo speed is unknown, defaulting to 1000
[  155.816005][T10972] dummy0 speed is unknown, defaulting to 1000
[  155.836368][T10968] lo speed is unknown, defaulting to 1000
[  156.034870][T10968] dummy0 speed is unknown, defaulting to 1000
[  156.222061][T10988] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2882'.
[  156.351640][T10968] chnl_net:caif_netlink_parms(): no params data found
[  156.390703][T10968] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.398133][T10968] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.405461][T10968] bridge_slave_0: entered allmulticast mode
[  156.411976][T10968] bridge_slave_0: entered promiscuous mode
[  156.419125][T10968] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.426349][T10968] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.434398][T10968] bridge_slave_1: entered allmulticast mode
[  156.441112][T10968] bridge_slave_1: entered promiscuous mode
[  156.465159][T10968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.476367][T10968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.512312][T11004] netlink: 'syz.4.2887': attribute type 21 has an invalid length.
[  156.515412][T11006] 9pnet_fd: Insufficient options for proto=fd
[  156.520325][T11004] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2887'.
[  156.566523][T10968] team0: Port device team_slave_0 added
[  156.582799][T10968] team0: Port device team_slave_1 added
[  156.594965][T11011] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2890'.
[  156.599559][T11013] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2889'.
[  156.630929][T10968] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.637975][T10968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.664100][T10968] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.665736][T11011] netlink: 'syz.5.2890': attribute type 13 has an invalid length.
[  156.684721][ T3717] bridge_slave_1: left allmulticast mode
[  156.690624][ T3717] bridge_slave_1: left promiscuous mode
[  156.691202][T11018] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2885'.
[  156.696424][ T3717] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.715476][ T3717] bridge_slave_0: left allmulticast mode
[  156.721215][ T3717] bridge_slave_0: left promiscuous mode
[  156.727553][ T3717] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.882459][ T3717] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  156.892167][ T3717] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  156.902510][ T3717] bond0 (unregistering): Released all slaves
[  156.911003][T11018] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  156.911202][T10968] batman_adv: batadv0: Adding interface: batadv_slave_1
[  156.928001][T10968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.954437][T10968] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  156.995124][T10968] hsr_slave_0: entered promiscuous mode
[  157.001785][T10968] hsr_slave_1: entered promiscuous mode
[  157.008193][T10968] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  157.015881][T10968] Cannot create hsr debugfs directory
[  157.048887][ T3717] hsr_slave_0: left promiscuous mode
[  157.054653][ T3717] hsr_slave_1: left promiscuous mode
[  157.090954][ T3717] team0 (unregistering): Port device team_slave_1 removed
[  157.101009][ T3717] team0 (unregistering): Port device team_slave_0 removed
[  157.127549][ T1782] smc: removing ib device syz2
[  157.132846][ T3700] smc: removing ib device s
z1
[  157.202275][ T6818] dummy0 speed is unknown, defaulting to 1000
[  157.250193][T11037] bond1: entered promiscuous mode
[  157.255459][T11037] bond1: entered allmulticast mode
[  157.264053][T11037] 8021q: adding VLAN 0 to HW filter on device bond1
[  157.274268][T11037] bridge2: port 1(bond1) entered blocking state
[  157.280735][T11037] bridge2: port 1(bond1) entered disabled state
[  157.519278][T11055] netlink: 'syz.2.2905': attribute type 13 has an invalid length.
[  157.606051][T11062] IPv6: sit1: Disabled Multicast RS
[  157.682319][T10968] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  157.694186][T10968] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  157.704684][T11068] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  157.715455][T10968] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  157.725108][T10968] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  157.769708][T10968] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.784945][T10968] 8021q: adding VLAN 0 to HW filter on device team0
[  157.795889][ T3697] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.803070][ T3697] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.816737][ T1782] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.823908][ T1782] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.857279][T10968] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  157.867801][T10968] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  157.943205][T10968] 8021q: adding VLAN 0 to HW filter on device batadv0
[  158.032132][T10968] veth0_vlan: entered promiscuous mode
[  158.040230][T10968] veth1_vlan: entered promiscuous mode
[  158.068501][T10968] veth0_macvtap: entered promiscuous mode
[  158.086530][T10968] veth1_macvtap: entered promiscuous mode
[  158.097987][T10968] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.109218][T10968] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.119054][T10968] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.127960][T10968] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.136808][T10968] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.145628][T10968] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.467749][T11108] netlink: 'syz.1.2922': attribute type 21 has an invalid length.
[  158.682458][T11128] loop0: detected capacity change from 0 to 512
[  158.689696][T11128] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  158.720054][T11128] EXT4-fs (loop0): invalid journal inode
[  158.727353][T11128] EXT4-fs (loop0): can't get journal size
[  158.736520][T11126] bond1: entered promiscuous mode
[  158.741742][T11126] bond1: entered allmulticast mode
[  158.744522][T11128] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e056c118, mo2=0002]
[  158.748213][T11126] 8021q: adding VLAN 0 to HW filter on device bond1
[  158.755027][T11128] System zones: 1-12, 13-13
[  158.766600][T11128] EXT4-fs (loop0): 1 truncate cleaned up
[  158.772987][T11128] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  158.773992][T11126] bond1 (unregistering): Released all slaves
[  158.806610][   T29] kauditd_printk_skb: 250 callbacks suppressed
[  158.806630][   T29] audit: type=1326 audit(1742798699.850:4925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11127 comm="syz.0.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  158.836860][   T29] audit: type=1326 audit(1742798699.850:4926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11127 comm="syz.0.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  158.861963][   T29] audit: type=1326 audit(1742798699.890:4927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11127 comm="syz.0.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  158.885860][   T29] audit: type=1326 audit(1742798699.890:4928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11127 comm="syz.0.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  158.909444][   T29] audit: type=1326 audit(1742798699.910:4929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11127 comm="syz.0.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  158.932925][   T29] audit: type=1326 audit(1742798699.910:4930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11127 comm="syz.0.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  158.957412][   T29] audit: type=1326 audit(1742798699.910:4931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11127 comm="syz.0.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  158.964542][T11139] 9pnet_fd: Insufficient options for proto=fd
[  158.982220][   T29] audit: type=1326 audit(1742798699.910:4932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11127 comm="syz.0.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  159.010651][   T29] audit: type=1326 audit(1742798699.910:4933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11127 comm="syz.0.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  159.034186][   T29] audit: type=1326 audit(1742798699.910:4934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11127 comm="syz.0.2931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  159.060175][T10968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.151932][T11146] netlink: 'syz.4.2938': attribute type 21 has an invalid length.
[  159.295455][T11161] loop0: detected capacity change from 0 to 1024
[  159.327761][T11161] EXT4-fs: Ignoring removed nobh option
[  159.333536][T11161] EXT4-fs: Ignoring removed bh option
[  159.369983][T11161] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.399994][T11161] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #14: comm syz.0.2941: attempt to clear invalid blocks 1886221359 len 1
[  159.414670][T11171] FAULT_INJECTION: forcing a failure.
[  159.414670][T11171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  159.427829][T11171] CPU: 1 UID: 0 PID: 11171 Comm: syz.4.2944 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  159.427860][T11171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  159.427876][T11171] Call Trace:
[  159.427884][T11171]  <TASK>
[  159.427892][T11171]  dump_stack_lvl+0xf2/0x150
[  159.427921][T11171]  dump_stack+0x15/0x1a
[  159.427978][T11171]  should_fail_ex+0x24a/0x260
[  159.428009][T11171]  should_fail+0xb/0x10
[  159.428159][T11171]  should_fail_usercopy+0x1a/0x20
[  159.428201][T11171]  _copy_to_user+0x20/0xa0
[  159.428225][T11171]  simple_read_from_buffer+0xa0/0x110
[  159.428272][T11171]  proc_fail_nth_read+0xf9/0x140
[  159.428303][T11171]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  159.428339][T11171]  vfs_read+0x19b/0x6f0
[  159.428404][T11171]  ? __rcu_read_unlock+0x4e/0x70
[  159.428430][T11171]  ? __fget_files+0x17c/0x1c0
[  159.428512][T11171]  ksys_read+0xe8/0x1b0
[  159.428576][T11171]  __x64_sys_read+0x42/0x50
[  159.428613][T11171]  x64_sys_call+0x2874/0x2dc0
[  159.428646][T11171]  do_syscall_64+0xc9/0x1c0
[  159.428752][T11171]  ? clear_bhb_loop+0x55/0xb0
[  159.428785][T11171]  ? clear_bhb_loop+0x55/0xb0
[  159.428819][T11171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.428926][T11171] RIP: 0033:0x7f7e8008bb7c
[  159.428943][T11171] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  159.428961][T11171] RSP: 002b:00007f7e7e6d6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  159.428979][T11171] RAX: ffffffffffffffda RBX: 00007f7e802a6080 RCX: 00007f7e8008bb7c
[  159.428993][T11171] RDX: 000000000000000f RSI: 00007f7e7e6d60a0 RDI: 0000000000000008
[  159.429086][T11171] RBP: 00007f7e7e6d6090 R08: 0000000000000000 R09: 0000000000000000
[  159.429098][T11171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.429111][T11171] R13: 0000000000000000 R14: 00007f7e802a6080 R15: 00007ffc5a84a558
[  159.429133][T11171]  </TASK>
[  159.651841][T10968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.663306][T11147] chnl_net:caif_netlink_parms(): no params data found
[  159.677000][T11174] 9pnet_fd: Insufficient options for proto=fd
[  159.772522][T11147] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.779791][T11147] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.805179][T11147] bridge_slave_0: entered allmulticast mode
[  159.812263][T11147] bridge_slave_0: entered promiscuous mode
[  159.820617][T11147] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.827722][T11147] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.863531][T11147] bridge_slave_1: entered allmulticast mode
[  159.874348][T11147] bridge_slave_1: entered promiscuous mode
[  159.931868][T11147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  159.959042][T11147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  160.013074][T11204] vlan2: entered allmulticast mode
[  160.026605][T11204] bond0: (slave vlan2): Opening slave failed
[  160.036420][T11147] team0: Port device team_slave_0 added
[  160.059790][   T54] batadv1: left allmulticast mode
[  160.064916][   T54] batadv1: left promiscuous mode
[  160.070095][   T54] bridge0: port 3(batadv1) entered disabled state
[  160.070858][T11209] 9pnet_fd: Insufficient options for proto=fd
[  160.095227][   T54] bridge_slave_1: left allmulticast mode
[  160.100991][   T54] bridge_slave_1: left promiscuous mode
[  160.106815][   T54] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.129603][   T54] bridge_slave_0: left allmulticast mode
[  160.135646][   T54] bridge_slave_0: left promiscuous mode
[  160.141728][   T54] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.156809][   T54] bridge2: port 1(bond1) entered disabled state
[  160.169513][T11218] loop0: detected capacity change from 0 to 1024
[  160.186890][T11218] EXT4-fs: Ignoring removed nobh option
[  160.192656][T11218] EXT4-fs: Ignoring removed bh option
[  160.198305][   T54] team0: Port device geneve1 removed
[  160.214444][T11218] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.253907][T10968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.428608][   T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  160.438937][   T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  160.449194][   T54] bond0 (unregistering): Released all slaves
[  160.458300][   T54] bond1 (unregistering): Released all slaves
[  160.474229][T11147] team0: Port device team_slave_1 added
[  160.484924][T11227] netlink: 'syz.4.2966': attribute type 21 has an invalid length.
[  160.492974][T11227] __nla_validate_parse: 6 callbacks suppressed
[  160.492990][T11227] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2966'.
[  160.533661][   T54] hsr_slave_0: left promiscuous mode
[  160.539468][   T54] hsr_slave_1: left promiscuous mode
[  160.545307][   T54] batman_adv: batadv0: Removing interface: batadv_slave_0
[  160.555330][   T54] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.601455][   T54] team0 (unregistering): Port device team_slave_1 removed
[  160.613620][   T54] team0 (unregistering): Port device team_slave_0 removed
[  160.740267][T11249] FAULT_INJECTION: forcing a failure.
[  160.740267][T11249] name failslab, interval 1, probability 0, space 0, times 0
[  160.753082][T11249] CPU: 1 UID: 0 PID: 11249 Comm: syz.0.2970 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  160.753114][T11249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  160.753128][T11249] Call Trace:
[  160.753134][T11249]  <TASK>
[  160.753141][T11249]  dump_stack_lvl+0xf2/0x150
[  160.753169][T11249]  dump_stack+0x15/0x1a
[  160.753236][T11249]  should_fail_ex+0x24a/0x260
[  160.753273][T11249]  ? copy_ipcs+0xf7/0x3b0
[  160.753295][T11249]  should_failslab+0x8f/0xb0
[  160.753325][T11249]  __kmalloc_cache_noprof+0x4e/0x320
[  160.753420][T11249]  copy_ipcs+0xf7/0x3b0
[  160.753440][T11249]  create_new_namespaces+0x135/0x430
[  160.753465][T11249]  ? security_capable+0x81/0x90
[  160.753630][T11249]  unshare_nsproxy_namespaces+0xe6/0x120
[  160.753658][T11249]  ksys_unshare+0x3c9/0x6e0
[  160.753762][T11249]  __x64_sys_unshare+0x1f/0x30
[  160.753802][T11249]  x64_sys_call+0x1a3e/0x2dc0
[  160.753834][T11249]  do_syscall_64+0xc9/0x1c0
[  160.753869][T11249]  ? clear_bhb_loop+0x55/0xb0
[  160.753974][T11249]  ? clear_bhb_loop+0x55/0xb0
[  160.754000][T11249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.754106][T11249] RIP: 0033:0x7f2379c2d169
[  160.754141][T11249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.754235][T11249] RSP: 002b:00007f2378255038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  160.754258][T11249] RAX: ffffffffffffffda RBX: 00007f2379e46160 RCX: 00007f2379c2d169
[  160.754274][T11249] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000068040200
[  160.754289][T11249] RBP: 00007f2378255090 R08: 0000000000000000 R09: 0000000000000000
[  160.754302][T11249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.754314][T11249] R13: 0000000000000001 R14: 00007f2379e46160 R15: 00007ffdd5757d08
[  160.754397][T11249]  </TASK>
[  160.977983][T11249] loop0: detected capacity change from 0 to 1024
[  160.986505][T11249] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  160.997553][T11249] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[  161.007271][T11249] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  161.018927][T11249] EXT4-fs (loop0): invalid journal inode
[  161.024637][T11249] EXT4-fs (loop0): can't get journal size
[  161.034675][T11249] EXT4-fs error (device loop0): ext4_protect_reserved_inode:182: inode #3: comm syz.0.2970: blocks 2-2 from inode overlap system zone
[  161.049022][T11249] EXT4-fs (loop0): failed to initialize system zone (-117)
[  161.056378][T11249] EXT4-fs (loop0): mount failed
[  161.072764][T11147] batman_adv: batadv0: Adding interface: batadv_slave_0
[  161.079754][T11147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.105828][T11147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  161.130555][T11147] batman_adv: batadv0: Adding interface: batadv_slave_1
[  161.137871][T11147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.164262][T11147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  161.210328][T11147] hsr_slave_0: entered promiscuous mode
[  161.216519][T11147] hsr_slave_1: entered promiscuous mode
[  161.315516][T11270] netlink: 212 bytes leftover after parsing attributes in process `syz.5.2980'.
[  161.336594][T11270] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  161.552248][T11296] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2990'.
[  161.622398][T11301] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2993'.
[  161.669061][T11147] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  161.678101][T11147] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  161.687432][T11147] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  161.727588][T11147] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  161.742336][T11311] loop0: detected capacity change from 0 to 1024
[  161.758947][T11311] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  161.788652][T11316] FAULT_INJECTION: forcing a failure.
[  161.788652][T11316] name failslab, interval 1, probability 0, space 0, times 0
[  161.801500][T11316] CPU: 1 UID: 0 PID: 11316 Comm: syz.4.2999 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  161.801530][T11316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  161.801544][T11316] Call Trace:
[  161.801550][T11316]  <TASK>
[  161.801557][T11316]  dump_stack_lvl+0xf2/0x150
[  161.801585][T11316]  dump_stack+0x15/0x1a
[  161.801618][T11316]  should_fail_ex+0x24a/0x260
[  161.801653][T11316]  ? proc_self_get_link+0x94/0x100
[  161.801764][T11316]  should_failslab+0x8f/0xb0
[  161.801871][T11316]  __kmalloc_cache_noprof+0x4e/0x320
[  161.801979][T11316]  proc_self_get_link+0x94/0x100
[  161.802014][T11316]  ? __pfx_proc_self_get_link+0x10/0x10
[  161.802140][T11316]  pick_link+0x4a0/0x7e0
[  161.802183][T11316]  step_into+0x748/0x820
[  161.802291][T11316]  link_path_walk+0x50e/0x830
[  161.802335][T11316]  path_openat+0x1af/0x1fc0
[  161.802363][T11316]  ? _parse_integer_limit+0x167/0x180
[  161.802462][T11316]  ? kstrtouint_from_user+0xb0/0xe0
[  161.802518][T11316]  do_filp_open+0x107/0x230
[  161.802595][T11316]  do_sys_openat2+0xab/0x120
[  161.802616][T11316]  __x64_sys_openat+0xf3/0x120
[  161.802643][T11316]  x64_sys_call+0x2b30/0x2dc0
[  161.802676][T11316]  do_syscall_64+0xc9/0x1c0
[  161.802779][T11316]  ? clear_bhb_loop+0x55/0xb0
[  161.802813][T11316]  ? clear_bhb_loop+0x55/0xb0
[  161.802868][T11316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.802901][T11316] RIP: 0033:0x7f7e8008bad0
[  161.802917][T11316] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  161.802934][T11316] RSP: 002b:00007f7e7e6f6f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  161.802952][T11316] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7e8008bad0
[  161.802964][T11316] RDX: 0000000000000000 RSI: 00007f7e8010e3b8 RDI: 00000000ffffff9c
[  161.802977][T11316] RBP: 00007f7e8010e3b8 R08: 0000000000000000 R09: 0000000000000000
[  161.803001][T11316] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  161.803012][T11316] R13: 0000000000000001 R14: 00007f7e802a5fa0 R15: 00007ffc5a84a558
[  161.803063][T11316]  </TASK>
[  162.022173][T11311] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.2990: Invalid block bitmap block 0 in block_group 0
[  162.027132][T11147] 8021q: adding VLAN 0 to HW filter on device bond0
[  162.049611][T11147] 8021q: adding VLAN 0 to HW filter on device team0
[  162.056494][T11311] EXT4-fs error (device loop0): ext4_acquire_dquot:6927: comm syz.0.2990: Failed to acquire dquot type 0
[  162.071408][T11147] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  162.081905][T11147] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  162.092647][T11311] EXT4-fs error (device loop0): ext4_free_blocks:6589: comm syz.0.2990: Freeing blocks not in datazone - block = 0, count = 4096
[  162.121222][ T3700] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.128315][ T3700] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.139874][ T3700] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.146991][ T3700] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.156454][T11311] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.2990: Invalid inode bitmap blk 0 in block_group 0
[  162.175640][ T3697] EXT4-fs error (device loop0): ext4_release_dquot:6950: comm kworker/u8:8: Failed to release dquot type 0
[  162.187523][T11311] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem
[  162.197757][T11311] EXT4-fs (loop0): 1 orphan inode deleted
[  162.208139][T11311] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.359908][T11147] 8021q: adding VLAN 0 to HW filter on device batadv0
[  162.475408][T11147] veth0_vlan: entered promiscuous mode
[  162.484390][T11365] FAULT_INJECTION: forcing a failure.
[  162.484390][T11365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  162.497531][T11365] CPU: 0 UID: 0 PID: 11365 Comm: syz.5.3015 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  162.497570][T11365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  162.497586][T11365] Call Trace:
[  162.497594][T11365]  <TASK>
[  162.497603][T11365]  dump_stack_lvl+0xf2/0x150
[  162.497677][T11365]  dump_stack+0x15/0x1a
[  162.497703][T11365]  should_fail_ex+0x24a/0x260
[  162.497741][T11365]  should_fail+0xb/0x10
[  162.497774][T11365]  should_fail_usercopy+0x1a/0x20
[  162.497921][T11365]  _copy_from_user+0x1c/0xa0
[  162.497965][T11365]  vcs_write+0x351/0xbb0
[  162.497998][T11365]  ? avc_policy_seqno+0x15/0x20
[  162.498021][T11365]  ? selinux_file_permission+0x22a/0x360
[  162.498113][T11365]  vfs_writev+0x3fa/0x880
[  162.498201][T11365]  ? __pfx_vcs_write+0x10/0x10
[  162.498242][T11365]  do_writev+0xf4/0x220
[  162.498267][T11365]  __x64_sys_writev+0x45/0x50
[  162.498302][T11365]  x64_sys_call+0x1fab/0x2dc0
[  162.498334][T11365]  do_syscall_64+0xc9/0x1c0
[  162.498510][T11365]  ? clear_bhb_loop+0x55/0xb0
[  162.498537][T11365]  ? clear_bhb_loop+0x55/0xb0
[  162.498567][T11365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.498671][T11365] RIP: 0033:0x7f96bdbbd169
[  162.498687][T11365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.498760][T11365] RSP: 002b:00007f96bc221038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  162.498782][T11365] RAX: ffffffffffffffda RBX: 00007f96bddd5fa0 RCX: 00007f96bdbbd169
[  162.498795][T11365] RDX: 0000000000000001 RSI: 0000200000000a40 RDI: 0000000000000003
[  162.498806][T11365] RBP: 00007f96bc221090 R08: 0000000000000000 R09: 0000000000000000
[  162.498818][T11365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.498831][T11365] R13: 0000000000000000 R14: 00007f96bddd5fa0 R15: 00007fffca81bdb8
[  162.498856][T11365]  </TASK>
[  162.692729][T11367] FAULT_INJECTION: forcing a failure.
[  162.692729][T11367] name failslab, interval 1, probability 0, space 0, times 0
[  162.705548][T11367] CPU: 1 UID: 0 PID: 11367 Comm: syz.4.3016 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  162.705579][T11367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  162.705595][T11367] Call Trace:
[  162.705603][T11367]  <TASK>
[  162.705612][T11367]  dump_stack_lvl+0xf2/0x150
[  162.705714][T11367]  dump_stack+0x15/0x1a
[  162.705741][T11367]  should_fail_ex+0x24a/0x260
[  162.705785][T11367]  should_failslab+0x8f/0xb0
[  162.705849][T11367]  kmem_cache_alloc_noprof+0x52/0x320
[  162.705874][T11367]  ? security_file_alloc+0x32/0x100
[  162.705911][T11367]  security_file_alloc+0x32/0x100
[  162.705981][T11367]  init_file+0x5d/0x1b0
[  162.706005][T11367]  alloc_empty_file+0xea/0x200
[  162.706026][T11367]  alloc_file_pseudo+0xc9/0x160
[  162.706053][T11367]  anon_inode_getfile+0xa3/0x120
[  162.706077][T11367]  do_eventfd+0x10a/0x1b0
[  162.706105][T11367]  __x64_sys_eventfd+0x20/0x30
[  162.706152][T11367]  x64_sys_call+0x2626/0x2dc0
[  162.706246][T11367]  do_syscall_64+0xc9/0x1c0
[  162.706281][T11367]  ? clear_bhb_loop+0x55/0xb0
[  162.706337][T11367]  ? clear_bhb_loop+0x55/0xb0
[  162.706368][T11367]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.706401][T11367] RIP: 0033:0x7f7e8008d169
[  162.706418][T11367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.706437][T11367] RSP: 002b:00007f7e7e6f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000011c
[  162.706535][T11367] RAX: ffffffffffffffda RBX: 00007f7e802a5fa0 RCX: 00007f7e8008d169
[  162.706547][T11367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000007fff6d08
[  162.706559][T11367] RBP: 00007f7e7e6f7090 R08: 0000000000000000 R09: 0000000000000000
[  162.706570][T11367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.706583][T11367] R13: 0000000000000000 R14: 00007f7e802a5fa0 R15: 00007ffc5a84a558
[  162.706604][T11367]  </TASK>
[  162.707370][T11147] veth1_vlan: entered promiscuous mode
[  162.913975][T11147] veth0_macvtap: entered promiscuous mode
[  162.925162][T11147] veth1_macvtap: entered promiscuous mode
[  162.938007][T11147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  162.949041][T11147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  162.961736][T11147] batman_adv: batadv0: Interface activated: batadv_slave_0
[  162.985147][T11147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  162.995895][T11147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  163.008409][T11147] batman_adv: batadv0: Interface activated: batadv_slave_1
[  163.031287][T11147] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  163.040066][T11147] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  163.049023][T11147] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  163.057848][T11147] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  163.076116][T11392] netlink: 'syz.5.3025': attribute type 21 has an invalid length.
[  163.084098][T11392] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3025'.
[  163.187685][T11418] FAULT_INJECTION: forcing a failure.
[  163.187685][T11418] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  163.201091][T11418] CPU: 1 UID: 0 PID: 11418 Comm: syz.2.3034 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  163.201120][T11418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  163.201136][T11418] Call Trace:
[  163.201144][T11418]  <TASK>
[  163.201153][T11418]  dump_stack_lvl+0xf2/0x150
[  163.201243][T11418]  dump_stack+0x15/0x1a
[  163.201268][T11418]  should_fail_ex+0x24a/0x260
[  163.201311][T11418]  should_fail_alloc_page+0xfd/0x110
[  163.201350][T11418]  __alloc_frozen_pages_noprof+0x109/0x340
[  163.201426][T11418]  __alloc_pages_noprof+0x9/0x20
[  163.201453][T11418]  ___kmalloc_large_node+0x7a/0x120
[  163.201477][T11418]  __kmalloc_large_node_noprof+0x17/0xa0
[  163.201502][T11418]  __kmalloc_node_track_caller_noprof+0x2b7/0x410
[  163.201569][T11418]  ? security_context_to_sid_core+0x66/0x3b0
[  163.201608][T11418]  ? __rcu_read_unlock+0x4e/0x70
[  163.201637][T11418]  kmemdup_nul+0x35/0xc0
[  163.201674][T11418]  security_context_to_sid_core+0x66/0x3b0
[  163.201719][T11418]  security_context_to_sid+0x2f/0x40
[  163.201771][T11418]  selinux_inode_setxattr+0x4d8/0x700
[  163.201827][T11418]  security_inode_setxattr+0x169/0x1f0
[  163.201861][T11418]  __vfs_setxattr_locked+0x88/0x1d0
[  163.201944][T11418]  vfs_setxattr+0x140/0x290
[  163.202022][T11418]  file_setxattr+0x139/0x1b0
[  163.202057][T11418]  path_setxattrat+0x2c2/0x310
[  163.202094][T11418]  __x64_sys_fsetxattr+0x6d/0x80
[  163.202225][T11418]  x64_sys_call+0x29d2/0x2dc0
[  163.202259][T11418]  do_syscall_64+0xc9/0x1c0
[  163.202306][T11418]  ? clear_bhb_loop+0x55/0xb0
[  163.202456][T11418]  ? clear_bhb_loop+0x55/0xb0
[  163.202549][T11418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.202583][T11418] RIP: 0033:0x7efd3c71d169
[  163.202601][T11418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.202651][T11418] RSP: 002b:00007efd3ad81038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[  163.202673][T11418] RAX: ffffffffffffffda RBX: 00007efd3c935fa0 RCX: 00007efd3c71d169
[  163.202688][T11418] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 0000000000000006
[  163.202701][T11418] RBP: 00007efd3ad81090 R08: 0000000000000000 R09: 0000000000000000
[  163.202789][T11418] R10: 000000000000ffdf R11: 0000000000000246 R12: 0000000000000001
[  163.202801][T11418] R13: 0000000000000000 R14: 00007efd3c935fa0 R15: 00007ffc3cc343f8
[  163.202897][T11418]  </TASK>
[  163.521935][T11434] netlink: 'syz.5.3041': attribute type 21 has an invalid length.
[  163.540739][T11434] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3041'.
[  163.563928][T10968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.619228][T11451] loop0: detected capacity change from 0 to 128
[  163.726765][T11451] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  163.740724][T11451] ext4 filesystem being mounted at /26/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  163.799227][T11468] netlink: 'syz.5.3054': attribute type 21 has an invalid length.
[  163.807557][T11468] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3054'.
[  163.819041][   T29] kauditd_printk_skb: 298 callbacks suppressed
[  163.819058][   T29] audit: type=1326 audit(1742798704.860:5230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11450 comm="syz.0.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  163.888109][   T29] audit: type=1326 audit(1742798704.890:5231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11450 comm="syz.0.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  163.911993][   T29] audit: type=1326 audit(1742798704.890:5232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11450 comm="syz.0.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  163.935653][   T29] audit: type=1400 audit(1742798704.890:5233): avc:  denied  { write } for  pid=11450 comm="syz.0.3049" path="/26/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  163.979897][   T29] audit: type=1326 audit(1742798704.890:5234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11450 comm="syz.0.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  164.003495][   T29] audit: type=1326 audit(1742798704.890:5235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11450 comm="syz.0.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  164.027136][   T29] audit: type=1400 audit(1742798704.890:5236): avc:  denied  { mounton } for  pid=11450 comm="syz.0.3049" path="/26/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  164.071632][   T29] audit: type=1326 audit(1742798704.890:5237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11450 comm="syz.0.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  164.095163][   T29] audit: type=1326 audit(1742798704.890:5238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11450 comm="syz.0.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  164.118516][   T29] audit: type=1326 audit(1742798704.890:5239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11450 comm="syz.0.3049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  164.272934][T11463] netlink: 'syz.1.3048': attribute type 29 has an invalid length.
[  164.285114][T11463] netlink: 'syz.1.3048': attribute type 29 has an invalid length.
[  164.301051][T10968] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  164.325291][T11477] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3057'.
[  164.384898][T11477] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  164.572299][T11495] netlink: 'syz.1.3065': attribute type 13 has an invalid length.
[  164.689890][T11501] FAULT_INJECTION: forcing a failure.
[  164.689890][T11501] name failslab, interval 1, probability 0, space 0, times 0
[  164.702738][T11501] CPU: 1 UID: 0 PID: 11501 Comm: +}[@ Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  164.702763][T11501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  164.702775][T11501] Call Trace:
[  164.702782][T11501]  <TASK>
[  164.702823][T11501]  dump_stack_lvl+0xf2/0x150
[  164.702858][T11501]  dump_stack+0x15/0x1a
[  164.702885][T11501]  should_fail_ex+0x24a/0x260
[  164.702930][T11501]  ? __se_sys_memfd_create+0x1ea/0x5a0
[  164.702970][T11501]  should_failslab+0x8f/0xb0
[  164.703041][T11501]  __kmalloc_cache_noprof+0x4e/0x320
[  164.703075][T11501]  __se_sys_memfd_create+0x1ea/0x5a0
[  164.703108][T11501]  __x64_sys_memfd_create+0x31/0x40
[  164.703192][T11501]  x64_sys_call+0x2d4c/0x2dc0
[  164.703226][T11501]  do_syscall_64+0xc9/0x1c0
[  164.703266][T11501]  ? clear_bhb_loop+0x55/0xb0
[  164.703294][T11501]  ? clear_bhb_loop+0x55/0xb0
[  164.703394][T11501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.703426][T11501] RIP: 0033:0x7f2379c2d169
[  164.703441][T11501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.703513][T11501] RSP: 002b:00007f2378254e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  164.703535][T11501] RAX: ffffffffffffffda RBX: 0000000000000526 RCX: 00007f2379c2d169
[  164.703549][T11501] RDX: 00007f2378254ef0 RSI: 0000000000000000 RDI: 00007f2379caec3c
[  164.703561][T11501] RBP: 0000200000001100 R08: 00007f2378254bb7 R09: 00007f2378254e40
[  164.703573][T11501] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000000
[  164.703585][T11501] R13: 00007f2378254ef0 R14: 00007f2378254eb0 R15: 00002000000007c0
[  164.703605][T11501]  </TASK>
[  166.014347][T11543] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3085'.
[  166.151282][T11554] netlink: 212 bytes leftover after parsing attributes in process `syz.4.3090'.
[  166.182195][T11554] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  166.330882][T11560] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3094'.
[  166.345257][T11558] netlink: 212 bytes leftover after parsing attributes in process `syz.2.3093'.
[  166.394217][T11558] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  166.409956][T11558] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.417622][T11558] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.467224][T11569] loop0: detected capacity change from 0 to 2048
[  166.474448][T11569] EXT4-fs: Ignoring removed bh option
[  166.478109][T11572] netlink: 'syz.1.3098': attribute type 21 has an invalid length.
[  166.487922][T11572] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3098'.
[  166.526982][T11569] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.671093][T11577] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  166.851229][T11595] FAULT_INJECTION: forcing a failure.
[  166.851229][T11595] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  166.864555][T11595] CPU: 1 UID: 0 PID: 11595 Comm: syz.2.3106 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  166.864605][T11595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  166.864617][T11595] Call Trace:
[  166.864695][T11595]  <TASK>
[  166.864704][T11595]  dump_stack_lvl+0xf2/0x150
[  166.864729][T11595]  dump_stack+0x15/0x1a
[  166.864797][T11595]  should_fail_ex+0x24a/0x260
[  166.864824][T11595]  should_fail+0xb/0x10
[  166.864847][T11595]  should_fail_usercopy+0x1a/0x20
[  166.864952][T11595]  _copy_to_user+0x20/0xa0
[  166.864969][T11595]  rng_dev_read+0x3e8/0x700
[  166.865020][T11595]  vfs_readv+0x3e2/0x660
[  166.865038][T11595]  ? __pfx_rng_dev_read+0x10/0x10
[  166.865072][T11595]  __x64_sys_preadv+0xf4/0x1c0
[  166.865159][T11595]  x64_sys_call+0x2680/0x2dc0
[  166.865182][T11595]  do_syscall_64+0xc9/0x1c0
[  166.865237][T11595]  ? clear_bhb_loop+0x55/0xb0
[  166.865261][T11595]  ? clear_bhb_loop+0x55/0xb0
[  166.865284][T11595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.865308][T11595] RIP: 0033:0x7efd3c71d169
[  166.865322][T11595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.865409][T11595] RSP: 002b:00007efd3ad81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  166.865424][T11595] RAX: ffffffffffffffda RBX: 00007efd3c935fa0 RCX: 00007efd3c71d169
[  166.865437][T11595] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  166.865453][T11595] RBP: 00007efd3ad81090 R08: 0000000000000000 R09: 0000000000000000
[  166.865479][T11595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.865496][T11595] R13: 0000000000000000 R14: 00007efd3c935fa0 R15: 00007ffc3cc343f8
[  166.865514][T11595]  </TASK>
[  167.212908][T11597] netlink: 'syz.4.3104': attribute type 29 has an invalid length.
[  167.222622][T11597] netlink: 'syz.4.3104': attribute type 29 has an invalid length.
[  167.520854][T10968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.614928][T11603] netlink: 212 bytes leftover after parsing attributes in process `syz.5.3110'.
[  167.633474][T11603] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  167.647959][T11605] netlink: 'syz.1.3111': attribute type 13 has an invalid length.
[  167.773895][T11620] netlink: 'syz.0.3116': attribute type 21 has an invalid length.
[  167.781968][T11620] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3116'.
[  167.866428][T11629] netlink: 'syz.4.3123': attribute type 13 has an invalid length.
[  167.977830][T11648] netlink: 'syz.0.3129': attribute type 21 has an invalid length.
[  167.987098][T11648] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3129'.
[  168.002129][T11651] random: crng reseeded on system resumption
[  168.103045][T11659] netlink: 'syz.0.3143': attribute type 21 has an invalid length.
[  168.112820][T11659] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3143'.
[  168.189974][T11664] netlink: 212 bytes leftover after parsing attributes in process `syz.4.3135'.
[  168.199822][T11664] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  168.402713][T11687] IPv6: NLM_F_CREATE should be specified when creating new route
[  168.430914][T11689] netlink: 'syz.2.3147': attribute type 21 has an invalid length.
[  168.553266][T11707] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  168.711857][T11727] netlink: 'syz.2.3165': attribute type 21 has an invalid length.
[  168.825740][   T29] kauditd_printk_skb: 172 callbacks suppressed
[  168.825761][   T29] audit: type=1400 audit(1742798709.870:5412): avc:  denied  { unmount } for  pid=11147 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  168.992447][T11746] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  169.003476][T11746] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  169.042988][T11746] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  169.052465][T11746] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  169.061417][T11746] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  169.070425][T11746] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  169.487929][   T29] audit: type=1400 audit(1742798710.530:5413): avc:  denied  { ioctl } for  pid=11764 comm="syz.2.3182" path="socket:[33405]" dev="sockfs" ino=33405 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  169.642091][T11782] loop0: detected capacity change from 0 to 1024
[  169.673045][T11782] EXT4-fs: Ignoring removed nobh option
[  169.678887][T11782] EXT4-fs: Ignoring removed bh option
[  169.730304][T11782] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.774003][T10968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.843566][T11804] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  169.981258][T11827] loop0: detected capacity change from 0 to 1024
[  169.988190][T11827] EXT4-fs: Ignoring removed nobh option
[  169.993890][T11827] EXT4-fs: Ignoring removed bh option
[  170.022146][T11827] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.062360][T10968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.087503][T11839] loop0: detected capacity change from 0 to 2048
[  170.094527][T11839] EXT4-fs: Ignoring removed bh option
[  170.112908][T11839] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.867432][T11891] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  171.004995][T10968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.013187][T11887] chnl_net:caif_netlink_parms(): no params data found
[  171.096272][   T29] audit: type=1326 audit(1742798712.140:5414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  171.120587][   T29] audit: type=1326 audit(1742798712.170:5415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  171.144299][   T29] audit: type=1326 audit(1742798712.170:5416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  171.168079][   T29] audit: type=1326 audit(1742798712.170:5417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  171.195073][   T29] audit: type=1326 audit(1742798712.170:5418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  171.219176][   T29] audit: type=1326 audit(1742798712.170:5419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  171.243257][   T29] audit: type=1326 audit(1742798712.170:5420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  171.267253][   T29] audit: type=1326 audit(1742798712.170:5421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11907 comm="syz.2.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  171.303224][T11921] FAULT_INJECTION: forcing a failure.
[  171.303224][T11921] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  171.316498][T11921] CPU: 0 UID: 0 PID: 11921 Comm: syz.2.3238 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  171.316541][T11921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  171.316554][T11921] Call Trace:
[  171.316559][T11921]  <TASK>
[  171.316566][T11921]  dump_stack_lvl+0xf2/0x150
[  171.316597][T11921]  dump_stack+0x15/0x1a
[  171.316670][T11921]  should_fail_ex+0x24a/0x260
[  171.316703][T11921]  should_fail+0xb/0x10
[  171.316730][T11921]  should_fail_usercopy+0x1a/0x20
[  171.316829][T11921]  _copy_from_user+0x1c/0xa0
[  171.316854][T11921]  copy_msghdr_from_user+0x54/0x2a0
[  171.316897][T11921]  ? __fget_files+0x17c/0x1c0
[  171.316942][T11921]  __sys_sendmsg+0x13e/0x230
[  171.317035][T11921]  __x64_sys_sendmsg+0x46/0x50
[  171.317067][T11921]  x64_sys_call+0x2734/0x2dc0
[  171.317173][T11921]  do_syscall_64+0xc9/0x1c0
[  171.317213][T11921]  ? clear_bhb_loop+0x55/0xb0
[  171.317245][T11921]  ? clear_bhb_loop+0x55/0xb0
[  171.317277][T11921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.317382][T11921] RIP: 0033:0x7efd3c71d169
[  171.317397][T11921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.317416][T11921] RSP: 002b:00007efd3ad60038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  171.317434][T11921] RAX: ffffffffffffffda RBX: 00007efd3c936080 RCX: 00007efd3c71d169
[  171.317449][T11921] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a
[  171.317463][T11921] RBP: 00007efd3ad60090 R08: 0000000000000000 R09: 0000000000000000
[  171.317481][T11921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.317495][T11921] R13: 0000000000000000 R14: 00007efd3c936080 R15: 00007ffc3cc343f8
[  171.317518][T11921]  </TASK>
[  171.319393][T11924] __nla_validate_parse: 12 callbacks suppressed
[  171.319411][T11924] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3241'.
[  171.319581][T11921] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3238'.
[  171.355278][T11926] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3239'.
[  171.528271][T11920] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3239'.
[  171.537318][T11920] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3239'.
[  171.550826][T11925] bridge0: port 3(vlan2) entered blocking state
[  171.557177][T11925] bridge0: port 3(vlan2) entered disabled state
[  171.563920][T11925] vlan2: entered allmulticast mode
[  171.569270][T11925] bridge0: entered allmulticast mode
[  171.575162][T11925] vlan2: left allmulticast mode
[  171.580079][T11925] bridge0: left allmulticast mode
[  171.590992][T11921] bridge_slave_1 (unregistering): left allmulticast mode
[  171.598154][T11921] bridge_slave_1 (unregistering): left promiscuous mode
[  171.605223][T11921] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.613747][T11887] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.620945][T11887] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.628454][T11887] bridge_slave_0: entered allmulticast mode
[  171.635152][T11887] bridge_slave_0: entered promiscuous mode
[  171.643832][T11926] bridge_slave_1 (unregistering): left allmulticast mode
[  171.650994][T11926] bridge_slave_1 (unregistering): left promiscuous mode
[  171.658035][T11926] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.668048][T11887] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.675176][T11887] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.684679][T11887] bridge_slave_1: entered allmulticast mode
[  171.691612][T11887] bridge_slave_1: entered promiscuous mode
[  171.714138][T11887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.742345][T11887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.757858][T11932] netlink: 212 bytes leftover after parsing attributes in process `syz.2.3244'.
[  171.781469][T11939] loop0: detected capacity change from 0 to 1024
[  171.788291][T11939] EXT4-fs: Ignoring removed nobh option
[  171.794007][T11939] EXT4-fs: Ignoring removed bh option
[  171.801220][T11932] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  171.812780][T11887] team0: Port device team_slave_0 added
[  171.813426][T11939] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.819870][T11887] team0: Port device team_slave_1 added
[  171.880571][T11887] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.887642][T11887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.913738][T11887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  171.951099][T10968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.976021][T11887] batman_adv: batadv0: Adding interface: batadv_slave_1
[  171.983174][T11887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.010334][T11887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  172.026257][T11945] validate_nla: 3 callbacks suppressed
[  172.026273][T11945] netlink: 'syz.0.3248': attribute type 13 has an invalid length.
[  172.085863][T11945] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.093198][T11945] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.138030][T11949] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3251'.
[  172.233938][T11945] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  172.244732][T11945] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  172.281276][T11945] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.290537][T11945] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.299450][T11945] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.308608][T11945] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  172.391248][T11887] hsr_slave_0: entered promiscuous mode
[  172.397334][T11887] hsr_slave_1: entered promiscuous mode
[  172.404091][T11887] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  172.412718][T11887] Cannot create hsr debugfs directory
[  172.477191][T11965] ALSA: seq fatal error: cannot create timer (-22)
[  172.601392][ T3700] bond0 (unregistering): Released all slaves
[  172.672545][ T3700] hsr_slave_0: left promiscuous mode
[  172.678631][ T3700] hsr_slave_1: left promiscuous mode
[  172.717949][T11985] netlink: 'syz.0.3264': attribute type 13 has an invalid length.
[  172.775301][T11987] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3265'.
[  173.045866][T11887] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  173.054784][T11887] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  173.063613][T11887] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  173.072370][T11887] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  173.114467][T11887] 8021q: adding VLAN 0 to HW filter on device bond0
[  173.128388][T11887] 8021q: adding VLAN 0 to HW filter on device team0
[  173.138462][   T54] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.145636][   T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[  173.158212][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.165374][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.227006][T11887] 8021q: adding VLAN 0 to HW filter on device batadv0
[  173.288824][T11887] veth0_vlan: entered promiscuous mode
[  173.297151][T11887] veth1_vlan: entered promiscuous mode
[  173.312792][T11887] veth0_macvtap: entered promiscuous mode
[  173.320035][T11887] veth1_macvtap: entered promiscuous mode
[  173.332748][T11887] batman_adv: batadv0: Interface activated: batadv_slave_0
[  173.344339][T11887] batman_adv: batadv0: Interface activated: batadv_slave_1
[  173.354178][T11887] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  173.363082][T11887] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  173.372173][T11887] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  173.380923][T11887] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  173.453168][T12014] SELinux: ebitmap: truncated map
[  173.461545][T12014] SELinux: failed to load policy
[  173.718754][T12025] netlink: 'syz.5.3274': attribute type 13 has an invalid length.
[  173.729495][T12028] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3276'.
[  173.876536][T12041] loop0: detected capacity change from 0 to 8192
[  174.170652][T12056] netlink: 'syz.0.3288': attribute type 13 has an invalid length.
[  174.197221][T12059] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3289'.
[  174.241354][   T29] kauditd_printk_skb: 112 callbacks suppressed
[  174.241371][   T29] audit: type=1326 audit(1742798715.290:5534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12062 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  174.272799][   T29] audit: type=1326 audit(1742798715.290:5535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12062 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  174.296459][   T29] audit: type=1326 audit(1742798715.290:5536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12062 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  174.320285][   T29] audit: type=1326 audit(1742798715.290:5537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12062 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  174.344422][   T29] audit: type=1326 audit(1742798715.290:5538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12062 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  174.367931][   T29] audit: type=1326 audit(1742798715.290:5539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12062 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  174.391606][   T29] audit: type=1326 audit(1742798715.290:5540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12062 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  174.415309][   T29] audit: type=1326 audit(1742798715.290:5541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12062 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  174.438892][   T29] audit: type=1326 audit(1742798715.290:5542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12062 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  174.462473][   T29] audit: type=1326 audit(1742798715.290:5543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12062 comm="syz.0.3291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2379c2d169 code=0x7ffc0000
[  174.570909][T12082] netlink: 'syz.4.3299': attribute type 13 has an invalid length.
[  174.674017][T12093] random: crng reseeded on system resumption
[  174.852399][T12105] FAULT_INJECTION: forcing a failure.
[  174.852399][T12105] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  174.865655][T12105] CPU: 0 UID: 0 PID: 12105 Comm: syz.1.3309 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  174.865731][T12105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  174.865781][T12105] Call Trace:
[  174.865787][T12105]  <TASK>
[  174.865794][T12105]  dump_stack_lvl+0xf2/0x150
[  174.865819][T12105]  dump_stack+0x15/0x1a
[  174.865837][T12105]  should_fail_ex+0x24a/0x260
[  174.865879][T12105]  should_fail+0xb/0x10
[  174.865991][T12105]  should_fail_usercopy+0x1a/0x20
[  174.866027][T12105]  _copy_to_user+0x20/0xa0
[  174.866051][T12105]  simple_read_from_buffer+0xa0/0x110
[  174.866087][T12105]  proc_fail_nth_read+0xf9/0x140
[  174.866150][T12105]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  174.866175][T12105]  vfs_read+0x19b/0x6f0
[  174.866196][T12105]  ? __rcu_read_unlock+0x4e/0x70
[  174.866248][T12105]  ? __fget_files+0x17c/0x1c0
[  174.866278][T12105]  ksys_read+0xe8/0x1b0
[  174.866301][T12105]  __x64_sys_read+0x42/0x50
[  174.866334][T12105]  x64_sys_call+0x2874/0x2dc0
[  174.866363][T12105]  do_syscall_64+0xc9/0x1c0
[  174.866391][T12105]  ? clear_bhb_loop+0x55/0xb0
[  174.866457][T12105]  ? clear_bhb_loop+0x55/0xb0
[  174.866481][T12105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.866553][T12105] RIP: 0033:0x7f1adec0bb7c
[  174.866567][T12105] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  174.866582][T12105] RSP: 002b:00007f1add277030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  174.866597][T12105] RAX: ffffffffffffffda RBX: 00007f1adee25fa0 RCX: 00007f1adec0bb7c
[  174.866608][T12105] RDX: 000000000000000f RSI: 00007f1add2770a0 RDI: 0000000000000005
[  174.866618][T12105] RBP: 00007f1add277090 R08: 0000000000000000 R09: 0000000000000000
[  174.866628][T12105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  174.866639][T12105] R13: 0000000000000000 R14: 00007f1adee25fa0 R15: 00007ffe3f1e67d8
[  174.866702][T12105]  </TASK>
[  175.398589][T12148] loop0: detected capacity change from 0 to 164
[  175.408559][T12148] syz.0.3327: attempt to access beyond end of device
[  175.408559][T12148] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  175.422566][T12148] syz.0.3327: attempt to access beyond end of device
[  175.422566][T12148] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164
[  175.508435][T12152] loop0: detected capacity change from 0 to 512
[  175.531474][T12152] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[  175.539702][T12152] System zones: 0-2, 18-18, 34-35
[  175.546356][T12152] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.559021][T12152] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  175.603885][T12157] xt_connbytes: Forcing CT accounting to be enabled
[  175.610618][T12157] Cannot find set identified by id 0 to match
[  175.702536][T12156] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.884691][T12159] chnl_net:caif_netlink_parms(): no params data found
[  175.923879][T12159] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.931090][T12159] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.938257][T12159] bridge_slave_0: entered allmulticast mode
[  175.944940][T12159] bridge_slave_0: entered promiscuous mode
[  175.953732][T12159] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.960920][T12159] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.968445][T12159] bridge_slave_1: entered allmulticast mode
[  175.976800][T12159] bridge_slave_1: entered promiscuous mode
[  176.005603][T12159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  176.018275][T12159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  176.048330][ T1782] bridge_slave_1: left allmulticast mode
[  176.054274][ T1782] bridge_slave_1: left promiscuous mode
[  176.060011][ T1782] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.079656][ T1782] bridge_slave_0: left allmulticast mode
[  176.085427][ T1782] bridge_slave_0: left promiscuous mode
[  176.091492][ T1782] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.177948][T12179] FAULT_INJECTION: forcing a failure.
[  176.177948][T12179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.187148][T12183] FAULT_INJECTION: forcing a failure.
[  176.187148][T12183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.191078][T12179] CPU: 1 UID: 0 PID: 12179 Comm: syz.1.3334 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  176.191104][T12179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  176.191117][T12179] Call Trace:
[  176.191127][T12179]  <TASK>
[  176.191189][T12179]  dump_stack_lvl+0xf2/0x150
[  176.191234][T12179]  dump_stack+0x15/0x1a
[  176.191263][T12179]  should_fail_ex+0x24a/0x260
[  176.191304][T12179]  should_fail+0xb/0x10
[  176.191339][T12179]  should_fail_usercopy+0x1a/0x20
[  176.191380][T12179]  _copy_to_user+0x20/0xa0
[  176.191405][T12179]  simple_read_from_buffer+0xa0/0x110
[  176.191444][T12179]  proc_fail_nth_read+0xf9/0x140
[  176.191547][T12179]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  176.191584][T12179]  vfs_read+0x19b/0x6f0
[  176.191661][T12179]  ? __rcu_read_unlock+0x4e/0x70
[  176.191691][T12179]  ? __fget_files+0x17c/0x1c0
[  176.191735][T12179]  ksys_read+0xe8/0x1b0
[  176.191831][T12179]  __x64_sys_read+0x42/0x50
[  176.191863][T12179]  x64_sys_call+0x2874/0x2dc0
[  176.191898][T12179]  do_syscall_64+0xc9/0x1c0
[  176.191940][T12179]  ? clear_bhb_loop+0x55/0xb0
[  176.191974][T12179]  ? clear_bhb_loop+0x55/0xb0
[  176.192067][T12179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.192102][T12179] RIP: 0033:0x7f1adec0bb7c
[  176.192123][T12179] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  176.192209][T12179] RSP: 002b:00007f1add277030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  176.192233][T12179] RAX: ffffffffffffffda RBX: 00007f1adee25fa0 RCX: 00007f1adec0bb7c
[  176.192250][T12179] RDX: 000000000000000f RSI: 00007f1add2770a0 RDI: 0000000000000006
[  176.192265][T12179] RBP: 00007f1add277090 R08: 0000000000000000 R09: 0000000000000000
[  176.192280][T12179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.192295][T12179] R13: 0000000000000000 R14: 00007f1adee25fa0 R15: 00007ffe3f1e67d8
[  176.192318][T12179]  </TASK>
[  176.400042][T12183] CPU: 0 UID: 0 PID: 12183 Comm: syz.2.3337 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  176.400066][T12183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  176.400077][T12183] Call Trace:
[  176.400106][T12183]  <TASK>
[  176.400113][T12183]  dump_stack_lvl+0xf2/0x150
[  176.400189][T12183]  dump_stack+0x15/0x1a
[  176.400215][T12183]  should_fail_ex+0x24a/0x260
[  176.400253][T12183]  should_fail+0xb/0x10
[  176.400284][T12183]  should_fail_usercopy+0x1a/0x20
[  176.400340][T12183]  _copy_from_user+0x1c/0xa0
[  176.400363][T12183]  kstrtouint_from_user+0x76/0xe0
[  176.400394][T12183]  ? 0xffffffff81000000
[  176.400409][T12183]  ? selinux_file_permission+0x22a/0x360
[  176.400517][T12183]  proc_fail_nth_write+0x4f/0x150
[  176.400554][T12183]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  176.400659][T12183]  vfs_write+0x27d/0x920
[  176.400692][T12183]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  176.400726][T12183]  ? __fget_files+0x17c/0x1c0
[  176.400784][T12183]  ksys_write+0xe8/0x1b0
[  176.400809][T12183]  __x64_sys_write+0x42/0x50
[  176.400832][T12183]  x64_sys_call+0x287e/0x2dc0
[  176.400856][T12183]  do_syscall_64+0xc9/0x1c0
[  176.400925][T12183]  ? clear_bhb_loop+0x55/0xb0
[  176.401031][T12183]  ? clear_bhb_loop+0x55/0xb0
[  176.401054][T12183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.401079][T12183] RIP: 0033:0x7efd3c71bc1f
[  176.401092][T12183] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  176.401125][T12183] RSP: 002b:00007efd3ad81030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  176.401222][T12183] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efd3c71bc1f
[  176.401233][T12183] RDX: 0000000000000001 RSI: 00007efd3ad810a0 RDI: 0000000000000009
[  176.401244][T12183] RBP: 00007efd3ad81090 R08: 0000000000000000 R09: 0000000000000000
[  176.401254][T12183] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  176.401265][T12183] R13: 0000000000000000 R14: 00007efd3c935fa0 R15: 00007ffc3cc343f8
[  176.401281][T12183]  </TASK>
[  176.606497][ T1782] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  176.618677][ T1782] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  176.628154][ T1782] bond0 (unregistering): Released all slaves
[  176.640233][T12159] team0: Port device team_slave_0 added
[  176.647089][T12159] team0: Port device team_slave_1 added
[  176.666423][T12159] batman_adv: batadv0: Adding interface: batadv_slave_0
[  176.673572][T12159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.700010][T12159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  176.711788][T12159] batman_adv: batadv0: Adding interface: batadv_slave_1
[  176.718852][T12159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  176.744892][T12159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  176.775704][ T1782] hsr_slave_0: left promiscuous mode
[  176.781770][ T1782] hsr_slave_1: left promiscuous mode
[  176.787439][ T1782] batman_adv: batadv0: Removing interface: batadv_slave_0
[  176.795288][ T1782] batman_adv: batadv0: Removing interface: batadv_slave_1
[  176.832594][ T1782] team0 (unregistering): Port device team_slave_1 removed
[  176.843156][ T1782] team0 (unregistering): Port device team_slave_0 removed
[  176.884132][T12159] hsr_slave_0: entered promiscuous mode
[  176.890357][T12159] hsr_slave_1: entered promiscuous mode
[  176.896312][T12159] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  176.904178][T12159] Cannot create hsr debugfs directory
[  176.978929][T12159] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  176.987908][T12159] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  176.997395][T12159] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  177.006971][T12159] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  177.050494][T12159] 8021q: adding VLAN 0 to HW filter on device bond0
[  177.062483][T12159] 8021q: adding VLAN 0 to HW filter on device team0
[  177.074956][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.082139][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.093334][ T3700] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.100461][ T3700] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.178706][T12159] 8021q: adding VLAN 0 to HW filter on device batadv0
[  177.234159][T12229] bridge0: port 3(vlan2) entered blocking state
[  177.240685][T12229] bridge0: port 3(vlan2) entered disabled state
[  177.247404][T12229] vlan2: entered allmulticast mode
[  177.252659][T12229] bridge0: entered allmulticast mode
[  177.258674][T12229] vlan2: left allmulticast mode
[  177.263639][T12229] bridge0: left allmulticast mode
[  177.329278][T12159] veth0_vlan: entered promiscuous mode
[  177.333229][T12237] __nla_validate_parse: 6 callbacks suppressed
[  177.333253][T12237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3353'.
[  177.338119][T12159] veth1_vlan: entered promiscuous mode
[  177.367959][T12159] veth0_macvtap: entered promiscuous mode
[  177.377226][T12159] veth1_macvtap: entered promiscuous mode
[  177.388145][T12159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  177.398656][T12159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  177.412224][T12159] batman_adv: batadv0: Interface activated: batadv_slave_0
[  177.421174][T12159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  177.431977][T12159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  177.442611][T12159] batman_adv: batadv0: Interface activated: batadv_slave_1
[  177.455272][T12159] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  177.464157][T12159] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  177.472947][T12159] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  177.481708][T12159] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  177.529270][T12247] FAULT_INJECTION: forcing a failure.
[  177.529270][T12247] name failslab, interval 1, probability 0, space 0, times 0
[  177.534455][T12248] netlink: 212 bytes leftover after parsing attributes in process `syz.6.3332'.
[  177.542148][T12247] CPU: 0 UID: 0 PID: 12247 Comm: syz.2.3357 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  177.542188][T12247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  177.542205][T12247] Call Trace:
[  177.542214][T12247]  <TASK>
[  177.542278][T12247]  dump_stack_lvl+0xf2/0x150
[  177.542376][T12247]  dump_stack+0x15/0x1a
[  177.542405][T12247]  should_fail_ex+0x24a/0x260
[  177.542510][T12247]  ? __se_sys_mount+0xf2/0x2d0
[  177.542636][T12247]  should_failslab+0x8f/0xb0
[  177.542677][T12247]  __kmalloc_cache_noprof+0x4e/0x320
[  177.542709][T12247]  ? memdup_user+0x9f/0xc0
[  177.542806][T12247]  __se_sys_mount+0xf2/0x2d0
[  177.542851][T12247]  ? fput+0x1c4/0x200
[  177.542876][T12247]  ? ksys_write+0x176/0x1b0
[  177.542910][T12247]  __x64_sys_mount+0x67/0x80
[  177.543013][T12247]  x64_sys_call+0x2c84/0x2dc0
[  177.543101][T12247]  do_syscall_64+0xc9/0x1c0
[  177.543201][T12247]  ? clear_bhb_loop+0x55/0xb0
[  177.543236][T12247]  ? clear_bhb_loop+0x55/0xb0
[  177.543335][T12247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.543370][T12247] RIP: 0033:0x7efd3c71d169
[  177.543389][T12247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  177.543411][T12247] RSP: 002b:00007efd3ad81038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  177.543435][T12247] RAX: ffffffffffffffda RBX: 00007efd3c935fa0 RCX: 00007efd3c71d169
[  177.543451][T12247] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 0000000000000000
[  177.543466][T12247] RBP: 00007efd3ad81090 R08: 00002000000002c0 R09: 0000000000000000
[  177.543482][T12247] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  177.543504][T12247] R13: 0000000000000000 R14: 00007efd3c935fa0 R15: 00007ffc3cc343f8
[  177.543527][T12247]  </TASK>
[  177.640742][T12254] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  177.743577][T12254] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.750931][T12254] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.765497][T12256] 9pnet_fd: Insufficient options for proto=fd
[  177.791870][T12262] 9pnet_fd: Insufficient options for proto=fd
[  177.819924][T12264] 9pnet_fd: Insufficient options for proto=fd
[  177.973194][T12279] vlan2: entered allmulticast mode
[  178.001792][T12283] SELinux:  policydb magic number 0x6d656d6b does not match expected magic number 0xf97cff8c
[  178.013001][T12283] SELinux: failed to load policy
[  178.289478][T12346] FAULT_INJECTION: forcing a failure.
[  178.289478][T12346] name failslab, interval 1, probability 0, space 0, times 0
[  178.302423][T12346] CPU: 0 UID: 0 PID: 12346 Comm: syz.1.3376 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  178.302452][T12346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  178.302466][T12346] Call Trace:
[  178.302473][T12346]  <TASK>
[  178.302482][T12346]  dump_stack_lvl+0xf2/0x150
[  178.302549][T12346]  dump_stack+0x15/0x1a
[  178.302579][T12346]  should_fail_ex+0x24a/0x260
[  178.302617][T12346]  should_failslab+0x8f/0xb0
[  178.302656][T12346]  kmem_cache_alloc_lru_noprof+0x57/0x320
[  178.302684][T12346]  ? __d_alloc+0x3d/0x350
[  178.302735][T12346]  __d_alloc+0x3d/0x350
[  178.302769][T12346]  d_alloc_pseudo+0x1e/0x80
[  178.302799][T12346]  alloc_file_pseudo+0x73/0x160
[  178.302854][T12346]  __shmem_file_setup+0x1bb/0x1f0
[  178.302904][T12346]  shmem_file_setup+0x3b/0x50
[  178.302951][T12346]  __se_sys_memfd_create+0x2e1/0x5a0
[  178.302999][T12346]  __x64_sys_memfd_create+0x31/0x40
[  178.303032][T12346]  x64_sys_call+0x2d4c/0x2dc0
[  178.303074][T12346]  do_syscall_64+0xc9/0x1c0
[  178.303178][T12346]  ? clear_bhb_loop+0x55/0xb0
[  178.303215][T12346]  ? clear_bhb_loop+0x55/0xb0
[  178.303252][T12346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.303287][T12346] RIP: 0033:0x7f1adec0d169
[  178.303308][T12346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.303378][T12346] RSP: 002b:00007f1add276e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  178.303399][T12346] RAX: ffffffffffffffda RBX: 000000000000050d RCX: 00007f1adec0d169
[  178.303414][T12346] RDX: 00007f1add276ef0 RSI: 0000000000000000 RDI: 00007f1adec8ec3c
[  178.303500][T12346] RBP: 0000200000000200 R08: 00007f1add276bb7 R09: 00007f1add276e40
[  178.303517][T12346] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0
[  178.303533][T12346] R13: 00007f1add276ef0 R14: 00007f1add276eb0 R15: 0000200000000940
[  178.303557][T12346]  </TASK>
[  178.541718][T12351] 9pnet_fd: Insufficient options for proto=fd
[  178.821155][T12357] netlink: 212 bytes leftover after parsing attributes in process `syz.5.3379'.
[  178.840418][T12357] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  179.381678][T12392] netlink: 212 bytes leftover after parsing attributes in process `syz.6.3392'.
[  179.391477][T12392] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  179.513057][   T29] kauditd_printk_skb: 232 callbacks suppressed
[  179.513078][   T29] audit: type=1400 audit(1742798720.560:5776): avc:  denied  { map } for  pid=12408 comm="syz.1.3398" path="socket:[35836]" dev="sockfs" ino=35836 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  179.542857][   T29] audit: type=1400 audit(1742798720.560:5777): avc:  denied  { accept } for  pid=12408 comm="syz.1.3398" path="socket:[35836]" dev="sockfs" ino=35836 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  179.566530][   T29] audit: type=1326 audit(1742798720.560:5778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12414 comm="syz.6.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c12c0d169 code=0x7ffc0000
[  179.590093][   T29] audit: type=1326 audit(1742798720.560:5779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12414 comm="syz.6.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0c12c0d169 code=0x7ffc0000
[  179.614113][   T29] audit: type=1326 audit(1742798720.560:5780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12414 comm="syz.6.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c12c0d169 code=0x7ffc0000
[  179.615356][T12418] FAULT_INJECTION: forcing a failure.
[  179.615356][T12418] name failslab, interval 1, probability 0, space 0, times 0
[  179.637822][   T29] audit: type=1326 audit(1742798720.560:5781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12414 comm="syz.6.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0c12c0d169 code=0x7ffc0000
[  179.650555][T12418] CPU: 1 UID: 0 PID: 12418 Comm: syz.1.3402 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  179.650591][T12418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  179.650608][T12418] Call Trace:
[  179.650617][T12418]  <TASK>
[  179.650631][T12418]  dump_stack_lvl+0xf2/0x150
[  179.650669][T12418]  dump_stack+0x15/0x1a
[  179.650699][T12418]  should_fail_ex+0x24a/0x260
[  179.650782][T12418]  should_failslab+0x8f/0xb0
[  179.650822][T12418]  kmem_cache_alloc_noprof+0x52/0x320
[  179.650851][T12418]  ? security_inode_alloc+0x37/0x100
[  179.650918][T12418]  security_inode_alloc+0x37/0x100
[  179.651017][T12418]  inode_init_always_gfp+0x4a2/0x4f0
[  179.651057][T12418]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  179.651090][T12418]  alloc_inode+0x82/0x160
[  179.651172][T12418]  new_inode+0x1e/0x100
[  179.651213][T12418]  shmem_get_inode+0x24e/0x730
[  179.651309][T12418]  __shmem_file_setup+0x127/0x1f0
[  179.651354][T12418]  shmem_file_setup+0x3b/0x50
[  179.651404][T12418]  __se_sys_memfd_create+0x2e1/0x5a0
[  179.651439][T12418]  __x64_sys_memfd_create+0x31/0x40
[  179.651500][T12418]  x64_sys_call+0x2d4c/0x2dc0
[  179.651535][T12418]  do_syscall_64+0xc9/0x1c0
[  179.651575][T12418]  ? clear_bhb_loop+0x55/0xb0
[  179.651678][T12418]  ? clear_bhb_loop+0x55/0xb0
[  179.651712][T12418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.651762][T12418] RIP: 0033:0x7f1adec0d169
[  179.651781][T12418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.651846][T12418] RSP: 002b:00007f1add276e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  179.651917][T12418] RAX: ffffffffffffffda RBX: 0000000000000618 RCX: 00007f1adec0d169
[  179.651954][T12418] RDX: 00007f1add276ef0 RSI: 0000000000000000 RDI: 00007f1adec8ec3c
[  179.651970][T12418] RBP: 0000200000000640 R08: 00007f1add276bb7 R09: 00007f1add276e40
[  179.651985][T12418] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000580
[  179.652001][T12418] R13: 00007f1add276ef0 R14: 00007f1add276eb0 R15: 0000200000000cc0
[  179.652053][T12418]  </TASK>
[  179.881541][   T29] audit: type=1326 audit(1742798720.560:5782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12414 comm="syz.6.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c12c0d169 code=0x7ffc0000
[  179.905413][   T29] audit: type=1326 audit(1742798720.560:5783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12414 comm="syz.6.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f0c12c0d169 code=0x7ffc0000
[  179.929106][   T29] audit: type=1326 audit(1742798720.560:5784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12414 comm="syz.6.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c12c0d169 code=0x7ffc0000
[  179.952699][   T29] audit: type=1326 audit(1742798720.560:5785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12414 comm="syz.6.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f0c12c0d169 code=0x7ffc0000
[  180.132439][T12434] netlink: 212 bytes leftover after parsing attributes in process `syz.5.3409'.
[  180.144354][T12434] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  181.162455][T12490] netlink: 'syz.6.3435': attribute type 1 has an invalid length.
[  181.451783][T12497] 9pnet_fd: Insufficient options for proto=fd
[  181.494735][T12500] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3439'.
[  181.495829][T12501] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  181.526390][T12506] FAULT_INJECTION: forcing a failure.
[  181.526390][T12506] name failslab, interval 1, probability 0, space 0, times 0
[  181.539147][T12506] CPU: 0 UID: 0 PID: 12506 Comm: syz.5.3441 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  181.539225][T12506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  181.539241][T12506] Call Trace:
[  181.539248][T12506]  <TASK>
[  181.539258][T12506]  dump_stack_lvl+0xf2/0x150
[  181.539329][T12506]  dump_stack+0x15/0x1a
[  181.539356][T12506]  should_fail_ex+0x24a/0x260
[  181.539395][T12506]  ? audit_log_d_path+0x8e/0x150
[  181.539433][T12506]  should_failslab+0x8f/0xb0
[  181.539500][T12506]  __kmalloc_cache_noprof+0x4e/0x320
[  181.539532][T12506]  audit_log_d_path+0x8e/0x150
[  181.539660][T12506]  audit_log_d_path_exe+0x42/0x70
[  181.539711][T12506]  audit_log_task+0x1ec/0x250
[  181.539752][T12506]  audit_seccomp+0x68/0x130
[  181.539787][T12506]  __seccomp_filter+0x6fa/0x1180
[  181.539892][T12506]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  181.539929][T12506]  ? vfs_write+0x644/0x920
[  181.539972][T12506]  __secure_computing+0x9f/0x1c0
[  181.540019][T12506]  syscall_trace_enter+0xd1/0x1f0
[  181.540051][T12506]  do_syscall_64+0xaa/0x1c0
[  181.540089][T12506]  ? clear_bhb_loop+0x55/0xb0
[  181.540127][T12506]  ? clear_bhb_loop+0x55/0xb0
[  181.540169][T12506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.540203][T12506] RIP: 0033:0x7f96bdbbd169
[  181.540222][T12506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.540244][T12506] RSP: 002b:00007f96bc221038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c2
[  181.540264][T12506] RAX: ffffffffffffffda RBX: 00007f96bddd5fa0 RCX: 00007f96bdbbd169
[  181.540279][T12506] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000fff000
[  181.540293][T12506] RBP: 00007f96bc221090 R08: 0000000000000000 R09: 0000000000000000
[  181.540308][T12506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  181.540335][T12506] R13: 0000000000000000 R14: 00007f96bddd5fa0 R15: 00007fffca81bdb8
[  181.540359][T12506]  </TASK>
[  181.844957][T12524] binfmt_misc: register: failed to install interpreter file ./file2
[  181.888388][T12529] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3454'.
[  181.901703][T12531] 9pnet_fd: Insufficient options for proto=fd
[  182.029622][ T6825] kernel write not supported for file bpf-prog (pid: 6825 comm: kworker/1:10)
[  182.052494][T12551] batadv0: entered promiscuous mode
[  182.058469][T12551] vlan2: entered promiscuous mode
[  182.067764][T12551] batadv0: left promiscuous mode
[  182.135947][T12545] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3459'.
[  182.149105][T12559] FAULT_INJECTION: forcing a failure.
[  182.149105][T12559] name failslab, interval 1, probability 0, space 0, times 0
[  182.161870][T12559] CPU: 1 UID: 0 PID: 12559 Comm: syz.6.3464 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  182.161945][T12559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  182.161961][T12559] Call Trace:
[  182.161968][T12559]  <TASK>
[  182.161976][T12559]  dump_stack_lvl+0xf2/0x150
[  182.162008][T12559]  dump_stack+0x15/0x1a
[  182.162033][T12559]  should_fail_ex+0x24a/0x260
[  182.162070][T12559]  should_failslab+0x8f/0xb0
[  182.162130][T12559]  kmem_cache_alloc_noprof+0x52/0x320
[  182.162158][T12559]  ? skb_clone+0x154/0x1f0
[  182.162188][T12559]  skb_clone+0x154/0x1f0
[  182.162225][T12559]  __netlink_deliver_tap+0x2bd/0x4f0
[  182.162272][T12559]  netlink_unicast+0x64a/0x670
[  182.162306][T12559]  netlink_sendmsg+0x5cc/0x6e0
[  182.162328][T12559]  ? __pfx_netlink_sendmsg+0x10/0x10
[  182.162351][T12559]  __sock_sendmsg+0x140/0x180
[  182.162413][T12559]  ____sys_sendmsg+0x326/0x4b0
[  182.162444][T12559]  __sys_sendmsg+0x19d/0x230
[  182.162536][T12559]  __x64_sys_sendmsg+0x46/0x50
[  182.162601][T12559]  x64_sys_call+0x2734/0x2dc0
[  182.162634][T12559]  do_syscall_64+0xc9/0x1c0
[  182.162681][T12559]  ? clear_bhb_loop+0x55/0xb0
[  182.162759][T12559]  ? clear_bhb_loop+0x55/0xb0
[  182.162792][T12559]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.162825][T12559] RIP: 0033:0x7f0c12c0d169
[  182.162844][T12559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  182.162926][T12559] RSP: 002b:00007f0c11277038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  182.162948][T12559] RAX: ffffffffffffffda RBX: 00007f0c12e25fa0 RCX: 00007f0c12c0d169
[  182.162962][T12559] RDX: 0000000020040054 RSI: 0000200000006040 RDI: 0000000000000004
[  182.162975][T12559] RBP: 00007f0c11277090 R08: 0000000000000000 R09: 0000000000000000
[  182.162987][T12559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.163046][T12559] R13: 0000000000000000 R14: 00007f0c12e25fa0 R15: 00007ffcceb82308
[  182.163064][T12559]  </TASK>
[  182.404847][T12561] binfmt_misc: register: failed to install interpreter file ./file2
[  182.423237][T12563] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3466'.
[  182.453342][T12568] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3468'.
[  182.859971][T12605] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3487'.
[  182.979565][T12618] xt_CT: No such helper "pptp"
[  183.079477][T12631] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3499'.
[  183.151546][T12639] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3500'.
[  183.224205][T12648] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3502'.
[  183.326367][T12662] netlink: 212 bytes leftover after parsing attributes in process `syz.6.3510'.
[  183.336665][T12662] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  183.365712][T12666] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3512'.
[  183.393590][T12670] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3514'.
[  183.623549][T12704] netlink: 'syz.6.3531': attribute type 13 has an invalid length.
[  183.631566][T12704] netlink: 'syz.6.3531': attribute type 27 has an invalid length.
[  183.638510][T12706] netlink: 212 bytes leftover after parsing attributes in process `syz.2.3533'.
[  183.653859][T12706] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  183.716450][T12716] random: crng reseeded on system resumption
[  183.956049][T12733] netlink: 'syz.1.3544': attribute type 13 has an invalid length.
[  183.964008][T12733] netlink: 'syz.1.3544': attribute type 27 has an invalid length.
[  184.027616][T12745] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  184.069303][T12748] 9pnet_fd: Insufficient options for proto=fd
[  184.183264][T12758] vlan2: entered promiscuous mode
[  184.242154][T12767] netlink: 'syz.1.3560': attribute type 13 has an invalid length.
[  184.382407][T12782] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  184.393944][T12782] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.401193][T12782] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.746451][T12794] netlink: 'syz.6.3572': attribute type 1 has an invalid length.
[  184.767158][T12793] SELinux: ebitmap: truncated map
[  184.775814][T12793] SELinux: failed to load policy
[  184.836453][   T29] kauditd_printk_skb: 461 callbacks suppressed
[  184.836469][   T29] audit: type=1326 audit(1742798725.880:6245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12795 comm="syz.1.3574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  185.094654][   T29] audit: type=1326 audit(1742798725.950:6246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12795 comm="syz.1.3574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  185.118411][   T29] audit: type=1326 audit(1742798725.950:6247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12795 comm="syz.1.3574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  185.142212][   T29] audit: type=1326 audit(1742798725.950:6248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12795 comm="syz.1.3574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  185.166116][   T29] audit: type=1326 audit(1742798725.950:6249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12795 comm="syz.1.3574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  185.189916][   T29] audit: type=1326 audit(1742798725.950:6250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12795 comm="syz.1.3574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  185.213701][   T29] audit: type=1326 audit(1742798725.950:6251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12795 comm="syz.1.3574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  185.237380][   T29] audit: type=1326 audit(1742798725.950:6252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12795 comm="syz.1.3574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  185.261795][   T29] audit: type=1326 audit(1742798725.950:6253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12795 comm="syz.1.3574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  185.285513][   T29] audit: type=1326 audit(1742798725.950:6254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12795 comm="syz.1.3574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  185.415955][T12825] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.424059][T12825] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.527859][T12822] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[  185.566505][T12832] 9pnet_fd: Insufficient options for proto=fd
[  185.701438][T12837] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  185.709096][T12837] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.724310][T12837] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  185.732058][T12837] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.749076][T12846] 9pnet_fd: Insufficient options for proto=fd
[  185.850478][T12856] SELinux:  policydb magic number 0x6d656d6b does not match expected magic number 0xf97cff8c
[  185.861872][T12856] SELinux: failed to load policy
[  186.420738][T12876] 9pnet_fd: Insufficient options for proto=fd
[  186.512892][T12883] FAULT_INJECTION: forcing a failure.
[  186.512892][T12883] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  186.526029][T12883] CPU: 0 UID: 0 PID: 12883 Comm: syz.1.3612 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  186.526141][T12883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  186.526156][T12883] Call Trace:
[  186.526163][T12883]  <TASK>
[  186.526171][T12883]  dump_stack_lvl+0xf2/0x150
[  186.526200][T12883]  dump_stack+0x15/0x1a
[  186.526306][T12883]  should_fail_ex+0x24a/0x260
[  186.526357][T12883]  should_fail+0xb/0x10
[  186.526465][T12883]  should_fail_usercopy+0x1a/0x20
[  186.526500][T12883]  _copy_from_user+0x1c/0xa0
[  186.526520][T12883]  write_ldt+0x71/0x480
[  186.526556][T12883]  __se_sys_modify_ldt+0x6e/0x250
[  186.526617][T12883]  x64_sys_call+0x2af4/0x2dc0
[  186.526651][T12883]  do_syscall_64+0xc9/0x1c0
[  186.526690][T12883]  ? clear_bhb_loop+0x55/0xb0
[  186.526726][T12883]  ? clear_bhb_loop+0x55/0xb0
[  186.526815][T12883]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.526850][T12883] RIP: 0033:0x7f1adec0d169
[  186.526869][T12883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.526892][T12883] RSP: 002b:00007f1add277038 EFLAGS: 00000246 ORIG_RAX: 000000000000009a
[  186.526912][T12883] RAX: ffffffffffffffda RBX: 00007f1adee25fa0 RCX: 00007f1adec0d169
[  186.526925][T12883] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000001
[  186.526940][T12883] RBP: 00007f1add277090 R08: 0000000000000000 R09: 0000000000000000
[  186.526955][T12883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  186.526974][T12883] R13: 0000000000000000 R14: 00007f1adee25fa0 R15: 00007ffe3f1e67d8
[  186.526996][T12883]  </TASK>
[  186.834989][T12885] SELinux:  policydb magic number 0x6d656d6b does not match expected magic number 0xf97cff8c
[  186.866618][T12885] SELinux: failed to load policy
[  186.994667][T12912] 9pnet_fd: Insufficient options for proto=fd
[  187.064806][T12910] SELinux:  policydb magic number 0x6d656d6b does not match expected magic number 0xf97cff8c
[  187.075278][T12910] SELinux: failed to load policy
[  187.165464][T12932] SELinux:  policydb magic number 0x6d656d6b does not match expected magic number 0xf97cff8c
[  187.193196][T12932] SELinux: failed to load policy
[  187.246819][T12949] FAULT_INJECTION: forcing a failure.
[  187.246819][T12949] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  187.260575][T12949] CPU: 0 UID: 0 PID: 12949 Comm: syz.2.3642 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  187.260610][T12949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  187.260673][T12949] Call Trace:
[  187.260683][T12949]  <TASK>
[  187.260693][T12949]  dump_stack_lvl+0xf2/0x150
[  187.260730][T12949]  dump_stack+0x15/0x1a
[  187.260758][T12949]  should_fail_ex+0x24a/0x260
[  187.260846][T12949]  should_fail_alloc_page+0xfd/0x110
[  187.260911][T12949]  __alloc_frozen_pages_noprof+0x109/0x340
[  187.260954][T12949]  alloc_pages_mpol+0xb4/0x260
[  187.260982][T12949]  vma_alloc_folio_noprof+0x1a0/0x310
[  187.261036][T12949]  handle_mm_fault+0xdd7/0x2b00
[  187.261070][T12949]  exc_page_fault+0x296/0x650
[  187.261105][T12949]  ? pagemap_pte_hole+0x24c/0x280
[  187.261145][T12949]  asm_exc_page_fault+0x26/0x30
[  187.261212][T12949] RIP: 0010:rep_movs_alternative+0x4a/0x70
[  187.261244][T12949] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
[  187.261343][T12949] RSP: 0018:ffffc90001effd58 EFLAGS: 00050206
[  187.261360][T12949] RAX: ffff88810d8c6d88 RBX: 0000200000003240 RCX: 0000000000000240
[  187.261374][T12949] RDX: 0000000000000000 RSI: ffff888117c26dc0 RDI: 0000200000003000
[  187.261390][T12949] RBP: 0000000000001000 R08: 0000000080000000 R09: 0000000000000000
[  187.261405][T12949] R10: 0001888117c26000 R11: 0001888117c26fff R12: 0000000000001000
[  187.261420][T12949] R13: 00007ffffffff000 R14: 0000200000002240 R15: ffff888117c26000
[  187.261521][T12949]  _copy_to_user+0x7c/0xa0
[  187.261548][T12949]  pagemap_read+0x3af/0x610
[  187.261589][T12949]  ? __pfx_pagemap_read+0x10/0x10
[  187.261641][T12949]  vfs_read+0x19b/0x6f0
[  187.261681][T12949]  ? __fget_files+0x17c/0x1c0
[  187.261724][T12949]  ? __rcu_read_unlock+0x4e/0x70
[  187.261763][T12949]  ? __fget_files+0x17c/0x1c0
[  187.261807][T12949]  __x64_sys_pread64+0xf6/0x150
[  187.261841][T12949]  x64_sys_call+0x26ee/0x2dc0
[  187.261889][T12949]  do_syscall_64+0xc9/0x1c0
[  187.261986][T12949]  ? clear_bhb_loop+0x55/0xb0
[  187.262060][T12949]  ? clear_bhb_loop+0x55/0xb0
[  187.262133][T12949]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.262166][T12949] RIP: 0033:0x7efd3c71d169
[  187.262184][T12949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.262204][T12949] RSP: 002b:00007efd3ad81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  187.262223][T12949] RAX: ffffffffffffffda RBX: 00007efd3c935fa0 RCX: 00007efd3c71d169
[  187.262261][T12949] RDX: 0000000000200000 RSI: 0000200000001240 RDI: 0000000000000003
[  187.262277][T12949] RBP: 00007efd3ad81090 R08: 0000000000000000 R09: 0000000000000000
[  187.262293][T12949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.262308][T12949] R13: 0000000000000000 R14: 00007efd3c935fa0 R15: 00007ffc3cc343f8
[  187.262331][T12949]  </TASK>
[  187.628198][T12964] __nla_validate_parse: 14 callbacks suppressed
[  187.628215][T12964] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3647'.
[  187.688690][T12970] netlink: 212 bytes leftover after parsing attributes in process `syz.2.3650'.
[  187.698180][T12970] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  188.132726][T12986] sctp: [Deprecated]: syz.6.3656 (pid 12986) Use of int in maxseg socket option.
[  188.132726][T12986] Use struct sctp_assoc_value instead
[  188.148923][T12986] sctp: [Deprecated]: syz.6.3656 (pid 12986) Use of int in maxseg socket option.
[  188.148923][T12986] Use struct sctp_assoc_value instead
[  188.551256][T12990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.561034][T12990] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.561771][T12990] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3656'.
[  188.820985][T13010] netlink: 212 bytes leftover after parsing attributes in process `syz.5.3663'.
[  188.864904][T13014] SELinux: ebitmap: truncated map
[  188.866157][T13016] FAULT_INJECTION: forcing a failure.
[  188.866157][T13016] name failslab, interval 1, probability 0, space 0, times 0
[  188.871826][T13014] SELinux: failed to load policy
[  188.882830][T13016] CPU: 1 UID: 0 PID: 13016 Comm: syz.6.3669 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  188.882868][T13016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  188.882887][T13016] Call Trace:
[  188.882898][T13016]  <TASK>
[  188.882910][T13016]  dump_stack_lvl+0xf2/0x150
[  188.882976][T13016]  dump_stack+0x15/0x1a
[  188.883006][T13016]  should_fail_ex+0x24a/0x260
[  188.883054][T13016]  should_failslab+0x8f/0xb0
[  188.883098][T13016]  __kmalloc_node_noprof+0xad/0x410
[  188.883131][T13016]  ? __kvmalloc_node_noprof+0x72/0x170
[  188.883167][T13016]  __kvmalloc_node_noprof+0x72/0x170
[  188.883261][T13016]  nf_hook_entries_grow+0x1bd/0x470
[  188.883310][T13016]  __nf_register_net_hook+0x16b/0x480
[  188.883431][T13016]  nf_register_net_hook+0x88/0x130
[  188.883475][T13016]  nf_register_net_hooks+0x41/0x140
[  188.883519][T13016]  nf_defrag_ipv4_enable+0x6c/0xc0
[  188.883550][T13016]  tproxy_tg4_check+0x2d/0x100
[  188.883693][T13016]  xt_check_target+0x266/0x480
[  188.883797][T13016]  ? strnlen+0x28/0x50
[  188.883830][T13016]  ? strcmp+0x21/0x50
[  188.883855][T13016]  ? xt_find_target+0x1c8/0x200
[  188.883970][T13016]  translate_table+0xc3e/0xfb0
[  188.884019][T13016]  do_ipt_set_ctl+0x7bd/0x8b0
[  188.884055][T13016]  ? tcp_release_cb+0xfe/0x380
[  188.884177][T13016]  nf_setsockopt+0x195/0x1b0
[  188.884205][T13016]  ip_setsockopt+0xea/0x100
[  188.884245][T13016]  ipv6_setsockopt+0xef/0x130
[  188.884274][T13016]  tcp_setsockopt+0x93/0xb0
[  188.884342][T13016]  sock_common_setsockopt+0x64/0x80
[  188.884412][T13016]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  188.884499][T13016]  __sys_setsockopt+0x187/0x200
[  188.884539][T13016]  __x64_sys_setsockopt+0x66/0x80
[  188.884580][T13016]  x64_sys_call+0x282e/0x2dc0
[  188.884621][T13016]  do_syscall_64+0xc9/0x1c0
[  188.884669][T13016]  ? clear_bhb_loop+0x55/0xb0
[  188.884741][T13016]  ? clear_bhb_loop+0x55/0xb0
[  188.884859][T13016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.884900][T13016] RIP: 0033:0x7f0c12c0d169
[  188.884925][T13016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.884951][T13016] RSP: 002b:00007f0c11277038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  188.884981][T13016] RAX: ffffffffffffffda RBX: 00007f0c12e25fa0 RCX: 00007f0c12c0d169
[  188.885057][T13016] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[  188.885166][T13016] RBP: 00007f0c11277090 R08: 0000000000000468 R09: 0000000000000000
[  188.885196][T13016] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.885215][T13016] R13: 0000000000000000 R14: 00007f0c12e25fa0 R15: 00007ffcceb82308
[  188.885244][T13016]  </TASK>
[  189.788043][T13044] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3681'.
[  189.892007][T13050] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3683'.
[  189.902098][T13051] rdma_op ffff88814f83e580 conn xmit_rdma 0000000000000000
[  190.135830][T13066] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3690'.
[  191.976338][   T29] kauditd_printk_skb: 327 callbacks suppressed
[  191.976362][   T29] audit: type=1326 audit(1742798733.020:6580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.2.3697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  192.006844][   T29] audit: type=1326 audit(1742798733.020:6581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.2.3697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  192.030819][   T29] audit: type=1326 audit(1742798733.020:6582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.2.3697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  192.054431][   T29] audit: type=1326 audit(1742798733.020:6583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.2.3697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  192.077992][   T29] audit: type=1326 audit(1742798733.020:6584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.2.3697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  192.101812][   T29] audit: type=1326 audit(1742798733.030:6585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.2.3697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  192.125658][   T29] audit: type=1326 audit(1742798733.030:6586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.2.3697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  192.149679][   T29] audit: type=1326 audit(1742798733.030:6587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.2.3697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  192.173959][   T29] audit: type=1326 audit(1742798733.030:6588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.2.3697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  192.197924][   T29] audit: type=1326 audit(1742798733.030:6589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.2.3697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7efd3c71d169 code=0x7ffc0000
[  192.248723][T13089] SELinux: ebitmap: truncated map
[  192.255501][T13089] SELinux: failed to load policy
[  192.543744][T13116] SELinux: security_context_str_to_sid (u) failed with errno=-22
[  192.653271][T13114] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3711'.
[  192.744321][T13135] random: crng reseeded on system resumption
[  192.787432][T13131] SELinux: ebitmap: truncated map
[  192.794429][T13131] SELinux: failed to load policy
[  192.941540][T13156] SELinux: ebitmap: truncated map
[  192.959165][T13156] SELinux: failed to load policy
[  193.054555][T13165] netlink: 'syz.6.3731': attribute type 29 has an invalid length.
[  193.093432][T13165] netlink: 'syz.6.3731': attribute type 29 has an invalid length.
[  193.441408][T13181] random: crng reseeded on system resumption
[  193.556837][T13190] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3740'.
[  193.613047][T13198] netlink: 'syz.4.3744': attribute type 29 has an invalid length.
[  193.622067][T13198] netlink: 'syz.4.3744': attribute type 29 has an invalid length.
[  193.710965][T13176] xt_hashlimit: max too large, truncated to 1048576
[  193.888847][T13216] random: crng reseeded on system resumption
[  194.043311][T13224] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3757'.
[  194.089435][T13220] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3754'.
[  194.103921][T13230] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3755'.
[  194.340808][T13248] SELinux: ebitmap: truncated map
[  194.347134][T13248] SELinux: failed to load policy
[  194.386891][T13255] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3770'.
[  194.556255][T13268] SELinux: ebitmap: truncated map
[  194.563142][T13268] SELinux: failed to load policy
[  194.629972][T13286] random: crng reseeded on system resumption
[  194.729910][T13281] mmap: syz.5.3782 (13281): VmData 17453056 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  194.939107][T13314] SELinux: ebitmap: truncated map
[  194.968483][T13314] SELinux: failed to load policy
[  194.977474][T13318] netlink: 'syz.2.3799': attribute type 29 has an invalid length.
[  194.996850][T13318] netlink: 'syz.2.3799': attribute type 29 has an invalid length.
[  195.215783][T13343] SELinux:  policydb magic number 0x6d656d6b does not match expected magic number 0xf97cff8c
[  195.227023][T13343] SELinux: failed to load policy
[  195.245448][T13345] SELinux: ebitmap: truncated map
[  195.253669][T13345] SELinux: failed to load policy
[  195.259121][T13354] SELinux:  policydb magic number 0x6d656d6b does not match expected magic number 0xf97cff8c
[  195.269691][T13354] SELinux: failed to load policy
[  195.402480][T13369] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3824'.
[  195.726328][T13378] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3826'.
[  197.062095][T13391] SELinux:  policydb magic number 0x6d656d6b does not match expected magic number 0xf97cff8c
[  197.072489][T13391] SELinux: failed to load policy
[  197.078056][T13392] SELinux:  policydb magic number 0x6d656d6b does not match expected magic number 0xf97cff8c
[  197.125196][   T29] kauditd_printk_skb: 312 callbacks suppressed
[  197.125214][   T29] audit: type=1326 audit(1742798738.170:6902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13394 comm="syz.1.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  197.178387][   T29] audit: type=1326 audit(1742798738.210:6903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13394 comm="syz.1.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  197.202452][   T29] audit: type=1326 audit(1742798738.210:6904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13394 comm="syz.1.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  197.226007][   T29] audit: type=1326 audit(1742798738.210:6905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13394 comm="syz.1.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  197.249723][   T29] audit: type=1326 audit(1742798738.210:6906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13394 comm="syz.1.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  197.273507][   T29] audit: type=1326 audit(1742798738.210:6907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13394 comm="syz.1.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  197.297375][   T29] audit: type=1326 audit(1742798738.210:6908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13394 comm="syz.1.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  197.320896][   T29] audit: type=1326 audit(1742798738.210:6909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13394 comm="syz.1.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  197.344749][   T29] audit: type=1326 audit(1742798738.210:6910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13394 comm="syz.1.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  197.368441][   T29] audit: type=1326 audit(1742798738.210:6911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13394 comm="syz.1.3833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1adec0d169 code=0x7ffc0000
[  197.404274][T13389] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3828'.
[  197.595297][T13417] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3842'.
[  197.673753][T13419] SELinux: ebitmap: truncated map
[  197.680900][T13419] sel_write_load: 1 callbacks suppressed
[  197.680962][T13419] SELinux: failed to load policy
[  197.735562][T13421] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3845'.
[  197.874784][T13442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.913054][T13442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.963812][T13449] netlink: 'syz.5.3857': attribute type 29 has an invalid length.
[  198.007768][T13440] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3852'.
[  198.012814][T13452] xt_hashlimit: max too large, truncated to 1048576
[  198.024513][T13449] netlink: 'syz.5.3857': attribute type 29 has an invalid length.
[  198.036971][T13452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  198.045871][T13452] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.054436][T13452] netlink: 'syz.2.3858': attribute type 1 has an invalid length.
[  198.144517][T13465] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3860'.
[  198.171384][T13467] netlink: 'syz.2.3864': attribute type 1 has an invalid length.
[  198.453143][T13493] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3877'.
[  198.495560][T13481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  198.507610][T13481] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.511523][T13497] sd 0:0:1:0: device reset
[  198.635688][T13512] ==================================================================
[  198.644111][T13512] BUG: KCSAN: data-race in mas_replace_node / mtree_range_walk
[  198.651902][T13512] 
[  198.654243][T13512] write to 0xffff8881046fc400 of 8 bytes by task 13510 on cpu 0:
[  198.661978][T13512]  mas_replace_node+0x1b8/0x430
[  198.666864][T13512]  mas_wr_store_entry+0x1e12/0x23f0
[  198.672117][T13512]  mas_store_prealloc+0x6bf/0x960
[  198.677188][T13512]  vma_complete+0x3a7/0x760
[  198.682229][T13512]  __split_vma+0x5d6/0x6a0
[  198.688438][T13512]  vma_modify+0x105/0x200
[  198.692907][T13512]  vma_modify_flags+0xf1/0x120
[  198.698252][T13512]  mprotect_fixup+0x31a/0x5e0
[  198.703065][T13512]  do_mprotect_pkey+0x6cc/0x9a0
[  198.709173][T13512]  __x64_sys_mprotect+0x48/0x60
[  198.714181][T13512]  x64_sys_call+0x2770/0x2dc0
[  198.718927][T13512]  do_syscall_64+0xc9/0x1c0
[  198.723572][T13512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.729778][T13512] 
[  198.732113][T13512] read to 0xffff8881046fc400 of 8 bytes by task 13512 on cpu 1:
[  198.739852][T13512]  mtree_range_walk+0x33d/0x460
[  198.745236][T13512]  mas_walk+0x16e/0x320
[  198.749459][T13512]  lock_vma_under_rcu+0x95/0x270
[  198.754435][T13512]  exc_page_fault+0x150/0x650
[  198.759255][T13512]  asm_exc_page_fault+0x26/0x30
[  198.764136][T13512] 
[  198.766460][T13512] value changed: 0xffff88810427f606 -> 0xffff8881046fc400
[  198.773594][T13512] 
[  198.776130][T13512] Reported by Kernel Concurrency Sanitizer on:
[  198.782285][T13512] CPU: 1 UID: 0 PID: 13512 Comm: syz.5.3886 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0
[  198.793149][T13512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  198.803507][T13512] ==================================================================