last executing test programs:

56.72322919s ago: executing program 0 (id=13):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0', [], 0xa, "1f411d2552ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bda4de504f5a3c7c04055f1f70e4064d46b2bb9e5100d446bb6a"}, 0x2)
write$binfmt_script(r0, &(0x7f00000006c0)={'#! ', './file1', [{0x20, '-^\xd4]$\xa2.\xfd\xc1\xe7\xd4\xb8\xeaD\x8c\xb3\xba\x16\x00T\x8ejVl~\xb1\xcem\x85.*\xb72tVZ\xe6\xec\xfe\x99W>\",\x04\xe1'}, {0x20, '@)%{:\x9b@{--'}, {0x20, '+'}, {0x20, '\xf4\xe1\xfd:\xd8\xa6M\xcevV\xef\a\x96\x10\xact\xd2\x03\x05\xb8&\x18\\C\xb7e\xc0\x8c\xab\xf0C\x98A-#\xabo\x83\xf3\x94\xbdE\xc2\x97\x87\x88\xfc\xe4\xf3\xbf\x82\x98\xa0D\x1ef\x01\xcd\xa6\x7f\x898\x11[kcW<\xf3\xac8\xc8\xa2\xf8RX\xef\xbb\x19\xbfL\b\x1c\x87\xf9+\xdc\x80\x8f\x85\x9a\xf4\v\x83N\x1d\xaeA\xe1\xf8\xc9\x04\x8e\xd3\xb2\x8f\xfc\xa8\x98#^7\x11\xb7\xc5\xe2\xe0\x84\xb8[\xc9\xc5u\x95#\xad\xc2;{\xeb\x97*\xfc\xed\x8ezQRG\xf7n\x93\x81\xaf\xd1\\T\x01\xc0\xb0!\xb4W\'Y\xb3UJ$\x1c\xe6n\xf70\xb1k\xedX\x96\x15\x03\x03Yi\x80) I\x93\x9d?\t9\x94U-nY\x94\xa1\xe0/\x19\x9a\xa1z\xb1\xa4\x03K'}]}, 0x110)
close(r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000013c0)={{0x14, 0x453, 0x1, 0x0, 0x0, {0x5}}, [], {0x14, 0x3ec}}, 0x28}, 0x1, 0x0, 0x0, 0x64841}, 0x40000)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00', <r9=>0x0})
capset(&(0x7f00000020c0)={0x19980330}, &(0x7f0000002100)={0x0, 0x3})
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x1c, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000020000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b704000002ec0000850000008200000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7020000000000008500000008000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bind$xdp(r6, &(0x7f0000000100)={0x2c, 0x0, r9}, 0x10)
bind$xdp(r6, &(0x7f0000000200)={0x2c, 0xd, r9, 0x2}, 0x10)

55.608287058s ago: executing program 0 (id=24):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x7f, 0x7ffc0002}]})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r1, &(0x7f00000007c0)=[{&(0x7f0000000580)=""/148, 0x94}, {&(0x7f00000004c0)=""/110, 0x6e}, {&(0x7f0000000540)=""/3, 0x3}], 0x3)
fcntl$setstatus(r1, 0x4, 0x48800)
readv(r1, &(0x7f0000001240)=[{&(0x7f0000000040)=""/73, 0x49}], 0x1)

55.509310579s ago: executing program 0 (id=28):
socket$inet6(0xa, 0x3, 0x3c)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
setrlimit(0xf, &(0x7f0000000000)={0x0, 0xfffffffbffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0x2]}, 0x0, 0x8)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_pidfd_open(r2, 0x0)
pidfd_send_signal(r3, 0x2, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x3938700}, {0x0, 0x9}}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000001640)=ANY=[@ANYBLOB='0\x00'/17, @ANYRES32, @ANYBLOB], 0x30}], 0x1}, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e"], 0x70}}, 0x0)
sendmmsg(r4, &(0x7f0000000180), 0x3ef, 0x0)
acct(&(0x7f0000000080)='./file1\x00')
acct(0x0)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a99000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ff8000/0x2000)=nil)
acct(&(0x7f00000002c0)='./file1\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

55.314103992s ago: executing program 0 (id=35):
symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00')
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file1\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x35d, &(0x7f0000000f00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPNiDurJvyeatLzFpfr/2+4GSycw8u7OZSXk27WYv3/3yo0rJ0kp6Q6JJJRERkSuRrEQlEPEfo245IWGH8srMnz+/uL5ZTHoVaiW/8WpOKTU3/8PHn6X8bmfTcpF9//KP3O8Xz148f/nvxodlS5UtVa01lK62a7829G3TULtlq6IptWoaumWoctUy6l77d/52zNreXlPp1d3Z9F7dsCylV5uqYjRVo6Ya9abSP9DLVaVpmppNC25SPF5b0/NDBu+MeDAYk3o9r0+JSKqnpXg8kQEBAICJ6s7/o05KP0z+vyVzhcLymnI6t/P/k5fOGzPvnM75+f9Zol/+/9ov3rY68n/ndKKd/9e884PSzfn/13KH/L83I3pchs7/s2MYDIYzn+ipinQ8c/L/tP/+dR29d7LoFsj/AQAAAAAAAAAAAAAAAAAAAAB4GlzZdsa27UzwGPy0LyHwn+NBGjT/0yKSdGbfZv4fsvXNLUm6F+45c2x+sV/cL3qPfodzETHF+Mfu5qyN4Moj5cjKj+aBH3+wX5xyW/IlKTvxsiQZybrrKRRv2ytvFZaXlMePb12mlA7H5yQjz4Tjv3dXpxOf64z395+QlxdC8Zpk5KcdqYkpu25ke/+fLyn15tuFrviU209Efrv3SQEAAAAAYMQ01dL3/F3TBrV73zKSL7kfExmyKBn5u//5/WLf8/NY5oXYpI8eAAAAAIDHwWp+WtElatTdgmn2K6RkYNMICrGOmriI9O2c6KqJX7flqdAR3nY8CfHuYPJ/j+ub4FW9S1TwjxTOwFtN/h1VZLjxBMfv1kRiw09T5FDcBXAYborKLcJj3YOfdypU384LA7dz5B9Iqyb42Cgx4HWW1d7tRK9ZCfGeGjsy3AJ47qtv/xrdG+T1U38FfHJz5yPTsA/kNpPSVXB20dsUH/svHgAAAAD3rp30BzVvhJvDNxIJ3yyHv9wDAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBCY/lKv67CpI8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFL8FwAA//8GuPOT")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9c, 0x1, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x400}, 0x100, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x15, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000000000000000000000000000000000000ad5665078d05f083852cdd538051e2c99279b5939642d21d442154be3224f4d7e10574e9bc06fdd483f77b13ba4daba177636c312d55e50516972a8823e25d8ea4a546bdeea265718c9efbe86aec84efb12eb430fd1088aee310703009fd763274a3b0a46945aaeb203ee9427cab1d0f2d669c47f800f28ecdcfcc7c030eabf6004d7b30f5dea0861682dac834e5ecdde3d934c594a94e11f5decd1a6ff2a9a010159be5bb40f933808cc460406ff5613235440f05ed6b0", @ANYRES32, @ANYBLOB="0000000000000000b7080000090000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000820000009500000000000000"], &(0x7f0000000440)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x4000000, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177b5b48b00", "f2fdffffffffffffff810000000000d300e6d602000000000000000000000001", [0xca4e]})
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)

55.065176246s ago: executing program 0 (id=37):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="7000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000480012800e000100697036677265746170000000340002801400060020010000000000000000000000000002060002000c00000014000700fc00000000000000000000000000000108000a0009"], 0x70}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020a07b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r3}, 0x18)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x290, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev, [], [], 'batadv0\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x4c00}}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@empty, @private2, [], [], 'syzkaller0\x00', 'ip6tnl0\x00'}, 0x0, 0xd0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000800)='./file0\x00', 0x221488e, &(0x7f0000000240)=ANY=[@ANYBLOB='map=off,check=relaxed\x00iocharset=iso8859-3,block=0x0000000000000600,mode=0x0000000000000006,gid=', @ANYRESHEX=0x0, @ANYBLOB='Amap=acorn,iocharset=iso8859-2,sbsector=0x000000000000d280,map=acorn,overrikperm,gid=', @ANYRESHEX=0x0, @ANYBLOB=',\x00'], 0xfd, 0x6b1, &(0x7f0000000840)="$eJzs3c9v2+Ydx/EP5V+yOwTFNgRBkCZPkhVwsEyR5MaBkQGtRlE2N0kUSHmwgQFF1thFEDndkgxYfOl82Q+gA3berZcddts/MKDn/he7bUCx3QbswoGkqB+WKFmN7TbN+2W0osgvn+dLUuEXtMWHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsuxqsViyVHeb2zsmm131vcaE5UlrC7qVTNya2q9kRf8pn9elZNal7/YXX4z+d0NXkndXlI9e8jp84+Kb978zn0vXn5DQl6FZG3z24vDxg05n7+kJYuc0c/NfJeVOELTpNN3AcxuVTce4gWc21teLd7Zqgam5dSfYDdpOw9i+k2t7vlm1b5nSxsaacQq73nZzs1qpO+nMez8oF4vr5sdLyYGWVAjsLbded5ubcUy0OIq5Zz75WRLgVBrG7D/q7K1NSzIKKp0kqDyyD44dsnKxXC6VyuXS+t2Nu/eKxfmRGcWIVezRSMSpf2jxijm1czfwsnJR/f+HJdWVV1Pb2pEZ+2OrKl+eGhnLu9L6//YdZ2K/g/U/rfKXpHe7iy8rrv9Xk3dXs+p/Ri5GJl5h3BIrY/5sPwtxRkbP9EKHeqwH6qijPT09hbaNzLVTaeUcfjblqClXgTy5aqgSzzHdOUYbWte6inpfW6opkFFNrupyFGhXgdpy4k+ULV+OKmrLky+jVdm6JaOSNrShNRk5KmhXnrbV1Kaqqui/YRju61G839cm5Kg0qJQRsDQYVJ7QUlb9//nHyee0W/+L1P/XVfI5WEpePp8UA3wNhN3r/xldO5tsAAAAAADAWbDi375b8d/u35IUqubWnWL2CovnmR0AAAAAADgNlsIlXZEVXf9LekvWlOt/AAAAAADwyrHie+wsSSvxl/qt/p1QJ/klwNw5pAgAAAAAAF5SfOf/1UUpjAetuCZrput/AAAAAADwCvj9wBj78+kYu2H6Z/2cpKC1ZP3930vyF6yj1s73rINKtKRyMJeLQ0a+AdCuXbaCPyUD9cbj9S5Kit/ZzhWr21t3EMzeuINf7I+O9Z8OBZ+M9Wv5xxJYnBts4FgCF7ojBVtRz+vz3Xf6RNffHYp9eJhTvCTpZaXm1p2C7dXvl1SpXMi1nZ32r548+rXk97Zz/1Fnr/DBR52HcS5H0ayjgyiPj9N0/rbY3XXDucQv/Vyex+MtxPdcjBvdeFm1tMs/NBsrVtxvMd3+OVUOcv1jlLn9x/r8rW4kx+zGShK7ctgbcT/a/ny0/aVCfMiGtt5fsPpZlI5v+bgDkZFFPs7iZhJzc/Vm8pLmF7WTs/Lfn5PKhdFjMJRFeTCL6fvC+s/IvpiURXdfrEVZfBY1lJHF2mxZjBwRAPiq7PerUDyI+cgY+2l5SE9qX6rujKnuw71Y7w1X9+d/DsN4hTlpvvu3iYm95BWd0VetuA4tKj6xzl8eOaOnW1O5kFfGGb34EtUt6uuv/WcgddMeyeJ/YRjeL8X9/vFYVf00WuHTzH6DerLb7zw/+EU8AH7kw70P956Uy2vrxXeKxbtlLcSb0X2ZE7UHADBi+jN2pkZY7+h6EnH94b/eTqaGKt63e18pKOgDfaSOHup2+giBa+NbXRn4GsLt5KpVA1et5uKb95el47El3c68qotr6UBsuRe7oHSV4Urdj10746MAAMD5ujGlDo+v//mh+n9bq0nE6uWx190r3Wt5xbW8e3Xcu6TPqrml6cm/d5p7AgCA14fjf2GttH9n+b7ber+0sVGqtLcc43v2T4zvVjcd4zbbjm9vVZqbjmn5Xtuzvbpp+Vpyq05ggu1Wy/Pbpub5puUF7k785HfTffR74DQqzbZrB626UwkcY3vNdsVum6ob2Ka1/aO6G2w5frxy0HJst+balbbrNU3gbfu2UzAmcJyBQLfqNNtuzY0mm6blu42Kv2t+6tW3G46pOoHtu622lzSY9uU2a57fiJstKJz5QYcAAHwTPXtx+PhBp7P39PjEcnRpnsw5UkbM6MTimAYZIwgAgK+ZfrmeYaXeN/P1WXgmWQEAAAAAAAAAAAAAAAAAAAAAgEHTb+mbcWJh3M2CUm/OLy905+g36t9iONKOpdNObJaJ3KxrpbdEHD7+fELwcm9OuvsHY47OdLvyA33981vSG/EiJXPmx62Vz27Qmt7p8oSDe8KJuWgHnTT4h/vJHs2MiRaOXbTUOxbzp//PIZp48peMRWEYhpNXXxreh4uTNnB4Yl7S08WXOATnfy4CcL7+HwAA//9bUjR2")

54.748334611s ago: executing program 0 (id=41):
r0 = memfd_create(&(0x7f0000000040)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0)
write(r0, &(0x7f00000004c0)="0600", 0x2)
sendfile(r0, r0, &(0x7f0000001000), 0xffff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001a000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f000002eff0)={0x135, &(0x7f0000000000)=[{}]}, 0x10)
r3 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r3, 0x8)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r4, 0x84, 0x15, &(0x7f0000000040), 0x1)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x9, 0x1, 0x2aa5, 0x9, 0x7fff}, &(0x7f00000001c0)=0x14)
setsockopt$inet6_int(r4, 0x29, 0x1a, &(0x7f0000000000)=0x6bf4425b, 0x4)

54.728258641s ago: executing program 32 (id=41):
r0 = memfd_create(&(0x7f0000000040)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0)
write(r0, &(0x7f00000004c0)="0600", 0x2)
sendfile(r0, r0, &(0x7f0000001000), 0xffff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001a000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f000002eff0)={0x135, &(0x7f0000000000)=[{}]}, 0x10)
r3 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r3, 0x8)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r4, 0x84, 0x15, &(0x7f0000000040), 0x1)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x9, 0x1, 0x2aa5, 0x9, 0x7fff}, &(0x7f00000001c0)=0x14)
setsockopt$inet6_int(r4, 0x29, 0x1a, &(0x7f0000000000)=0x6bf4425b, 0x4)

30.729680699s ago: executing program 5 (id=399):
r0 = syz_io_uring_setup(0x83a, &(0x7f0000000180)={0x0, 0x2b92, 0x1000, 0x4, 0x3cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x1a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x1000})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)
io_uring_setup(0x2715, &(0x7f00000000c0)={0x0, 0xdde3, 0x8000, 0x3, 0x152, 0x0, r0})
eventfd(0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getpid()
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000dc0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
sendmsg$inet6(r5, &(0x7f0000000740)={&(0x7f00000002c0)={0xa, 0x4e20, 0x401, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000002908010000000000000024000000000000002900000032000000fe800000000000000000000000001e7c000000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x40}, 0x40000)
close(r4)
recvmsg$unix(r3, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r6=>0xffffffffffffffff]}}], 0x18}, 0x180)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x1810714, &(0x7f0000000300)={[{@journal_dev={'journal_dev', 0x3d, 0xcd29}}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x1002}}, {@journal_dev={'journal_dev', 0x3d, 0x2}}, {@oldalloc}, {@jqfmt_vfsold}, {@usrjquota, 0x5}, {@min_batch_time}, {@inlinecrypt}]}, 0x1, 0x451, &(0x7f0000000d00)="$eJzs281vVFUbAPDn3pkCL7zSioiCoFU0Nn60tKCycKPRxIUmJrrAZW0LqQzU0JoIabQag0tD4t64NPEvcOXKqCsTt7o3JEQbE9CNY+7MvW1nmCn9mDKV+f2SgXPmnrnnPD333DlzzkwAPWsw+yeJ+H9E/BIR/fVsY4HB+n83Fucn/lqcn0iiWn3j96RW7vri/ERRtHjdnjwzlEaknyR5JY1mL146O16pTF3I8yNz594dmb146enpc+Nnps5MnR87efLE8dHnnh17piNxZvFdP/TBzOGDr7x15bWJU1fe/uHrrL0HjtSPr4yjUwazwP+o1jQfe6zTlXXZP9XlOJNyt1vDWpUiIuuuvtr4749SLHdef7z8cVcbB2yp7J69s/3hhSpwB0ui2y0AuqN4o88+/xaP2zT12BauvVD/AJTFfSN/1I+UI83L9G1h/YMRcWrh7y+yRzStQ1RbrBsAAGzWt9n856lW8780DqwotzffGxqIiLsjYl9E3BMR+yPi3oha2fsi4v511t+8NXTz/DO9uqHA1iib/z2f7201zv+K2V8MlPLcXbX4+5LT05WpY/nfZCj6dmb50VYnL07x0s+ftat/5fwve2T1F3PB/CRXy00LdJPjc+OdmpRe+yjiULlV/MnSTkASEQcj4tD6Tr23SEw/8dXhdoVuHf8qOrDPVP0y4vF6/y9EU/yFZPX9yZFdUZk6NlJcFTf78afLr7erf1Pxd0DW/7sbr/+mEv1/Jiv3a2fXX8flXz9t+5myvMHrf0fyZm1Pd0f+3Pvjc3MXRiN2JK/W8g3Pjy2/tsgX5bP4h462Hv/78tdk8T8QEdlFfCQiHoyIh/K+ezgiHomIo6vE//2Lj77T7th26P/Jlve/pet/oLH/158onf3um3b1r+3+d6KWGsqfqd3/bqF9c3blJTZ6NQMAAMB/T1r7bnySDi+l03R4uP4d/v2xO63MzM49eXrmvfOT9e/QD0RfWqx09a9YDx1NFvIz1vNj+Vpxcfx4vm78eel/tfzwxExlssuxQ6/b02b8Z34rdbt1wJbzey3oXc3jP+1SO4Dbz/s/9C7jH3qX8Q+9q9X4/7Apby8A7kze/6F3Gf/Qu4x/6F3GP/Skzfyuf6sS5VV+vS+xXRKRbotmSLRIlDswurt8YwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQfwMAAP//EgHx+Q==")
sendmsg$NFNL_MSG_CTHELPER_GET(r6, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="5000000001090102000000000000000007000004080005400000a0bd3ec1ae9f8df97ed4b7d8115c0003170005400000001c08000540000000110900010073797a300000000008000540000000130800"], 0x50}, 0x1, 0x0, 0x0, 0x4811}, 0x44090)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
quotactl_fd$Q_QUOTAOFF(r7, 0xffffffff80000302, 0x0, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="8fedcb7910009875f37538e486dd6317ce8102036c00fe08000e40000200875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2100, 0x0)
ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"})
r9 = syz_open_pts(r8, 0x0)
ioctl$TCXONC(r9, 0x540a, 0x0)
ioctl$TIOCSTI(r9, 0x5412, 0x0)

30.489942343s ago: executing program 5 (id=400):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
pipe2(&(0x7f0000001cc0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x800)
syz_io_uring_setup(0x1023b, &(0x7f0000000380)={0x0, 0x2a36, 0x100, 0x0, 0x20010002}, &(0x7f0000000200)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x401}, 0x1})
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x80c, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fl,rfdoo=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',\x00'])
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x4, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001f80)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_basic={{0xa}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[], 0x0, 0x56, 0x0, 0x3, 0x0, 0x0, @void, @value}, 0x28)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r11)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r9, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r12 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r12)
socket$nl_netfilter(0x10, 0x3, 0xc)

29.929812301s ago: executing program 5 (id=405):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d0000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x560, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x490, 0xffffffff, 0xffffffff, 0x490, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'vxcan1\x00', {0x8}}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfd}}, [], [0x0, 0xffffffff], 'pim6reg\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x3a0, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_virt_wifi\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x5}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'bridge_slave_0\x00', {0x53}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x5c0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
getpid()
socket$nl_generic(0x10, 0x3, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0700000004000000080000000100000000", @ANYRES32=0x0, @ANYRES32], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r7}, 0x18)
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0xc0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r10=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000c00)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000827bd7000ffdbdf254400000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990086010000420000000400bf000b00240004309816c8369b0008000d00010000800400080108000c00640000000400bf000400080108000d0007000000"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x80)
sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000b40)=@newtfilter={0x2c, 0x11, 0x1, 0x70bd27, 0x0, {0x0, 0x0, 0x74, r10, {0x9, 0xffff}, {0x1}, {0xfff2}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)
socket$unix(0x1, 0x1, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r11, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x40)
openat$selinux_policy(0xffffff9c, 0x0, 0x0, 0x0)

29.677132565s ago: executing program 5 (id=409):
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2bc3c1f, 0xffffffffffffffff, 0x7, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000003c0)={0x2, <r0=>0x0}, 0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0x4, 0x8001, 0x7fff, 0x8, 0x1, 0x7ff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5, 0x8, @void, @value, @void, @value}, 0x50) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0x4, 0x8001, 0x7fff, 0x8, 0x1, 0x7ff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5, 0x8, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1c, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) (async)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
r5 = dup2(r4, r4)
write$tun(r5, 0x0, 0x46)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000400)=<r6=>0x0)
perf_event_open(&(0x7f0000000600)={0x3, 0x80, 0x4, 0x2, 0x7, 0x26, 0x0, 0x5, 0x2300, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, @perf_config_ext={0x6, 0x9}, 0x400, 0x3, 0x81, 0x4, 0xffff, 0x9, 0x9, 0x0, 0x8, 0x0, 0x5}, r6, 0x2, 0xffffffffffffffff, 0x9)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000540), 0x8000, 0x0) (async)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000540), 0x8000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x20, 0x6, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, [@call={0x85, 0x0, 0x0, 0xd2}, @ldst={0x2, 0x0, 0x3, 0x8, 0x4, 0x18, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}]}, &(0x7f00000001c0)='syzkaller\x00', 0x3, 0x3f, &(0x7f0000000240)=""/63, 0x40f00, 0x4c, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x1, 0x10, 0x9, 0x3}, 0x10, r0, 0xffffffffffffffff, 0x0, &(0x7f0000000400), &(0x7f0000000540), 0x10, 0x2, @void, @value}, 0x94)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) (async)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x68}}, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='kfree\x00', r9}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='kfree\x00', r9}, 0x18)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)

29.222686122s ago: executing program 5 (id=411):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x22, 0x1, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}}, 0x0)

28.774291769s ago: executing program 5 (id=420):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x480a, &(0x7f0000000280)={[{@jqfmt_vfsold}, {@bsdgroups}, {@init_itable_val={'init_itable', 0x3d, 0x3}}, {@nobh}, {@data_err_ignore}]}, 0xfe, 0x79d, &(0x7f0000000740)="$eJzs3c9rHFUcAPDvbJImTauNINh6aU5aKN20NbYKghEPIlgo6Nk2bLYhZpMt2U1pQg4tIggiaPEg6MWzP+rNq+jZv8GLiLRUTYsVD7Iy+yPZ5nfSbDY2nw9M8t7sm33vu7Pz5u3OYyeAPas//ZOJOBIRHyURh+rrk4joqqY6I4Zq5e7Pz+XSJYlK5c0/kmqZe/NzuWjaJnWgnjkcET+8F3E8s7ze0szs+HChkJ+q5wfKE5cHSjOzJ8Ymhkfzo/nJM6cGB0+fff7sme2L9a+fZg/e/vi1Z78Z+ufdp25++GMSQ3Gw/lhzHNulP/rrr0lX+hI+4NXtrqzNknY3gC1JD82O2lEeR+JQdFRTAMCjLD3/VwCAPSZx/geAPabxPcC9+blcY2nvNxI7684rEdFTi79xfbP2SGf9ml1P9Tpo770kOutXRGMbr3f1R8Tn3739VbpEi65DAqzk2vWIuNjXv7z/T5bNWdiskxso078kr/+DnfN9Ov55YaXxX2Zh/BML459F3Sscu1vRH7GvOb/8+M/cWnHDl7eh8vr476Xa3LY00Kbx38Kktb6Oeu6xNHM0IsYK+bRvezwijkVX96WxQv7UGnUcu/vv3dUeax7//XnjnS/T+tP/iyUytzq7H9xmZLg8/DAxN7tzPeLpzsW5ffeX9f891bHu0v2frju/1hMfXUy+/uL7ny3ZdEEafxpvY1kef2tVvoh4JlaOv7nBq89PHEh3/8na35Xr+PaXT3tXq795/6dLWn/js8BOSPd/79rx9yXN8zVL21v/+vGv/P7fl7xVTTc6j6vD5fLUqYh9yRvL159e3LaRb5RP469FujT+zJrv//ST4MUNxth5+/evtx7/gpZMsUzjH9nU/t984ub98Y6tx5/u/8Fq6lh9zUb6v4028GFeOwAAAAAAAAAAAAAAAAAAAAAAAADYqExEHIwkk11IZzLZbO0e3k9Gb6ZQLJWPXypOT45E9V7ZfdGVafzU5aFaPmn8/mlfU/70kvxzEfFERHzSvb+az+aKhZF2Bw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdQdWuf9/6rfudrcOAGiZnnVL3M0/kK1UKpUWtgcAaL31z/8AwKNmjfP//p1sBwCwc3z+B4C9x/kfAPYe538AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa7Py5c+lS+Xt+LpfmR67MTI8Xr5wYyZfGsxPTuWyuOHU5O1osjhby2VxxYr3nKxSLlwdjcvrqQDlfKg+UZmYvTBSnJ8sXxiaGR/MX8l07EhUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE5pZnZ8uFDITz0SiQ8iYhc0oxWJJHZFM9qS+PXEz4fXKnNjnbfx0K6IYvcl4toaZdrdMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8P/wXAAD//1oOJVo=")
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
r5 = syz_open_dev$loop(&(0x7f0000000180), 0x5, 0x100)
ioctl$BLKFINISHZONE(r5, 0x40101288, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r0, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000010000deffffff00"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_lsm={0x10, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="7910480000000000690030000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r8}, 0x18)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000004c0), 0x111, 0x8}}, 0x20)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
close_range(r10, 0xffffffffffffffff, 0x0)

28.754733889s ago: executing program 33 (id=420):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x480a, &(0x7f0000000280)={[{@jqfmt_vfsold}, {@bsdgroups}, {@init_itable_val={'init_itable', 0x3d, 0x3}}, {@nobh}, {@data_err_ignore}]}, 0xfe, 0x79d, &(0x7f0000000740)="$eJzs3c9rHFUcAPDvbJImTauNINh6aU5aKN20NbYKghEPIlgo6Nk2bLYhZpMt2U1pQg4tIggiaPEg6MWzP+rNq+jZv8GLiLRUTYsVD7Iy+yPZ5nfSbDY2nw9M8t7sm33vu7Pz5u3OYyeAPas//ZOJOBIRHyURh+rrk4joqqY6I4Zq5e7Pz+XSJYlK5c0/kmqZe/NzuWjaJnWgnjkcET+8F3E8s7ze0szs+HChkJ+q5wfKE5cHSjOzJ8Ymhkfzo/nJM6cGB0+fff7sme2L9a+fZg/e/vi1Z78Z+ufdp25++GMSQ3Gw/lhzHNulP/rrr0lX+hI+4NXtrqzNknY3gC1JD82O2lEeR+JQdFRTAMCjLD3/VwCAPSZx/geAPabxPcC9+blcY2nvNxI7684rEdFTi79xfbP2SGf9ml1P9Tpo770kOutXRGMbr3f1R8Tn3739VbpEi65DAqzk2vWIuNjXv7z/T5bNWdiskxso078kr/+DnfN9Ov55YaXxX2Zh/BML459F3Sscu1vRH7GvOb/8+M/cWnHDl7eh8vr476Xa3LY00Kbx38Kktb6Oeu6xNHM0IsYK+bRvezwijkVX96WxQv7UGnUcu/vv3dUeax7//XnjnS/T+tP/iyUytzq7H9xmZLg8/DAxN7tzPeLpzsW5ffeX9f891bHu0v2frju/1hMfXUy+/uL7ny3ZdEEafxpvY1kef2tVvoh4JlaOv7nBq89PHEh3/8na35Xr+PaXT3tXq795/6dLWn/js8BOSPd/79rx9yXN8zVL21v/+vGv/P7fl7xVTTc6j6vD5fLUqYh9yRvL159e3LaRb5RP469FujT+zJrv//ST4MUNxth5+/evtx7/gpZMsUzjH9nU/t984ub98Y6tx5/u/8Fq6lh9zUb6v4028GFeOwAAAAAAAAAAAAAAAAAAAAAAAADYqExEHIwkk11IZzLZbO0e3k9Gb6ZQLJWPXypOT45E9V7ZfdGVafzU5aFaPmn8/mlfU/70kvxzEfFERHzSvb+az+aKhZF2Bw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdQdWuf9/6rfudrcOAGiZnnVL3M0/kK1UKpUWtgcAaL31z/8AwKNmjfP//p1sBwCwc3z+B4C9x/kfAPYe538AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa7Py5c+lS+Xt+LpfmR67MTI8Xr5wYyZfGsxPTuWyuOHU5O1osjhby2VxxYr3nKxSLlwdjcvrqQDlfKg+UZmYvTBSnJ8sXxiaGR/MX8l07EhUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE5pZnZ8uFDITz0SiQ8iYhc0oxWJJHZFM9qS+PXEz4fXKnNjnbfx0K6IYvcl4toaZdrdMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8P/wXAAD//1oOJVo=")
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
r5 = syz_open_dev$loop(&(0x7f0000000180), 0x5, 0x100)
ioctl$BLKFINISHZONE(r5, 0x40101288, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r0, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000010000deffffff00"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_lsm={0x10, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="7910480000000000690030000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r8}, 0x18)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000004c0), 0x111, 0x8}}, 0x20)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
close_range(r10, 0xffffffffffffffff, 0x0)

26.07166594s ago: executing program 1 (id=453):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @broadcast, 'bond_slave_1\x00'}}, 0x1e)
perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r1, &(0x7f00000001c0), &(0x7f0000000080)=""/45}, 0x20)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880)
r3 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r3, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
connect$pppoe(r0, &(0x7f00000016c0)={0x18, 0x0, {0x3, @random="3c38448f3736", 'macvlan1\x00'}}, 0x1e)

25.991289072s ago: executing program 1 (id=455):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x25, &(0x7f0000000000)={0x1})
fcntl$lock(r2, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x80, 0x7})
fcntl$lock(r2, 0x25, &(0x7f0000000180)={0x0, 0x1, 0x100000000000000, 0x80000000})

25.909745163s ago: executing program 1 (id=456):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000040340000000000000800000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
sendto$inet6(r0, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c)
shutdown(r0, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000340)='kmem_cache_free\x00', r5}, 0x18)
socketpair(0x21, 0x2, 0x401, &(0x7f00000002c0)={<r6=>0xffffffffffffffff})
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r6, &(0x7f0000000e00)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x18, 0x1410, 0x200, 0x0, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x5}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000010}, 0x40)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff9ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b24df41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b318e2ec0e1a00897a74a0091ff110026e6d2ef831ab7ea0c34f17efd36ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0cb82d2789cb132b8667c21476619f28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e1019c12a73748b049604fa72c64ed858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6e97180aabc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c972780870014601c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f4b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f19afc91b47683db01a469398685211bbae0e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bde792c88c5b8dcdcc22ee17476d738992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffffd7917f23837a6b24db0e067345560942fa629fbef2461c96a08707671315c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e48455b588b90dfae158b94f50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859ac8e3c177b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2498d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d4a3e1a9e90d76c1993e0799d4894ee7f8249dc1e342892129369ee1b85afa1a5be5f6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355b17402a500587b603306a5af8d867d80a07f10b854b1c8c768c001496fa99ce5b5040be9194123e918914a71ad5a8521fb956dbc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c6775e19f0b7e70803000000b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989172a1bcd1e30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fccf363361dcdba10c1547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2d7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aa0000000000000000532ff181c985f54b7ae20aa5e63055b4d6a36fa98a44e379d2bccf977c3e88538f406b598307c9912fb097601f3f88a2ea6fd1f9320cfe7f09aed4d1e72d26e5c7a93854c8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd92689192727a7267c47cf897853d160100b39b613faefe16bd91fc105dddd77ab929b95032d3717fa9fbdc2bdc0e98ae2c3f23a6131e2879f0484ee3bfe30b92dd493be66c2242f8184733b80ba28e824910844df31f3d4bb2f89049c5f6d63956995747639964217aacfe548fc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc1758763f0000009c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab602000000000000000000113a3065a478d1de98be3a66f6fbf68f2f5693050fa56db62e2f99cf916059ee364dad078fc88d17cbde37a2270f90a60afe8548f4c579b09c333382c6e7a316ac03aa23d379836b96173a5541fa96c27e7fb6d2585d828aa330f3438d8487912bb7742be1502e706644f7a937451beb7a5f6ca3ef21e8cb8f841af6d54334d82a8b816b6daccf0c66162f897623ee325d714f9f10636a7573582ff31c7f9c6f767c806ef4af486cc19a5355bdc814cb5557c6fa6404179c865980b0815b907a7f268e97828c196f5ac033d395a217b4e1e45663023a0292003c36a3b7461fc2c8566e0f3f693bfacae26aa2b7d17962989ccb943633c080aacc9b7d311c251686fc66aa80bf41a5bf6cd72d5aa995820fb318fad61a79a61d0a969fd6018ac9f131fe02fe31d565723cbf9b63841e21417fc29a3e7a03886d80566ae001861799a4aad91c72139e681ced8625b675dfbd6d458d4b2d9e6d565430248172ad942cdb41639f4113896827c8806e049218cd1eef89d6b9b14dd707da40705c07f878263ff9b71ccf28ec50178c7aac83bef7bd1045a5e4bcb6cfe05e2ac3e17c1f8f12ddf5b6770ce0da8cb3aba3a935a6b737b6d3ebf2c715dcc11c5759bd0acdecf333f2b77c52fb2251336bbd92f73ad1a30bb9162bd9d699c49d824b827f3e7c1096354946e09922db25904c83262c6dcb87457e4abefa0e9dcb17d79c173895b74aae2ed4419662690a16494e7b27d0d2688c69b4be3d21b783195f6a5e5dc5c07c73f0d0f0670db10ac9ef5b8295ff88df734e3c6ab8555c0390f962cbf559bce9c42e1034dba78997b2877b485d9d4ae2fcd3e757b84319879d0337785773c940af6e57d162f4606d101def01199325c8676a32e26303560271b720216d95e0013265a45b02bd2414bebda89b7b5e71e70e0000000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x18000000000002a0, 0xe40, 0x10000000, &(0x7f0000000100)="b9ff03006044238cb89e14f088a81bffffff00004000632f77fbac14140be934a0a662079f4b4d2f87e5feca6aab845013f288a81a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x6}, 0x2c)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000e40)=ANY=[@ANYBLOB="1400008a3c34e293601d3c3caacd0583001000010000000000000000000000000a48000000000000020000001c06000000000180080001006c6f67000c00028008000540fff7fffe0900010073797a30000000000900020073797a320000000014f5447d00000011000100"/125], 0x70}}, 0x0)

25.787755945s ago: executing program 1 (id=457):
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f00000002c0)='./file0\x00', 0xc80, &(0x7f0000020100)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b26209f1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc563b62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x1, 0x289, &(0x7f0000000300)="$eJzs281OE10cx/EfL8/D2wPtI4qCMf6jG104gXoFDYHE2ESD1PiSmAwy1aalJZ0GU2OAnVvvwoSwdGdivAE2XoELd2xcsjCOYabCFGoiLhih38/m/Nszv+acnjPNWXS2H7xZKhV8p+DW1d1l6pX6tSOl1a0eRbqabXdY/6u4dV0fzX2+dO/ho9vZXG5mzmw2O38zY2Yjlz+8eLV55WN96P67kfd92ko/2f6a+bI1tjW+/X3+edG3om+Vat1cW6hW6+5C2bPFol9yzO6WPdf3rFjxvVpLf6FcXV5umFtZHB5crnm+b26lYSWvYfWq1WsNc5+5xYo5jmPDg0I7N2J1fmNuzs0mOBgcg1ot605LmjjUk99IZEAAACBRbc7/65z/OwXn/06we/5/3Lx/W3H+BwAAAAAAAAAAAAAAAAAAAADgJNgJglQQBKmf7T9S+IRP0Hw9IGlQ0pCk/yQNSxqRlJKUlvS/pDOSRiWdlXRO0pik85IuSBqPfVbSc8Vhyaz/QJJTRgz3f2eLr//qZvQe6985Yg/u9ktLr1fyK/mojfqzBRVVlqdJpfQtXMumqJ69lZuZtFBaF5fWmvm1lXxPa35Kqd0N0y4/FeWtNd8X7ru9fEap3Q3WLp9pm+/XtauxvKOUPj1VVWUthntyP786ZTZ9J3cgPxFed9o5tqft+jnOr/qj/BH2x4Hvt1cTvcnOHZLfeFlyy2WvRkFxGoq3+iuGcfKLpH+ZcBz2Fz3pkQAAAAAAAAAAAAAAAAAAjuJP/yEYrEX537k46TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDQjwAAAP//k0Fb7g==")
mknodat$loop(0xffffffffffffff9c, 0x0, 0x6000, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18)
lseek(r0, 0x8000, 0x2)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='tlb_flush\x00', r1}, 0x18)
socket$igmp6(0xa, 0x3, 0x2)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0x100}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x110, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0xfc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x5, 0x0, 0x0, 0x4, {0xfc}, {0x0, 0x0, 0x0, 0x6}}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_bpf={0x44, 0x3, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0xaf, 0x1, 0x20000000, 0x2d2f45bb, 0xaad1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
statfs(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)=""/34)

25.47525562s ago: executing program 1 (id=459):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0xc, 0x288}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='0'], 0x30}})
io_uring_enter(r1, 0x3516, 0xc03e0000, 0x4, 0x0, 0x0)

25.323005622s ago: executing program 1 (id=463):
r0 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
socketpair(0x18, 0x0, 0x2, 0x0)
mq_unlink(&(0x7f0000000340)='eth0\x00')
r1 = syz_io_uring_setup(0x1f6f, &(0x7f00000000c0)={0x0, 0x33ed, 0x1, 0xffffffff, 0x8002ae}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0x9, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x8, 0x0, r1, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x3516, 0x2, 0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001, @void, @value}, 0x94)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r4, 0xc0096616, &(0x7f0000000040)={0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000240)=0x100, 0x4)
r6 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
socketpair(0x18, 0x0, 0x2, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000480)='mm_page_alloc\x00', r8}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
socket(0x10, 0x3, 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00'})
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)

25.321454492s ago: executing program 34 (id=463):
r0 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
socketpair(0x18, 0x0, 0x2, 0x0)
mq_unlink(&(0x7f0000000340)='eth0\x00')
r1 = syz_io_uring_setup(0x1f6f, &(0x7f00000000c0)={0x0, 0x33ed, 0x1, 0xffffffff, 0x8002ae}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0x9, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x8, 0x0, r1, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x3516, 0x2, 0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001, @void, @value}, 0x94)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r4, 0xc0096616, &(0x7f0000000040)={0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000240)=0x100, 0x4)
r6 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
socketpair(0x18, 0x0, 0x2, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000480)='mm_page_alloc\x00', r8}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
socket(0x10, 0x3, 0x0)
r9 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00'})
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)

5.533666115s ago: executing program 7 (id=799):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f0000000040)=0x1c00)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x7, 0x288}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
set_mempolicy(0x1, 0x0, 0x2)
r6 = signalfd(0xffffffffffffffff, &(0x7f0000000500)={[0x5]}, 0x8)
name_to_handle_at(r6, &(0x7f00000000c0)='\x00', 0x0, 0x0, 0x1400)
set_mempolicy(0x1, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100003042dbd7000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="00080000075005002800128008000100677470001c000280080003000700000008000700dfffdf0105000500"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r1, 0x0, 0x0})
r9 = dup3(r1, r8, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
ioctl$VT_GETSTATE(r9, 0x5603, &(0x7f00000004c0)={0x5, 0x3, 0x9})
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x8)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0x10, 0xd}}, [@TCA_RATE={0xfffffffffffffe2c, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)
io_uring_enter(r3, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
close_range(r0, r1, 0x0)

4.651498619s ago: executing program 7 (id=811):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0, 0x0, 0x80}, 0x18)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000001280), 0x6)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
shutdown(r2, 0x1)

4.56684051s ago: executing program 7 (id=812):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x22, 0x1, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}}, 0x0)

4.530941191s ago: executing program 7 (id=814):
lsm_get_self_attr(0x64, &(0x7f00000003c0)={0x0, 0x0, 0x40, 0x20, ""/32}, &(0x7f0000000400)=0x40, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0xf3a, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='sched_switch\x00', r3}, 0x18)
write(r0, &(0x7f0000000240)="94", 0x1)
vmsplice(r2, &(0x7f0000000380)=[{0x0}], 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x3c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r4, 0x400, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x11, 0x4, 0x4, 0xff, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, r4, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(0xffffffffffffffff, &(0x7f0000000240)="94", 0x1)
tee(0xffffffffffffffff, r5, 0x8f5, 0x0)
write$binfmt_script(r5, 0x0, 0xd9)
write(0xffffffffffffffff, 0x0, 0x0)

3.641644404s ago: executing program 4 (id=842):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040), 0xc)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x8, 0x0, 0x7ffc0002}]})
r1 = semget$private(0x0, 0x6, 0x3b1)
semtimedop(r1, &(0x7f0000000040)=[{0x0, 0x1}], 0x1, 0x0)
semop(r1, &(0x7f00000000c0)=[{}], 0x1)
semctl$IPC_RMID(r1, 0x0, 0x0)

3.555654685s ago: executing program 4 (id=844):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x6, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x1, 0x0, r0, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES64=r0, @ANYRESHEX, @ANYRES32=r1], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xf, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x80000002, r2}, 0x38)
mremap(&(0x7f00003c9000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f00001de000/0x2000)=nil)
socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x2, @perf_config_ext={0xf60, 0xffffffff}, 0x100, 0x5dd8, 0x3a65, 0x9, 0x0, 0x8, 0x8, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x10, 0xffffffffffffffff, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r6 = openat$cgroup_type(r5, &(0x7f0000000300), 0x2, 0x0)
write$cgroup_type(r6, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000c40), 0x12)
socket$nl_route(0x10, 0x3, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
write$cgroup_int(r7, 0x0, 0x0)

2.456581912s ago: executing program 6 (id=850):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)=r1}, 0x20)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001840), r2)
sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000001880)={0x20, r3, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4020}, 0x8094)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x20000020000000}, 0x18)
semctl$IPC_INFO(0x0, 0x2, 0x3, 0xfffffffffffffffd)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000000000d0425bd7000ffdbff2500000000", @ANYRES32, @ANYBLOB="1000000000000000240012800b0001006272696467650000140002800500070006000000050019"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x4814)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd30, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000002380)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==")
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x20000023896)
setsockopt$CAN_RAW_ERR_FILTER(r6, 0x65, 0x2, &(0x7f0000000340)=0xffffff9a, 0x4)
sendmmsg(r4, &(0x7f00000002c0), 0x4000000000000c1, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x5, [@var={0x2, 0x0, 0x0, 0xe, 0x2}]}, {0x0, [0x0, 0x5f, 0x30]}}, 0x0, 0x2d, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
sendto$inet(r6, &(0x7f0000000380), 0x0, 0x8d0, &(0x7f00000003c0)={0x2, 0x4e20, @empty}, 0x10)
openat$cgroup_ro(r1, &(0x7f0000000200)='blkio.bfq.sectors\x00', 0x0, 0x0)

1.9546063s ago: executing program 4 (id=857):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x4, 0x24, &(0x7f0000000480)=ANY=[], 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000200)='kfree\x00', r2}, 0x18)
ioctl$EVIOCRMFF(r0, 0x40095505, 0x0)

1.676270504s ago: executing program 6 (id=865):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0)
r1 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000180))
mount_setattr(r0, &(0x7f0000000140)='./file0\x00', 0x1000, &(0x7f0000000200)={0x100000, 0xc, 0x1c0000, {r1}}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000022020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33cb95d66a1781f31bf07fd2ae874", "62266bd8", "b8b99b99d21d88a2"}, 0x28)
write$binfmt_script(r4, &(0x7f0000000780)={'#! ', './file0'}, 0xb)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x14)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TIOCL_BLANKSCREEN(r7, 0x4b67, &(0x7f0000000180))
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000030000000900010073797a30000000005c000000030a030000000000000000000300000009000b0073797a30000000000900010073797a300000000014000480080002400000000008000140000000001c0008"], 0xcc}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r9}, 0x10)

1.545946127s ago: executing program 6 (id=868):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$selinux_member(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$selinux_access(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a757365725f63726f6e5f73706f6f6c5f743a88733020756e636f6e66696e65642030"], 0x47)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1c, 0xc, &(0x7f0000000340)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYRES8=0x0, @ANYBLOB="19c88c0dcf4c4aab1e61e3eaa3ae7150f3d34f7d270b4b540a642aef718621ae97e27674967e57c516de0fb47723e29bde17b1d7b5c43c23dd8bd22ab2b2e101eb4c53fc608e5035fef10f9b87273f0813c4274a509635919a74c3914f7dd1e207be38501e2fe742f3b809c676774cc9e95dd925dbc955944b24d86cf87e37429766a44ee9f1f8db9cf5828289509bc256c9e15ec5615d2a01b4cfca524cb45f2354b58ed27f50b65678ea5556365f3afd70ded7d532", @ANYRES64=r3], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000180)='sys_enter\x00', r5}, 0x18)
r7 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000040)=<r9=>0x0)
poll(0x0, 0x0, 0xffffffffffbffff8)
timer_settime(r9, 0x1, &(0x7f0000000180)={{}, {0x77359400}}, &(0x7f00000001c0))
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000000)={'team0\x00', <r10=>0x0})
connect$packet(r6, &(0x7f0000000080)={0x11, 0x4, r10, 0x1, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}}, 0x14)
copy_file_range(r8, 0x0, r7, 0x0, 0xfffffffffffffff8, 0x0)

1.508406647s ago: executing program 7 (id=870):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000040)=0x1c00)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x7, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
set_mempolicy(0x1, 0x0, 0x2)
r5 = signalfd(0xffffffffffffffff, &(0x7f0000000500)={[0x5]}, 0x8)
name_to_handle_at(r5, &(0x7f00000000c0)='\x00', 0x0, 0x0, 0x1400)
set_mempolicy(0x1, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x7, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b702000000000000820000008600000095000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100003042dbd7000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="00080000075005002800128008000100677470001c000280080003000700000008000700dfffdf0105000500"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0})
r8 = dup3(0xffffffffffffffff, r7, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
ioctl$VT_GETSTATE(r8, 0x5603, &(0x7f00000004c0)={0x5, 0x3, 0x9})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0x10, 0xd}}, [@TCA_RATE={0xfffffffffffffe2c, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)
io_uring_enter(r2, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.402816399s ago: executing program 3 (id=874):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r0, 0x0, 0x4ab}, 0x18)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000009c0)="ec663189d3348bf1", 0x8}], 0x1}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r2)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r4, {0x7, 0xfff2}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r5, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000003140)=""/4104, 0x1008}, {&(0x7f0000002f40)=""/196, 0xc4}, {&(0x7f0000001e00)=""/208, 0xd0}, {&(0x7f0000001fc0)=""/197, 0xc5}], 0x4}, 0x3}], 0x1b00, 0x0, 0x0)

1.183058972s ago: executing program 4 (id=875):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000e40)={0x38, r2, 0x1, 0x70bd2b, 0x0, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x80}, {0x5, 0x3, 0x2}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f0000000040)={0x4, 0x0, 0x8, 0xffffffff, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289aa57152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2c, r8, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40c0}, 0x4000000)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000f000000050030000000000005002f00a005000008000300", @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x40084}, 0x0)

1.167063072s ago: executing program 4 (id=877):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x7f, 0xfffffffc, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000000), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (fail_nth: 2)

1.110094783s ago: executing program 4 (id=880):
lsm_get_self_attr(0x64, &(0x7f00000003c0)={0x0, 0x0, 0x40, 0x20, ""/32}, &(0x7f0000000400)=0x40, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0xf3a, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='sched_switch\x00', r3}, 0x18)
write(r0, &(0x7f0000000240)="94", 0x1)
vmsplice(r2, &(0x7f0000000380)=[{0x0}], 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x3c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r4, 0x400, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x11, 0x4, 0x4, 0xff, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, r4, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(0xffffffffffffffff, &(0x7f0000000240)="94", 0x1)
tee(0xffffffffffffffff, r5, 0x8f5, 0x0)
write$binfmt_script(r5, 0x0, 0xd9)
write(0xffffffffffffffff, 0x0, 0x0)

962.071235ms ago: executing program 2 (id=884):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4cb77000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
munmap(&(0x7f00007fe000/0x800000)=nil, 0x800000) (fail_nth: 2)

618.256251ms ago: executing program 6 (id=885):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040), 0xc)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x8, 0x0, 0x7ffc0002}]})
r1 = semget$private(0x0, 0x6, 0x3b1)
semop(r1, &(0x7f00000000c0)=[{}], 0x1)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x7, 0xfffffffffffffffc}, 0x103200, 0x1, 0x840000, 0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
semctl$IPC_RMID(r1, 0x0, 0x0)

617.416531ms ago: executing program 7 (id=886):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/anycast6\x00')
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x17)
r1 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0)
preadv2(r3, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000000)={'wpan3\x00'})
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000010180)={'wpan4\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=<r9=>r7, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r8, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002"], 0x7c}}, 0x0)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYRES8, @ANYRES8=r9], 0x1c}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NFC_CMD_DISABLE_SE(0xffffffffffffffff, 0x0, 0x0)
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f0000000380)=0x14)
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f00000000c0)=0x32)
close(r0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f00000011c0)=[{0x6}]})
r10 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00')
preadv(r10, &(0x7f0000000080)=[{&(0x7f0000000b40)=""/119, 0x77}], 0x1, 0x4000ffe, 0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7fff, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000010140)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, 0xffffffffffffffff, 0x0)

530.551192ms ago: executing program 2 (id=887):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000480)={[{@grpjquota}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {}, {@grpquota}]}, 0x1, 0x446, &(0x7f0000000d40)="$eJzs28tvG8UfAPDv2kn6/P1qqvLoAwgURMQjadJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSd8QRib+AE1wQcELiCndUqUK5tMDFaOPdxHbttA5ONtSfj7TJzO44M1/vjj07kw2gbw2nP5KIvRHxa0Tsq2ebCwzXf91cXpz6c3lxKola7Y0/kpVyN5YXp/Ki+ev25JmBiNInSRxuU+/8pcvnJqvVmYtZfmzh/Ltj85cuPzN7fvLszNmZCxOnTp04Pv7cyYlnexJnGteNQx/MHTn4yltXX5s6ffXtH79O8vhb4uiR4fUOPl6r9bi6Yv2vIZ0MFNgQulKud9MYXOn/+6IcaydvX7z8caGNAzZVrVar3df58FINuIslUXQLgGLkX/Tp/W++bdHQY1u4/kL9BiiN+2a21Y8MRCkrM9hyf9tLwxFxeumvL9ItNmceAgCgybfp+OfpbPzXtPBTisZ5of9nayiViLgnIvZHxMmIOBAR90aslL0/Ih7osv7WRZJbxz+la13+ya6k47/ns7Wt5vFfPvqLSjni73y4XInB5MxsdeZY9p6MxOCOND++Th3fvfTLZ52ONY7/0i2tPx8LZu24NrCj+TXTkwuT/ybmRtc/ijg00C7+ZHUlIL0sDkbEoQ3WMfvkV0c6Hbt9/M2GGjM9WGeqfRnxRP38L0VL/Llk/fXJsZ1RnTk2ll8Vt/rp5yuvd6q/2/h7LT3/u9te/6vxV5LG9dr57uu48tunHe9pNnr9DyVvNu17f3Jh4eJ4xFDyar3RjfsnWspNrJVP4x852r7/74+1d+JwRKQX8YMR8VBEPJy1/ZGIeDQijq4T/w8vPvZO856ki/g3Vxr/dFfnfy0xFK172ifK577/pqnSSnQRf3r+T6ykRrI9d/L5dyft2tjVDAAAAP89pYjYG0lpdDVdKo2O1v+H/0DsLlXn5heeOjP33oXp+jMClRgs5TNd9fng+nzoeHZbn+cnWvLHs3njz8u7VvKjU3PV6aKDhz63p0P/T/1eLrp1wKbzvBb0L/0f+pf+D/1L/4f+1ab/7yqiHcDWa/f9/2EB7QC2Xkv/t+wHfcT9P/Qv/R/6l/4PfWl+V9z+Ifntmti5PZrRn4koFVd7PkNV+JtwFycK/mACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADokX8CAAD//2Ts5lU=") (async)
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000480)={[{@grpjquota}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {}, {@grpquota}]}, 0x1, 0x446, &(0x7f0000000d40)="$eJzs28tvG8UfAPDv2kn6/P1qqvLoAwgURMQjadJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSd8QRib+AE1wQcELiCndUqUK5tMDFaOPdxHbttA5ONtSfj7TJzO44M1/vjj07kw2gbw2nP5KIvRHxa0Tsq2ebCwzXf91cXpz6c3lxKola7Y0/kpVyN5YXp/Ki+ev25JmBiNInSRxuU+/8pcvnJqvVmYtZfmzh/Ltj85cuPzN7fvLszNmZCxOnTp04Pv7cyYlnexJnGteNQx/MHTn4yltXX5s6ffXtH79O8vhb4uiR4fUOPl6r9bi6Yv2vIZ0MFNgQulKud9MYXOn/+6IcaydvX7z8caGNAzZVrVar3df58FINuIslUXQLgGLkX/Tp/W++bdHQY1u4/kL9BiiN+2a21Y8MRCkrM9hyf9tLwxFxeumvL9ItNmceAgCgybfp+OfpbPzXtPBTisZ5of9nayiViLgnIvZHxMmIOBAR90aslL0/Ih7osv7WRZJbxz+la13+ya6k47/ns7Wt5vFfPvqLSjni73y4XInB5MxsdeZY9p6MxOCOND++Th3fvfTLZ52ONY7/0i2tPx8LZu24NrCj+TXTkwuT/ybmRtc/ijg00C7+ZHUlIL0sDkbEoQ3WMfvkV0c6Hbt9/M2GGjM9WGeqfRnxRP38L0VL/Llk/fXJsZ1RnTk2ll8Vt/rp5yuvd6q/2/h7LT3/u9te/6vxV5LG9dr57uu48tunHe9pNnr9DyVvNu17f3Jh4eJ4xFDyar3RjfsnWspNrJVP4x852r7/74+1d+JwRKQX8YMR8VBEPJy1/ZGIeDQijq4T/w8vPvZO856ki/g3Vxr/dFfnfy0xFK172ifK577/pqnSSnQRf3r+T6ykRrI9d/L5dyft2tjVDAAAAP89pYjYG0lpdDVdKo2O1v+H/0DsLlXn5heeOjP33oXp+jMClRgs5TNd9fng+nzoeHZbn+cnWvLHs3njz8u7VvKjU3PV6aKDhz63p0P/T/1eLrp1wKbzvBb0L/0f+pf+D/1L/4f+1ab/7yqiHcDWa/f9/2EB7QC2Xkv/t+wHfcT9P/Qv/R/6l/4PfWl+V9z+Ifntmti5PZrRn4koFVd7PkNV+JtwFycK/mACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADokX8CAAD//2Ts5lU=")
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) (async)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRESDEC=r0, @ANYRES64=r0, @ANYRES64=r2], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRESDEC=r0, @ANYRES64=r0, @ANYRES64=r2], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
unshare(0x8000000)
semtimedop(0x0, &(0x7f0000000440)=[{0x0, 0x0, 0x1000}], 0xf, 0x0)
unshare(0x2c040000)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x3, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="be086142d8f9e900a858"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
preadv(0xffffffffffffffff, 0x0, 0x0, 0xc, 0x2) (async)
preadv(0xffffffffffffffff, 0x0, 0x0, 0xc, 0x2)
syz_open_dev$loop(&(0x7f00000005c0), 0x9, 0x12d600) (async)
syz_open_dev$loop(&(0x7f00000005c0), 0x9, 0x12d600)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x0, @hyper}, 0x10)
listen(r3, 0x0) (async)
listen(r3, 0x0)
accept4$unix(r3, 0x0, 0x0, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r3, 0x28, 0x0, &(0x7f0000000000), 0x8) (async)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r3, 0x28, 0x0, &(0x7f0000000000), 0x8)
r4 = syz_open_procfs(0x0, 0x0)
unshare(0x42000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000880)={{{@in6=@mcast1, @in=@broadcast, 0x4e20, 0x1, 0x4e23, 0x1, 0xa, 0x80, 0xa0, 0x5e}, {0xd06, 0x1c000000000000, 0x2, 0x1, 0x3, 0x3, 0x7, 0x80}, {0x4, 0x2, 0x1, 0x8000000000000000}, 0x75e, 0x6e6bb6, 0x0, 0x0, 0x1}, {{@in6=@private2, 0x4dd, 0x2b}, 0x2, @in6=@mcast2, 0x3504, 0x2, 0x3, 0xff, 0x3ff, 0x7, 0x4}}, 0xe8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f00000002c0)='./file1\x00', 0x0, &(0x7f0000000000)={[{@acl}]}, 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==")
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000300000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000010000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r3, 0x28, 0x0, &(0x7f0000000100)=0x5, 0x8)
setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x68, &(0x7f0000000340)=0x1, 0x4)

529.730342ms ago: executing program 3 (id=888):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x94, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x22, 0x1, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}}]}, 0x94}}, 0x0)

453.654033ms ago: executing program 3 (id=889):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder-control\x00', 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x7, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
socket(0xa, 0x3, 0x3a)
r2 = socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@remote}, {@in6=@remote, 0x0, 0x3c}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {0x8}, 0x0, 0x0, 0xa}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x13c}}, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r4, 0x0, 0x0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x1b, 0xf, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x9, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x80000001, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x7, &(0x7f0000000400)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
fsetxattr$security_evm(r3, &(0x7f00000004c0), &(0x7f0000000580)=@sha1={0x1, "6851a316896842ba47ec4e4ffee01580112df684"}, 0x15, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001ffa10002000000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)

363.129445ms ago: executing program 3 (id=890):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x82, 0x0)
ioctl$sock_ifreq(r0, 0x8916, &(0x7f0000000040)={'gretap0\x00', @ifru_names='ipvlan1\x00'})
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20002090}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x401}]}, 0x1c}}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x7)
socket$pppoe(0x18, 0x1, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)={0x1c8, 0x0, 0x328, 0x70bd28, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0x1}, {0x8, 0x13, 0x81}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x401}, {0x6, 0x11, 0x8}, {0x8, 0x13, 0xfff}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0x8}, {0x8, 0x13, 0x238}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x92}, {0x8, 0x13, 0x800}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x3}, {0x8, 0x13, 0x7ff}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x80}, {0x6, 0x11, 0x9}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0x6, 0x11, 0x8}, {0x8, 0x13, 0x401}, {0x5}}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x4}, 0x1)
r3 = socket$netlink(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r2)
sendmsg$NL80211_CMD_PROBE_CLIENT(r3, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x20, r4, 0x400, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000005c0), 0x1, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000640), r2)
sendmsg$FOU_CMD_ADD(r6, &(0x7f0000000700)={&(0x7f0000000600), 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x28, r7, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @dev={0xfe, 0x80, '\x00', 0x10}}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x800)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000780), r3)
sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000880)={&(0x7f0000000740), 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x48, r8, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000050}, 0x8096)
r9 = pidfd_getfd(r0, r0, 0x0)
setsockopt$inet_tcp_int(r9, 0x6, 0x1, &(0x7f00000008c0)=0x3, 0x4)
sendmsg$NFT_BATCH(r0, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x6}, @NFT_OBJECT_TUNNEL=@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x48}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x4, &(0x7f0000000a40)="e774b88feb695155e69af5db9b8d0221728c4c32", 0x14)
execve(&(0x7f0000000a80)='./file0\x00', &(0x7f0000000cc0)={[&(0x7f0000000ac0)='gretap0\x00', &(0x7f0000000b00)='pci\x00', &(0x7f0000000b40)='netdevsim\x00', &(0x7f0000000b80)='*+]+!}&[\x00', &(0x7f0000000bc0)=':\x00', &(0x7f0000000c00)='pci\x00', &(0x7f0000000c40)='\x00', &(0x7f0000000c80)='-!\x00']}, &(0x7f0000000e00)={[&(0x7f0000000d40)='&&,&/]}%\x00', &(0x7f0000000d80)='\'*\x00', &(0x7f0000000dc0)='/selinux/commit_pending_bools\x00']})
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000e40)={{0x4, 0x9}, 0x1, 0x2, 0x7ff, {0x0, 0xff}, 0x4, 0x4})
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r2, &(0x7f0000003080)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000003040)={&(0x7f0000000f00)={0x2120, r4, 0x200, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x5f}}}}, [@NL80211_ATTR_NAN_FUNC={0x6c, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_TYPE={0x5, 0x1, 0x3}, @NL80211_NAN_FUNC_SRF={0x4c, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_INCLUDE={0x4}, @NL80211_NAN_SRF_MAC_ADDRS={0x28, 0x4, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}, {0xa}]}, @NL80211_NAN_SRF_MAC_ADDRS={0x1c, 0x4, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}]}]}, @NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0x6}, @NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "211740eaa400"}]}, @NL80211_ATTR_NAN_FUNC={0x5c, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE={0x4}, @NL80211_NAN_FUNC_SERVICE_INFO={0x54, 0xb, "1c0a50162735a32ba8a40aafda32683d3a27f5ebbb9706831529f2bd9b739002dcea84b139eaed216bf0de00a144a788bf6478b3d6f2e65def3aad54d46fb3a772077b51a1a33728b6965544988d340c"}]}, @NL80211_ATTR_NAN_FUNC={0x868, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0x8}, @NL80211_NAN_FUNC_RX_MATCH_FILTER={0x3ac, 0xd, 0x0, 0x1, [{0xa4, 0x0, "051ddc6a0ce03feead412d354838382ca0415fb9c7c31b1bdb058d098d4c3c4722110dc7a8889fd101fcb2553292ed32c4621f255801184aaa9e8fe3919db6506d89dfd36802ae212b591677b0c8e8932da350316c754f45c10d45fb3317769cd413b266e02b3d6253c240009422f86a779aacf69b5bddcdd62d600bec099a10f6ea4143095e4a9697e0acac2fa3de6a36ec5601cf6ad3687919eae03bf50b91"}, {0x7a, 0x0, "99bb86e992d735c8cd4cc6f4b4eee683ac3b5da4b8d381839bd476a1c1a50f9e217d6bb5b451f0b66d61a1ae5fc0b34dd874eef13633828a7aadd06f268f5b141eff304743e2430b6b94c5d40959e21ceaad01e4dc45870b174e6220cee20ddcded57b26e33c957b42fb61980e7798fdfdff8cf24af5"}, {0x54, 0x0, "cea645237f186d5d06a181cbee3719da47db05b434402c33e0903963da72f38230205391419f29c5bd0a8643e4d9d64b821bf839ddd9d92a1362535144e9dbe7125fd67fed8b0e0a89cb5822ca687b32"}, {0xb5, 0x0, "7b0b520a176ef51491e12dc19e12a2aabc7e75d96e2d146c5d98d48a3f6f12a4d03441463090ce67de7bfe9f806b05dbadfb5b84ffce6835631a49cae2c266870a301843cc27f3efa6f6d3edd668d50bc197fe6c5abe4227b8f731b5c357770d02c490c38adf0681a49138c3c69faa574d442e636fb14dfd9371e8468d5c01e018bc7581644e325932a038f17cad6391f61c153f1f043b73c6af55e535f7d4ca7752657d03cec046b42de98204fe56989e"}, {0xb2, 0x0, "6d9cbf06c8aebde0f3775387200578a8fc1c90da5002fd715bf9cdcd6040e8bd2fea188fc4f8bef2e5b4f680aeb4638de446d27adc695f86051a1cc7876c41989c8a7c157c2871199e4209a7e90f17d4e66f07af9e44cda8458d514c0d4ebc6da08801c3a58fe0c46ba4c20629136952bfb122ae065e6a13d71552f25f9b5ca841975072a9a2f0b1d77b2af3bd69c9fa0180ab00ef5d7c48a391c56d83db83ccbc15e8116e6e99cc0430e88e6e2b"}, {0xc5, 0x0, "c8ee1bf70660d658995b7170370ea9600fc72519c76f152bb6be484e4fec4209241829c7dcd29b9c9ea508589a1600a5f895eddf633110cc54c0ce12a187d7483d50168a4496f648e3071acff3852da756db4843b74b2f0d8d33dd483339e84a9075ef3e19f5127684cf64e7bcb368b155ae5a5cdf8d45a6ceb23c8670c847387ab092dacbcec48a71a792f0f90926423412eae1f883021aa9bad1612b81b06ccde4226e9598b6b066ad8b91e2c21d89e1f6794a81dc85b9842d9d871f47127b84"}]}, @NL80211_NAN_FUNC_RX_MATCH_FILTER={0x3c, 0xd, 0x0, 0x1, [{0x37, 0x0, "9aac3698886d312157a3f1b1ee7d05c2efaeec2a73378409796f9e6389357c88c2ecc469fcdec0d0fa81fa1e9d17779b4a79e1"}]}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x118, 0xe, 0x0, 0x1, [{0xb3, 0x0, "5d68dd59e1d208e596532d8b09aa310a9adf8c013e9eed255eaf48911fa31c10873abd16b685505d53eefaec2d64ddcbb5e172304b89bdf779e56b55b46ff3a8cbc11a8c55c83fce79f2146e025299bad8a691f9d5752abee01aa2e8ee0f98733cf1a28e9531cc5932d6024b3ffa0dcfec0533b21a15e509e9462b08bf718462bc0dd141c2e48ff68e5fe58aaf964616f0eeaa61b13fbd542cb717e837902244c1be6b80cfc841b6357ca203620dec"}, {0x37, 0x0, "8dfe52f7dae4f4eba57ba9531ac5155bb7095fa2407cb2b8c926fb8b7c3c27c07ef3081264d790a85cbe0e7975e9475a8b3969"}, {0x26, 0x0, "18b2a70a7345935ca85ccb199a228d78400f4b6baa663408ea01e2119ca4b3d0ece0"}]}, @NL80211_NAN_FUNC_FOLLOW_UP_ID={0x5, 0x6, 0xf}, @NL80211_NAN_FUNC_RX_MATCH_FILTER={0x354, 0xd, 0x0, 0x1, [{0x4}, {0xf3, 0x0, "5fce019ff9699bce0fcef003b7173730514db06b428fbf294a4f91643fec6171ce65e77e3759e5578216f78d8037a18a08bc95ea1bcfd8aa32154a16c8087fd5398605346a57033a4e31843ff17bd73bf1715c9edf1eda97ab75f55dcdc91abbde9ed6258e3ad03ed9228a2072c8992ccc47a5ea2a20a5de291e0abd9ee6dee7143074face33679eb0779e069fbab712d12c24babbf87484700e3552e2e7f6b0a8a63440d479eb217806564b8624fe42da52d2567d878db06c320f2d20c9a5353d244eb8882c5ed8b733474b72dc3ca6372512ce8bbace620eb8fed6761ec5e5ad10146d0f55c6c8d09848ed5450fd"}, {0x8c, 0x0, "25d6f7aec28b0c0b7e65b01b62e80d4c6132140d7a292c24ea216d4926e3d77a0f97cc25038c56b2f07c81330f111dabed3dad5c40c2eadbde203a5886a07168bbae1a94b5eaf3506e524087205bea20f3c500e24511a24c5567f5a434e8ce96530d7414c188ef9bf677cc358ee06b48cc43fca64c8de725a957861134c30a2cdafd2d78099a3d16"}, {0xa9, 0x0, "bf5b13ec7db95fb7cfb0049314109dc72ed25ce9ddccdadaa1192d9bd1871044a82f70fab60643717541e86df8cd009aeed13c0045fd4ddd86d8970d6ab3f4d039385d0514cea4a15bdd70de6087f962f43b37f0194ea29a759fc81a3a1df2dbb3c7163098a70d3479df32647571bdbf9104ff138aff1ae295aea3a55eb09fbce3b71c514cd1822affb2cd89716ec27f3979b5a81f408d83647087b0248aae3986d9f993c1"}, {0x24, 0x0, "b25b4c479bce329f96ecfc881806a6f6f3c6df034bf42b5342549be8e16d26bc"}, {0xfb, 0x0, "7216182c8413c3234d7a4dd68f2b5655723588c8ffefdb83e2b28ca7b32da71d823f4baed88b6d47f5def227120bc955771c424286bf55af8e0128be4e17c510243ba976e2c428ec7501e6790d12ea4a24cd623cb4ed181b0c5fe10ba9730c7882a1460f8ed54db2b866d30fb288b3ab9f71146076d083d77067a64a60a796803b7624627eabf2f7c2ab197c57bd489b29d6ef0a6b57b8fe1a397b3f82d14cee1fff6e830fa41d171b6accc21a5a251964f3d1d878feac782039e134c8a3a08af18f3a34a3defd3eb53a2cd3972fa7abe7cef202e107f8f8c1cbafe263eccac1d44b5464b461244d8f971e96d12131f5abe39fafecb2c5"}]}]}, @NL80211_ATTR_NAN_FUNC={0x54, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_SERVICE_INFO={0x50, 0xb, "49aa6d7a323b87191ca9e07f62795e98203e4c7a9f38f7fc757d3849b09760cc14de1039657d233461b72fa0ea39ec85e8ad09e0b9d0474c6350f6e884fdf0a1530b9a815197118e9ee66b0f"}]}, @NL80211_ATTR_NAN_FUNC={0x164c, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_RX_MATCH_FILTER={0x1010, 0xd, 0x0, 0x1, [{0x7, 0x0, "b61e33"}, {0x1004, 0x0, "02daa4fbfad88276a89a58eee913528b7b9a3fa08c7d663999e86fa99dee5da4488d71ad7e1c86680f3c40978910df380aaac772b0ac90685a10c9fc33d8e8373292a03367171009e290964f6f693915e88e8d5d523abae85abf083630d21e764c8afef8d1ee9f7b9871c429ed404871829e9a92ab0b331e29099f2206e21c30aa926d6093c91c80dfa5759b6184fd5b6f59c76fca820b42dff186b0e3b23aeccca7ee5ff239a8f462184e077404c5eacf74a92047bbadf6db9ce35a350b999f26a4a2bc014f5c82abae04124343599fa3ad2730ebc0ca6bd030e9ce37d735749eef5400d37faf4b97587b4a2ad998d983c13257a4ba98588611fc843be0b00006f4e84beddc6837582954bcbb63a525ace48c31a3ad052a932adaa49cc19fc0d2717831c79e88308e1104b1eb24adb354d78e996ccd334b793378ea0e6cd5072480abaeebbdbf7ab37fdd2c39e7c500533ff2813f108a1d826431dd5efe3e86c7a0f5616c05c26e94fa301c96a7a2a24dbcf2a443319536fcd3e7e88c6beb3b69444ab30e02c87cba53e08e2d713ad42fc4cce99f159b696fffa5e31f70291a738ac39431e5dd305c43e458895bb1e664ece1cf94badd497e54a8893c17e3c22984aed6f3deeb54a1c26bd55c17139297e86f519f653c27447ff95876f8a57eed334545c6bce2fb607c13887d2389facd4f3ee94a18430bb5e8b02fc34325e284f03b64922cd3b50266915ffe9979d13e536f8884e5d9ddb5907305531c2fba04bc1ef2aec6e267e1c3cbc5dd8847876ddb5132010febeb8084f988aedcc601beef59e0307e5bd231e543d4874a4f7d752297f9eaccc07699e67241e28310c7dbf73bec5ac18632b8da531bf0b189ba21074181dfd33e5c5603a3ce0bf44beb30bf6a71c0c99aa4733d6b71f96ca3f6e530b7fa609f6b238c844f136715a96c67cff83300b01f7efa054e144c588611a900e716ceeccd38f06479152aa8d2fd7162e5b2be343675bb427e95ca85896560c31759e227fd145e41e572b87947be250548031bbce61bccb91b5bdd745415d7b5a210c8d1ffc1ede62df63bb80f55a2bcaf3023f30ca62404ef2434882df4572d10831f4022af52e5c0c66a98399f76e01070d7e067858bb9a2b649adbbd2672cec09b27831b298cb92029c13fde676c2dc25b2b05a8344fbce246247b549c3f046fd9bc9d6e2e42d697eb4384b56715d6e85d65304199feea22ea588a9bdac6728de9a60ec1a5d927eefdd90715b2b993808206703cc6d5bb48ff3b8a79fc2bf59d73ef41513d8eb2779dece74c77791dea3b8201a1ea269b088fb2c16fcab595137438acda1e32be3ad138bdf4eb29e62541b905a6132208110bccd4a20ba640628e4546a3349a22b0b00b5c0f2aaaa77265caaa3b7673ed012e3f24d7683f1eee819b725551a729d3acc078fc79f9a49d3f5a5025b05d13fb652ec9f7442838c44eb013c8bfacd8d2c3c184b5679050404610b94c372bebb1dde7e2ad088e632b0d61408ab05851219afef2ba906ad71b3c69574922fab531026250dcb35b4ac263df5bc106bf42b9167872a393aff54d9296f7fd949758d68182d0a89aae0e5f26bb031baaa13f3f64ad542ae79ca5ad7a47cc7cedd28575c782517df377ccc3a170b53845066e4636bb9ba658e1b9f8a559ac746f81bbfafc32d4be9ea0f8bc9707996b30415ab930c0cf4f1f3e646abf9cabd857c3647d45f9c460155f31f412859ecb164d5ef8c0407b87adf24d5c7f27ef9dd70b4142477a4aca62362a5d8c5c7ce2f3cb65237288d5fb4467b24ef9839351f5b6987ea93531938c887b017bfc2ddf2c07fe76a5f25e910d628354a782276f7ce796257b1c57eac1a905fe62b5e1ff30457307396253c4fd6d0e94e6cbc2fd46520e1f08d0304035ea8bd3a84c65661795ca28fc8357bb087e5e5cf19499be0145b18601a957c81674a8274194c1ed1bf0a3bf70051cd8069ba51bdd3d335bd744cca3da406a8aada66d40d4fd62f5f99702bf36f760b8ea213a27eea718e97801f8b46ab21027d55d5193b532c7cab74629a73e70e84bd475895611d759236a2a743501cb5c9a1591cc5e00be5e51a17fb262564d1f8719b8efc3fa82c25590d1964e244aba77b3a38fb14bc0791d2c8972df2f3ec6b243701055ef8dfe57199ec3f4e643e890b0d98b3687a65da184b3e169a7573a1ccd62adccba81a241013418fa337a945a475dd51199ee356c09af984630d71b8285691b6bc91cf168731d46a1466e49cbf41c5b8030591124a47025baef71dcaa49da77cb2df87225c33b812f57b67aabe33132ad1d056d596ada287547866ebf6876c4fe37fae10908f7a2719762a2255679c6a28d1db7f3a438666792cd0afae574c199aa2c4685e0bed8051187d4141424e3adf74a781f98babb1f2ced55b3c7caaaf43aad205c52001cab2a1f2982e9e2c4b00124e2f3d49959e8e255f63436bb3f3695cd3b3c3436e579e4a7bb030ee67c8134bfcb076c0f17dd09bfe113696d9c251af834e8aed8746f1203fd55533c3cb76d88f93ea8745804b5a582f7df25444ad3337ea564f93137637bc74f7c0f66b042594cc89e602cd93abf02425c84aa4439897c0c674af1efc07ba17db8bfc697c8360ff523e840c92a1c598e33b66b4503c3bb06eb3ceecef011055932c4ebf3b75bd79e2db1a22711a657780e6695ea3f4474ea31010fa381af6120587e6537b429fa115e8bfeebe3fb27af82651ead7e501b0e45b2476f47c30d30e5615869e60f925e1baae7c4887932dc927281e542910889654a40bcc884b56c387ff1ec98fc9a3c4cf5cf9cb046e7202e9f0ea1ed3470ba38a13d24294cd093ea940c042408c334d336e61c715560a534490e6b385d99430964b3728f29e7c670cb015167d2b2ec3ed88fb2e00a4fc1caec825e8eb6bc63592ca969d0024fa8899b73450921852025175b87747302d0f85bc3614304beed9a34be4123f536b5e5ec45f604b2a69895ea2a111e873de4fdd915a625c69d1993f7dd270d02ad1a67cefce2eb61753fcadca686262a3dc2cbd081a67569ace8c246abe5a1b6009ec5d3783fd864a08e89c957408aad31f69973da2e44a5826d3ea53d354a2dc72bbbddf54ef68f74bf7e7b6d36e1147d471b5d2c766258255599acda3f8af315261dd51faefaafea73638dcf983327341de2fd6e29e779f5a333ff7756ff526c4d99e5418bcfa53824e2af08cff12437c618ac2da6207a9ea3e3ab3c07a4457974ca27e705a5a07d320db473e06fe4ddbf911bbf3bfe882f14ec4b83a9c2098d39b49f9c937361ba80fcb3059bcfc6467663b8c21912346dc9670a91403f3f7601c774dd08111e0c2aeca201b80115089023820150ee49ab45710a594c250bec91213a90733f2ef5458dfbfc92dc900a8c3fac09c0166a06da38fc040a01ed79b9c22290d3ffc2223b48ff1fe694b4085d237027b1b9447117d98bb917cc2c2aeaa6501ba26444aaa6457f6e5741a3bbfae21722f912a1966ffc6d3a5d57e67da01c0750e3d249f653074bd3fbe5d27b138cb3bf5ee37f8a1b7473314147a4479c8c48352253d18b442f22db6b522701fea2a882bfdbdab38dd73a1e5092fe651d27611613b5b2d8ba5ecb7fc470e7220bf75c1d29a6ae29d28c4e713c651551063f8308482898c47c1abbe833f0b939abc8c34189d7e42bf32239e72ed8a06a310a6fccf611d56940f05d2702959fd4ba4ad5d01565aa51058f902490d1f8db796b24d37923a125da2e00cd494664ddb77da3891f29eb825e623755dca51c388417a2f102f1ab8a2bf18473787d04ce72059583e3e8beafbc6ff73043dbcb69fe3979763c745fed0701f39cc7af0a1118c3bc063168f16e4eae12a67b69febe23c9df0a0e6a87e1513c92f3508795b939809dadd64d7f22b899b32175b1e67140f704e387b393fe13e4cbb3bbee799ad100667679c7d63eb9f96c6825991952cddc97f7893f508a31f94460ff751045707a53e7786beb186257290afab7960d4fe1170b07d981218d604be6b463a93334039dacefc22e3c086b9212d7966cf6d3910a4f013f00191e922b09e853106672ed3815ed70b0895cec3c54cb580f14aed231eb75b5d2ec5eca03708475bfa86c951a50d20152c61215a1aa9f52d39e92471a36fc80e46c8f1167c31592eb929c4ce9cc03476f74e13682c4a2b7f30685e6e29d9501f4d98c6e71af4158d46b8d804aca54761fa56e116b3fb1d38b9b4253543f35506e36fc3aaaa5730b647afddfc39f207871622a4d409cf54e014f8b5c2171ad987faa6bb7b999b639ba43a4c12ec69cdc34bbc79f9de38fe8096431311c08eace728c743957b3b9d9551434e4ff910a3ac5b0869f33a1c8d5e2c05177db37b9c2624e2fae2b14e0dd32b999f39065ee8763ac95f0919d2e58ab35cf8c38b000b14d726b3b46fd650e985ba98c23ba2adbe28df048a08b9cd6b83d8de3f35bcba0496ad8286bf0d5a27a1b0bfaef6b8223efb568ad3b4fd5a9d6b5d7ff9d62896ad5ced0ce0dd59b488c8f675588940ee0bcd78eb90896abc5fd2c9cfc09efede8b0a0653e5d956a428cad516bb707f34f530a592c8312813a345dc6b263c3fdf5abe9c36edea48626b13308e5dc736920e2cca92380774a9f43f892a0d0d680dbf2ad53aec0c919fa0c735510e0155a5c382c1a62f7fd758193b88d1e375b4afcc93bbdcb3c658289f92237fd375d71dc3cb12a96dfc32db89778de03ef0e0b822c26fd198294295e9f1c50ff25a18528e52ad7d2cfa0d6d74e73a09ed728298275878161b45d7ba7e38c4625f2b287e6e0076bc7937c968e5166384173acf97b66247734b99ff0bd2c28b7e1db7bb7b6c8abb2012356b86bbfc9fc1305f73503457d25a483ffa38edd0ac975ac7d24b7a6de3a72e0e56bf84f601061a489c31ef9cb69b9b2e0e9bc2c7009d501e7509e620d9ca19328ed69672b8f83473ccdd62bb1c45c9d179830e2a0e2e10345c550cbbe0f75196df769c5538a232cd8f44d8d61ee00f6a60a3621d0358c6cd41de040e3d3e67363710d00926a47be85174f25c49a9c12395659ed2138d7e89bd15aa2375d18fafe391e153b758c2c7cbdd01328ebc53c42de82238558a1a31f767ce446643db677d22a9e1a787270d339f4d350d2817c85da811ae344df6574045e3e4d272f453435851c24bd623edd810a735440c38b5d45eba2964b37e28dd7cf3becb3bad67275d37d8da08319853e19f4e859ed260423fb1549bd9c88e47ea8bfeb7dc731b2485eb49c870235ad2e723a0209817045e40453f8ec442bdf65b5acea041a355fc791e9ba63fd20dd979a094a25f8a268db678463266efec950ad9b845f0f9c72b16ef6ca9070439cb09b1fac8c0d5ab4b683e92cb912b73bb9b1151c1af6a7926bf752cedc3f6c4accce80b622318bddb5fdba61fe114fb1c46a598ee12dae93738aa7b3d3ac9bd6917d4475962bcd8124fa512e21520f859d90accc4c7c3c86e2127ac626297823eb791a47e524f6c071deadf33b5897cb3f7220edc3ca8ef2177e49a8017c2aa070cd99ec085384d7ce2ea74411f4bfa0b9bdbbadfb1096a905dd54809a3a45ee0003e62906464f0fc114ffde7cc6249ebe2334dccb299dfcdb726ec5e894b4a276f420414d2214bd6a2bdb0ac289b4cd840e89a5d9acfe06d4456a9c3a6fe1154acbda142ecdba360cf3caa19c3f68e8945045cb4b494f6ac48b2170862c6633dca62ab138e2ff4ff19e69c0403"}]}, @NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "6bcf5e4099e5"}, @NL80211_NAN_FUNC_SRF={0x3c8, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_INCLUDE={0x4}, @NL80211_NAN_SRF_MAC_ADDRS={0x64, 0x4, 0x0, 0x1, [{0xa}, {0xa, 0x6, @broadcast}, {0xa}, {0xa}, {0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}]}, @NL80211_NAN_SRF_BF={0x103, 0x2, "abf99c4eaea4deb415e2b03c32b028acd432246cd03f2b042930d96143c6cee3e589867dd8261083af9ddaf1a6546bb89d5f3d54c04af827fea07fc0b12f4e7050351cde5e36a2cd03e717d80dcd6a7732763653b3962bd323d49cc5af44a5a56bcce113a6f2f6850fda96e838184176e47af787df665b3954e08b900a531476082664a328640986cf15735c7f762ca6954fa33e286dbb5c42cedc8d486b89ddf053020098a716b24b5b4a70299489fa8615d7355e9c4df0d0f10d4dc8c8198787aa5479eb63af0c285da1bea8e6972db8fb2d6cb10fed04dba2d123ff7ad80991b1daf233842db59c4cbbe66e278f2060a2e25d0cb805fa8e41ebebb23847"}, @NL80211_NAN_SRF_MAC_ADDRS={0x4c, 0x4, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}, {0xa}, {0xa, 0x6, @broadcast}]}, @NL80211_NAN_SRF_BF={0x103, 0x2, "fc2deefbeedca5494e28f2fca265e6597e46f297aaba21973e427d93879776ff3b8732f0bc0a9795f989b12c28476b847119b8edfc40f1e2d992313bfbe4587a5ff88e6aa613535654c3f8f4d8d4fffe8526ac0e8c8d8e0a47f47d1ed39c6e6c79e672fcffe89869a9139aae55a3478e9ca629d2ca210f383955deafffdf011470775e00a0aedccbaafbed41e0501350958fe31594472ca476603b9465e38e5c4afad73c1b187c8fcddceca8d281f7379c0fd7a87536e2a6424331fd996972c35ad39303ecf77ee0a1bcc4e53412a92ede9ef0ac2bd501eacadb44b5564e2a0f23c167c0f17eb54d5d4bd6e2cc7f2951fab71090850d7ea55a10934540c214"}, @NL80211_NAN_SRF_BF={0x103, 0x2, "49821670ceb58f62416b58c66cd067bc6f920b24a447a336d6b8ec1d9b4778833923581cfa61e7f5ddd9b9e5d6a016cf7f6a4a3835aac977f61062262e9a9d3972a10b8666635f68b598a56322be4307561a2538a9817b56ac260e09d54ae97d33e276ff91dd5c285cb964a0e4137bbf9ac7b81a63cfca34017e316aa910e9a32fdca3b08854e65292973f439b339c655e21705067b922f4f706471a9ebdac7d8044e5ed45b68bedc3f4b7834fb8c8ab23d0a443e5130d76a95c4022dfed1cd2b659d3e9d881a1d791df7eb61561df7940e9697eac17e735aa504490e94cf69bfe9574c5625a8c8cacc75d149159ce3e477e67e5d28136456b8c0106df6e31"}, @NL80211_NAN_SRF_INCLUDE={0x4}]}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x3}, @NL80211_NAN_FUNC_TERM_REASON={0x5, 0x10, 0x7}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x1dc, 0xe, 0x0, 0x1, [{0x9a, 0x0, "222c84462a00438fbde6acdc336335716b0bf47a70525390e67a935eda4594ee07c14c8cefcd053780d206b738e887f613e29db4bc434ab2c5945f109ae951a44317344be661af2a6c01a17f040a157225f3921974d22797419691a11d1355935169478c1736b87397e957a651db86096fd5ec84393fcdf290cdae4147f0bcb3e468453f8d21f27d2df3282a4b3b88c739620c1853fa"}, {0x83, 0x0, "4fa06015cde33ef13ab6540446026af5a90f2b0af0aeb198d861a2eb0257ddb6b510bc45eae557bf8d68fb853fe028a67e93224075f6b059c83e1be8f7c23450ad724bce145a548ea5022d7c079bd8af55a413eaf7a86e8562f7e570cdf7e3d6a2f09aacce7f1f05359339af746488ba8f8e8e39f57267e2db955510665025"}, {0xb5, 0x0, "93bd42edc0fa99a44d48f60a186b58eaefff9a068c4e0431d311d61dafe5816b9e66e2972d16feaea2793165c7cc097c5dc9e75fd782bd1a9b48074919033d2e6d8f20547a0e52abe07c1737a7709d7e9fcb871410030d471a99c684f4dfc47d9190d5394beceed77356b28cf2499d0ae2eb8deac0963a470186033d11a87e1effc7cb406840afb3beddbf3dfb0e3a28cde7470ebc6eb8d236b0ac7bdf4d3e07aea037057f2bf4392b46f210531b6eddb6"}]}, @NL80211_NAN_FUNC_CLOSE_RANGE={0x4}, @NL80211_NAN_FUNC_SERVICE_INFO={0x67, 0xb, "3b67e4b6010f9f7b12ec1958961b72583f679b1bab89bd2a7ac5cb275a6dbde081ef263989c4ef840c44b61b3083164c2c36ed6b3d8af4044ed5b02b8d24adbad5c16e67421c6e7be27f75dca266187890c323066625a55328643c5c21bd2777c82979"}, @NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "397b1345c6be"}]}, @NL80211_ATTR_NAN_FUNC={0x128, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_RX_MATCH_FILTER={0x108, 0xd, 0x0, 0x1, [{0x19, 0x0, "f7a09e894d2e8ad7c54dd882f4e37c7c39af9a7883"}, {0xe7, 0x0, "915b107611ed058b8560171304dd0944c8ed9f7dbcdd66ba90732d8af58f36a09c08b5c226db9b424dfa1fd9d1224564b4022782411cbdf043f25ae4b43b6847f4556f605b0f63ce7a362ed325f3272b6a1f0752ccbad34876838dbc3fbef9e6c9f9f4345743d821c21f808c9e0374dd30bf82a8318e85dba1896f54badf103eeac9fb618d796d63ffb14a7a1ef020f18b281f24d4f6314a1b6f795950c8258b1bcc3ac25573611b686e0bb99fe9f07d6a1dabcd68d36b021a5d139dff894f39dfa2cc8ff1c1aab7c16c0735c550836ec17d027d095046186696fc2b215fa99020657e"}]}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x8}, @NL80211_NAN_FUNC_TYPE={0x5, 0x1, 0x1}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x73}, @NL80211_NAN_FUNC_CLOSE_RANGE={0x4}]}]}, 0x2120}}, 0x20040000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000030c0), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000003100)={{0x1, 0x1, 0x18, <r10=>r0, {0x2}}, './file0\x00'})
io_uring_register$IORING_REGISTER_BUFFERS(r10, 0x0, &(0x7f0000003500)=[{&(0x7f0000003140)=""/134, 0x86}, {&(0x7f0000003200)=""/43, 0x2b}, {&(0x7f0000003240)=""/71, 0x47}, {&(0x7f00000032c0)=""/6, 0x6}, {&(0x7f0000003300)=""/195, 0xc3}, {&(0x7f0000003400)=""/23, 0x17}, {&(0x7f0000003440)=""/141, 0x8d}], 0x7)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r3, 0x8040942d, &(0x7f0000003580))
setsockopt$inet_tcp_int(r5, 0x6, 0x1b, &(0x7f00000035c0)=0x2, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000003600)={'vxcan0\x00'})

346.376895ms ago: executing program 6 (id=891):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
r0 = open(0x0, 0x14927e, 0x20)
r1 = socket$netlink(0x10, 0x3, 0xb)
close(r1)
mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x402001, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r2, 0x0, 0x4c0c0)
r3 = socket$inet6(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000019000100000000000000000002"], 0x2c}}, 0x0)
sendto$inet6(r3, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) (fail_nth: 7)

299.191545ms ago: executing program 2 (id=892):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3cusg\x91\xdeeH\xe5+\xf0', 0xffffffffffffffff)

148.601568ms ago: executing program 2 (id=893):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040), 0xc)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x8, 0x0, 0x7ffc0002}]})
r1 = semget$private(0x0, 0x6, 0x3b1)
semop(r1, &(0x7f00000000c0)=[{}], 0x1)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x78, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, @perf_config_ext={0x7, 0xfffffffffffffffc}, 0x103200, 0x1, 0x840000, 0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
semctl$IPC_RMID(r1, 0x0, 0x0)

74.764879ms ago: executing program 6 (id=894):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x10, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000157b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r1, 0xffffffffffffffff, 0x500}, 0x57)
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000600)='./file1\x00', 0x2000000, &(0x7f00000007c0)=ANY=[@ANYRES8=0x0, @ANYRESHEX=r1, @ANYRESOCT, @ANYRESHEX=0x0, @ANYBLOB="308af218c507fba195043000030fac571f882167129e3ce9ffb2d4b5e03563b8b8032777302a9b251d128f8ecf8d76d5490ef766de9b3e0ea02211fb", @ANYRES64=0x0, @ANYBLOB="44d3e7f9b899e18fad15e39121daaab9c3e7b8749e3169c760211375261c37e9e2b4545b784dca4cdbd90cc365bf5f565dd92c64a3427b770989d1ffcfc8a0b1e8c60e374d2b240cff8cf2ca40bd5b3640b51a2da0b0cfe58e1a164583dd64790465a2b48db59ab19675c6c82102b9ae6f4fd2b60a5291740327eb1d7bab77d5f433b409516608227ba423bb86ded6b5495ac0037118dba5961854e6b64a13855469cc1860f675c4815195aae3338453c72c3e82fa586b8b4af1726c467baa17465443802dba32187de2e652d0709ca6670d2fd13a0002e7e939cbca6cb450e235428eaed897090d735a509607bbbe86560514489c56cbdf85c3c4851087"], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=")
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x84}]}}]}, 0x44}}, 0x24004000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x29a83a768e447add)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000000c0)={0x0, 0x16, 0xfa00, {0x3, &(0x7f0000000080)={<r8=>0xffffffffffffffff}, 0x13f, 0x3}}, 0x20)
prctl$PR_SET_UNALIGN(0x6, 0x1)
write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r8, 0x30, 0x0, @ib={0x1b, 0xb, 0x32165b32, {}, 0x3, 0x107fffffff, 0x8}}}, 0x90)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r10 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
write(r10, &(0x7f0000004200)='t', 0x1)
sendfile(r10, r9, 0x0, 0x3ffff)
sendfile(r10, r9, 0x0, 0x7ffff000)
close(r9)

32.14412ms ago: executing program 3 (id=895):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
signalfd4(r0, &(0x7f0000000000)={[0x539]}, 0x8, 0x80000)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0x200001b7, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000333d97e2bea5741d0020207000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, @fallback=0xc, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
r1 = socket$inet6(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000140), &(0x7f0000000040)='%pI4   \x00'}, 0x2a)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r3}, 0x10)
sendto$inet6(r1, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x48040, 0x0, 0x0)

31.603409ms ago: executing program 3 (id=896):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000040)=0x1c00)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x7, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
set_mempolicy(0x1, 0x0, 0x2)
r5 = signalfd(0xffffffffffffffff, &(0x7f0000000500)={[0x5]}, 0x8)
name_to_handle_at(r5, &(0x7f00000000c0)='\x00', 0x0, 0x0, 0x1400)
set_mempolicy(0x1, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x7, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b702000000000000820000008600000095000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100003042dbd7000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="00080000075005002800128008000100677470001c000280080003000700000008000700dfffdf0105000500"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0)
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0})
r8 = dup3(0xffffffffffffffff, r7, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
ioctl$VT_GETSTATE(r8, 0x5603, &(0x7f00000004c0)={0x5, 0x3, 0x9})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0x10, 0xd}}, [@TCA_RATE={0xfffffffffffffe2c, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)
io_uring_enter(r2, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

31.071729ms ago: executing program 2 (id=897):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x20000261, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x40)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff08000400000000000000", 0x38}], 0x1)
writev(r3, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010000000004"], 0x57)
setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

0s ago: executing program 2 (id=898):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r0, 0x0, 0x4ab}, 0x18)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000009c0)="ec663189d3348bf1", 0x8}], 0x1}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r2)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r4, {0x7, 0xfff2}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r5, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000003140)=""/4104, 0x1008}, {&(0x7f0000002f40)=""/196, 0xc4}, {&(0x7f0000001e00)=""/208, 0xd0}, {&(0x7f0000001fc0)=""/197, 0xc5}], 0x4}, 0x3}], 0x1b00, 0x0, 0x0)

kernel console output (not intermixed with test programs):

space 0, times 0
[   49.161167][ T4633] CPU: 1 UID: 0 PID: 4633 Comm: syz.1.262 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   49.161241][ T4633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   49.161253][ T4633] Call Trace:
[   49.161259][ T4633]  <TASK>
[   49.161268][ T4633]  __dump_stack+0x1d/0x30
[   49.161389][ T4633]  dump_stack_lvl+0xe8/0x140
[   49.161477][ T4633]  dump_stack+0x15/0x1b
[   49.161494][ T4633]  should_fail_ex+0x265/0x280
[   49.161522][ T4633]  should_fail+0xb/0x20
[   49.161545][ T4633]  should_fail_usercopy+0x1a/0x20
[   49.161647][ T4633]  _copy_to_user+0x20/0xa0
[   49.161730][ T4633]  simple_read_from_buffer+0xb5/0x130
[   49.161788][ T4633]  proc_fail_nth_read+0x100/0x140
[   49.161816][ T4633]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   49.161922][ T4633]  vfs_read+0x19d/0x6f0
[   49.161952][ T4633]  ? __rcu_read_unlock+0x4f/0x70
[   49.161974][ T4633]  ? __fget_files+0x184/0x1c0
[   49.161996][ T4633]  ksys_read+0xda/0x1a0
[   49.162060][ T4633]  __x64_sys_read+0x40/0x50
[   49.162086][ T4633]  x64_sys_call+0x2d77/0x2fb0
[   49.162112][ T4633]  do_syscall_64+0xd2/0x200
[   49.162127][ T4633]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.162181][ T4633]  ? clear_bhb_loop+0x40/0x90
[   49.162269][ T4633]  ? clear_bhb_loop+0x40/0x90
[   49.162293][ T4633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.162318][ T4633] RIP: 0033:0x7f933f7bd33c
[   49.162334][ T4633] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   49.162411][ T4633] RSP: 002b:00007f933de27030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   49.162431][ T4633] RAX: ffffffffffffffda RBX: 00007f933f9e5fa0 RCX: 00007f933f7bd33c
[   49.162443][ T4633] RDX: 000000000000000f RSI: 00007f933de270a0 RDI: 0000000000000005
[   49.162535][ T4633] RBP: 00007f933de27090 R08: 0000000000000000 R09: 0000000000000000
[   49.162548][ T4633] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001
[   49.162560][ T4633] R13: 0000000000000000 R14: 00007f933f9e5fa0 R15: 00007ffe1d3f9ab8
[   49.162645][ T4633]  </TASK>
[   49.389541][ T4635] netlink: 'syz.1.264': attribute type 4 has an invalid length.
[   49.398396][ T4635] netlink: 'syz.1.264': attribute type 4 has an invalid length.
[   49.528811][ T4662] netlink: 'syz.3.274': attribute type 4 has an invalid length.
[   49.560116][ T4662] netlink: 'syz.3.274': attribute type 4 has an invalid length.
[   49.560637][ T4666] netlink: 24 bytes leftover after parsing attributes in process `syz.1.269'.
[   49.743744][ T4691] loop1: detected capacity change from 0 to 512
[   49.781426][ T4691] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement.
[   49.812205][ T4694] netlink: 'syz.5.284': attribute type 13 has an invalid length.
[   49.819979][ T4694] netlink: 'syz.5.284': attribute type 27 has an invalid length.
[   49.866918][ T4704] netlink: 8 bytes leftover after parsing attributes in process `syz.2.283'.
[   49.909156][ T4703] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[   49.918096][ T4703] ref_ctr increment failed for inode: 0x133 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88810aca6d40
[   49.934572][ T4702] netlink: 28 bytes leftover after parsing attributes in process `syz.3.286'.
[   49.971184][ T4703] netlink: 4 bytes leftover after parsing attributes in process `syz.1.287'.
[   50.031260][   T29] kauditd_printk_skb: 218 callbacks suppressed
[   50.031277][   T29] audit: type=1326 audit(1750773055.378:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.5.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5618e9e929 code=0x7ffc0000
[   50.060893][   T29] audit: type=1326 audit(1750773055.378:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.5.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5618e9e929 code=0x7ffc0000
[   50.084328][   T29] audit: type=1326 audit(1750773055.378:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.5.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5618e9e929 code=0x7ffc0000
[   50.107737][   T29] audit: type=1326 audit(1750773055.378:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.5.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5618e9e929 code=0x7ffc0000
[   50.131473][   T29] audit: type=1326 audit(1750773055.378:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.5.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5618e9e929 code=0x7ffc0000
[   50.154788][   T29] audit: type=1326 audit(1750773055.378:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.5.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5618e9e929 code=0x7ffc0000
[   50.178188][   T29] audit: type=1326 audit(1750773055.378:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.5.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f5618e9e929 code=0x7ffc0000
[   50.201632][   T29] audit: type=1326 audit(1750773055.378:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.5.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5618e9e929 code=0x7ffc0000
[   50.224954][   T29] audit: type=1326 audit(1750773055.378:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.5.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5618e9e929 code=0x7ffc0000
[   50.248385][   T29] audit: type=1326 audit(1750773055.378:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.5.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5618e9e929 code=0x7ffc0000
[   50.455741][ T4730] loop2: detected capacity change from 0 to 764
[   50.469118][ T4731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.295'.
[   50.487648][ T4730] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   50.589876][ T4738] loop2: detected capacity change from 0 to 128
[   50.621259][ T4738] syz.2.299: attempt to access beyond end of device
[   50.621259][ T4738] loop2: rw=2049, sector=140, nr_sectors = 8 limit=128
[   50.634776][ T4738] syz.2.299: attempt to access beyond end of device
[   50.634776][ T4738] loop2: rw=2049, sector=156, nr_sectors = 1 limit=128
[   50.648191][ T4738] Buffer I/O error on dev loop2, logical block 156, lost async page write
[   50.651377][ T4743] netlink: 'syz.3.300': attribute type 13 has an invalid length.
[   50.659321][ T4738] syz.2.299: attempt to access beyond end of device
[   50.659321][ T4738] loop2: rw=2049, sector=157, nr_sectors = 1 limit=128
[   50.677872][ T4738] Buffer I/O error on dev loop2, logical block 157, lost async page write
[   50.686538][ T4738] syz.2.299: attempt to access beyond end of device
[   50.686538][ T4738] loop2: rw=2049, sector=158, nr_sectors = 1 limit=128
[   50.699971][ T4738] Buffer I/O error on dev loop2, logical block 158, lost async page write
[   50.741338][ T4738] syz.2.299: attempt to access beyond end of device
[   50.741338][ T4738] loop2: rw=2049, sector=159, nr_sectors = 1 limit=128
[   50.754853][ T4738] Buffer I/O error on dev loop2, logical block 159, lost async page write
[   50.775600][ T4738] syz.2.299: attempt to access beyond end of device
[   50.775600][ T4738] loop2: rw=2049, sector=160, nr_sectors = 1 limit=128
[   50.789003][ T4738] Buffer I/O error on dev loop2, logical block 160, lost async page write
[   50.806070][ T4743] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.813379][ T4743] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.821002][ T4738] syz.2.299: attempt to access beyond end of device
[   50.821002][ T4738] loop2: rw=2049, sector=161, nr_sectors = 1 limit=128
[   50.834481][ T4738] Buffer I/O error on dev loop2, logical block 161, lost async page write
[   50.869677][ T4738] syz.2.299: attempt to access beyond end of device
[   50.869677][ T4738] loop2: rw=2049, sector=134, nr_sectors = 1 limit=128
[   50.883160][ T4738] Buffer I/O error on dev loop2, logical block 134, lost async page write
[   50.911334][ T4738] syz.2.299: attempt to access beyond end of device
[   50.911334][ T4738] loop2: rw=2049, sector=135, nr_sectors = 1 limit=128
[   50.924975][ T4738] Buffer I/O error on dev loop2, logical block 135, lost async page write
[   50.940254][ T4743] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   50.959171][ T4743] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   50.969231][ T4738] syz.2.299: attempt to access beyond end of device
[   50.969231][ T4738] loop2: rw=2049, sector=136, nr_sectors = 1 limit=128
[   50.982639][ T4738] Buffer I/O error on dev loop2, logical block 136, lost async page write
[   50.996705][ T4738] Buffer I/O error on dev loop2, logical block 137, lost async page write
[   51.052946][ T4743] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   51.062499][ T4743] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   51.071717][ T4743] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   51.080760][ T4743] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   51.117389][ T4755] loop2: detected capacity change from 0 to 512
[   51.124897][ T4755] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   51.137652][ T4755] EXT4-fs (loop2): 1 truncate cleaned up
[   51.143937][ T4755] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.145804][ T4756] xt_hashlimit: size too large, truncated to 1048576
[   51.157846][ T4755] netlink: 8 bytes leftover after parsing attributes in process `syz.2.303'.
[   51.245072][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.297189][ T4761] netlink: 4 bytes leftover after parsing attributes in process `syz.1.305'.
[   51.357258][ T4761] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4761 comm=syz.1.305
[   51.364699][ T4771] loop2: detected capacity change from 0 to 764
[   51.457951][ T4771] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   51.552829][ T4799] netlink: 96 bytes leftover after parsing attributes in process `syz.2.315'.
[   52.094010][ T4814] __nla_validate_parse: 1 callbacks suppressed
[   52.094024][ T4814] netlink: 8 bytes leftover after parsing attributes in process `syz.2.319'.
[   52.225432][ T4821] loop1: detected capacity change from 0 to 512
[   52.235340][ T4821] EXT4-fs: Ignoring removed oldalloc option
[   52.243507][ T4821] EXT4-fs: inline encryption not supported
[   52.251751][ T4821] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   52.259976][ T4821] EXT4-fs (loop1): 1 truncate cleaned up
[   52.266075][ T4821] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.292604][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.362203][ T4834] netlink: 'syz.3.325': attribute type 4 has an invalid length.
[   52.372297][ T4834] netlink: 'syz.3.325': attribute type 4 has an invalid length.
[   52.444264][ T4841] netlink: 4 bytes leftover after parsing attributes in process `syz.4.326'.
[   52.547380][ T4855] netlink: 8 bytes leftover after parsing attributes in process `syz.4.332'.
[   52.602020][ T4857] loop4: detected capacity change from 0 to 512
[   52.609065][ T4857] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   52.624568][ T4857] EXT4-fs error (device loop4): ext4_quota_enable:7120: comm syz.4.332: Bad quota inum: 29696, type: 1
[   52.636603][ T4857] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=29696). Please run e2fsck to fix.
[   52.652436][ T4857] EXT4-fs (loop4): mount failed
[   52.813155][ T4865] xt_hashlimit: size too large, truncated to 1048576
[   52.985546][ T4873] xt_hashlimit: size too large, truncated to 1048576
[   53.119683][ T4881] syzkaller0: entered promiscuous mode
[   53.125271][ T4881] syzkaller0: entered allmulticast mode
[   53.223025][ T4888] netlink: 'syz.1.338': attribute type 4 has an invalid length.
[   53.231964][ T4888] netlink: 'syz.1.338': attribute type 4 has an invalid length.
[   53.320711][ T4893] netlink: 'syz.3.340': attribute type 4 has an invalid length.
[   53.331544][ T4893] netlink: 'syz.3.340': attribute type 4 has an invalid length.
[   53.333641][ T4895] loop1: detected capacity change from 0 to 128
[   53.348648][ T4895] ext4: Unknown parameter 'hash'
[   53.545851][ T4905] netlink: 8 bytes leftover after parsing attributes in process `syz.3.345'.
[   53.555778][ T4904] netlink: 8 bytes leftover after parsing attributes in process `syz.3.345'.
[   53.812417][ T4910] netlink: 24 bytes leftover after parsing attributes in process `syz.4.347'.
[   54.018480][ T4917] program syz.2.349 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   54.305568][ T4927] loop1: detected capacity change from 0 to 512
[   54.312755][ T4927] EXT4-fs: Ignoring removed oldalloc option
[   54.325615][ T4927] EXT4-fs: inline encryption not supported
[   54.333228][ T4927] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   54.341670][ T4927] EXT4-fs (loop1): 1 truncate cleaned up
[   54.347809][ T4927] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.374142][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.458364][ T4941] IPVS: Error connecting to the multicast addr
[   54.695881][ T4959] xt_hashlimit: size too large, truncated to 1048576
[   54.956059][ T4981] netlink: 36 bytes leftover after parsing attributes in process `syz.2.367'.
[   54.980478][ T4984] loop4: detected capacity change from 0 to 128
[   55.092719][   T29] kauditd_printk_skb: 118 callbacks suppressed
[   55.092734][   T29] audit: type=1400 audit(1750773060.448:1445): avc:  denied  { ioctl } for  pid=4986 comm="syz.4.369" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   55.249504][   T29] audit: type=1326 audit(1750773060.598:1446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4991 comm="syz.4.371" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f94795de929 code=0x0
[   55.307045][ T4999] xt_hashlimit: size too large, truncated to 1048576
[   55.689537][   T29] audit: type=1326 audit(1750773061.038:1447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5020 comm="syz.3.380" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f423b20e929 code=0x0
[   55.800693][ T5028] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   55.800693][ T5028]    program syz.2.381 not setting count and/or reply_len properly
[   55.823351][ T5028] netlink: 8 bytes leftover after parsing attributes in process `syz.2.381'.
[   55.865967][   T29] audit: type=1400 audit(1750773061.218:1448): avc:  denied  { validate_trans } for  pid=5029 comm="syz.2.382" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   55.889172][ T5030] loop2: detected capacity change from 0 to 512
[   55.897826][ T5030] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.382: casefold flag without casefold feature
[   55.910681][ T5030] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.382: couldn't read orphan inode 15 (err -117)
[   55.923881][ T5030] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.942147][   T29] audit: type=1326 audit(1750773061.298:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5029 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   55.965858][   T29] audit: type=1326 audit(1750773061.298:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5029 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   55.989272][   T29] audit: type=1326 audit(1750773061.298:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5029 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   56.012633][   T29] audit: type=1326 audit(1750773061.298:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5029 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   56.035960][   T29] audit: type=1326 audit(1750773061.298:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5029 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   56.059670][   T29] audit: type=1326 audit(1750773061.298:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5029 comm="syz.2.382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   56.105125][ T5034] loop4: detected capacity change from 0 to 1024
[   56.112063][ T5034] EXT4-fs: Ignoring removed i_version option
[   56.118473][ T5034] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   56.135453][ T5034] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   56.146288][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.157370][ T5034] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.383: Invalid block bitmap block 0 in block_group 0
[   56.172064][ T5034] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.383: Failed to acquire dquot type 0
[   56.175366][ T5037] netlink: 8 bytes leftover after parsing attributes in process `syz.2.384'.
[   56.183861][ T5034] EXT4-fs error (device loop4): ext4_free_blocks:6587: comm syz.4.383: Freeing blocks not in datazone - block = 0, count = 4096
[   56.205891][ T5034] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.383: Invalid inode bitmap blk 0 in block_group 0
[   56.206580][ T5037] netlink: 8 bytes leftover after parsing attributes in process `syz.2.384'.
[   56.219463][ T5034] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[   56.236627][ T4109] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:28: Failed to release dquot type 0
[   56.248412][ T5034] EXT4-fs (loop4): 1 orphan inode deleted
[   56.256635][ T5034] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.297019][ T5034] syz.4.383 (5034) used greatest stack depth: 9864 bytes left
[   56.305826][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.323873][ T5046] loop4: detected capacity change from 0 to 128
[   56.358065][ T5046] bio_check_eod: 69 callbacks suppressed
[   56.358081][ T5046] syz.4.387: attempt to access beyond end of device
[   56.358081][ T5046] loop4: rw=0, sector=121, nr_sectors = 120 limit=128
[   56.396760][ T5051] loop2: detected capacity change from 0 to 512
[   56.412533][ T5051] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #13: comm syz.2.389: iget: bogus i_mode (177777)
[   56.427850][ T5051] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.389: couldn't read orphan inode 13 (err -117)
[   56.441913][ T4106] kworker/u8:25: attempt to access beyond end of device
[   56.441913][ T4106] loop4: rw=1, sector=241, nr_sectors = 800 limit=128
[   56.450417][ T5051] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.470925][ T5051] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   56.501998][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.512606][ T5060] loop5: detected capacity change from 0 to 512
[   56.522754][ T5060] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[   56.534075][ T5060] EXT4-fs (loop5): invalid journal inode
[   56.539755][ T5060] EXT4-fs (loop5): can't get journal size
[   56.546968][ T5060] EXT4-fs (loop5): 1 truncate cleaned up
[   56.553155][ T5060] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   56.587709][ T3629] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.778906][ T5088] loop5: detected capacity change from 0 to 512
[   56.788989][ T5088] EXT4-fs: Ignoring removed oldalloc option
[   56.796084][ T5088] EXT4-fs: inline encryption not supported
[   56.809666][ T5088] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[   56.822781][ T5088] EXT4-fs (loop5): 1 truncate cleaned up
[   56.846860][ T5088] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.912647][ T3629] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.191359][ T5095] 9pnet: Could not find request transport: fl
[   57.202447][ T5095] __nla_validate_parse: 3 callbacks suppressed
[   57.202505][ T5095] netlink: 12 bytes leftover after parsing attributes in process `syz.5.400'.
[   57.403567][ T5101] SELinux: syz.4.402 (5101) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   57.454845][ T5106] xt_hashlimit: size too large, truncated to 1048576
[   57.465345][ T5107] netlink: 'syz.4.404': attribute type 6 has an invalid length.
[   57.473547][ T5107] IPv6: NLM_F_CREATE should be specified when creating new route
[   57.508232][ T5112] loop4: detected capacity change from 0 to 128
[   57.551006][ T5113] netlink: 'syz.5.405': attribute type 3 has an invalid length.
[   57.559190][ T5113] netlink: 12 bytes leftover after parsing attributes in process `syz.5.405'.
[   57.608246][ T5118] xt_hashlimit: size too large, truncated to 1048576
[   57.611883][ T5114] syz.4.406: attempt to access beyond end of device
[   57.611883][ T5114] loop4: rw=2049, sector=140, nr_sectors = 8 limit=128
[   57.678515][ T5114] syz.4.406: attempt to access beyond end of device
[   57.678515][ T5114] loop4: rw=2049, sector=156, nr_sectors = 1 limit=128
[   57.692035][ T5114] buffer_io_error: 8 callbacks suppressed
[   57.692047][ T5114] Buffer I/O error on dev loop4, logical block 156, lost async page write
[   57.704957][ T5121] xt_hashlimit: size too large, truncated to 1048576
[   57.756489][ T5114] syz.4.406: attempt to access beyond end of device
[   57.756489][ T5114] loop4: rw=2049, sector=157, nr_sectors = 1 limit=128
[   57.769913][ T5114] Buffer I/O error on dev loop4, logical block 157, lost async page write
[   57.785961][ T5114] syz.4.406: attempt to access beyond end of device
[   57.785961][ T5114] loop4: rw=2049, sector=158, nr_sectors = 1 limit=128
[   57.799468][ T5114] Buffer I/O error on dev loop4, logical block 158, lost async page write
[   57.801138][ T5122] netlink: 12 bytes leftover after parsing attributes in process `syz.3.407'.
[   57.808852][ T5114] syz.4.406: attempt to access beyond end of device
[   57.808852][ T5114] loop4: rw=2049, sector=159, nr_sectors = 1 limit=128
[   57.830290][ T5114] Buffer I/O error on dev loop4, logical block 159, lost async page write
[   57.834836][ T5128] FAULT_INJECTION: forcing a failure.
[   57.834836][ T5128] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   57.842053][ T5114] syz.4.406: attempt to access beyond end of device
[   57.842053][ T5114] loop4: rw=2049, sector=160, nr_sectors = 1 limit=128
[   57.851867][ T5128] CPU: 0 UID: 0 PID: 5128 Comm: syz.2.408 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   57.851899][ T5128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   57.851911][ T5128] Call Trace:
[   57.851917][ T5128]  <TASK>
[   57.851924][ T5128]  __dump_stack+0x1d/0x30
[   57.851946][ T5128]  dump_stack_lvl+0xe8/0x140
[   57.851966][ T5128]  dump_stack+0x15/0x1b
[   57.852039][ T5128]  should_fail_ex+0x265/0x280
[   57.852069][ T5128]  should_fail+0xb/0x20
[   57.852119][ T5128]  should_fail_usercopy+0x1a/0x20
[   57.852146][ T5128]  _copy_from_user+0x1c/0xb0
[   57.852184][ T5128]  ___sys_sendmsg+0xc1/0x1d0
[   57.852229][ T5128]  __x64_sys_sendmsg+0xd4/0x160
[   57.852342][ T5128]  x64_sys_call+0x2999/0x2fb0
[   57.852363][ T5128]  do_syscall_64+0xd2/0x200
[   57.852380][ T5128]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   57.852406][ T5128]  ? clear_bhb_loop+0x40/0x90
[   57.852426][ T5128]  ? clear_bhb_loop+0x40/0x90
[   57.852581][ T5128]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.852602][ T5128] RIP: 0033:0x7f71b116e929
[   57.852617][ T5128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.852634][ T5128] RSP: 002b:00007f71af7b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   57.852652][ T5128] RAX: ffffffffffffffda RBX: 00007f71b1396080 RCX: 00007f71b116e929
[   57.852664][ T5128] RDX: 0000000000000850 RSI: 00002000000002c0 RDI: 0000000000000007
[   57.852700][ T5128] RBP: 00007f71af7b6090 R08: 0000000000000000 R09: 0000000000000000
[   57.852712][ T5128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.852724][ T5128] R13: 0000000000000000 R14: 00007f71b1396080 R15: 00007ffe3366dcb8
[   57.852742][ T5128]  </TASK>
[   58.041669][ T5114] Buffer I/O error on dev loop4, logical block 160, lost async page write
[   58.053389][ T5114] syz.4.406: attempt to access beyond end of device
[   58.053389][ T5114] loop4: rw=2049, sector=161, nr_sectors = 1 limit=128
[   58.066731][ T5114] Buffer I/O error on dev loop4, logical block 161, lost async page write
[   58.084726][ T5114] syz.4.406: attempt to access beyond end of device
[   58.084726][ T5114] loop4: rw=2049, sector=134, nr_sectors = 1 limit=128
[   58.098136][ T5114] Buffer I/O error on dev loop4, logical block 134, lost async page write
[   58.107740][ T5114] Buffer I/O error on dev loop4, logical block 135, lost async page write
[   58.117823][ T5114] Buffer I/O error on dev loop4, logical block 136, lost async page write
[   58.126662][ T5114] Buffer I/O error on dev loop4, logical block 137, lost async page write
[   58.151328][ T5133] netlink: 'syz.2.410': attribute type 10 has an invalid length.
[   58.159474][ T5133] veth1_vlan: entered allmulticast mode
[   58.170357][ T5133] veth1_vlan: left promiscuous mode
[   58.182246][ T5133] team0: Device veth1_vlan failed to register rx_handler
[   58.256343][ T5139] netlink: 'syz.3.412': attribute type 13 has an invalid length.
[   58.368521][ T5145] netlink: 24 bytes leftover after parsing attributes in process `syz.2.415'.
[   58.554917][ T4109] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.635769][ T4109] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.717721][ T4109] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.738509][ T5166] process 'syz.2.423' launched './file1' with NULL argv: empty string added
[   58.773624][ T4109] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   58.842236][ T5159] chnl_net:caif_netlink_parms(): no params data found
[   58.912253][ T5159] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.919396][ T5159] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.927673][ T5159] bridge_slave_0: entered allmulticast mode
[   58.934282][ T5159] bridge_slave_0: entered promiscuous mode
[   58.941149][ T5159] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.948279][ T5159] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.955723][ T5159] bridge_slave_1: entered allmulticast mode
[   58.962596][ T5159] bridge_slave_1: entered promiscuous mode
[   58.976563][ T4109] bridge_slave_1: left allmulticast mode
[   58.982317][ T4109] bridge_slave_1: left promiscuous mode
[   58.988003][ T4109] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.998420][ T4109] bridge_slave_0: left allmulticast mode
[   59.004202][ T4109] bridge_slave_0: left promiscuous mode
[   59.009969][ T4109] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.104678][ T4109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   59.114732][ T4109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   59.124702][ T4109] bond0 (unregistering): Released all slaves
[   59.135930][ T5186] netlink: 'syz.4.428': attribute type 4 has an invalid length.
[   59.163389][ T5183] netlink: 'syz.4.428': attribute type 4 has an invalid length.
[   59.164831][ T5159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.186182][ T5159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.228573][ T5191] loop4: detected capacity change from 0 to 1024
[   59.244649][ T4109] hsr_slave_0: left promiscuous mode
[   59.250576][ T4109] hsr_slave_1: left promiscuous mode
[   59.252580][ T5191] EXT4-fs: Ignoring removed orlov option
[   59.261367][ T4109] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   59.261583][ T5191] EXT4-fs: Ignoring removed nomblk_io_submit option
[   59.268906][ T4109] batman_adv: batadv0: Removing interface: batadv_slave_0
[   59.283800][ T4109] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   59.291244][ T4109] batman_adv: batadv0: Removing interface: batadv_slave_1
[   59.303281][ T4109] veth1_macvtap: left promiscuous mode
[   59.308923][ T4109] veth0_macvtap: left promiscuous mode
[   59.314859][ T4109] veth1_vlan: left promiscuous mode
[   59.320268][ T4109] veth0_vlan: left promiscuous mode
[   59.363496][ T5191] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   59.500290][ T4109] team0 (unregistering): Port device team_slave_1 removed
[   59.510307][ T4109] team0 (unregistering): Port device team_slave_0 removed
[   59.542494][ T5159] team0: Port device team_slave_0 added
[   59.550637][ T5159] team0: Port device team_slave_1 added
[   59.559160][ T5202] vhci_hcd: invalid port number 96
[   59.564360][ T5202] vhci_hcd: default hub control req: 0000 vfffc i0060 l0
[   59.573167][ T5202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'.
[   59.582699][ T5202] netlink: 20 bytes leftover after parsing attributes in process `syz.1.432'.
[   59.669282][ T5159] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.676357][ T5159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.702419][ T5159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.713781][ T5159] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.720870][ T5159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.746890][ T5159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.977626][ T5159] hsr_slave_0: entered promiscuous mode
[   59.984394][ T5159] hsr_slave_1: entered promiscuous mode
[   59.991652][ T5159] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   60.005643][ T5159] Cannot create hsr debugfs directory
[   60.219895][ T5180] syz.2.426 (5180) used greatest stack depth: 7792 bytes left
[   60.237337][ T5159] netdevsim netdevsim6 netdevsim0: renamed from eth0
[   60.253023][ T5159] netdevsim netdevsim6 netdevsim1: renamed from eth1
[   60.291306][ T5217] netlink: 'syz.2.436': attribute type 4 has an invalid length.
[   60.299838][ T5159] netdevsim netdevsim6 netdevsim2: renamed from eth2
[   60.308761][ T5217] netlink: 'syz.2.436': attribute type 4 has an invalid length.
[   60.322192][ T5159] netdevsim netdevsim6 netdevsim3: renamed from eth3
[   60.366262][ T5229] netlink: 'syz.2.439': attribute type 3 has an invalid length.
[   60.416134][ T5159] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.436007][ T5159] 8021q: adding VLAN 0 to HW filter on device team0
[   60.446624][ T4109] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.453774][ T4109] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.483675][ T4109] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.490817][ T4109] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.507607][ T5159] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   60.547628][   T29] kauditd_printk_skb: 147 callbacks suppressed
[   60.547641][   T29] audit: type=1326 audit(1750773065.898:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5238 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   60.576841][ T5159] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.577279][   T29] audit: type=1326 audit(1750773065.898:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5238 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   60.607386][   T29] audit: type=1326 audit(1750773065.898:1601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5238 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   60.630753][   T29] audit: type=1326 audit(1750773065.898:1602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5238 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   60.654305][   T29] audit: type=1326 audit(1750773065.898:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5238 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   60.677669][   T29] audit: type=1326 audit(1750773065.898:1604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5238 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   60.701069][   T29] audit: type=1326 audit(1750773065.898:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5238 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   60.724510][   T29] audit: type=1326 audit(1750773065.898:1606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5238 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   60.747862][   T29] audit: type=1326 audit(1750773065.898:1607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5238 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   60.771797][   T29] audit: type=1326 audit(1750773065.898:1608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5238 comm="syz.2.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71b116e929 code=0x7ffc0000
[   60.837056][ T5261] netlink: 'syz.3.444': attribute type 13 has an invalid length.
[   60.845723][ T5261] gretap0: refused to change device tx_queue_len
[   60.852128][ T5261] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   60.878825][ T5159] veth0_vlan: entered promiscuous mode
[   60.886737][ T5159] veth1_vlan: entered promiscuous mode
[   60.905497][ T5159] veth0_macvtap: entered promiscuous mode
[   60.913403][ T5159] veth1_macvtap: entered promiscuous mode
[   60.929823][ T5159] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.949257][ T5159] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.965823][ T5159] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.974659][ T5159] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.983488][ T5159] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.992267][ T5159] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.212125][ T5284] loop6: detected capacity change from 0 to 512
[   61.219711][ T5284] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   61.238950][ T5284] EXT4-fs error (device loop6): __ext4_iget:5379: inode #11: block 3: comm syz.6.450: invalid block
[   61.260613][ T5284] EXT4-fs error (device loop6): ext4_orphan_get:1398: comm syz.6.450: couldn't read orphan inode 11 (err -117)
[   61.291655][ T5284] EXT4-fs (loop6): 1 truncate cleaned up
[   61.297896][ T5284] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   61.334439][ T5291] bond0: entered promiscuous mode
[   61.339598][ T5291] bond_slave_0: entered promiscuous mode
[   61.345455][ T5291] bond_slave_1: entered promiscuous mode
[   61.369733][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.633114][ T5301] loop1: detected capacity change from 0 to 128
[   62.043435][ T5312] netlink: 40 bytes leftover after parsing attributes in process `syz.3.462'.
[   62.436086][ T4110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   62.466160][ T4110] bond_slave_0: left promiscuous mode
[   62.486888][ T4110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   62.513413][ T4110] bond_slave_1: left promiscuous mode
[   62.530052][ T4110] bond0 (unregistering): Released all slaves
[   62.540304][ T5335] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5335 comm=syz.3.470
[   62.731711][ T5340] netlink: 8 bytes leftover after parsing attributes in process `syz.3.471'.
[   62.740583][ T5340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.471'.
[   62.755785][ T4110] hsr_slave_0: left promiscuous mode
[   62.763192][ T4110] hsr_slave_1: left promiscuous mode
[   62.768784][ T4110] batman_adv: batadv0: Removing interface: batadv_slave_0
[   62.776453][ T4110] batman_adv: batadv0: Removing interface: batadv_slave_1
[   62.808699][ T4110] team0 (unregistering): Port device team_slave_1 removed
[   62.818047][ T5344] validate_nla: 4 callbacks suppressed
[   62.818061][ T5344] netlink: 'syz.6.472': attribute type 4 has an invalid length.
[   62.832582][ T4110] team0 (unregistering): Port device team_slave_0 removed
[   62.840623][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   62.868799][ T5347] netlink: 'syz.6.472': attribute type 4 has an invalid length.
[   62.879760][ T5340] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   62.888035][ T5340] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   62.896302][ T5340] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   62.904539][ T5340] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   62.972858][ T5348] loop4: detected capacity change from 0 to 8192
[   62.979660][ T5348] vfat: Unknown parameter ''
[   63.008274][ T5319] chnl_net:caif_netlink_parms(): no params data found
[   63.094318][ T5355] loop6: detected capacity change from 0 to 256
[   63.163581][ T5319] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.170757][ T5319] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.191889][ T5355] FAT-fs (loop6): Directory bread(block 64) failed
[   63.199635][ T5319] bridge_slave_0: entered allmulticast mode
[   63.207245][ T5355] FAT-fs (loop6): Directory bread(block 65) failed
[   63.215275][ T5319] bridge_slave_0: entered promiscuous mode
[   63.221763][ T5355] FAT-fs (loop6): Directory bread(block 66) failed
[   63.230145][ T5319] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.237308][ T5319] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.244974][ T5355] FAT-fs (loop6): Directory bread(block 67) failed
[   63.252271][ T5355] FAT-fs (loop6): Directory bread(block 68) failed
[   63.260049][ T5319] bridge_slave_1: entered allmulticast mode
[   63.266476][ T5355] FAT-fs (loop6): Directory bread(block 69) failed
[   63.274847][ T5319] bridge_slave_1: entered promiscuous mode
[   63.283268][ T5355] FAT-fs (loop6): Directory bread(block 70) failed
[   63.301960][ T5355] FAT-fs (loop6): Directory bread(block 71) failed
[   63.302050][ T5319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.303211][ T5319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.336328][ T5355] FAT-fs (loop6): Directory bread(block 72) failed
[   63.353333][ T5319] team0: Port device team_slave_0 added
[   63.360239][ T5319] team0: Port device team_slave_1 added
[   63.370568][ T5355] FAT-fs (loop6): Directory bread(block 73) failed
[   63.394762][ T5319] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.401889][ T5319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.410462][ T5373] netlink: 40 bytes leftover after parsing attributes in process `syz.4.481'.
[   63.427964][ T5319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.453813][ T5319] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.460855][ T5319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.486887][ T5319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.542875][ T5382] netlink: 'syz.3.484': attribute type 4 has an invalid length.
[   63.566241][ T5382] netlink: 'syz.3.484': attribute type 4 has an invalid length.
[   63.575041][ T5319] hsr_slave_0: entered promiscuous mode
[   63.581420][ T5319] hsr_slave_1: entered promiscuous mode
[   63.596410][ T5319] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   63.604383][ T5319] Cannot create hsr debugfs directory
[   63.621385][ T5385] netlink: 'syz.4.485': attribute type 14 has an invalid length.
[   63.695973][ T5395] netlink: 300 bytes leftover after parsing attributes in process `syz.6.488'.
[   63.721882][ T5319] netdevsim netdevsim7 netdevsim0: renamed from eth0
[   63.744588][ T5319] netdevsim netdevsim7 netdevsim1: renamed from eth1
[   63.755921][ T5319] netdevsim netdevsim7 netdevsim2: renamed from eth2
[   63.765708][ T5319] netdevsim netdevsim7 netdevsim3: renamed from eth3
[   63.839138][ T5319] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.852442][ T5319] 8021q: adding VLAN 0 to HW filter on device team0
[   63.862581][ T4109] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.869678][ T4109] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.908917][ T4117] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.916111][ T4117] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.015540][ T5319] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.139359][ T5426] loop2: detected capacity change from 0 to 2048
[   64.387672][ T3298] Alternate GPT is invalid, using primary GPT.
[   64.394079][ T3298]  loop2: p1 p2 p3
[   64.403919][ T5426] Alternate GPT is invalid, using primary GPT.
[   64.410246][ T5426]  loop2: p1 p2 p3
[   64.425511][ T5319] veth0_vlan: entered promiscuous mode
[   64.459574][ T5319] veth1_vlan: entered promiscuous mode
[   64.489432][ T5319] veth0_macvtap: entered promiscuous mode
[   64.499014][ T5319] veth1_macvtap: entered promiscuous mode
[   64.519541][ T5437] loop2: detected capacity change from 0 to 764
[   64.527324][ T5437] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   64.544409][ T5319] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.569795][ T5319] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.596935][ T5319] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.605879][ T5319] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.614747][ T5319] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.623502][ T5319] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.673607][ T5443] netlink: 'syz.6.496': attribute type 4 has an invalid length.
[   64.698377][ T5443] netlink: 'syz.6.496': attribute type 4 has an invalid length.
[   64.790727][ T5441] C: renamed from team_slave_0
[   64.797885][ T5451] loop6: detected capacity change from 0 to 256
[   64.806419][ T5441] netlink: 'syz.2.495': attribute type 3 has an invalid length.
[   64.814130][ T5441] netlink: 152 bytes leftover after parsing attributes in process `syz.2.495'.
[   64.823316][ T5441] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   64.854292][ T5451] FAT-fs (loop6): Directory bread(block 64) failed
[   64.865810][ T5451] FAT-fs (loop6): Directory bread(block 65) failed
[   64.872764][ T5451] FAT-fs (loop6): Directory bread(block 66) failed
[   64.879421][ T5451] FAT-fs (loop6): Directory bread(block 67) failed
[   64.896672][ T5451] FAT-fs (loop6): Directory bread(block 68) failed
[   64.903624][ T5451] FAT-fs (loop6): Directory bread(block 69) failed
[   64.923716][ T5451] FAT-fs (loop6): Directory bread(block 70) failed
[   64.930287][ T5451] FAT-fs (loop6): Directory bread(block 71) failed
[   64.937304][ T5451] FAT-fs (loop6): Directory bread(block 72) failed
[   64.944177][ T5451] FAT-fs (loop6): Directory bread(block 73) failed
[   64.986542][ T5451] bio_check_eod: 11 callbacks suppressed
[   64.986635][ T5451] syz.6.498: attempt to access beyond end of device
[   64.986635][ T5451] loop6: rw=0, sector=1768, nr_sectors = 4 limit=256
[   65.041928][ T5451] syzkaller1: entered promiscuous mode
[   65.047448][ T5451] syzkaller1: entered allmulticast mode
[   65.642865][ T5484] loop7: detected capacity change from 0 to 164
[   65.663336][ T5484] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   65.664359][ T5483] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   65.664516][ T5483] Symlink component flag not implemented
[   65.664530][ T5483] Symlink component flag not implemented
[   65.749129][ T5486] loop7: detected capacity change from 0 to 512
[   65.766330][ T5477] syz.2.503 invoked oom-killer: gfp_mask=0x402d02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN|__GFP_ACCOUNT), order=0, oom_score_adj=1000
[   65.780878][ T5477] CPU: 0 UID: 0 PID: 5477 Comm: syz.2.503 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   65.780932][ T5477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   65.780940][ T5477] Call Trace:
[   65.780943][ T5477]  <TASK>
[   65.780948][ T5477]  __dump_stack+0x1d/0x30
[   65.780962][ T5477]  dump_stack_lvl+0xe8/0x140
[   65.781032][ T5477]  dump_stack+0x15/0x1b
[   65.781059][ T5477]  dump_header+0x81/0x220
[   65.781116][ T5477]  oom_kill_process+0x334/0x3f0
[   65.781134][ T5477]  out_of_memory+0x979/0xb80
[   65.781229][ T5477]  try_charge_memcg+0x5e6/0x9e0
[   65.781245][ T5477]  obj_cgroup_charge_pages+0xa6/0x150
[   65.781314][ T5477]  __memcg_kmem_charge_page+0x9f/0x170
[   65.781331][ T5477]  __alloc_frozen_pages_noprof+0x188/0x360
[   65.781352][ T5477]  alloc_pages_mpol+0xb3/0x250
[   65.781370][ T5477]  alloc_pages_noprof+0x90/0x130
[   65.781546][ T5477]  __vmalloc_node_range_noprof+0x6f2/0xe00
[   65.781571][ T5477]  __kvmalloc_node_noprof+0x30f/0x4e0
[   65.781624][ T5477]  ? ip_set_alloc+0x1f/0x30
[   65.781640][ T5477]  ? ip_set_alloc+0x1f/0x30
[   65.781655][ T5477]  ? __kmalloc_cache_noprof+0x189/0x320
[   65.781671][ T5477]  ip_set_alloc+0x1f/0x30
[   65.781698][ T5477]  hash_netiface_create+0x282/0x740
[   65.781717][ T5477]  ? __pfx_hash_netiface_create+0x10/0x10
[   65.781806][ T5477]  ip_set_create+0x3c9/0x960
[   65.781858][ T5477]  ? __nla_parse+0x40/0x60
[   65.781869][ T5477]  nfnetlink_rcv_msg+0x4c3/0x590
[   65.781945][ T5477]  ? selinux_capable+0x1f9/0x270
[   65.781963][ T5477]  netlink_rcv_skb+0x120/0x220
[   65.781980][ T5477]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   65.782023][ T5477]  nfnetlink_rcv+0x16b/0x1690
[   65.782101][ T5477]  ? mas_wr_walk_descend+0x36e/0x470
[   65.782158][ T5477]  ? mas_wr_store_type+0x630/0xd30
[   65.782176][ T5477]  ? mas_store_prealloc+0x77b/0x9e0
[   65.782194][ T5477]  ? __rb_insert_augmented+0x76/0x2c0
[   65.782211][ T5477]  ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10
[   65.782356][ T5477]  ? should_fail_ex+0x30/0x280
[   65.782428][ T5477]  ? selinux_nlmsg_lookup+0x99/0x890
[   65.782447][ T5477]  ? selinux_netlink_send+0x59f/0x5f0
[   65.782464][ T5477]  ? __rcu_read_unlock+0x34/0x70
[   65.782476][ T5477]  ? __netlink_lookup+0x266/0x2a0
[   65.782537][ T5477]  netlink_unicast+0x59e/0x670
[   65.782600][ T5477]  netlink_sendmsg+0x58b/0x6b0
[   65.782685][ T5477]  ? __pfx_netlink_sendmsg+0x10/0x10
[   65.782696][ T5477]  __sock_sendmsg+0x142/0x180
[   65.782837][ T5477]  ____sys_sendmsg+0x31e/0x4e0
[   65.782857][ T5477]  ___sys_sendmsg+0x17b/0x1d0
[   65.782883][ T5477]  __x64_sys_sendmsg+0xd4/0x160
[   65.782958][ T5477]  x64_sys_call+0x2999/0x2fb0
[   65.782970][ T5477]  do_syscall_64+0xd2/0x200
[   65.782981][ T5477]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   65.783009][ T5477]  ? clear_bhb_loop+0x40/0x90
[   65.783021][ T5477]  ? clear_bhb_loop+0x40/0x90
[   65.783033][ T5477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   65.783048][ T5477] RIP: 0033:0x7f71b116e929
[   65.783131][ T5477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   65.783141][ T5477] RSP: 002b:00007f71af7b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   65.783153][ T5477] RAX: ffffffffffffffda RBX: 00007f71b1396080 RCX: 00007f71b116e929
[   65.783175][ T5477] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[   65.783182][ T5477] RBP: 00007f71b11f0b39 R08: 0000000000000000 R09: 0000000000000000
[   65.783189][ T5477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   65.783196][ T5477] R13: 0000000000000000 R14: 00007f71b1396080 R15: 00007ffe3366dcb8
[   65.783206][ T5477]  </TASK>
[   65.783210][ T5477] memory: usage 307200kB, limit 307200kB, failcnt 370
[   65.881856][ T5486] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   65.882378][ T5477] memory+swap: usage 307288kB, limit 9007199254740988kB, failcnt 0
[   65.886849][ T5486] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   65.891263][ T5477] kmem: usage 303544kB, limit 9007199254740988kB, failcnt 0
[   65.891278][ T5477] Memory cgroup stats for /syz2
[   65.899003][ T5486] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   65.901201][ T5477] :
[   65.961817][ T5477] cache 3522560
[   65.999376][ T5477] rss 221184
[   65.999384][ T5477] shmem 3481600
[   65.999390][ T5477] mapped_file 3522560
[   65.999396][ T5477] dirty 8192
[   65.999402][ T5477] writeback 0
[   65.999407][ T5477] workingset_refault_anon 0
[   65.999414][ T5477] workingset_refault_file 79
[   65.999420][ T5477] swap 90112
[   65.999426][ T5477] swapcached 0
[   65.999431][ T5477] pgpgin 45492
[   65.999437][ T5477] pgpgout 44578
[   66.100537][   T29] kauditd_printk_skb: 178 callbacks suppressed
[   66.100552][   T29] audit: type=1400 audit(1750773071.398:1787): avc:  denied  { ioctl } for  pid=5490 comm="syz.7.507" path="/dev/rtc0" dev="devtmpfs" ino=244 ioctlcmd=0x700a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   66.105542][ T5477] pgfault 34691
[   66.124776][   T29] audit: type=1326 audit(1750773071.478:1788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5490 comm="syz.7.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f420045e929 code=0x7ffc0000
[   66.129345][ T5477] pgmajfault 10
[   66.177564][   T29] audit: type=1326 audit(1750773071.498:1789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5490 comm="syz.7.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f420045e929 code=0x7ffc0000
[   66.177931][ T5477] inactive_anon 491520
[   66.185106][   T29] audit: type=1326 audit(1750773071.498:1790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5490 comm="syz.7.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f420045e929 code=0x7ffc0000
[   66.185132][   T29] audit: type=1326 audit(1750773071.498:1791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5490 comm="syz.7.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f420045e929 code=0x7ffc0000
[   66.189956][ T5477] active_anon 3211264
[   66.189968][ T5477] inactive_file 0
[   66.198923][   T29] audit: type=1326 audit(1750773071.498:1792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5490 comm="syz.7.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f420045e929 code=0x7ffc0000
[   66.201460][ T5477] active_file 40960
[   66.204855][   T29] audit: type=1326 audit(1750773071.498:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5490 comm="syz.7.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f420045e929 code=0x7ffc0000
[   66.208032][ T5477] unevictable 0
[   66.208041][ T5477] hierarchical_memory_limit 314572800
[   66.211527][   T29] audit: type=1326 audit(1750773071.498:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5490 comm="syz.7.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f420045e929 code=0x7ffc0000
[   66.215486][ T5477] hierarchical_memsw_limit 9223372036854771712
[   66.215496][ T5477] total_cache 3522560
[   66.218673][   T29] audit: type=1326 audit(1750773071.498:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5490 comm="syz.7.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f420045e929 code=0x7ffc0000
[   66.218697][   T29] audit: type=1326 audit(1750773071.498:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5490 comm="syz.7.507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f420045e929 code=0x7ffc0000
[   66.528013][ T5477] total_rss 221184
[   66.531781][ T5477] total_shmem 3481600
[   66.535752][ T5477] total_mapped_file 3522560
[   66.540240][ T5477] total_dirty 8192
[   66.543988][ T5477] total_writeback 0
[   66.547788][ T5477] total_workingset_refault_anon 0
[   66.552843][ T5477] total_workingset_refault_file 79
[   66.557949][ T5477] total_swap 90112
[   66.561697][ T5477] total_swapcached 0
[   66.565622][ T5477] total_pgpgin 45492
[   66.569511][ T5477] total_pgpgout 44578
[   66.573595][ T5477] total_pgfault 34691
[   66.577574][ T5477] total_pgmajfault 10
[   66.581737][ T5477] total_inactive_anon 491520
[   66.586320][ T5477] total_active_anon 3211264
[   66.590851][ T5477] total_inactive_file 0
[   66.595050][ T5477] total_active_file 40960
[   66.599406][ T5477] total_unevictable 0
[   66.603418][ T5477] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.503,pid=5475,uid=0
[   66.617993][ T5477] Memory cgroup out of memory: Killed process 5477 (syz.2.503) total-vm:93884kB, anon-rss:936kB, file-rss:22440kB, shmem-rss:3456kB, UID:0 pgtables:152kB oom_score_adj:1000
[   66.781415][ T5477] syz.2.503 (5477) used greatest stack depth: 7592 bytes left
[   66.800321][ T5497] vlan0: entered allmulticast mode
[   66.853526][ T5501] loop2: detected capacity change from 0 to 164
[   66.864073][ T5501] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   66.876084][ T5501] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   66.889974][ T5501] Symlink component flag not implemented
[   66.895816][ T5501] Symlink component flag not implemented
[   66.910566][ T5501] Symlink component flag not implemented (7)
[   66.916669][ T5501] Symlink component flag not implemented (116)
[   66.937319][ T5504] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   66.946345][ T5503] netlink: 112 bytes leftover after parsing attributes in process `syz.4.512'.
[   66.989316][ T5507] loop6: detected capacity change from 0 to 512
[   66.996714][ T5507] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   67.009275][ T5507] EXT4-fs (loop6): orphan cleanup on readonly fs
[   67.019727][ T5507] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.513: Failed to acquire dquot type 1
[   67.032021][ T5507] EXT4-fs (loop6): 1 truncate cleaned up
[   67.040959][ T5507] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   67.134254][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.754715][ T5541] syzkaller0: entered promiscuous mode
[   67.760277][ T5541] syzkaller0: entered allmulticast mode
[   68.014489][ T5549] loop6: detected capacity change from 0 to 128
[   68.031106][ T5549] /dev/loop6: Can't open blockdev
[   68.110184][ T5551] netlink: 4 bytes leftover after parsing attributes in process `syz.3.526'.
[   68.178549][ T5555] syzkaller0: entered promiscuous mode
[   68.184166][ T5555] syzkaller0: entered allmulticast mode
[   68.878988][ T5573] loop4: detected capacity change from 0 to 1024
[   68.886547][ T5573] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   68.897461][ T5573] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   68.908343][ T5573] JBD2: no valid journal superblock found
[   68.914256][ T5573] EXT4-fs (loop4): Could not load journal inode
[   68.999060][ T5580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.536'.
[   69.045561][ T5586] FAULT_INJECTION: forcing a failure.
[   69.045561][ T5586] name failslab, interval 1, probability 0, space 0, times 0
[   69.058466][ T5586] CPU: 0 UID: 0 PID: 5586 Comm: syz.2.537 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   69.058511][ T5586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   69.058525][ T5586] Call Trace:
[   69.058531][ T5586]  <TASK>
[   69.058539][ T5586]  __dump_stack+0x1d/0x30
[   69.058634][ T5586]  dump_stack_lvl+0xe8/0x140
[   69.058652][ T5586]  dump_stack+0x15/0x1b
[   69.058667][ T5586]  should_fail_ex+0x265/0x280
[   69.058693][ T5586]  ? audit_log_d_path+0x8d/0x150
[   69.058735][ T5586]  should_failslab+0x8c/0xb0
[   69.058755][ T5586]  __kmalloc_cache_noprof+0x4c/0x320
[   69.058853][ T5586]  audit_log_d_path+0x8d/0x150
[   69.058925][ T5586]  audit_log_d_path_exe+0x42/0x70
[   69.058952][ T5586]  audit_log_task+0x1e9/0x250
[   69.058995][ T5586]  audit_seccomp+0x61/0x100
[   69.059018][ T5586]  ? __seccomp_filter+0x68c/0x10d0
[   69.059040][ T5586]  __seccomp_filter+0x69d/0x10d0
[   69.059061][ T5586]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   69.059116][ T5586]  ? vfs_write+0x75e/0x8e0
[   69.059205][ T5586]  ? __rcu_read_unlock+0x4f/0x70
[   69.059227][ T5586]  ? __fget_files+0x184/0x1c0
[   69.059251][ T5586]  __secure_computing+0x82/0x150
[   69.059339][ T5586]  syscall_trace_enter+0xcf/0x1e0
[   69.059362][ T5586]  do_syscall_64+0xac/0x200
[   69.059381][ T5586]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   69.059407][ T5586]  ? clear_bhb_loop+0x40/0x90
[   69.059428][ T5586]  ? clear_bhb_loop+0x40/0x90
[   69.059523][ T5586]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.059545][ T5586] RIP: 0033:0x7f71b116e929
[   69.059558][ T5586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.059653][ T5586] RSP: 002b:00007f71af7d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000119
[   69.059671][ T5586] RAX: ffffffffffffffda RBX: 00007f71b1395fa0 RCX: 00007f71b116e929
[   69.059682][ T5586] RDX: 0000000000000001 RSI: 0000200000000580 RDI: 0000000000000003
[   69.059693][ T5586] RBP: 00007f71af7d7090 R08: 0000000000000000 R09: 0000000000000000
[   69.059703][ T5586] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[   69.059714][ T5586] R13: 0000000000000000 R14: 00007f71b1395fa0 R15: 00007ffe3366dcb8
[   69.059826][ T5586]  </TASK>
[   69.283921][ T5583] netlink: 'syz.6.538': attribute type 298 has an invalid length.
[   69.400224][ T5593] syzkaller0: entered promiscuous mode
[   69.405785][ T5593] syzkaller0: entered allmulticast mode
[   69.472731][ T5598] loop4: detected capacity change from 0 to 164
[   69.551163][ T5598] syz.4.543: attempt to access beyond end of device
[   69.551163][ T5598] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   69.587975][ T5598] syz.4.543: attempt to access beyond end of device
[   69.587975][ T5598] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[   69.762344][ T5605] netlink: 'syz.4.544': attribute type 39 has an invalid length.
[   69.777758][ T5607] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   69.811037][ T5608] FAULT_INJECTION: forcing a failure.
[   69.811037][ T5608] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   69.824232][ T5608] CPU: 0 UID: 0 PID: 5608 Comm: syz.4.544 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   69.824258][ T5608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   69.824278][ T5608] Call Trace:
[   69.824285][ T5608]  <TASK>
[   69.824291][ T5608]  __dump_stack+0x1d/0x30
[   69.824312][ T5608]  dump_stack_lvl+0xe8/0x140
[   69.824330][ T5608]  dump_stack+0x15/0x1b
[   69.824363][ T5608]  should_fail_ex+0x265/0x280
[   69.824380][ T5608]  should_fail+0xb/0x20
[   69.824395][ T5608]  should_fail_usercopy+0x1a/0x20
[   69.824435][ T5608]  _copy_from_user+0x1c/0xb0
[   69.824508][ T5608]  kstrtouint_from_user+0x69/0xf0
[   69.824524][ T5608]  ? 0xffffffff81000000
[   69.824532][ T5608]  ? selinux_file_permission+0x1e4/0x320
[   69.824549][ T5608]  proc_fail_nth_write+0x50/0x160
[   69.824560][ T5608]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   69.824579][ T5608]  vfs_write+0x266/0x8e0
[   69.824656][ T5608]  ? __rcu_read_unlock+0x4f/0x70
[   69.824668][ T5608]  ? __fget_files+0x184/0x1c0
[   69.824681][ T5608]  ksys_write+0xda/0x1a0
[   69.824698][ T5608]  __x64_sys_write+0x40/0x50
[   69.824739][ T5608]  x64_sys_call+0x2cdd/0x2fb0
[   69.824751][ T5608]  do_syscall_64+0xd2/0x200
[   69.824762][ T5608]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   69.824797][ T5608]  ? clear_bhb_loop+0x40/0x90
[   69.824852][ T5608]  ? clear_bhb_loop+0x40/0x90
[   69.824863][ T5608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.824875][ T5608] RIP: 0033:0x7f94795dd3df
[   69.824884][ T5608] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   69.824894][ T5608] RSP: 002b:00007f9477c26030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   69.824954][ T5608] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f94795dd3df
[   69.824961][ T5608] RDX: 0000000000000001 RSI: 00007f9477c260a0 RDI: 000000000000000a
[   69.824968][ T5608] RBP: 00007f9477c26090 R08: 0000000000000000 R09: 0000000000000000
[   69.824975][ T5608] R10: 0000000000000020 R11: 0000000000000293 R12: 0000000000000001
[   69.824982][ T5608] R13: 0000000000000001 R14: 00007f9479806080 R15: 00007ffe5366a4e8
[   69.824992][ T5608]  </TASK>
[   69.826383][ T5609] loop7: detected capacity change from 0 to 128
[   70.059938][ T5607] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.099832][ T5611] netlink: 'syz.3.546': attribute type 10 has an invalid length.
[   70.108047][ T5611] netlink: 40 bytes leftover after parsing attributes in process `syz.3.546'.
[   70.141034][ T5607] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.160058][ T5617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   70.169023][ T5617] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   70.194003][ T5607] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.213849][ T5624] netlink: 4 bytes leftover after parsing attributes in process `syz.4.550'.
[   70.238624][ T5625] netlink: 332 bytes leftover after parsing attributes in process `syz.3.549'.
[   70.258469][ T5607] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.269407][ T5607] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.283851][ T5607] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.292536][ T5624] loop4: detected capacity change from 0 to 128
[   70.296630][ T5607] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.315651][ T5632] loop6: detected capacity change from 0 to 512
[   70.354795][ T5635] netlink: 'syz.3.553': attribute type 4 has an invalid length.
[   70.370898][ T5635] netlink: 'syz.3.553': attribute type 4 has an invalid length.
[   70.383082][ T5632] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.552: bg 0: block 131: padding at end of block bitmap is not set
[   70.409774][ T5632] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   70.420907][ T5632] EXT4-fs (loop6): 1 truncate cleaned up
[   70.427084][ T5632] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.476545][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.597836][ T5661] netlink: 40 bytes leftover after parsing attributes in process `+}[@'.
[   70.609866][ T5661] netlink: 268 bytes leftover after parsing attributes in process `+}[@'.
[   70.618728][ T5661] unsupported nla_type 65024
[   70.625362][ T5661] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO
[   70.654258][ T5659] syzkaller0: entered promiscuous mode
[   70.659806][ T5659] syzkaller0: entered allmulticast mode
[   70.666505][ T5665] netlink: 24 bytes leftover after parsing attributes in process `syz.4.564'.
[   70.676636][ T5653] sch_tbf: burst 3298 is lower than device lo mtu (11337746) !
[   70.702788][ T5665] netlink: 4 bytes leftover after parsing attributes in process `syz.4.564'.
[   70.808907][ T5670] loop6: detected capacity change from 0 to 512
[   70.818213][ T5670] ext4: Unknown parameter 'measure'
[   70.858217][ T5670] SELinux:  Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped).
[   70.879269][ T5670] loop6: detected capacity change from 0 to 512
[   70.902793][ T5670] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.915803][ T5670] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.928691][ T5670] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.566: Failed to acquire dquot type 1
[   70.953623][ T5670] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.965011][ T5675] netlink: 'syz.4.567': attribute type 1 has an invalid length.
[   71.011335][ T5679] netlink: 'syz.6.569': attribute type 4 has an invalid length.
[   71.022377][ T5679] netlink: 'syz.6.569': attribute type 4 has an invalid length.
[   71.065715][ T5681] vhci_hcd: invalid port number 216
[   71.071072][ T5681] vhci_hcd: default hub control req: 8015 v0004 i00d8 l0
[   71.115336][ T5685] loop4: detected capacity change from 0 to 1024
[   71.125138][ T5685] EXT4-fs: Ignoring removed bh option
[   71.130623][ T5685] EXT4-fs: Ignoring removed mblk_io_submit option
[   71.144293][ T5685] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.163706][   T29] kauditd_printk_skb: 259 callbacks suppressed
[   71.163720][   T29] audit: type=1400 audit(1750773076.518:2052): avc:  denied  { setattr } for  pid=5684 comm="syz.4.572" name="blkio.bfq.io_queued_recursive" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   71.219107][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.236433][ T5694] loop2: detected capacity change from 0 to 128
[   71.265622][ T5697] loop4: detected capacity change from 0 to 764
[   71.285155][ T5697] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   71.355953][ T5707] netlink: 'syz.6.580': attribute type 4 has an invalid length.
[   71.375279][ T5707] netlink: 'syz.6.580': attribute type 4 has an invalid length.
[   71.422394][   T29] audit: type=1326 audit(1750773076.778:2053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5712 comm="syz.6.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   71.470556][   T29] audit: type=1326 audit(1750773076.778:2054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5712 comm="syz.6.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   71.493936][   T29] audit: type=1326 audit(1750773076.778:2055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5712 comm="syz.6.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   71.517478][   T29] audit: type=1326 audit(1750773076.778:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5712 comm="syz.6.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   71.541118][   T29] audit: type=1326 audit(1750773076.778:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5712 comm="syz.6.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   71.564654][   T29] audit: type=1326 audit(1750773076.778:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5712 comm="syz.6.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   71.588243][   T29] audit: type=1326 audit(1750773076.778:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5712 comm="syz.6.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   71.627805][   T29] audit: type=1400 audit(1750773076.848:2060): avc:  denied  { module_load } for  pid=5719 comm="+}[@" path="/sys/power/wakeup_count" dev="sysfs" ino=216 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[   71.643423][ T5725] IPVS: Error connecting to the multicast addr
[   71.828172][ T5746] loop6: detected capacity change from 0 to 1024
[   71.846629][ T5746] EXT4-fs: Ignoring removed nobh option
[   71.852415][ T5746] EXT4-fs: Ignoring removed bh option
[   71.882644][ T5746] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   71.951335][   T29] audit: type=1326 audit(1750773077.308:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5748 comm="syz.2.595" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f71b116e929 code=0x0
[   71.979333][ T5746] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4113: comm syz.6.594: Allocating blocks 449-513 which overlap fs metadata
[   71.995584][ T5761] netlink: 28 bytes leftover after parsing attributes in process `syz.3.597'.
[   72.026664][ T5744] EXT4-fs (loop6): pa ffff888106e871c0: logic 48, phys. 177, len 21
[   72.034870][ T5744] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   72.076459][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.169505][ T5774] loop6: detected capacity change from 0 to 764
[   72.184061][ T5774] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   72.387117][ T5787] loop6: detected capacity change from 0 to 512
[   72.394858][ T5787] ext4: Unknown parameter 'measure'
[   72.522960][ T5725] syz.4.586 (5725) used greatest stack depth: 5904 bytes left
[   72.605305][ T5795] loop4: detected capacity change from 0 to 512
[   72.611951][ T5795] EXT4-fs: Ignoring removed nobh option
[   72.622693][ T5795] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   72.634330][ T5795] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it
[   72.644476][ T5795] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.611: Corrupt directory, running e2fsck is recommended
[   72.658830][ T5795] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[   72.667381][ T5795] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.611: corrupted in-inode xattr: invalid ea_ino
[   72.688052][ T5795] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.611: couldn't read orphan inode 15 (err -117)
[   72.702568][ T5795] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   72.710531][ T5800] FAULT_INJECTION: forcing a failure.
[   72.710531][ T5800] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   72.728090][ T5800] CPU: 1 UID: 0 PID: 5800 Comm: syz.2.612 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   72.728116][ T5800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   72.728129][ T5800] Call Trace:
[   72.728136][ T5800]  <TASK>
[   72.728192][ T5800]  __dump_stack+0x1d/0x30
[   72.728211][ T5800]  dump_stack_lvl+0xe8/0x140
[   72.728230][ T5800]  dump_stack+0x15/0x1b
[   72.728317][ T5800]  should_fail_ex+0x265/0x280
[   72.728350][ T5800]  should_fail+0xb/0x20
[   72.728376][ T5800]  should_fail_usercopy+0x1a/0x20
[   72.728434][ T5800]  _copy_to_user+0x20/0xa0
[   72.728455][ T5800]  simple_read_from_buffer+0xb5/0x130
[   72.728483][ T5800]  proc_fail_nth_read+0x100/0x140
[   72.728536][ T5800]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   72.728638][ T5800]  vfs_read+0x19d/0x6f0
[   72.728667][ T5800]  ? __rcu_read_unlock+0x4f/0x70
[   72.728736][ T5800]  ? __rcu_read_unlock+0x4f/0x70
[   72.728808][ T5800]  ? __fget_files+0x184/0x1c0
[   72.728826][ T5800]  ksys_read+0xda/0x1a0
[   72.728900][ T5800]  __x64_sys_read+0x40/0x50
[   72.728930][ T5800]  x64_sys_call+0x2d77/0x2fb0
[   72.728950][ T5800]  do_syscall_64+0xd2/0x200
[   72.728969][ T5800]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   72.728995][ T5800]  ? clear_bhb_loop+0x40/0x90
[   72.729015][ T5800]  ? clear_bhb_loop+0x40/0x90
[   72.729099][ T5800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.729120][ T5800] RIP: 0033:0x7f71b116d33c
[   72.729205][ T5800] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   72.729224][ T5800] RSP: 002b:00007f71af7d7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   72.729244][ T5800] RAX: ffffffffffffffda RBX: 00007f71b1395fa0 RCX: 00007f71b116d33c
[   72.729257][ T5800] RDX: 000000000000000f RSI: 00007f71af7d70a0 RDI: 0000000000000008
[   72.729268][ T5800] RBP: 00007f71af7d7090 R08: 0000000000000000 R09: 0000000000000000
[   72.729346][ T5800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   72.729382][ T5800] R13: 0000000000000000 R14: 00007f71b1395fa0 R15: 00007ffe3366dcb8
[   72.729397][ T5800]  </TASK>
[   72.943531][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.274530][ T5826] netlink: 148 bytes leftover after parsing attributes in process `syz.3.621'.
[   73.336370][ T5830] FAULT_INJECTION: forcing a failure.
[   73.336370][ T5830] name failslab, interval 1, probability 0, space 0, times 0
[   73.349258][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: syz.6.623 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   73.349287][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   73.349294][ T5830] Call Trace:
[   73.349297][ T5830]  <TASK>
[   73.349302][ T5830]  __dump_stack+0x1d/0x30
[   73.349316][ T5830]  dump_stack_lvl+0xe8/0x140
[   73.349327][ T5830]  dump_stack+0x15/0x1b
[   73.349336][ T5830]  should_fail_ex+0x265/0x280
[   73.349424][ T5830]  should_failslab+0x8c/0xb0
[   73.349438][ T5830]  __kmalloc_noprof+0xa5/0x3e0
[   73.349454][ T5830]  ? iovec_from_user+0x84/0x210
[   73.349466][ T5830]  ? rep_movs_alternative+0xf/0x90
[   73.349535][ T5830]  iovec_from_user+0x84/0x210
[   73.349729][ T5830]  __import_iovec+0xf3/0x540
[   73.349741][ T5830]  ? __rcu_read_unlock+0x4f/0x70
[   73.349754][ T5830]  import_iovec+0x61/0x80
[   73.349812][ T5830]  __se_sys_vmsplice+0x165/0x10f0
[   73.349829][ T5830]  ? kernelmode_fixup_or_oops+0x59/0xb0
[   73.349861][ T5830]  ? copy_from_user_nofault+0xa2/0x120
[   73.349873][ T5830]  ? sized_strscpy+0x193/0x1a0
[   73.349946][ T5830]  ? __bpf_trace_sys_enter+0x10/0x30
[   73.350000][ T5830]  __x64_sys_vmsplice+0x55/0x70
[   73.350016][ T5830]  x64_sys_call+0x2f45/0x2fb0
[   73.350028][ T5830]  do_syscall_64+0xd2/0x200
[   73.350065][ T5830]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.350079][ T5830]  ? clear_bhb_loop+0x40/0x90
[   73.350091][ T5830]  ? clear_bhb_loop+0x40/0x90
[   73.350103][ T5830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.350114][ T5830] RIP: 0033:0x7f2ada48e929
[   73.350145][ T5830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.350173][ T5830] RSP: 002b:00007f2ad8af7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[   73.350265][ T5830] RAX: ffffffffffffffda RBX: 00007f2ada6b5fa0 RCX: 00007f2ada48e929
[   73.350272][ T5830] RDX: 000000000000000f RSI: 00002000000014c0 RDI: 0000000000000003
[   73.350279][ T5830] RBP: 00007f2ad8af7090 R08: 0000000000000000 R09: 0000000000000000
[   73.350286][ T5830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   73.350293][ T5830] R13: 0000000000000000 R14: 00007f2ada6b5fa0 R15: 00007ffd44c3f4f8
[   73.350303][ T5830]  </TASK>
[   73.588685][ T5835] loop6: detected capacity change from 0 to 512
[   73.605287][ T5835] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.617949][ T5835] ext4 filesystem being mounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   73.685520][ T5838] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.624: bg 0: block 145: padding at end of block bitmap is not set
[   73.808027][ T5840] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[   73.815751][ T5840] FAULT_INJECTION: forcing a failure.
[   73.815751][ T5840] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   73.828853][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz.2.625 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   73.828878][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   73.828902][ T5840] Call Trace:
[   73.828907][ T5840]  <TASK>
[   73.828912][ T5840]  __dump_stack+0x1d/0x30
[   73.828931][ T5840]  dump_stack_lvl+0xe8/0x140
[   73.828949][ T5840]  dump_stack+0x15/0x1b
[   73.828963][ T5840]  should_fail_ex+0x265/0x280
[   73.829049][ T5840]  should_fail+0xb/0x20
[   73.829074][ T5840]  should_fail_usercopy+0x1a/0x20
[   73.829160][ T5840]  _copy_to_user+0x20/0xa0
[   73.829182][ T5840]  simple_read_from_buffer+0xb5/0x130
[   73.829269][ T5840]  proc_fail_nth_read+0x100/0x140
[   73.829369][ T5840]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   73.829434][ T5840]  vfs_read+0x19d/0x6f0
[   73.829464][ T5840]  ? __rcu_read_unlock+0x4f/0x70
[   73.829486][ T5840]  ? __rcu_read_unlock+0x4f/0x70
[   73.829587][ T5840]  ? __fget_files+0x184/0x1c0
[   73.829607][ T5840]  ksys_read+0xda/0x1a0
[   73.829634][ T5840]  __x64_sys_read+0x40/0x50
[   73.829659][ T5840]  x64_sys_call+0x2d77/0x2fb0
[   73.829725][ T5840]  do_syscall_64+0xd2/0x200
[   73.829744][ T5840]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   73.829796][ T5840]  ? clear_bhb_loop+0x40/0x90
[   73.829815][ T5840]  ? clear_bhb_loop+0x40/0x90
[   73.829837][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.829858][ T5840] RIP: 0033:0x7f71b116d33c
[   73.829901][ T5840] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   73.829919][ T5840] RSP: 002b:00007f71af7d7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   73.829939][ T5840] RAX: ffffffffffffffda RBX: 00007f71b1395fa0 RCX: 00007f71b116d33c
[   73.829951][ T5840] RDX: 000000000000000f RSI: 00007f71af7d70a0 RDI: 0000000000000007
[   73.829964][ T5840] RBP: 00007f71af7d7090 R08: 0000000000000000 R09: 0000000000000000
[   73.830033][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.830100][ T5840] R13: 0000000000000000 R14: 00007f71b1395fa0 R15: 00007ffe3366dcb8
[   73.830119][ T5840]  </TASK>
[   74.116314][ T5842] ALSA: seq fatal error: cannot create timer (-19)
[   74.155073][ T5846] SELinux: syz.2.627 (5846) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   74.357042][ T5866] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5866 comm=syz.2.633
[   74.370460][ T5866] netlink: 16 bytes leftover after parsing attributes in process `syz.2.633'.
[   74.382677][ T5868] futex_wake_op: syz.3.634 tries to shift op by -1; fix this program
[   74.429678][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.584430][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.639'.
[   74.696447][ T5895] loop2: detected capacity change from 0 to 164
[   74.712761][ T5895] iso9660: Corrupted directory entry in block 4 of inode 1792
[   74.820283][ T5903] loop6: detected capacity change from 0 to 1024
[   74.830789][ T5903] ext4: Unknown parameter 'nouser_xattr'
[   74.879766][ T5908] loop6: detected capacity change from 0 to 764
[   74.891650][ T5908] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   74.936096][ T5914] loop6: detected capacity change from 0 to 1024
[   74.949350][ T5914] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[   74.963013][ T5914] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002]
[   74.986915][ T5914] System zones: 0-1, 2-3, 4-36, 98-101, 102-102
[   74.993906][ T5914] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   75.013620][ T5914] capability: warning: `syz.6.650' uses deprecated v2 capabilities in a way that may be insecure
[   75.175265][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.202516][ T5927] loop6: detected capacity change from 0 to 1024
[   75.209932][ T5927] ext4: Unknown parameter 'nouser_xattr'
[   75.218672][ T5927] futex_wake_op: syz.6.655 tries to shift op by -1; fix this program
[   75.233051][ T5925] netlink: 12 bytes leftover after parsing attributes in process `syz.7.654'.
[   75.266999][ T5929] validate_nla: 2 callbacks suppressed
[   75.267012][ T5929] netlink: 'syz.6.656': attribute type 13 has an invalid length.
[   75.436160][ T5939] loop7: detected capacity change from 0 to 512
[   75.443219][ T5939] ext4: Unknown parameter 'measure'
[   75.467948][ T5939] loop7: detected capacity change from 0 to 512
[   75.492067][ T5939] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.504839][ T5939] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.516278][ T5939] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.660: Failed to acquire dquot type 1
[   75.541830][ T5939] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.564736][ T5944] loop2: detected capacity change from 0 to 764
[   75.575284][ T5944] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   75.607102][ T5945] syzkaller0: entered promiscuous mode
[   75.612837][ T5945] syzkaller0: entered allmulticast mode
[   75.660245][ T5950] xt_CT: No such helper "netbios-ns"
[   76.051256][ T5961] netlink: 32 bytes leftover after parsing attributes in process `syz.3.667'.
[   76.176879][   T29] kauditd_printk_skb: 241 callbacks suppressed
[   76.176895][   T29] audit: type=1400 audit(1750773081.528:2301): avc:  denied  { create } for  pid=5962 comm="syz.6.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   76.266066][   T29] audit: type=1400 audit(1750773081.598:2302): avc:  denied  { create } for  pid=5966 comm="syz.4.669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   76.285714][   T29] audit: type=1400 audit(1750773081.598:2303): avc:  denied  { sys_module } for  pid=5962 comm="syz.6.668" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   76.306884][   T29] audit: type=1400 audit(1750773081.598:2304): avc:  denied  { bind } for  pid=5966 comm="syz.4.669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   76.326219][   T29] audit: type=1400 audit(1750773081.608:2305): avc:  denied  { listen } for  pid=5966 comm="syz.4.669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   76.345925][   T29] audit: type=1400 audit(1750773081.608:2306): avc:  denied  { connect } for  pid=5966 comm="syz.4.669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   76.365566][   T29] audit: type=1400 audit(1750773081.608:2307): avc:  denied  { write } for  pid=5966 comm="syz.4.669" path="socket:[12085]" dev="sockfs" ino=12085 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   76.388928][   T29] audit: type=1400 audit(1750773081.608:2308): avc:  denied  { accept } for  pid=5966 comm="syz.4.669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   76.408566][   T29] audit: type=1400 audit(1750773081.608:2309): avc:  denied  { write } for  pid=5962 comm="syz.6.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   76.428103][   T29] audit: type=1400 audit(1750773081.608:2310): avc:  denied  { read } for  pid=5966 comm="syz.4.669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   76.468617][ T5976] netlink: 'syz.4.671': attribute type 13 has an invalid length.
[   76.468990][ T5977] loop6: detected capacity change from 0 to 764
[   76.486226][ T5977] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   76.546179][ T5981] loop6: detected capacity change from 0 to 764
[   76.562810][ T5981] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   76.674028][ T5986] netlink: 'syz.6.676': attribute type 4 has an invalid length.
[   76.706926][ T5990] loop2: detected capacity change from 0 to 128
[   76.726794][ T5994] loop6: detected capacity change from 0 to 512
[   76.749099][ T5994] EXT4-fs (loop6): couldn't mount as ext3 due to feature incompatibilities
[   76.786063][ T5994] serio: Serial port ptm0
[   76.807406][ T6001] xt_hashlimit: size too large, truncated to 1048576
[   76.858494][ T6005] syzkaller0: entered promiscuous mode
[   76.864211][ T6005] syzkaller0: entered allmulticast mode
[   77.000964][ T6020] netlink: 'syz.7.689': attribute type 4 has an invalid length.
[   77.027701][ T6025] netlink: 'syz.6.688': attribute type 13 has an invalid length.
[   77.048008][ T6028] netlink: 4 bytes leftover after parsing attributes in process `syz.7.693'.
[   77.070919][ T6025] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.078182][ T6025] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.120994][ T6025] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   77.130745][ T6025] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   77.182679][ T6025] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.191820][ T6025] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.200966][ T6025] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.209872][ T6025] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.343994][ T6042] loop4: detected capacity change from 0 to 512
[   77.359542][ T6042] EXT4-fs: Ignoring removed oldalloc option
[   77.379473][ T6042] EXT4-fs: inline encryption not supported
[   77.404040][ T6042] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[   77.431529][ T6042] EXT4-fs (loop4): 1 truncate cleaned up
[   77.437694][ T6042] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.504534][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.553145][ T6051] netlink: 'syz.4.699': attribute type 3 has an invalid length.
[   77.854857][ T6059] loop6: detected capacity change from 0 to 512
[   77.866133][ T6059] ext4: Unknown parameter 'measure'
[   77.910828][ T6061] netlink: 'syz.2.703': attribute type 4 has an invalid length.
[   77.934620][ T6059] loop6: detected capacity change from 0 to 512
[   77.954380][ T6059] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   77.975297][ T6059] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   77.988925][ T6065] netlink: 12 bytes leftover after parsing attributes in process `syz.2.704'.
[   78.000060][ T6059] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.702: Failed to acquire dquot type 1
[   78.017893][ T6065] 8021q: adding VLAN 0 to HW filter on device bond2
[   78.033378][ T6059] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.141536][ T6078] loop7: detected capacity change from 0 to 512
[   78.176826][ T6078] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.189817][ T6078] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   78.218463][ T6078] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.708: bg 0: block 145: padding at end of block bitmap is not set
[   78.234866][ T6089] loop6: detected capacity change from 0 to 1024
[   78.244399][ T6089] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.711: Failed to acquire dquot type 0
[   78.256599][ T6089] EXT4-fs error (device loop6): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[   78.272040][ T6089] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #13: comm syz.6.711: corrupted inode contents
[   78.284663][ T6089] EXT4-fs error (device loop6): ext4_dirty_inode:6459: inode #13: comm syz.6.711: mark_inode_dirty error
[   78.299380][ T6089] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #13: comm syz.6.711: corrupted inode contents
[   78.312256][ T6089] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #13: comm syz.6.711: mark_inode_dirty error
[   78.323918][ T6089] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #13: comm syz.6.711: corrupted inode contents
[   78.336966][ T6089] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem
[   78.345905][ T6089] EXT4-fs error (device loop6): ext4_do_update_inode:5568: inode #13: comm syz.6.711: corrupted inode contents
[   78.346223][ T5319] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.358322][ T6089] EXT4-fs error (device loop6): ext4_truncate:4597: inode #13: comm syz.6.711: mark_inode_dirty error
[   78.378332][ T6089] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem
[   78.408180][ T6089] EXT4-fs (loop6): 1 truncate cleaned up
[   78.423534][ T6089] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.439795][ T6101] netlink: 'syz.3.714': attribute type 4 has an invalid length.
[   78.456294][ T6099] xt_TPROXY: Can be used only with -p tcp or -p udp
[   78.468505][ T6103] netlink: 'syz.4.715': attribute type 13 has an invalid length.
[   78.496730][ T6089] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   78.519320][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.603998][ T6114] loop7: detected capacity change from 0 to 128
[   78.736803][ T6123] loop6: detected capacity change from 0 to 4096
[   78.743729][ T6123] EXT4-fs: inline encryption not supported
[   78.752358][ T6123] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.773261][ T6120] EXT4-fs (loop6): shut down requested (2)
[   78.815762][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.825064][ T4110] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started
[   78.873576][ T6128] netlink: 'syz.6.724': attribute type 10 has an invalid length.
[   78.882225][ T6128] batman_adv: batadv0: Adding interface: team0
[   78.888415][ T6128] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.913775][ T6128] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   78.927474][ T6128] netlink: 2 bytes leftover after parsing attributes in process `syz.6.724'.
[   78.936646][ T6128] team0: entered promiscuous mode
[   78.942012][ T6128] team_slave_0: entered promiscuous mode
[   78.947724][ T6128] team_slave_1: entered promiscuous mode
[   78.953964][ T6128] 8021q: adding VLAN 0 to HW filter on device team0
[   78.961181][ T6128] batman_adv: batadv0: Interface activated: team0
[   78.967686][ T6128] batman_adv: batadv0: Interface deactivated: team0
[   78.974395][ T6128] batman_adv: batadv0: Removing interface: team0
[   78.987647][ T6128] bridge0: port 3(team0) entered blocking state
[   78.994076][ T6128] bridge0: port 3(team0) entered disabled state
[   79.000797][ T6128] team0: entered allmulticast mode
[   79.005989][ T6128] team_slave_0: entered allmulticast mode
[   79.011787][ T6128] team_slave_1: entered allmulticast mode
[   79.116475][ T6137] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   79.116475][ T6137]    program syz.6.727 not setting count and/or reply_len properly
[   79.141761][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.6.727'.
[   79.289847][ T6148] netlink: 28 bytes leftover after parsing attributes in process `syz.4.731'.
[   79.301611][ T6148] sg_write: data in/out 54625/14 bytes for SCSI command 0x0-- guessing data in;
[   79.301611][ T6148]    program syz.4.731 not setting count and/or reply_len properly
[   79.490974][ T6153] infiniband syz0: set active
[   79.495695][ T6153] infiniband syz0: added bond_slave_1
[   79.516920][ T6153] RDS/IB: syz0: added
[   79.523602][ T6153] smc: adding ib device syz0 with port count 1
[   79.529793][ T6153] smc:    ib device syz0 port 1 has pnetid 
[   79.788347][ T6163] loop7: detected capacity change from 0 to 1024
[   79.798044][ T6163] EXT4-fs: Ignoring removed orlov option
[   79.814818][ T6163] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.847032][ T5319] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.937768][ T6177] syzkaller0: entered promiscuous mode
[   79.943351][ T6177] syzkaller0: entered allmulticast mode
[   80.011383][ T6183] serio: Serial port ptm1
[   80.055547][ T6185] netlink: 68 bytes leftover after parsing attributes in process `syz.6.744'.
[   80.189309][ T6194] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[   80.196014][ T6194] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   80.203662][ T6194] vhci_hcd vhci_hcd.0: Device attached
[   80.213029][ T6197] vhci_hcd: connection closed
[   80.213369][ T4106] vhci_hcd: stop threads
[   80.222365][ T4106] vhci_hcd: release socket
[   80.226779][ T4106] vhci_hcd: disconnect device
[   80.415533][ T6216] loop6: detected capacity change from 0 to 512
[   80.424273][ T6216] ext4: Unknown parameter 'measure'
[   80.432756][ T6218] netlink: 36 bytes leftover after parsing attributes in process `syz.4.755'.
[   80.455751][ T6216] loop6: detected capacity change from 0 to 512
[   80.473249][ T6216] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   80.486013][ T6216] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   80.497421][ T6216] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.754: Failed to acquire dquot type 1
[   80.518450][ T6216] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.670408][ T6231] validate_nla: 4 callbacks suppressed
[   80.670424][ T6231] netlink: 'syz.6.759': attribute type 4 has an invalid length.
[   80.777553][ T6246] loop6: detected capacity change from 0 to 1764
[   80.789026][ T6246] iso9660: Unknown parameter '-c£o­žjj§'
[   80.864771][ T6258] rdma_rxe: rxe_newlink: failed to add bond_slave_1
[   81.057720][ T6283] syzkaller0: entered promiscuous mode
[   81.063312][ T6283] syzkaller0: entered allmulticast mode
[   81.105627][ T6287] netlink: 'syz.3.779': attribute type 21 has an invalid length.
[   81.113410][ T6287] netlink: 128 bytes leftover after parsing attributes in process `syz.3.779'.
[   81.122630][ T6287] netlink: 'syz.3.779': attribute type 4 has an invalid length.
[   81.130420][ T6287] netlink: 'syz.3.779': attribute type 5 has an invalid length.
[   81.138181][ T6287] netlink: 3 bytes leftover after parsing attributes in process `syz.3.779'.
[   81.281794][ T6297] rdma_rxe: rxe_newlink: failed to add bond_slave_1
[   81.337722][ T6303] netlink: 'syz.3.787': attribute type 10 has an invalid length.
[   81.345894][ T6303] batman_adv: batadv0: Adding interface: team0
[   81.352080][ T6303] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.374107][ T6304] loop4: detected capacity change from 0 to 512
[   81.377283][ T6303] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   81.396233][ T6304] EXT4-fs: Ignoring removed oldalloc option
[   81.414251][ T6303] netlink: 'syz.3.787': attribute type 10 has an invalid length.
[   81.417099][ T6304] EXT4-fs: inline encryption not supported
[   81.422049][ T6303] netlink: 2 bytes leftover after parsing attributes in process `syz.3.787'.
[   81.422569][ T6303] team0: entered promiscuous mode
[   81.443980][ T6303] team_slave_0: entered promiscuous mode
[   81.446291][ T6304] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[   81.449750][ T6303] team_slave_1: entered promiscuous mode
[   81.464125][ T6303] 8021q: adding VLAN 0 to HW filter on device team0
[   81.471340][ T6303] batman_adv: batadv0: Interface activated: team0
[   81.474062][ T6304] EXT4-fs (loop4): 1 truncate cleaned up
[   81.477803][ T6303] batman_adv: batadv0: Interface deactivated: team0
[   81.484239][ T6304] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.489994][ T6303] batman_adv: batadv0: Removing interface: team0
[   81.509571][ T6303] bridge0: port 3(team0) entered blocking state
[   81.515918][ T6303] bridge0: port 3(team0) entered disabled state
[   81.522532][ T6303] team0: entered allmulticast mode
[   81.527665][ T6303] team_slave_0: entered allmulticast mode
[   81.533443][ T6303] team_slave_1: entered allmulticast mode
[   81.598301][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.674399][ T6313] syzkaller0: entered promiscuous mode
[   81.679897][ T6313] syzkaller0: entered allmulticast mode
[   81.725506][   T29] kauditd_printk_skb: 327 callbacks suppressed
[   81.725521][   T29] audit: type=1400 audit(1750773087.078:2631): avc:  denied  { execute } for  pid=6323 comm="syz.2.794" name="file0" dev="tmpfs" ino=887 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   81.754347][ T6326] netlink: 36 bytes leftover after parsing attributes in process `syz.3.795'.
[   81.762385][   T29] audit: type=1400 audit(1750773087.078:2632): avc:  denied  { execute_no_trans } for  pid=6323 comm="syz.2.794" path="/163/file0" dev="tmpfs" ino=887 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   81.926526][ T6340] netlink: 'syz.7.799': attribute type 13 has an invalid length.
[   81.969750][ T6340] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.977004][ T6340] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.978169][ T6342] loop6: detected capacity change from 0 to 512
[   81.992412][ T6342] EXT4-fs: Ignoring removed oldalloc option
[   82.017215][ T6342] EXT4-fs: inline encryption not supported
[   82.027543][ T6342] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2
[   82.043271][ T6340] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.054257][ T6340] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.081988][ T6342] EXT4-fs (loop6): 1 truncate cleaned up
[   82.088505][ T6342] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.102848][ T6340] netdevsim netdevsim7 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   82.111496][ T6340] netdevsim netdevsim7 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   82.119880][ T6340] netdevsim netdevsim7 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   82.128422][ T6340] netdevsim netdevsim7 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   82.150100][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.326254][   T29] audit: type=1326 audit(1750773087.678:2633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6355 comm="syz.6.803" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x0
[   82.525465][   T29] audit: type=1400 audit(1750773087.878:2634): avc:  denied  { read write } for  pid=6361 comm="syz.4.804" name="rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   82.527749][ T6362] 9pnet_fd: Insufficient options for proto=fd
[   82.549790][   T29] audit: type=1400 audit(1750773087.878:2635): avc:  denied  { open } for  pid=6361 comm="syz.4.804" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   82.624838][   T29] audit: type=1400 audit(1750773087.978:2636): avc:  denied  { ioctl } for  pid=6363 comm="syz.4.805" path="socket:[14557]" dev="sockfs" ino=14557 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   82.706110][   T29] audit: type=1326 audit(1750773088.058:2637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6375 comm="syz.3.809" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f423b20e929 code=0x0
[   82.775236][ T6378] netlink: 24 bytes leftover after parsing attributes in process `syz.4.810'.
[   82.784981][   T29] audit: type=1400 audit(1750773088.138:2638): avc:  denied  { mounton } for  pid=6377 comm="syz.4.810" path="/proc/419/task" dev="proc" ino=13768 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   82.808994][   T29] audit: type=1400 audit(1750773088.138:2639): avc:  denied  { mount } for  pid=6377 comm="syz.4.810" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   82.860975][ T6389] loop4: detected capacity change from 0 to 764
[   82.868856][ T6389] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   82.946173][   T29] audit: type=1326 audit(1750773088.298:2640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6390 comm="syz.7.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f420045e929 code=0x7ffc0000
[   83.081436][ T6411] netlink: 'syz.4.822': attribute type 7 has an invalid length.
[   83.089169][ T6411] netlink: 'syz.4.822': attribute type 8 has an invalid length.
[   83.116028][ T6411] syzkaller1: entered promiscuous mode
[   83.121595][ T6411] syzkaller1: entered allmulticast mode
[   83.199286][ T6429] loop6: detected capacity change from 0 to 764
[   83.209436][ T6429] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   83.263614][ T6440] loop6: detected capacity change from 0 to 512
[   83.275494][ T6440] EXT4-fs error (device loop6): ext4_iget_extra_inode:5035: inode #15: comm syz.6.829: corrupted in-inode xattr: invalid ea_ino
[   83.289266][ T6440] EXT4-fs error (device loop6): ext4_orphan_get:1398: comm syz.6.829: couldn't read orphan inode 15 (err -117)
[   83.301780][ T6440] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.331695][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.422739][ T6452] hub 4-0:1.0: USB hub found
[   83.427441][ T6452] hub 4-0:1.0: 8 ports detected
[   83.438753][ T6452] wireguard0: entered promiscuous mode
[   83.522021][ T6478] loop4: detected capacity change from 0 to 512
[   83.543060][ T6478] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.835: Parent and EA inode have the same ino 15
[   83.612787][ T6478] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.835: Parent and EA inode have the same ino 15
[   83.627635][ T6495] loop6: detected capacity change from 0 to 764
[   83.644684][ T6495] rock: corrupted directory entry. extent=32, offset=2044, size=237
[   83.654401][ T6478] EXT4-fs (loop4): 1 orphan inode deleted
[   83.671784][ T6478] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.712636][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.274577][ T6523] 9pnet_fd: Insufficient options for proto=fd
[   84.318127][ T6525] FAULT_INJECTION: forcing a failure.
[   84.318127][ T6525] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   84.331597][ T6525] CPU: 1 UID: 0 PID: 6525 Comm: syz.2.846 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   84.331656][ T6525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   84.331668][ T6525] Call Trace:
[   84.331673][ T6525]  <TASK>
[   84.331681][ T6525]  __dump_stack+0x1d/0x30
[   84.331702][ T6525]  dump_stack_lvl+0xe8/0x140
[   84.331855][ T6525]  dump_stack+0x15/0x1b
[   84.331870][ T6525]  should_fail_ex+0x265/0x280
[   84.331899][ T6525]  should_fail_alloc_page+0xf2/0x100
[   84.331963][ T6525]  __alloc_frozen_pages_noprof+0xff/0x360
[   84.331997][ T6525]  alloc_pages_mpol+0xb3/0x250
[   84.332023][ T6525]  alloc_pages_noprof+0x90/0x130
[   84.332130][ T6525]  pte_alloc_one+0x2d/0x120
[   84.332150][ T6525]  __pte_alloc+0x32/0x2b0
[   84.332175][ T6525]  ? mas_state_walk+0x574/0x650
[   84.332204][ T6525]  handle_mm_fault+0x1c16/0x2be0
[   84.332245][ T6525]  ? mas_walk+0xf2/0x120
[   84.332272][ T6525]  do_user_addr_fault+0x636/0x1090
[   84.332478][ T6525]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   84.332580][ T6525]  exc_page_fault+0x62/0xa0
[   84.332605][ T6525]  asm_exc_page_fault+0x26/0x30
[   84.332624][ T6525] RIP: 0033:0x7f71b1030d46
[   84.332638][ T6525] Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01
[   84.332729][ T6525] RSP: 002b:00007f71af7d64a0 EFLAGS: 00010246
[   84.332744][ T6525] RAX: 0000000000000001 RBX: 00007f71af7d6540 RCX: 0000000000000101
[   84.332813][ T6525] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00007f71af7d65e0
[   84.332831][ T6525] RBP: 0000000000000102 R08: 00007f71a73b7000 R09: 0000000000000000
[   84.332842][ T6525] R10: 0000000000000000 R11: 00007f71af7d6550 R12: 0000000000000001
[   84.332853][ T6525] R13: 00007f71b120c200 R14: 0000000000000000 R15: 00007f71af7d65e0
[   84.332869][ T6525]  </TASK>
[   84.332878][ T6525] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[   84.552843][ T6527] loop6: detected capacity change from 0 to 2048
[   84.590936][ T6527] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.594835][ T6492] syz.3.838 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0
[   84.616915][ T6492] CPU: 0 UID: 0 PID: 6492 Comm: syz.3.838 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   84.616968][ T6492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   84.616981][ T6492] Call Trace:
[   84.616987][ T6492]  <TASK>
[   84.616994][ T6492]  __dump_stack+0x1d/0x30
[   84.617016][ T6492]  dump_stack_lvl+0xe8/0x140
[   84.617038][ T6492]  dump_stack+0x15/0x1b
[   84.617058][ T6492]  dump_header+0x81/0x220
[   84.617168][ T6492]  oom_kill_process+0x334/0x3f0
[   84.617195][ T6492]  out_of_memory+0x979/0xb80
[   84.617226][ T6492]  try_charge_memcg+0x5e6/0x9e0
[   84.617251][ T6492]  obj_cgroup_charge_pages+0xa6/0x150
[   84.617355][ T6492]  __memcg_kmem_charge_page+0x9f/0x170
[   84.617390][ T6492]  __alloc_frozen_pages_noprof+0x188/0x360
[   84.617431][ T6492]  alloc_pages_mpol+0xb3/0x250
[   84.617463][ T6492]  alloc_pages_noprof+0x90/0x130
[   84.617574][ T6492]  __vmalloc_node_range_noprof+0x6f2/0xe00
[   84.617684][ T6492]  __kvmalloc_node_noprof+0x30f/0x4e0
[   84.617754][ T6492]  ? ip_set_alloc+0x1f/0x30
[   84.617780][ T6492]  ? ip_set_alloc+0x1f/0x30
[   84.617810][ T6492]  ? __kmalloc_cache_noprof+0x189/0x320
[   84.617899][ T6492]  ip_set_alloc+0x1f/0x30
[   84.617924][ T6492]  hash_netiface_create+0x282/0x740
[   84.617954][ T6492]  ? __pfx_hash_netiface_create+0x10/0x10
[   84.617993][ T6492]  ip_set_create+0x3c9/0x960
[   84.618035][ T6492]  ? __nla_parse+0x40/0x60
[   84.618057][ T6492]  nfnetlink_rcv_msg+0x4c3/0x590
[   84.618152][ T6492]  ? selinux_capable+0x1f9/0x270
[   84.618181][ T6492]  netlink_rcv_skb+0x120/0x220
[   84.618213][ T6492]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   84.618243][ T6492]  nfnetlink_rcv+0x16b/0x1690
[   84.618322][ T6492]  ? genl_family_rcv_msg_doit+0x17f/0x1b0
[   84.618398][ T6492]  ? kfree+0xd9/0x320
[   84.618418][ T6492]  ? genl_family_rcv_msg_doit+0x17f/0x1b0
[   84.618445][ T6492]  ? genl_rcv_msg+0x422/0x460
[   84.618470][ T6492]  ? genl_rcv_msg+0x15f/0x460
[   84.618548][ T6492]  ? skb_free_head+0x87/0x150
[   84.618614][ T6492]  ? kmem_cache_free+0xdf/0x300
[   84.618636][ T6492]  ? skb_pull+0x93/0x110
[   84.618652][ T6492]  ? should_fail_ex+0x30/0x280
[   84.618710][ T6492]  ? selinux_nlmsg_lookup+0x99/0x890
[   84.618744][ T6492]  ? selinux_netlink_send+0x59f/0x5f0
[   84.618816][ T6492]  ? __rcu_read_unlock+0x34/0x70
[   84.618836][ T6492]  ? __netlink_lookup+0x266/0x2a0
[   84.618888][ T6492]  netlink_unicast+0x59e/0x670
[   84.618987][ T6492]  netlink_sendmsg+0x58b/0x6b0
[   84.619044][ T6492]  ? __pfx_netlink_sendmsg+0x10/0x10
[   84.619064][ T6492]  __sock_sendmsg+0x142/0x180
[   84.619086][ T6492]  ____sys_sendmsg+0x31e/0x4e0
[   84.619175][ T6492]  ___sys_sendmsg+0x17b/0x1d0
[   84.619303][ T6492]  __x64_sys_sendmsg+0xd4/0x160
[   84.619339][ T6492]  x64_sys_call+0x2999/0x2fb0
[   84.619361][ T6492]  do_syscall_64+0xd2/0x200
[   84.619380][ T6492]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   84.619401][ T6492]  ? clear_bhb_loop+0x40/0x90
[   84.619485][ T6492]  ? clear_bhb_loop+0x40/0x90
[   84.619506][ T6492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.619524][ T6492] RIP: 0033:0x7f423b20e929
[   84.619613][ T6492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.619633][ T6492] RSP: 002b:00007f4239877038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   84.619692][ T6492] RAX: ffffffffffffffda RBX: 00007f423b435fa0 RCX: 00007f423b20e929
[   84.619704][ T6492] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[   84.619715][ T6492] RBP: 00007f423b290b39 R08: 0000000000000000 R09: 0000000000000000
[   84.619728][ T6492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.619741][ T6492] R13: 0000000000000000 R14: 00007f423b435fa0 R15: 00007ffcbab7da58
[   84.619760][ T6492]  </TASK>
[   84.619767][ T6492] memory: usage 307200kB, limit 307200kB, failcnt 884
[   84.994195][ T6492] memory+swap: usage 323756kB, limit 9007199254740988kB, failcnt 0
[   85.002132][ T6492] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0
[   85.004720][ T6543] netlink: 'syz.2.852': attribute type 1 has an invalid length.
[   85.009595][ T6492] Memory cgroup stats for /syz3:
[   85.017284][ T6543] __nla_validate_parse: 4 callbacks suppressed
[   85.017296][ T6543] netlink: 224 bytes leftover after parsing attributes in process `syz.2.852'.
[   85.018641][ T6492] cache 0
[   85.023639][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.028403][ T6492] rss 0
[   85.052254][ T6492] shmem 0
[   85.055226][ T6492] mapped_file 0
[   85.058664][ T6492] dirty 0
[   85.061727][ T6492] writeback 0
[   85.064999][ T6492] workingset_refault_anon 273
[   85.069656][ T6492] workingset_refault_file 81
[   85.074270][ T6492] swap 16953344
[   85.077717][ T6492] swapcached 8192
[   85.081352][ T6492] pgpgin 61227
[   85.084713][ T6492] pgpgout 61225
[   85.088150][ T6492] pgfault 76246
[   85.091674][ T6492] pgmajfault 33
[   85.095207][ T6492] inactive_anon 8192
[   85.099142][ T6492] active_anon 0
[   85.102635][ T6492] inactive_file 0
[   85.106265][ T6492] active_file 0
[   85.109780][ T6492] unevictable 0
[   85.113275][ T6492] hierarchical_memory_limit 314572800
[   85.118648][ T6492] hierarchical_memsw_limit 9223372036854771712
[   85.125451][ T6492] total_cache 0
[   85.128922][ T6492] total_rss 0
[   85.132253][ T6492] total_shmem 0
[   85.135704][ T6492] total_mapped_file 0
[   85.139670][ T6492] total_dirty 0
[   85.143140][ T6492] total_writeback 0
[   85.146939][ T6492] total_workingset_refault_anon 273
[   85.152205][ T6492] total_workingset_refault_file 81
[   85.157312][ T6492] total_swap 16953344
[   85.161404][ T6492] total_swapcached 8192
[   85.165559][ T6492] total_pgpgin 61227
[   85.169560][ T6492] total_pgpgout 61225
[   85.173552][ T6492] total_pgfault 76246
[   85.177522][ T6492] total_pgmajfault 33
[   85.181511][ T6492] total_inactive_anon 8192
[   85.185984][ T6492] total_active_anon 0
[   85.189940][ T6492] total_inactive_file 0
[   85.194112][ T6492] total_active_file 0
[   85.198136][ T6492] total_unevictable 0
[   85.202127][ T6492] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.838,pid=6491,uid=0
[   85.216669][ T6492] Memory cgroup out of memory: Killed process 6491 (syz.3.838) total-vm:98112kB, anon-rss:936kB, file-rss:26532kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:0
[   85.259470][ T6554] loop6: detected capacity change from 0 to 4096
[   85.267742][ T6554] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   85.339067][ T6554] netlink: 8 bytes leftover after parsing attributes in process `syz.6.850'.
[   85.348038][ T6554] netlink: 4 bytes leftover after parsing attributes in process `syz.6.850'.
[   85.381962][ T6554] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   85.390827][ T6554] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   85.399594][ T6554] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   85.408422][ T6554] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   85.722519][ T5159] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.776554][ T6609] netlink: 'syz.6.865': attribute type 11 has an invalid length.
[   85.787096][ T6609] netlink: 24 bytes leftover after parsing attributes in process `syz.6.865'.
[   85.926353][ T6655] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvtap0, syncid = 0, id = 0
[   85.949319][ T6654] netlink: 'syz.3.872': attribute type 4 has an invalid length.
[   85.959006][ T6654] netlink: 4 bytes leftover after parsing attributes in process `syz.3.872'.
[   86.278136][ T6679] netlink: 'syz.2.879': attribute type 11 has an invalid length.
[   86.286150][ T6679] netlink: 24 bytes leftover after parsing attributes in process `syz.2.879'.
[   86.297213][ T6679] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[   86.510975][ T6702] FAULT_INJECTION: forcing a failure.
[   86.510975][ T6702] name failslab, interval 1, probability 0, space 0, times 0
[   86.523621][ T6702] CPU: 0 UID: 0 PID: 6702 Comm: syz.2.884 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   86.523638][ T6702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   86.523645][ T6702] Call Trace:
[   86.523650][ T6702]  <TASK>
[   86.523654][ T6702]  __dump_stack+0x1d/0x30
[   86.523668][ T6702]  dump_stack_lvl+0xe8/0x140
[   86.523678][ T6702]  dump_stack+0x15/0x1b
[   86.523687][ T6702]  should_fail_ex+0x265/0x280
[   86.523704][ T6702]  should_failslab+0x8c/0xb0
[   86.523720][ T6702]  kmem_cache_alloc_noprof+0x50/0x310
[   86.523735][ T6702]  ? mas_alloc_nodes+0x265/0x520
[   86.523746][ T6702]  mas_alloc_nodes+0x265/0x520
[   86.523757][ T6702]  mas_preallocate+0x33e/0x520
[   86.523776][ T6702]  __split_vma+0x240/0x650
[   86.523789][ T6702]  ? rep_movs_alternative+0xf/0x90
[   86.523803][ T6702]  ? fixup_exception+0x72e/0xd00
[   86.523815][ T6702]  vms_gather_munmap_vmas+0x172/0x7a0
[   86.523827][ T6702]  ? _parse_integer_limit+0x170/0x190
[   86.523843][ T6702]  ? kernelmode_fixup_or_oops+0x59/0xb0
[   86.523861][ T6702]  do_vmi_align_munmap+0x1a4/0x3d0
[   86.523878][ T6702]  do_vmi_munmap+0x1db/0x220
[   86.523890][ T6702]  __vm_munmap+0x1a1/0x280
[   86.523904][ T6702]  __x64_sys_munmap+0x36/0x50
[   86.523915][ T6702]  x64_sys_call+0xa65/0x2fb0
[   86.523927][ T6702]  do_syscall_64+0xd2/0x200
[   86.523936][ T6702]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   86.523951][ T6702]  ? clear_bhb_loop+0x40/0x90
[   86.523962][ T6702]  ? clear_bhb_loop+0x40/0x90
[   86.523978][ T6702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.523990][ T6702] RIP: 0033:0x7f71b116e929
[   86.523999][ T6702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.524009][ T6702] RSP: 002b:00007f71af7d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[   86.524020][ T6702] RAX: ffffffffffffffda RBX: 00007f71b1395fa0 RCX: 00007f71b116e929
[   86.524028][ T6702] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 00002000007fe000
[   86.524034][ T6702] RBP: 00007f71af7d7090 R08: 0000000000000000 R09: 0000000000000000
[   86.524041][ T6702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   86.524048][ T6702] R13: 0000000000000000 R14: 00007f71b1395fa0 R15: 00007ffe3366dcb8
[   86.524057][ T6702]  </TASK>
[   86.781589][   T29] kauditd_printk_skb: 327 callbacks suppressed
[   86.781602][   T29] audit: type=1326 audit(1750773092.128:2966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6704 comm="syz.6.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   86.811095][   T29] audit: type=1326 audit(1750773092.128:2967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6704 comm="syz.6.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   86.834474][   T29] audit: type=1326 audit(1750773092.128:2968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6704 comm="syz.6.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   86.857860][   T29] audit: type=1326 audit(1750773092.128:2969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6704 comm="syz.6.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   86.881109][   T29] audit: type=1326 audit(1750773092.128:2970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6704 comm="syz.6.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   86.904427][   T29] audit: type=1326 audit(1750773092.128:2971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6704 comm="syz.6.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   86.927761][   T29] audit: type=1326 audit(1750773092.128:2972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6704 comm="syz.6.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   86.951073][   T29] audit: type=1326 audit(1750773092.128:2973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6704 comm="syz.6.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   86.974421][   T29] audit: type=1326 audit(1750773092.128:2974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6704 comm="syz.6.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   86.997950][   T29] audit: type=1326 audit(1750773092.128:2975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6704 comm="syz.6.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ada48e929 code=0x7ffc0000
[   87.072859][ T6727] netlink: 87 bytes leftover after parsing attributes in process `syz.6.891'.
[   87.082238][ T6727] FAULT_INJECTION: forcing a failure.
[   87.082238][ T6727] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   87.095469][ T6727] CPU: 0 UID: 0 PID: 6727 Comm: syz.6.891 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   87.095497][ T6727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.095523][ T6727] Call Trace:
[   87.095530][ T6727]  <TASK>
[   87.095537][ T6727]  __dump_stack+0x1d/0x30
[   87.095563][ T6727]  dump_stack_lvl+0xe8/0x140
[   87.095591][ T6727]  dump_stack+0x15/0x1b
[   87.095605][ T6727]  should_fail_ex+0x265/0x280
[   87.095699][ T6727]  should_fail+0xb/0x20
[   87.095726][ T6727]  should_fail_usercopy+0x1a/0x20
[   87.095760][ T6727]  _copy_to_user+0x20/0xa0
[   87.095777][ T6727]  simple_read_from_buffer+0xb5/0x130
[   87.095823][ T6727]  proc_fail_nth_read+0x100/0x140
[   87.095910][ T6727]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   87.095937][ T6727]  vfs_read+0x19d/0x6f0
[   87.096083][ T6727]  ? __rcu_read_unlock+0x4f/0x70
[   87.096101][ T6727]  ? __rcu_read_unlock+0x4f/0x70
[   87.096120][ T6727]  ? __fget_files+0x184/0x1c0
[   87.096181][ T6727]  ksys_read+0xda/0x1a0
[   87.096211][ T6727]  __x64_sys_read+0x40/0x50
[   87.096237][ T6727]  x64_sys_call+0x2d77/0x2fb0
[   87.096255][ T6727]  do_syscall_64+0xd2/0x200
[   87.096335][ T6727]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   87.096359][ T6727]  ? clear_bhb_loop+0x40/0x90
[   87.096377][ T6727]  ? clear_bhb_loop+0x40/0x90
[   87.096515][ T6727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.096532][ T6727] RIP: 0033:0x7f2ada48d33c
[   87.096548][ T6727] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   87.096565][ T6727] RSP: 002b:00007f2ad8af7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   87.096583][ T6727] RAX: ffffffffffffffda RBX: 00007f2ada6b5fa0 RCX: 00007f2ada48d33c
[   87.096656][ T6727] RDX: 000000000000000f RSI: 00007f2ad8af70a0 RDI: 0000000000000007
[   87.096668][ T6727] RBP: 00007f2ad8af7090 R08: 0000000000000000 R09: 4b6ae4f95a5de35b
[   87.096675][ T6727] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[   87.096682][ T6727] R13: 0000000000000000 R14: 00007f2ada6b5fa0 R15: 00007ffd44c3f4f8
[   87.096693][ T6727]  </TASK>
[   87.331370][ T6737] loop6: detected capacity change from 0 to 128
[   87.342091][ T6739] netlink: 96 bytes leftover after parsing attributes in process `syz.3.895'.
[   87.376749][ T6744] netlink: 'syz.2.897': attribute type 4 has an invalid length.
[   87.435431][ T6749] ==================================================================
[   87.440645][ T6746] syzkaller0: entered promiscuous mode
[   87.443548][ T6749] BUG: KCSAN: data-race in __writeback_single_inode / xas_set_mark
[   87.449060][ T6746] syzkaller0: entered allmulticast mode
[   87.456909][ T6749] 
[   87.456920][ T6749] write to 0xffff888119812914 of 4 bytes by task 6737 on cpu 0:
[   87.456935][ T6749]  xas_set_mark+0x12b/0x140
[   87.456965][ T6749]  __folio_start_writeback+0x1dd/0x440
[   87.482414][ T6749]  mpage_writepages+0xd18/0x1250
[   87.487360][ T6749]  fat_writepages+0x24/0x30
[   87.491856][ T6749]  do_writepages+0x1c3/0x310
[   87.496432][ T6749]  file_write_and_wait_range+0x156/0x2c0
[   87.502056][ T6749]  __generic_file_fsync+0x46/0x140
[   87.507161][ T6749]  fat_file_fsync+0x49/0x100
[   87.511738][ T6749]  vfs_fsync_range+0x10a/0x130
[   87.516495][ T6749]  generic_file_write_iter+0x1b8/0x2f0
[   87.521940][ T6749]  iter_file_splice_write+0x5ef/0x970
[   87.527302][ T6749]  direct_splice_actor+0x153/0x2a0
[   87.532420][ T6749]  splice_direct_to_actor+0x30f/0x680
[   87.537817][ T6749]  do_splice_direct+0xda/0x150
[   87.542590][ T6749]  do_sendfile+0x380/0x650
[   87.546997][ T6749]  __x64_sys_sendfile64+0x105/0x150
[   87.552183][ T6749]  x64_sys_call+0xb39/0x2fb0
[   87.556766][ T6749]  do_syscall_64+0xd2/0x200
[   87.561271][ T6749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.567159][ T6749] 
[   87.569468][ T6749] read to 0xffff888119812914 of 4 bytes by task 6749 on cpu 1:
[   87.576992][ T6749]  __writeback_single_inode+0x1f9/0x7c0
[   87.582543][ T6749]  writeback_single_inode+0x167/0x3e0
[   87.587907][ T6749]  sync_inode_metadata+0x5b/0x90
[   87.592849][ T6749]  __generic_file_fsync+0xf8/0x140
[   87.597961][ T6749]  fat_file_fsync+0x49/0x100
[   87.602542][ T6749]  vfs_fsync_range+0x10a/0x130
[   87.607298][ T6749]  generic_file_write_iter+0x1b8/0x2f0
[   87.612741][ T6749]  iter_file_splice_write+0x5ef/0x970
[   87.618102][ T6749]  direct_splice_actor+0x153/0x2a0
[   87.623203][ T6749]  splice_direct_to_actor+0x30f/0x680
[   87.628565][ T6749]  do_splice_direct+0xda/0x150
[   87.633327][ T6749]  do_sendfile+0x380/0x650
[   87.637748][ T6749]  __x64_sys_sendfile64+0x105/0x150
[   87.642939][ T6749]  x64_sys_call+0xb39/0x2fb0
[   87.647535][ T6749]  do_syscall_64+0xd2/0x200
[   87.652025][ T6749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.657905][ T6749] 
[   87.660213][ T6749] value changed: 0x0a000021 -> 0x04000021
[   87.665926][ T6749] 
[   87.668328][ T6749] Reported by Kernel Concurrency Sanitizer on:
[   87.674476][ T6749] CPU: 1 UID: 0 PID: 6749 Comm: syz.6.894 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(voluntary) 
[   87.686786][ T6749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.696834][ T6749] ==================================================================