last executing test programs:

1.205505161s ago: executing program 3 (id=722):
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', <r1=>0x0})
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @local}, 0x10)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x0, @local}, 0x10)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000300)={r1, 0x1, 0x6, @random="fd46f2ccf8c9"}, 0x10)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r3, 0x0, 0x8000000000002}, 0x18)
socket$netlink(0x10, 0x3, 0x6)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r7, 0x404c534a, &(0x7f0000000040))
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0xffffffffffffffff, 0x2, 0x16, 0x0, 0x10}, 0xfff})
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, 0x0, 0x0)
r9 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r9, &(0x7f0000000080)='user\x00', &(0x7f0000000180)={'syz', 0x3}, r8)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x8000000, {0x0, 0x0, 0x0, r5, {0x1f, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000000)

1.195532182s ago: executing program 3 (id=725):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
ioctl$HIDIOCGFEATURE(0xffffffffffffffff, 0xc0404807, &(0x7f0000000300)={0x5, "ec59fb39242e04577cf3bf6f4a8491d4c900f40cf61540ff9e237f81da9d833e0b191ca3e785a6c6177f3e8152699e1f50909345bdb0c456c5df65f6ef03b408"})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x4000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x2}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
r4 = io_uring_setup(0x1de0, &(0x7f0000000040)={0x0, 0x10000000, 0x40, 0xfffffffd, 0x40043})
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x1b, 0x20000002, r5)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_FADVISE={0x18, 0x1, 0x0, @fd=r0, 0x2, 0x0, 0x2a8, 0x4, 0x1, {0x0, r5}})
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
chroot(&(0x7f0000000300)='.\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x9, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r8}, 0x10)
process_mrelease(0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {0x0, 0x0, 0x0, 0x5}, {}, {0x400, 0x0, 0x0, 0x80000000}, {0x0, 0x0, 0x0, 0x6fd}, {}, {}, {}, {}, {0x0, 0x800000}, {}, {}, {}, {}, {}, {}, {0x79bc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x6, 0x0, 0x0, 0x81}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x40000000}, {}, {}, {0x80000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x40000000}, {}, {}, {0x0, 0x0, 0x0, 0x1}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0)

1.161085004s ago: executing program 4 (id=728):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
open(&(0x7f00000001c0)='./file0\x00', 0x2a4c0, 0x918d8ecf0d5d0600)
mount(0x0, &(0x7f0000001fc0)='./file0\x00', &(0x7f0000002000)='devtmpfs\x00', 0x0, &(0x7f0000002040)='dirsync')

1.114837098s ago: executing program 1 (id=730):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000040)={0x3ffffffffffffe96, &(0x7f0000000000)=[{0x2000, 0x5}]})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="44000000020605000000000000000000000000000c000300686173683a69700005000400000000000900020073797a31001000000500050002000000050001000600"], 0x44}}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, 0x0, 0x10)
write(r3, &(0x7f0000000dc0)="6bd8c25455954b91537fd8e01f152439bd0f2770b023655e650603678ddaf54daf70c4526076a096abb7ac4fe6c44ed172d7a0a93a76cb6446012923340ee4c680d5383b87aab84910f9fb017a0f2f63c385169437647d8dc3f3760a9ea6ddda2352908d0d398ff8d286b9764ddd69e84843f35150a66dd331ae43964f6ca891a93a08249affc0cd3d357d8f43314d2172ffa3286a42eefd5f0f125e7e2a58e67ac33100dc146fd076d832ae0a89c209e40c67c61187904385277ada18b7aed946a0036459332dfb2640cc226745bff2c74d800da3ee9dd8b5ecd8ab2f2570e40cb7492f4754f4963deae51346395b366176a6c94c72fc13c9daf86a77c400bee5e40e6f4d74a23f4e6becd3ee83b5274808b647c60b7242fe800cf6f44e207c85ab843062395e5f41a37ff39e2a25b83e02bfb3abb12d1f7b969314108c248b949543febddb585c9969f91048e0d0c816ae4800d0423b2271132be6380d55d2ba5f100dbe01f86c093378744ec9db0395ea0c5e6fcaea2beb11909147b488af91b2d4b624db3590efa05bb34dbf5f59f63314f3f31adf8e46ec51244cdccd03b5cb27a117c5d9654a23027dd564be1b1da4fa2771f03c1e52a33f41ffc4743528282b2d2388e4d306250cf5effb5f934fe2df9ccab2056cab66a36141e95f536ed682eb7b15ec4ce4fb71bf490063b4ccb5c050fcb03237d56a603435ae61b31ca3d0c7873fca9062ffb8923561cac7dbc42a7aaa733c83a5db10575a8aaaf27a1193812a97000ff58699279bb3f378a81ab8bc9e7cb4b47708e3e101c1fc86aa38fad44eb11ef0b9e3f9703443fda585f8ed17c2b832cb48f5e69c5425123ca1d9039e961cd38fa14af44afb5d4712e2e2d0c131245f5d720c9a064f44168b735a3d6cd4106196e3986076569686fb87325c0e2cf0407c9219c490c23286e02e2f6e9b9dac64ef8741edcc347c409089cb5f5f0695539d58c02ea024b23fe16eae31076000e80fa50b1a8d1f69adbc791b797bd4915b16824abc5b61988c09ce57067a9c8a8043a229f6e6938e0bd25212feed2d6a134b5cf759f0eaa1e7dd78feb59d656b80a90f07186bbef7b845bf8469e24f178250b8ddd9d149e43b1068de2883aed76f63c371fe779d197d7240fa1e3670c76fb5fbcd31c84d0c980030f249ff109313f19f5d1b2a1a5cf75efc510247474bc5e7cbb24d71343402e38a93683a8c65f8803635c9d520094d5b455721c9a9085ed10fae40e8991cd9ccbe671332fa9083a101f200383074fc548d330de81e022fdc2c77ad70037b211b91cb3119e9844cd9e58c290c7093fb9d8e77303fddd8ced602b32826da8a4ffbf099d91e60fe015cd0d0357d6affb6d5cb7a0ca1d24b2cd320359d6142a7193f6f4dd29e570a214bb6defe0a1ac1f1833ce24afa957b19c62ff34d42c36092c19d7ab316b207cf5e6f5e752f55a8bd05827226268da18ad34d4e491830322de06deab28d6b33eb8975c4d2c9cca9788af2477bf336b4441ac967d33f61fc6dec49c3e59a4c5c1454b06c8d7ac9b0c164b5f04345af43cae85bff9251d87b0f1401cd188a8611db27e6844483d2fefcdda7b40e12aec8e89d5c468c235fcbfcc76cd9d94b60a9175458a8d5dc9c8d9482e77624b2afae45fba9e4d401fa2cfaa78d88075c9a3cf2e9bf26e7e1b40020a6137ee2f3d11c5095cfcb297e3283d09c779116c65cb0686f20f7fd2483219d32ddc05a0a43c05c74696bd684c1818a292f08e7e1b133e10f6c80acf3f7c8a3a072cb5cff8e9886b4647a6ec13ca1a120b3ab7de7a6f96ba1081dc082bf04f11b8dfddab9ac06a4271f9eff99e294892bb3b37a862775b02fde67db6881ddefa6fce666871ec7496dd4321f346159b246e1f9c2187eb6f7e643bf4d66cd6ccfbffe48b013045fa8704c0a5d771cb18e3a626b8da8b130ecdaf0736b504890c1cf996bb067a209629304c0558e670e0f64bccf38bce91e2cac0e5abe2a3ddd3e3dc28b104913cf5f13228a7123e8348dc47430763545c29fe458c50eee5df18af7f990d04fa75f23be9b0d971b15b6e4aa3a7bb96f59c99d86ca98a04a8880de15f4995abfcfbb82771e60df97405cee5b9af1f3559ac7615d6769a307f9bdd6185d3df105e3e0100e8619f1af6e19e3346ba3e44683db726b418e87df54373e2f97e3eb5ac074cf6e5430439a0c0effe1b5661b3ab7ae6374f8541b6999986955a5c0544cd25349d1657cc91d109a1d5ef4ce84be914012004bd33c3af552dcee282bf45793977d27da910211c7602e6c3ab25f631ad4be18cfc139b21fd9b610ac88921a4a3b033929398c9b8376712eba4bf81b9b8d93d857d7892137e09802ac38c26e712e38f513e29a1f27aaca8701a7265ca627241080af053bd4aa9843b5b776267810abfbe4ea16e76a6d068cc5121b566183860a42e0906a1a12948b5f488e68384167facc57bc001584484befcde5bb69e70fdb20f43c7c24d5dfd5d2bea3a203e0c20b423b6a9d34f46564a065998b42d6c9d0356efaa5b08fbff7b34e96b662d47041376a0cba6324d3b5c1adaa470b28e4ef655254c6bca941dda210715efb1323ccdfced9ddeb23c2985e8da20680b463b5511170c0e6b43b8f2950cd135617f5777bba9478dc96738f9aa6139a50ff3885459b13c115b87bbb69146b0b6abefbddb6ce5b1b46a90569c4270fb990fb6be2a104a20d78731d6d1521d316e2e5fb680a770bea7be9267afc6e50412568157cb56148688cf66ac9d0b1ba2bbc4e98701add2621ec62e4fbaf4360285665ea9b6f4f3b5f782c3c9ff77579bd60c3168bca976ef8792977505a9805788664ed76558b82f9de53c20ad7ff16f88bc8fa3165921725b0b299530648f3e865a3c41bd0512ac88fbfeb5ef470b441ea659565ddcc8a105c943afa736cbef080ff5a3bdad8b4943a423ac74e1b6d79028ea0024f45e99523ab05dbce95650c255d718a3683d6d29bc13c1fd54f9286e690c2eacf42c1dedacae8a7330e9651eec8833605039ae9b01ac60b738501d40f1f6d8cb6883520d0159a3121854f23b9cd33f431d238f4b4b0feaa291974e20dd9ccd05e6a22b2a896d1113c9adf6457f5e6473b46b2003d57d84fa6f0c5e4d8a38fef0eb77210c8ba63a47b2f15d5ff7a666732548f46fba3739184415eaa645a9f13d5fbeabfd6e95bf7ebef91154bf49b6e6253b9a6d8112c23891d0676a6bf590158efaba9a4a8dbc3b1fd5bbc1fafd87be16acdebcf49f64f0b7c6f6cf8119fa906e7389535954bb17010c715c47170d7456d37a423f01f994201d5f631e8f9279397d8ca19828d2a9533d7d6611269c0f78bc10e6a0280d899713769ece868b3c6a1210ac70025dd846fdad45db060f758c9e8716e9ac19cf5cac5f9255f0abaa012bdfd0e83cf88b81ecc0cfcf40ed3de0b4ff2ca11f33c4192e34b36dd9a13c30baf241876485c38cc1ff496708f1ee2ce2a0966e326fb6209ae367b4c6d6202d0bf8e97b0e772f5b98b15e31129d48b227988c84376ccb9e63b7f93fb571d368d70d6ef000c38b994fbeea5cf3c401877086332f3577018be0673fb475ca5e66e3e3490ff8c2892d95e2cdebb3c0e62a15737a00e72ab756c29180bb81ff359078cba4eb445a5926ba4c5d2e3ad0ef94147b1c172344226eacd28d8dbfc3a6eb466b0ce9a417a3247795b5a1f5e4eb21590b71ddc8d6529ac2b629f5b44ce520eb172c1045686218d5a9d0cb0033905f06ab0c9b25f1a4d38b0c53af2163ec4e2da4406a8943509b4ba46f97f9be49255a7f73f484b1ea42698cf9b9df65d18c8a0739dcfedc1d1a69e09a8a867d09799de4be554951eabca520685595a5e60a3ad05d34f8a590af95b9dfeff8273659cb96fa95ebc5bf7f68d9a35519ddf5dc0424a9e637597520809f54dc7ef89f06f822586edab36512d7609c872a09aaa3b2ab1fa0404930bf7225e69e28e98ec996e7c8c694e321958bd37cf6eab4ac6d5b11ff203b3eddb8a412893721f5148e94e875dc246cae7f015082071f68209e4011d9b1c692032b700191c73495f8e285b3ec2fabdca9739bd201ab420b73e5dbf3560f99f3e6385684b1177d7253920f980bcb753610390fa53aeab5a09213e85a0461463d02a154d7436aac95bacfc87fd352542d636deaaeb2ef2a72e7b6b1fc07acd72e0517bfdf9e1045eeee9dad60a761da7873309108af1115c2d72b8a4a54b0a31198d869fafb7e650b32849151b9f95ec8023d0f280fc09b923852299c7f378e67579c4038a8f43247cebadb20c5c91a0b62a365440d2e7dbb295a0939a9bcf4ae30271220c7957908269d54491942000679dba2d9eaad6449068ab28062d74db43eba46ea148f843366c3f5e7a6368d06cd3160ad524ea8f56dfb8bf3d886afa005ee3dfbbd85cb10efa12473410f28d81de392bfc60791930cdcd5cec3d4e2350a4f6659cdc57c3835895955f44d2a515ab8c9e7403316b302dc5db4835025de6cda856cc365bba534b68ef47127b578abaf83e254f33e5381012ad559776a0741eb039050b8c415a440c223d9c07329c8c7ddd9d5525d3b0fc9a4d980ecca4c8148ea61c3bf44b611edc696d57ab257f523d4cdaa1cd241596028d1bc433caf534de16eb0098ee4b782d1ad9103e968a9b11939e2786a13d448b2050dc4952715dc93ffce839b8724c73eb78ef31edf6ae5577a865d4b6f02617da18e11f7a0b61f8572c9d2d4aa92d221ad165e9d0d33a793fa3f2e5d8a1f7af89fcded8002275dd0b579d147480c561de462b33a04c2dd5eca72d78f75c4925c4423815869979009794deef1205c93c49e9558c813ca8622d350b88a189590ab58862f7bf819fedb531e62382b3197b4d380a7ccc44d6e3b0763e2ddec4374d858a637c9b8a41bb115a99999273606c506f50554137addcd154b92c437fb7034282363c469522f5c9ee142c4a0dd1f61b0a4f622ea8580fe154c896fe6c9fa37caf82bb7b4f959fb282856a29d1111d00c241060a01d3dfc945dea8c66ab797ed94a6831fe805990a74a385748a171b96966e83d0867a6d54300e45672a2bf0183783214a7a7d4e042e8fb687de3a3c3379adcd9f9edb537953355750cfccc7ea0d4a4b5e4a973e04cee71662c34eaabce58e7e8f2b58ca1edd3f78c6092059fc79157617a3bd50e266febdfb60318eb75862397d2353a79f426b22807bb1f243775d31d06de11603752e4ebf0ec9b88418f132649397aac2d91c7679626cd9b8d5a2047c2b28b69e89d2ef3cd8d77f81967df0fe79c36db772d4b3c95f40bc588ebe74a5e52e1378aeab7cb09c154d628655dc51f122c06acd1f805d77d2ac3e510dac48fc50afdb18b083ea4ad58fea8f2ada463648d3c502b56aa239e3bf739839e27b29b20de4d5d220020b77d9d48a9cd91fab66e336609a7736702565b3a463124ce514218a902559a68507945e70e2a9a19db8c928a6fbb3cc1de1c857f7ad78c2d47cf23f7aeb24a2c8fce6a0fa4ce1d6fa5b2bdd2b548853a74f6ffa982fe1efecf598c60617f8eb137c0bd2ecaa026cc5f834f8483ab5ae22780ba69877dd44de1caad33c6fb5ccad9dccc3a8602d040ae620baf55b06f0b7be53b563f1f255da71a30260ed90f63fc34a1fe4094350aa01145dcb02c94b86fe9bc1baab038a777a5b029561e6b8939c8aa5ad1b3fb04e475b4883364d0609a6cad5c57d145df1dfd7f150f0a23376f31fe548cddaf11fdf012519458e4721975a1a4e0bc66487", 0x1000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0xf9efffff, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)

1.114189518s ago: executing program 4 (id=732):
prctl$PR_SET_NAME(0xf, &(0x7f0000000240)='+}[@\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYRES32], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x5)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
r5 = dup3(r4, r3, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000340)=[{{&(0x7f0000000080)={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="24000000000000002900000032000000fe8000000000000000000000000000bb", @ANYRES32=0x0, @ANYBLOB="ad79bd2a"], 0x28}}], 0x1, 0x0)
r6 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r6, &(0x7f0000000040)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x78a6, 0x8)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000f80)={r6, 0xe0, &(0x7f0000000e80)={0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0), ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000180)=[0x0, 0x0], &(0x7f0000000d40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r9=>0x0, 0x8, &(0x7f0000000d80)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000dc0), &(0x7f0000000e00), 0x8, 0x2d, 0x8, 0x8, &(0x7f0000000e40)}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x6, &(0x7f00000017c0)=ANY=[@ANYBLOB="851000000300000085100000fbffffff1857000000000000000000000000000018230000", @ANYRES32, @ANYBLOB="48fc000000000000360fb459f0312e97c29903893eaf70faa5e56501a906bf54119301233b823f3de74f71aaf81f56ea49a81a93bd221c88e5548645f4493d4d10d713b1383b65bd721bb9928f32b0cd72a5186be3fae9c73126da50eadf34d3a07bc51daff8e02a0d1ae1a29562c57efa1e5fa99c2d97e51e6a80ccbc45e635cdbcee79ca5ccb29e2b0c4e0fdbd8236d6b700b5c54e86236a063efccb8d141e4ffe42882bc697e758c9cd48e235aa38587c8757f0073d83114940429612faf09443a059586c122d694f967a2eb0940e10a39b561f6dd9c9eb2d4ba858bf76150da2f5e86d7ff61c3661479bcb393ad0149498be9e27ce70de21b6d31e0bb31151c9853cc349dea0ceb09f1168e7d1"], &(0x7f00000001c0)='GPL\x00', 0x800008, 0x86, &(0x7f0000000200)=""/134, 0x41100, 0x8, '\x00', r8, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x0, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, r5, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f0000000340)=[{0x4, 0x5, 0x7}], 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0xf, 0x12, &(0x7f0000001580)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000f7196cd985c0192425cec60f847473f10c14545bf2eea8b6786fcb99a18317fb4324aeed662e9ee8d17632b8b872765910ac5c90050403da32bd9655512af28dda0411dbbac3d2ff5196931db72f3f5d807797e9a2093361148a71adf41d1713b09a410f35301b0b05b01261bdba289e1778b6c361be8894bf1001000ebdee69a268b4be4ec48f1e021b978afc34e8afc8cc304180b5a88e50de3e8638ad1bdb189bc04db639db7e7629c9f1e521a1afbaa00f2d6479d45d983966f333b5d13cd22a782b172c", @ANYRES32, @ANYBLOB="0000000000000000b708000009c800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000085100000ffffffff18420000ffffffff0000000000000000185b000006000000000000000000000085200000040000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0xfffffffc, 0x2c, &(0x7f0000000100)=""/44, 0x41000, 0x10, '\x00', 0x0, @cgroup_device=0x8030cf94526cb9fe, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x2}, 0x8, 0x10, 0x0, 0x0, r9, 0xffffffffffffffff, 0x2, 0x0, &(0x7f0000000440)=[{0x1, 0x2, 0x6}, {0x5, 0x5, 0x4, 0x5}], 0x10, 0x7, @void, @value}, 0x94)
r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="03000042fa5296be879b6584ebfb11c1b549c447", @ANYRES32=0x1, @ANYBLOB="001000"/20, @ANYRES32=r7, @ANYRES32, @ANYBLOB="0200000013157f6d5f000000030000000000000000"], 0x50)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r11, <r12=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r13 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000640)=@o_path={&(0x7f0000000600)='./file0\x00', 0x0, 0x4008, r2}, 0x18)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000680)={0xffffffffffffffff, <r14=>0xffffffffffffffff}, 0x4)
r15 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x75, r15}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000c600d2d0652b46a8b09645b0616d000400", @ANYRES32=r15, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000006c0)={{0x1, 0x1, 0x18, <r16=>r1, {0xfe, 0x5}}, './file0\x00'})
r17 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000f20000000000000000000018110000", @ANYRES32=r17, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000007f1600850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1f, 0x8, &(0x7f0000000040)=@raw=[@alu={0x7, 0x0, 0x1, 0x4, 0x4, 0x1, 0x4}, @exit, @jmp={0x5, 0x1, 0x9, 0xa, 0xa, 0x1, 0xfffffffffffffff0}, @call={0x85, 0x0, 0x0, 0xb}, @map_idx={0x18, 0x8, 0x5, 0x0, 0x8}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x401}], &(0x7f0000000140)='syzkaller\x00', 0x200, 0x0, &(0x7f0000000280), 0x41000, 0x6d, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000540)={0x5, 0xb, 0x6, 0x5}, 0x10, r9, r0, 0x2, &(0x7f0000000700)=[r10, r12, r13, 0xffffffffffffffff, r14, r15, r16, r17, r0], &(0x7f0000000740)=[{0x0, 0x5, 0xe, 0x2}, {0x5, 0x3, 0x6, 0x3}], 0x10, 0xfffff6b9, @void, @value}, 0x94)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='GPL\x00')
sendmmsg$inet6(r2, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r2, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=""/112, 0x70}, 0x3}], 0x1, 0x12061, 0x0)

1.068546601s ago: executing program 3 (id=733):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = syz_io_uring_setup(0x4b6, &(0x7f0000000080)={0x0, 0xaf01, 0x80, 0xfffffffc, 0x3d8}, &(0x7f0000000180), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x22, &(0x7f0000000040)=[{&(0x7f0000000100)=""/77, 0x4d}], 0x1)
setsockopt$inet6_int(r0, 0x29, 0x18, &(0x7f0000000240)=0xffff, 0x4)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x1, 0x40000006, 0x46}, 0xfffffe7d)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x2f, @local, 0x4e21, 0x3, 'wrr\x00', 0x4, 0x84, 0x5}, {@dev={0xac, 0x14, 0x14, 0x29}, 0x4e22, 0x3, 0xfff, 0x12d5c, 0x4}}, 0x44)
shmctl$SHM_LOCK(0x0, 0xb)

1.032709044s ago: executing program 3 (id=734):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
bind$phonet(r0, &(0x7f0000000080)={0x23, 0x5, 0x62, 0x5}, 0x10)
r1 = socket(0x2, 0x5, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x7, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r3}, 0x10)
sendmmsg$inet_sctp(r1, &(0x7f0000000a00)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x880)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000280)={'sit0\x00', 0x0, 0x8, 0x1100, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x64, 0x0, 0x5, 0x2f, 0x0, @empty, @private}}}})
sendmmsg$inet_sctp(r1, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000001c0)=[{0x0, 0x2}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000002002b0388edb6556900"/51, @ANYRES32=0x0], 0x30}], 0x1, 0x0)

1.018252275s ago: executing program 4 (id=735):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000005000000005e002200850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)={0x1b, 0x0, 0x0, 0x40eb, 0x0, r2, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
stat(&(0x7f0000000040)='./file0\x00', &(0x7f00000006c0))

1.004506636s ago: executing program 1 (id=736):
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', <r1=>0x0})
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @local}, 0x10)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x0, @local}, 0x10)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000300)={r1, 0x1, 0x6, @random="fd46f2ccf8c9"}, 0x10)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r3, 0x0, 0x8000000000002}, 0x18)
socket$netlink(0x10, 0x3, 0x6)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r7, 0x404c534a, &(0x7f0000000040))
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0xffffffffffffffff, 0x2, 0x16, 0x0, 0x10}, 0xfff})
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, 0x0, 0x0)
r9 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r9, &(0x7f0000000080)='user\x00', &(0x7f0000000180)={'syz', 0x3}, r8)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x8000000, {0x0, 0x0, 0x0, r5, {0x1f, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000000)

1.001428156s ago: executing program 0 (id=737):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
statx(0xffffffffffffffff, 0x0, 0x6000, 0x40, 0x0)
semop(0x0, &(0x7f0000002480)=[{}], 0x1)
semctl$IPC_RMID(0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000e00)=ANY=[@ANYRES32, @ANYRES8=r0, @ANYRES32=r1, @ANYRES64=r1, @ANYBLOB='\x00'/28], 0x48)
io_setup(0x5, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="02701cb5c285d285cad749b648441839def2050c353f831c5d6ba0d5687b083e2ce72ce3bd29eb7ac71bf5d422410092fa6ae33aba1f16232e609f3446f12e92dac231741e99269548db745edcc05da610604d00712b98f8184487d56446dcbdbfe089a8", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x20000000, @void, @value}, 0x94)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x2e, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4, 0x0, 0x8000000000000000}, 0x18)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f00000001c0)={0x0, 0x15, 0xfffd, 0x0, 0x3, 0x81, &(0x7f0000000180)='\a._'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='kfree\x00'}, 0x10)
mmap(&(0x7f0000a09000/0x4000)=nil, 0x4000, 0x8, 0x8010, 0xffffffffffffffff, 0xffffc000)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
r6 = socket(0x2a, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'})
socketpair(0xa, 0x2, 0x800, &(0x7f00000004c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89f3, &(0x7f0000000080))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x40841)
getsockname$packet(r6, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)

981.557258ms ago: executing program 4 (id=738):
r0 = socket(0x2, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x7, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r2}, 0x10)
sendmmsg$inet_sctp(r0, &(0x7f0000000a00)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x880)
sendmmsg$inet_sctp(r0, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000001c0)=[{0x0, 0x2}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000002002b0388edb6556900"/51, @ANYRES32=0x0], 0x30}], 0x1, 0x0)

968.317958ms ago: executing program 1 (id=739):
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x8000000}, 0x18)
fsmount(0xffffffffffffffff, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{}, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r3}, 0x18)
recvmmsg(r1, &(0x7f0000002dc0)=[{{0x0, 0x0, 0x0}, 0xc}], 0x1, 0x40000000, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0)

899.302394ms ago: executing program 0 (id=740):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='tlb_flush\x00', r0, 0x0, 0x1}, 0x18)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

898.937864ms ago: executing program 1 (id=741):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0)
sendmsg$IEEE802154_LIST_PHY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)={0x14, r1, 0x30b}, 0x14}}, 0x4000040)

896.299104ms ago: executing program 0 (id=742):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0xd0c059fa1e78fcaf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18)
r2 = gettid()
rt_sigtimedwait(&(0x7f0000000080)={[0x3ff]}, 0x0, 0x0, 0x8)
tkill(r2, 0x7)

884.227585ms ago: executing program 1 (id=743):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000340)='xprtrdma_post_send_err\x00', r1}, 0x18)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x2b, 0x1, 0x1)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=<r8=>r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000b00)=ANY=[@ANYRES32=r2, @ANYRESDEC=r8, @ANYRESOCT, @ANYRESDEC=r9], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r10}, 0x10)
setsockopt$inet6_IPV6_RTHDR(r6, 0x29, 0x39, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x9}, 0x8)
r11 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r11, &(0x7f00000002c0)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000140001800c000100636f756e746572000400028008000340000001"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r12}}, 0x24}}, 0x0)

868.033186ms ago: executing program 1 (id=744):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0xd0c059fa1e78fcaf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0xd, &(0x7f0000000300)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r0, @ANYRES8=r1], &(0x7f0000000280)='syzkaller\x00', 0xa, 0x0, 0x0, 0x0, 0x63, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000040)=@ccm_128={{0x304}, "5b865d9fe37730f9", "508de0eea12f414e15faf1b5acec8cad", "0cac947b", "313c1f4a6d8b6798"}, 0x28)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffe5, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
tee(r3, r4, 0x3, 0xa)
write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x200})
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_NODELAY(r6, 0x84, 0x3, &(0x7f0000000240)=0xe, 0x4)
r7 = perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x89f1, &(0x7f0000000080))
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18)
gettid()
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r10=>r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000570000009565f1e6799acb8e740fe2543af5c5449de803abe9af75324f18255afd7dfd6b9a7117b38a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r11}, 0x10)
r12 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioperm(0x7, 0x6, 0x77)
utime(0x0, 0x0)
sendmsg$nl_xfrm(r12, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000007c0)=ANY=[@ANYRES8=r8, @ANYRES32=r7, @ANYRES8=r10, @ANYBLOB="ac141400000000000000000000000000000000003200008afeca6c56b3c3680add7423c6c000fe80000000000000000000000000001a2703000000000000000000000000000000000000000000000000000000000000ff0f000000000000fcffffffffffffff0000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000008f000000000000000000000029bd7000000000000a0004000000200000004e2200000000ac1414bb00000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0004"], 0x17c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
rt_sigtimedwait(&(0x7f0000000080)={[0x818]}, 0x0, 0x0, 0x8)

824.006059ms ago: executing program 2 (id=745):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
unshare(0x6a040000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="0107000000000000000020"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000fcffffff1801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0x10, 0x38, &(0x7f00000006c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x51857000)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r4, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x34000811)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000740)={0x0, 0xfffd, 0x1}, 0x8)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r5, 0x6, 0x18, 0x0, &(0x7f0000000080))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004840)={0x3c, r7, 0x731, 0x0, 0x0, {0x38}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73}}}]}, 0x3c}, 0x1, 0x2}, 0x0)
r8 = socket$inet6(0xa, 0x800, 0xa2)
setsockopt$inet6_int(r8, 0x29, 0x1a, &(0x7f0000000000)=0x7, 0x4)
r9 = socket$inet6(0xa, 0x80002, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@delneigh={0x30, 0x1d, 0x1, 0x10000000, 0x0, {0xa, 0x0, 0x0, 0x0, 0x80, 0xfc}, [@NDA_DST_IPV6={0x14, 0x1, @loopback}]}, 0x30}, 0x1, 0x0, 0x0, 0x40088c0}, 0x20004810)
fsetxattr$security_selinux(r9, &(0x7f00000003c0), &(0x7f0000000400)='system_u:object_r:dhcp_state_t:s0\x00', 0x22, 0x2)
setsockopt$sock_linger(r9, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
r11 = socket$netlink(0x10, 0x3, 0x0)
writev(r11, &(0x7f00000003c0), 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r11, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0000030000000000000000d06ba756ec7d6b", @ANYRES32=r12, @ANYBLOB="0c009900030000001f000000"], 0x28}, 0x1, 0x0, 0x0, 0x804}, 0x8004)

822.749149ms ago: executing program 0 (id=746):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES8=r0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f0000000280)='afs_send_data\x00', r1, 0x0, 0x4}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1, 0x5, 0x1, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x20075, r2}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00'}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d68d7489cfcb0176"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0xb)
r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$binfmt_register(r4, &(0x7f0000000000)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x7, 0x3a, 'M', 0x3a, 'M', 0x3a, './file2', 0x3a, [0x46]}, 0x2a)
execveat$binfmt(0xffffffffffffff9c, 0x0, &(0x7f0000000400)={[], 0x23}, 0x0, 0x0)

528.488761ms ago: executing program 2 (id=747):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000001811", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000040)={0x3ffffffffffffe96, &(0x7f0000000000)=[{0x2000, 0x5}]})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="44000000020605000000000000000000000000000c000300686173683a69700005000400000000000900020073797a31001000000500050002000000050001000600"], 0x44}}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(0xffffffffffffffff, 0x0, 0x10)
write(r3, &(0x7f0000000dc0)="6bd8c25455954b91537fd8e01f152439bd0f2770b023655e650603678ddaf54daf70c4526076a096abb7ac4fe6c44ed172d7a0a93a76cb6446012923340ee4c680d5383b87aab84910f9fb017a0f2f63c385169437647d8dc3f3760a9ea6ddda2352908d0d398ff8d286b9764ddd69e84843f35150a66dd331ae43964f6ca891a93a08249affc0cd3d357d8f43314d2172ffa3286a42eefd5f0f125e7e2a58e67ac33100dc146fd076d832ae0a89c209e40c67c61187904385277ada18b7aed946a0036459332dfb2640cc226745bff2c74d800da3ee9dd8b5ecd8ab2f2570e40cb7492f4754f4963deae51346395b366176a6c94c72fc13c9daf86a77c400bee5e40e6f4d74a23f4e6becd3ee83b5274808b647c60b7242fe800cf6f44e207c85ab843062395e5f41a37ff39e2a25b83e02bfb3abb12d1f7b969314108c248b949543febddb585c9969f91048e0d0c816ae4800d0423b2271132be6380d55d2ba5f100dbe01f86c093378744ec9db0395ea0c5e6fcaea2beb11909147b488af91b2d4b624db3590efa05bb34dbf5f59f63314f3f31adf8e46ec51244cdccd03b5cb27a117c5d9654a23027dd564be1b1da4fa2771f03c1e52a33f41ffc4743528282b2d2388e4d306250cf5effb5f934fe2df9ccab2056cab66a36141e95f536ed682eb7b15ec4ce4fb71bf490063b4ccb5c050fcb03237d56a603435ae61b31ca3d0c7873fca9062ffb8923561cac7dbc42a7aaa733c83a5db10575a8aaaf27a1193812a97000ff58699279bb3f378a81ab8bc9e7cb4b47708e3e101c1fc86aa38fad44eb11ef0b9e3f9703443fda585f8ed17c2b832cb48f5e69c5425123ca1d9039e961cd38fa14af44afb5d4712e2e2d0c131245f5d720c9a064f44168b735a3d6cd4106196e3986076569686fb87325c0e2cf0407c9219c490c23286e02e2f6e9b9dac64ef8741edcc347c409089cb5f5f0695539d58c02ea024b23fe16eae31076000e80fa50b1a8d1f69adbc791b797bd4915b16824abc5b61988c09ce57067a9c8a8043a229f6e6938e0bd25212feed2d6a134b5cf759f0eaa1e7dd78feb59d656b80a90f07186bbef7b845bf8469e24f178250b8ddd9d149e43b1068de2883aed76f63c371fe779d197d7240fa1e3670c76fb5fbcd31c84d0c980030f249ff109313f19f5d1b2a1a5cf75efc510247474bc5e7cbb24d71343402e38a93683a8c65f8803635c9d520094d5b455721c9a9085ed10fae40e8991cd9ccbe671332fa9083a101f200383074fc548d330de81e022fdc2c77ad70037b211b91cb3119e9844cd9e58c290c7093fb9d8e77303fddd8ced602b32826da8a4ffbf099d91e60fe015cd0d0357d6affb6d5cb7a0ca1d24b2cd320359d6142a7193f6f4dd29e570a214bb6defe0a1ac1f1833ce24afa957b19c62ff34d42c36092c19d7ab316b207cf5e6f5e752f55a8bd05827226268da18ad34d4e491830322de06deab28d6b33eb8975c4d2c9cca9788af2477bf336b4441ac967d33f61fc6dec49c3e59a4c5c1454b06c8d7ac9b0c164b5f04345af43cae85bff9251d87b0f1401cd188a8611db27e6844483d2fefcdda7b40e12aec8e89d5c468c235fcbfcc76cd9d94b60a9175458a8d5dc9c8d9482e77624b2afae45fba9e4d401fa2cfaa78d88075c9a3cf2e9bf26e7e1b40020a6137ee2f3d11c5095cfcb297e3283d09c779116c65cb0686f20f7fd2483219d32ddc05a0a43c05c74696bd684c1818a292f08e7e1b133e10f6c80acf3f7c8a3a072cb5cff8e9886b4647a6ec13ca1a120b3ab7de7a6f96ba1081dc082bf04f11b8dfddab9ac06a4271f9eff99e294892bb3b37a862775b02fde67db6881ddefa6fce666871ec7496dd4321f346159b246e1f9c2187eb6f7e643bf4d66cd6ccfbffe48b013045fa8704c0a5d771cb18e3a626b8da8b130ecdaf0736b504890c1cf996bb067a209629304c0558e670e0f64bccf38bce91e2cac0e5abe2a3ddd3e3dc28b104913cf5f13228a7123e8348dc47430763545c29fe458c50eee5df18af7f990d04fa75f23be9b0d971b15b6e4aa3a7bb96f59c99d86ca98a04a8880de15f4995abfcfbb82771e60df97405cee5b9af1f3559ac7615d6769a307f9bdd6185d3df105e3e0100e8619f1af6e19e3346ba3e44683db726b418e87df54373e2f97e3eb5ac074cf6e5430439a0c0effe1b5661b3ab7ae6374f8541b6999986955a5c0544cd25349d1657cc91d109a1d5ef4ce84be914012004bd33c3af552dcee282bf45793977d27da910211c7602e6c3ab25f631ad4be18cfc139b21fd9b610ac88921a4a3b033929398c9b8376712eba4bf81b9b8d93d857d7892137e09802ac38c26e712e38f513e29a1f27aaca8701a7265ca627241080af053bd4aa9843b5b776267810abfbe4ea16e76a6d068cc5121b566183860a42e0906a1a12948b5f488e68384167facc57bc001584484befcde5bb69e70fdb20f43c7c24d5dfd5d2bea3a203e0c20b423b6a9d34f46564a065998b42d6c9d0356efaa5b08fbff7b34e96b662d47041376a0cba6324d3b5c1adaa470b28e4ef655254c6bca941dda210715efb1323ccdfced9ddeb23c2985e8da20680b463b5511170c0e6b43b8f2950cd135617f5777bba9478dc96738f9aa6139a50ff3885459b13c115b87bbb69146b0b6abefbddb6ce5b1b46a90569c4270fb990fb6be2a104a20d78731d6d1521d316e2e5fb680a770bea7be9267afc6e50412568157cb56148688cf66ac9d0b1ba2bbc4e98701add2621ec62e4fbaf4360285665ea9b6f4f3b5f782c3c9ff77579bd60c3168bca976ef8792977505a9805788664ed76558b82f9de53c20ad7ff16f88bc8fa3165921725b0b299530648f3e865a3c41bd0512ac88fbfeb5ef470b441ea659565ddcc8a105c943afa736cbef080ff5a3bdad8b4943a423ac74e1b6d79028ea0024f45e99523ab05dbce95650c255d718a3683d6d29bc13c1fd54f9286e690c2eacf42c1dedacae8a7330e9651eec8833605039ae9b01ac60b738501d40f1f6d8cb6883520d0159a3121854f23b9cd33f431d238f4b4b0feaa291974e20dd9ccd05e6a22b2a896d1113c9adf6457f5e6473b46b2003d57d84fa6f0c5e4d8a38fef0eb77210c8ba63a47b2f15d5ff7a666732548f46fba3739184415eaa645a9f13d5fbeabfd6e95bf7ebef91154bf49b6e6253b9a6d8112c23891d0676a6bf590158efaba9a4a8dbc3b1fd5bbc1fafd87be16acdebcf49f64f0b7c6f6cf8119fa906e7389535954bb17010c715c47170d7456d37a423f01f994201d5f631e8f9279397d8ca19828d2a9533d7d6611269c0f78bc10e6a0280d899713769ece868b3c6a1210ac70025dd846fdad45db060f758c9e8716e9ac19cf5cac5f9255f0abaa012bdfd0e83cf88b81ecc0cfcf40ed3de0b4ff2ca11f33c4192e34b36dd9a13c30baf241876485c38cc1ff496708f1ee2ce2a0966e326fb6209ae367b4c6d6202d0bf8e97b0e772f5b98b15e31129d48b227988c84376ccb9e63b7f93fb571d368d70d6ef000c38b994fbeea5cf3c401877086332f3577018be0673fb475ca5e66e3e3490ff8c2892d95e2cdebb3c0e62a15737a00e72ab756c29180bb81ff359078cba4eb445a5926ba4c5d2e3ad0ef94147b1c172344226eacd28d8dbfc3a6eb466b0ce9a417a3247795b5a1f5e4eb21590b71ddc8d6529ac2b629f5b44ce520eb172c1045686218d5a9d0cb0033905f06ab0c9b25f1a4d38b0c53af2163ec4e2da4406a8943509b4ba46f97f9be49255a7f73f484b1ea42698cf9b9df65d18c8a0739dcfedc1d1a69e09a8a867d09799de4be554951eabca520685595a5e60a3ad05d34f8a590af95b9dfeff8273659cb96fa95ebc5bf7f68d9a35519ddf5dc0424a9e637597520809f54dc7ef89f06f822586edab36512d7609c872a09aaa3b2ab1fa0404930bf7225e69e28e98ec996e7c8c694e321958bd37cf6eab4ac6d5b11ff203b3eddb8a412893721f5148e94e875dc246cae7f015082071f68209e4011d9b1c692032b700191c73495f8e285b3ec2fabdca9739bd201ab420b73e5dbf3560f99f3e6385684b1177d7253920f980bcb753610390fa53aeab5a09213e85a0461463d02a154d7436aac95bacfc87fd352542d636deaaeb2ef2a72e7b6b1fc07acd72e0517bfdf9e1045eeee9dad60a761da7873309108af1115c2d72b8a4a54b0a31198d869fafb7e650b32849151b9f95ec8023d0f280fc09b923852299c7f378e67579c4038a8f43247cebadb20c5c91a0b62a365440d2e7dbb295a0939a9bcf4ae30271220c7957908269d54491942000679dba2d9eaad6449068ab28062d74db43eba46ea148f843366c3f5e7a6368d06cd3160ad524ea8f56dfb8bf3d886afa005ee3dfbbd85cb10efa12473410f28d81de392bfc60791930cdcd5cec3d4e2350a4f6659cdc57c3835895955f44d2a515ab8c9e7403316b302dc5db4835025de6cda856cc365bba534b68ef47127b578abaf83e254f33e5381012ad559776a0741eb039050b8c415a440c223d9c07329c8c7ddd9d5525d3b0fc9a4d980ecca4c8148ea61c3bf44b611edc696d57ab257f523d4cdaa1cd241596028d1bc433caf534de16eb0098ee4b782d1ad9103e968a9b11939e2786a13d448b2050dc4952715dc93ffce839b8724c73eb78ef31edf6ae5577a865d4b6f02617da18e11f7a0b61f8572c9d2d4aa92d221ad165e9d0d33a793fa3f2e5d8a1f7af89fcded8002275dd0b579d147480c561de462b33a04c2dd5eca72d78f75c4925c4423815869979009794deef1205c93c49e9558c813ca8622d350b88a189590ab58862f7bf819fedb531e62382b3197b4d380a7ccc44d6e3b0763e2ddec4374d858a637c9b8a41bb115a99999273606c506f50554137addcd154b92c437fb7034282363c469522f5c9ee142c4a0dd1f61b0a4f622ea8580fe154c896fe6c9fa37caf82bb7b4f959fb282856a29d1111d00c241060a01d3dfc945dea8c66ab797ed94a6831fe805990a74a385748a171b96966e83d0867a6d54300e45672a2bf0183783214a7a7d4e042e8fb687de3a3c3379adcd9f9edb537953355750cfccc7ea0d4a4b5e4a973e04cee71662c34eaabce58e7e8f2b58ca1edd3f78c6092059fc79157617a3bd50e266febdfb60318eb75862397d2353a79f426b22807bb1f243775d31d06de11603752e4ebf0ec9b88418f132649397aac2d91c7679626cd9b8d5a2047c2b28b69e89d2ef3cd8d77f81967df0fe79c36db772d4b3c95f40bc588ebe74a5e52e1378aeab7cb09c154d628655dc51f122c06acd1f805d77d2ac3e510dac48fc50afdb18b083ea4ad58fea8f2ada463648d3c502b56aa239e3bf739839e27b29b20de4d5d220020b77d9d48a9cd91fab66e336609a7736702565b3a463124ce514218a902559a68507945e70e2a9a19db8c928a6fbb3cc1de1c857f7ad78c2d47cf23f7aeb24a2c8fce6a0fa4ce1d6fa5b2bdd2b548853a74f6ffa982fe1efecf598c60617f8eb137c0bd2ecaa026cc5f834f8483ab5ae22780ba69877dd44de1caad33c6fb5ccad9dccc3a8602d040ae620baf55b06f0b7be53b563f1f255da71a30260ed90f63fc34a1fe4094350aa01145dcb02c94b86fe9bc1baab038a777a5b029561e6b8939c8aa5ad1b3fb04e475b4883364d0609a6cad5c57d145df1dfd7f150f0a23376f31fe548cddaf11fdf012519458e4721975a1a4e0bc66487", 0x1000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0xf9efffff, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)

526.283191ms ago: executing program 2 (id=748):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = accept(r2, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0, 0xfffffdef}, 0x1, 0x0, 0x0, 0x85c}, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

504.603773ms ago: executing program 2 (id=749):
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', <r1=>0x0})
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @local}, 0x10)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x0, @local}, 0x10)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000300)={r1, 0x1, 0x6, @random="fd46f2ccf8c9"}, 0x10)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r3, 0x0, 0x8000000000002}, 0x18)
socket$netlink(0x10, 0x3, 0x6)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r7, 0x404c534a, &(0x7f0000000040))
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0xffffffffffffffff, 0x2, 0x16, 0x0, 0x10}, 0xfff})
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, 0x0, 0x0)
r9 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r9, &(0x7f0000000080)='user\x00', &(0x7f0000000180)={'syz', 0x3}, r8)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x8000000, {0x0, 0x0, 0x0, r5, {0x1f, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000000)

445.011157ms ago: executing program 2 (id=750):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000005000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x491c}, 0x8002, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0xa, 0x300)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10)
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
iopl(0x3)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
sendto$inet6(0xffffffffffffffff, &(0x7f0000001240)='>', 0x1, 0x0, &(0x7f00000012c0)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c)
shutdown(0xffffffffffffffff, 0x1)

60.127066ms ago: executing program 0 (id=751):
chdir(0x0)
open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kmem_cache_free\x00', r1}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x40ef, 0x0) (fail_nth: 6)

49.577527ms ago: executing program 2 (id=752):
bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x8000000}, 0x18)
fsmount(0xffffffffffffffff, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), r1)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{}, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
recvmmsg(r1, 0x0, 0x0, 0x40000000, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0)

43.396997ms ago: executing program 4 (id=753):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='tlb_flush\x00', r0, 0x0, 0x1}, 0x18)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

22.787829ms ago: executing program 0 (id=754):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000340)='xprtrdma_post_send_err\x00', r1}, 0x18)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x2b, 0x1, 0x1)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=<r8=>r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000b00)=ANY=[@ANYRES32=r2, @ANYRESDEC=r8, @ANYRESOCT, @ANYRESDEC=r9], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r10}, 0x10)
setsockopt$inet6_IPV6_RTHDR(r6, 0x29, 0x39, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x9}, 0x8)
r11 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r11, &(0x7f00000002c0)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000140001800c000100636f756e746572000400028008000340000001"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r12}}, 0x24}}, 0x0)

22.452139ms ago: executing program 3 (id=755):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x18)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SG_GET_VERSION_NUM(r3, 0x2282, &(0x7f0000000400))
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x1440, 0x1148, 0x1170, 0x1398, 0x1148, 0x1170, 0x1370, 0x1398, 0x1398, 0x1370, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x6}, 0x0, 0x1100, 0x1148, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xa}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0x2, 0x0, 0xfc, './cgroup.net/syz0\x00', 0x0, {0xfffffffffffffffe}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast2, 'netpci0\x00'}}}, {{@uncond, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x1, [], 0x0, 0x23, 0x0, [@empty, @local, @loopback, @mcast2, @remote, @rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, @private1, @loopback, @remote, @mcast2, @empty, @rand_addr=' \x01\x00', @mcast1, @remote]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x14a0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000002200f30c0000000000feff00760000000f00001e37000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r5}, 0x10)
r6 = io_uring_setup(0x931, &(0x7f0000000000)={0x0, 0x0, 0x80, 0x1, 0x328})
io_uring_register$IORING_REGISTER_PBUF_RING(r6, 0x16, &(0x7f0000000740)={&(0x7f0000001000)={[{0x0, 0x0, 0x10}, {0x0}, {0x0, 0x0, 0xfffe}, {0x0, 0x0, 0x2}]}, 0x4}, 0x1)
sendmmsg$inet(r0, &(0x7f0000000100)=[{{&(0x7f0000000040)={0x2, 0xffff, @broadcast}, 0x10, 0x0}}], 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r7)
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$IEEE802154_LIST_PHY(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)={0x14, r8, 0x30b}, 0x14}}, 0x4000040)

22.116199ms ago: executing program 4 (id=756):
r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) (async)
r1 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0) (async)
fallocate(r0, 0x0, 0x0, 0x1000f4) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10) (async, rerun: 64)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080006110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0be2566c43d72918a8a9323fd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5d82054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fcfcffffffffffffffd442017cfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beac671e8e8fdecb035868a623fa71f871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae991e7f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef8a4fed5c9455640dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d76ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6e257343c1a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabba3c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f3878b1e11316d8ddae1c6c3b8faaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080021000000000090ee7ba4a70a084bd994ac5e00000000000000000000000000351a30cdf57a3d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd68a34e286991f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf6433f76d5af45155536a1a44bfcbfbfd232af000052f9002a5876ed24609d478b4d99ca8bf44b852fed1f3a7f00836d"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async, rerun: 64)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (rerun: 64)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map=r5, r4, 0x26, 0x0, 0x0, @void, @value}, 0x10) (async, rerun: 32)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r6=>0xffffffffffffffff}) (rerun: 32)
splice(r3, 0x0, r6, 0x0, 0x4, 0x0) (async)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async, rerun: 32)
vmsplice(r6, &(0x7f00000005c0)=[{0x0}], 0x1, 0x6) (async, rerun: 32)
ioctl$sock_inet_udp_SIOCINQ(r6, 0x541b, 0x0) (async)
write(r2, 0x0, 0x0)
setresuid(0xee01, 0xee01, 0xee00) (async)
syz_clone3(0x0, 0x0) (async)
listen(0xffffffffffffffff, 0x5)
socket(0x11, 0x800000003, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r8, 0x0, 0x20000002}, 0x18)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x8, 0x0, @perf_config_ext={0x1, 0xa}, 0x1184c, 0x9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) (async, rerun: 64)
ioctl$KDFONTOP_SET(r7, 0x4b72, &(0x7f0000000000)={0x0, 0x3, 0x8, 0xc, 0x200, 0x0}) (async, rerun: 64)
socket$netlink(0x10, 0x3, 0x0)

0s ago: executing program 3 (id=757):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0a00000002000000fd0f000003"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$igmp6(0xa, 0x3, 0x2)
sendmmsg$inet6(r2, &(0x7f0000003080)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x18, 0x0}}, {{&(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1}, 0x18, &(0x7f0000001b40)=[{&(0x7f00000007c0)="451fb88ae975f58b82298dca2a6ee73f3cb4da03d559c14582e34297893c5f4fee2bf9d29330a460441f8cf14b0db1f32807d00c8ebdd96da9b1f10d67bb1302d966b57255173f30cbca9833", 0x4c}, {&(0x7f00000008c0)}, {&(0x7f0000000a40)="13ab3eeee593968811a98ce0eb08018efc054c8faeba6abd27c981fdbba854db371d3ef85fff0c5a815bce21f63166c801401f654ac3fd484338b4ccb726d2eb2e87f4a952aab9c6ab538365407a9b5b3f5d19b4d7d9afc8072d1d259130729a6745080c9db7398d70da7c1db8bc139e937a2a41f903526d5e15b06b01a068396389ed6dde3749593c274c153ecfa407e7aeb7f20f2eb436898fac9f0724b1894b286db08902dee46666f3af3c6a667eefa37e7eba83b8ddf74f0127ef456502cb08b0dcd36ff606a82b01910f", 0xcd}, {&(0x7f0000000b40), 0x6000}, {&(0x7f0000000440)}, {0x0, 0x60}], 0x6}}, {{&(0x7f0000002e40)={0xa, 0x0, 0x6, @mcast2, 0x2}, 0x1c, &(0x7f0000002f40)=[{&(0x7f0000002e80)}], 0x1, &(0x7f0000000680)=ANY=[@ANYBLOB="1400000000000000290000000800000000000000000000002e1dcf9d80782b6a2d6fda419b6ab5766ac80f59d18cc593d0936f5261ab4f698145192b622bc513a4d83ef600c1eec8ceabdbe76b95792976fb71e116719f0a18da3bdee9fcb8cd8cc440c07c5ca4f534463fe501b714bbab8475f640"], 0x18}}], 0x3, 0x0)

kernel console output (not intermixed with test programs):

romiscuous mode
[   27.665472][   T29] audit: type=1400 audit(1739384771.114:113): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   27.693144][   T29] audit: type=1400 audit(1739384771.114:114): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/root/syzkaller.MBn6zm/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   27.719798][   T29] audit: type=1400 audit(1739384771.114:115): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/root/syzkaller.MBn6zm/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   27.747347][   T29] audit: type=1400 audit(1739384771.114:116): avc:  denied  { unmount } for  pid=3298 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   27.769119][   T29] audit: type=1400 audit(1739384771.154:117): avc:  denied  { mounton } for  pid=3298 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=502 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   27.770906][ T3296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   27.791943][   T29] audit: type=1400 audit(1739384771.154:118): avc:  denied  { mount } for  pid=3298 comm="syz-executor" name="/" dev="gadgetfs" ino=4380 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   27.825098][ T3296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   27.826119][ T3298] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   27.834886][ T3296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   27.859959][ T3296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   27.871274][ T3296] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.889892][ T3305] veth1_macvtap: entered promiscuous mode
[   27.907670][   T29] audit: type=1400 audit(1739384771.434:119): avc:  denied  { read write } for  pid=3298 comm="syz-executor" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   27.911658][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   27.942268][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   27.952180][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   27.962690][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   27.972565][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   27.983041][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   27.993928][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0
[   28.007282][ T3297] veth0_macvtap: entered promiscuous mode
[   28.014629][ T3297] veth1_macvtap: entered promiscuous mode
[   28.024770][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   28.035276][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.045175][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   28.055622][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.065465][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   28.075899][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.085761][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   28.096252][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.106972][ T3297] batman_adv: batadv0: Interface activated: batadv_slave_0
[   28.128521][ T3296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.139154][ T3296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.149041][ T3296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.159597][ T3296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.171544][ T3296] batman_adv: batadv0: Interface activated: batadv_slave_1
[   28.179785][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.190309][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.200236][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.210672][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.220521][ T3297] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.231030][ T3297] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.242553][ T3297] batman_adv: batadv0: Interface activated: batadv_slave_1
[   28.250912][ T3297] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   28.259720][ T3297] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   28.268560][ T3297] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   28.277295][ T3297] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   28.291267][ T3296] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   28.300079][ T3296] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   28.308926][ T3296] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   28.317688][ T3296] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   28.328687][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.339178][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.349051][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.359500][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.369338][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.379888][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.389908][ T3305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.400550][ T3305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.412317][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1
[   28.420992][ T3305] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   28.429792][ T3305] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   28.438549][ T3305] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   28.447297][ T3305] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   28.539897][ T3456] loop4: detected capacity change from 0 to 2048
[   28.562226][ T3454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'.
[   28.579080][ T3456] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   28.586201][ T3463] loop1: detected capacity change from 0 to 512
[   28.598719][ T3463] EXT4-fs: Ignoring removed i_version option
[   28.604817][ T3463] EXT4-fs: Ignoring removed mblk_io_submit option
[   28.628562][ T3456] SELinux:  policydb magic number 0xfc6aff8c does not match expected magic number 0xf97cff8c
[   28.644369][ T3456] SELinux: failed to load policy
[   28.650138][ T3463] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   28.663329][ T3463] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   28.706117][ T3463] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   28.723526][ T3463] EXT4-fs (loop1): 1 truncate cleaned up
[   28.736556][ T3463] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   28.792199][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   28.809105][ T3467] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=3467 comm=syz.0.11
[   28.885793][ T3480] loop2: detected capacity change from 0 to 2048
[   28.917714][ T3480] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   28.942130][ T3480] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   28.947458][ T3456] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   28.972286][ T3456] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   28.984849][ T3456] EXT4-fs (loop4): This should not happen!! Data will be lost
[   28.984849][ T3456] 
[   28.992359][ T3480] EXT4-fs (loop2): Remounting filesystem read-only
[   28.994524][ T3456] EXT4-fs (loop4): Total free blocks count 0
[   29.007063][ T3456] EXT4-fs (loop4): Free/Dirty block details
[   29.013038][ T3456] EXT4-fs (loop4): free_blocks=2415919104
[   29.018806][ T3456] EXT4-fs (loop4): dirty_blocks=8192
[   29.024109][ T3456] EXT4-fs (loop4): Block reservation details
[   29.030212][ T3456] EXT4-fs (loop4): i_reserved_data_blocks=512
[   29.061387][ T3480] syz.2.13 (3480) used greatest stack depth: 9232 bytes left
[   29.072141][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   29.082179][ T3470] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   29.256864][ T3494] loop2: detected capacity change from 0 to 512
[   29.278865][ T3494] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   29.297654][ T3494] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   29.311159][ T3494] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #2: comm syz.2.17: corrupted inode contents
[   29.339640][ T3494] EXT4-fs error (device loop2): ext4_dirty_inode:6042: inode #2: comm syz.2.17: mark_inode_dirty error
[   29.352087][ T3494] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #2: comm syz.2.17: corrupted inode contents
[   29.362252][ T3500] netlink: 60 bytes leftover after parsing attributes in process `syz.2.17'.
[   29.369874][ T3494] EXT4-fs error (device loop2): __ext4_ext_dirty:207: inode #2: comm syz.2.17: mark_inode_dirty error
[   29.372667][ T3500] unsupported nlmsg_type 40
[   29.410280][ T3494] IPv6: Can't replace route, no match found
[   29.430302][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   29.459758][ T3502] loop4: detected capacity change from 0 to 512
[   29.479944][ T3502] EXT4-fs error (device loop4): ext4_orphan_get:1389: inode #15: comm syz.4.19: casefold flag without casefold feature
[   29.492940][ T3502] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.19: couldn't read orphan inode 15 (err -117)
[   29.508425][ T3502] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   29.631906][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   29.643605][ T3509] netlink: 132 bytes leftover after parsing attributes in process `syz.2.20'.
[   29.731961][ T3524] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=3524 comm=syz.3.27
[   29.868749][ T3530] loop2: detected capacity change from 0 to 2048
[   29.897887][ T3530] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   29.919404][ T3530] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   29.935247][ T3530] EXT4-fs (loop2): Remounting filesystem read-only
[   29.949990][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   29.988292][ T3538] netlink: 16 bytes leftover after parsing attributes in process `syz.2.31'.
[   29.999161][ T3538] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   30.220400][ T3540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   30.232717][ T3540] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   30.257826][ T3552] loop2: detected capacity change from 0 to 512
[   30.275639][ T3552] EXT4-fs error (device loop2): ext4_orphan_get:1389: inode #15: comm syz.2.38: casefold flag without casefold feature
[   30.288532][ T3552] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.38: couldn't read orphan inode 15 (err -117)
[   30.300993][ T3552] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   30.382207][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.407225][ T3556] mmap: syz.2.39 (3556) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   30.420051][ T3556] netlink: 24 bytes leftover after parsing attributes in process `syz.2.39'.
[   30.450701][ T3558] loop2: detected capacity change from 0 to 512
[   30.457267][ T3558] EXT4-fs: Ignoring removed nomblk_io_submit option
[   30.464766][ T3558] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   30.489454][ T3558] EXT4-fs (loop2): 1 truncate cleaned up
[   30.496241][ T3558] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   30.530466][ T3561] loop0: detected capacity change from 0 to 512
[   30.539830][ T3561] EXT4-fs error (device loop0): ext4_orphan_get:1389: inode #15: comm syz.0.41: casefold flag without casefold feature
[   30.557328][ T3561] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.41: couldn't read orphan inode 15 (err -117)
[   30.569789][ T3561] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   30.690150][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.747878][ T3582] loop3: detected capacity change from 0 to 512
[   30.776959][ T3582] EXT4-fs warning (device loop3): ext4_enable_quotas:7145: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   30.804265][ T1055] IPVS: starting estimator thread 0...
[   30.810002][ T3582] EXT4-fs (loop3): mount failed
[   30.865047][ T3601] FAULT_INJECTION: forcing a failure.
[   30.865047][ T3601] name failslab, interval 1, probability 0, space 0, times 1
[   30.877821][ T3601] CPU: 1 UID: 0 PID: 3601 Comm: syz.3.55 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
[   30.877843][ T3601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   30.877857][ T3601] Call Trace:
[   30.877862][ T3601]  <TASK>
[   30.877868][ T3601]  dump_stack_lvl+0xf2/0x150
[   30.877893][ T3601]  dump_stack+0x15/0x1a
[   30.877922][ T3601]  should_fail_ex+0x24a/0x260
[   30.878002][ T3601]  ? sctp_add_bind_addr+0x6f/0x1e0
[   30.878103][ T3601]  should_failslab+0x8f/0xb0
[   30.878127][ T3601]  __kmalloc_cache_noprof+0x4e/0x320
[   30.878219][ T3601]  sctp_add_bind_addr+0x6f/0x1e0
[   30.878242][ T3601]  sctp_copy_local_addr_list+0x19b/0x220
[   30.878268][ T3601]  sctp_copy_one_addr+0x83/0x410
[   30.878348][ T3601]  sctp_bind_addr_copy+0x81/0x2b0
[   30.878435][ T3601]  sctp_assoc_set_bind_addr_from_ep+0xc0/0xd0
[   30.878458][ T3601]  sctp_connect_new_asoc+0x1d0/0x3b0
[   30.878532][ T3601]  sctp_sendmsg+0xf05/0x1920
[   30.878552][ T3601]  ? __pfx_sctp_sendmsg+0x10/0x10
[   30.878568][ T3601]  inet_sendmsg+0xc5/0xd0
[   30.878587][ T3601]  __sock_sendmsg+0x102/0x180
[   30.878603][ T3601]  ____sys_sendmsg+0x312/0x410
[   30.878718][ T3601]  __sys_sendmmsg+0x227/0x4b0
[   30.878752][ T3601]  __x64_sys_sendmmsg+0x57/0x70
[   30.878773][ T3601]  x64_sys_call+0x29aa/0x2dc0
[   30.878791][ T3601]  do_syscall_64+0xc9/0x1c0
[   30.878808][ T3601]  ? clear_bhb_loop+0x55/0xb0
[   30.878866][ T3601]  ? clear_bhb_loop+0x55/0xb0
[   30.878885][ T3601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   30.878953][ T3601] RIP: 0033:0x7f3bee9bcde9
[   30.878968][ T3601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   30.879032][ T3601] RSP: 002b:00007f3bed027038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   30.879047][ T3601] RAX: ffffffffffffffda RBX: 00007f3beebd5fa0 RCX: 00007f3bee9bcde9
[   30.879056][ T3601] RDX: 0000000000000001 RSI: 0000400000002240 RDI: 0000000000000005
[   30.879065][ T3601] RBP: 00007f3bed027090 R08: 0000000000000000 R09: 0000000000000000
[   30.879074][ T3601] R10: 00000000240000c0 R11: 0000000000000246 R12: 0000000000000002
[   30.879083][ T3601] R13: 0000000000000000 R14: 00007f3beebd5fa0 R15: 00007ffefb4d9e88
[   30.879096][ T3601]  </TASK>
[   31.104565][ T3593] IPVS: using max 2544 ests per chain, 127200 per kthread
[   31.130550][ T3608] loop0: detected capacity change from 0 to 512
[   31.138732][ T3610] syz.1.60 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   31.181298][ T3616] loop1: detected capacity change from 0 to 512
[   31.201671][ T3608] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   31.209946][ T3608] EXT4-fs (loop0): orphan cleanup on readonly fs
[   31.212180][ T3616] EXT4-fs warning (device loop1): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   31.232912][ T3608] EXT4-fs warning (device loop0): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   31.246210][ T3616] EXT4-fs (loop1): mount failed
[   31.264656][ T3608] EXT4-fs (loop0): Cannot turn on quotas: error -117
[   31.297903][ T3624] loop3: detected capacity change from 0 to 8192
[   31.308150][ T3608] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.56: bg 0: block 40: padding at end of block bitmap is not set
[   31.327003][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.342699][ T3616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   31.352609][ T3608] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   31.353797][ T3616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   31.372268][ T3608] EXT4-fs (loop0): 1 truncate cleaned up
[   31.378547][ T3608] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   31.434956][ T3608] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #16: comm syz.0.56: corrupted xattr block 31: invalid header
[   31.450373][ T3608] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop0 ino=16
[   31.461963][ T3608] netlink: 24 bytes leftover after parsing attributes in process `syz.0.56'.
[   31.557281][ T3643] loop4: detected capacity change from 0 to 164
[   31.566342][ T3643] process 'syz.4.70' launched '/dev/fd/11' with NULL argv: empty string added
[   31.576073][ T3643] syz.4.70: attempt to access beyond end of device
[   31.576073][ T3643] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[   31.590705][ T3643] syz.4.70: attempt to access beyond end of device
[   31.590705][ T3643] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[   31.674099][ T3647] random: crng reseeded on system resumption
[   31.697937][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.732550][ T3651] loop0: detected capacity change from 0 to 512
[   31.744606][ T3651] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   31.753385][ T3651] EXT4-fs (loop0): invalid journal inode
[   31.759166][ T3651] EXT4-fs (loop0): can't get journal size
[   31.766034][ T3651] EXT4-fs (loop0): 1 truncate cleaned up
[   31.771856][ T3651] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   31.788017][ T3653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.72'.
[   31.811386][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.860265][ T3661] syz_tun: entered allmulticast mode
[   31.878381][ T3661] 9pnet: Could not find request transport: rdmaÿÿ
[   31.891303][ T3660] syz_tun: left allmulticast mode
[   31.930652][ T3668] netlink: 4 bytes leftover after parsing attributes in process `syz.2.80'.
[   31.939535][ T3668] netlink: 4 bytes leftover after parsing attributes in process `syz.2.80'.
[   31.958702][ T3672] loop4: detected capacity change from 0 to 512
[   31.965385][ T3668] netlink: 4 bytes leftover after parsing attributes in process `syz.2.80'.
[   31.978008][ T3672] EXT4-fs error (device loop4): ext4_orphan_get:1389: inode #15: comm syz.4.82: casefold flag without casefold feature
[   31.990931][ T3672] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.82: couldn't read orphan inode 15 (err -117)
[   32.010528][ T3672] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.097312][ T3685] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=3685 comm=syz.1.85
[   32.130334][ T3689] only policy match revision 0 supported
[   32.130417][ T3689] unable to load match
[   32.156274][ T3694] syz_tun: entered allmulticast mode
[   32.162444][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.162856][ T3690] syz_tun: left allmulticast mode
[   32.301017][ T3700] loop4: detected capacity change from 0 to 2048
[   32.335669][ T3710] program syz.0.100 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   32.347378][ T3700] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.363871][ T3700] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   32.387283][ T3700] EXT4-fs (loop4): Remounting filesystem read-only
[   32.394496][ T3716] 9pnet_fd: Insufficient options for proto=fd
[   32.425906][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.518548][ T3730] loop4: detected capacity change from 0 to 128
[   32.538037][ T3730] FAT-fs (loop4): Directory bread(block 32) failed
[   32.548755][ T3730] FAT-fs (loop4): Directory bread(block 33) failed
[   32.557394][ T3730] FAT-fs (loop4): Directory bread(block 34) failed
[   32.563986][ T3730] FAT-fs (loop4): Directory bread(block 35) failed
[   32.571079][ T3730] FAT-fs (loop4): Directory bread(block 36) failed
[   32.578042][ T3730] FAT-fs (loop4): Directory bread(block 37) failed
[   32.584630][ T3730] FAT-fs (loop4): Directory bread(block 38) failed
[   32.598244][ T3730] FAT-fs (loop4): Directory bread(block 39) failed
[   32.605066][ T3730] FAT-fs (loop4): Directory bread(block 40) failed
[   32.611676][ T3730] FAT-fs (loop4): Directory bread(block 41) failed
[   32.620288][   T29] kauditd_printk_skb: 486 callbacks suppressed
[   32.620329][   T29] audit: type=1400 audit(1739384776.154:603): avc:  denied  { read } for  pid=3735 comm="syz.3.109" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   32.649408][   T29] audit: type=1400 audit(1739384776.154:604): avc:  denied  { open } for  pid=3735 comm="syz.3.109" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   32.723835][ T3730] syz.4.106: attempt to access beyond end of device
[   32.723835][ T3730] loop4: rw=0, sector=4108, nr_sectors = 4 limit=128
[   32.743607][   T29] audit: type=1400 audit(1739384776.194:605): avc:  denied  { create } for  pid=3735 comm="syz.3.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   32.763339][   T29] audit: type=1326 audit(1739384776.224:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3728 comm="syz.4.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f148143b750 code=0x7ffc0000
[   32.786663][   T29] audit: type=1326 audit(1739384776.224:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3728 comm="syz.4.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f148143bb37 code=0x7ffc0000
[   32.809840][   T29] audit: type=1326 audit(1739384776.224:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3728 comm="syz.4.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f148143b750 code=0x7ffc0000
[   32.833189][ T3743] 9pnet_fd: Insufficient options for proto=fd
[   32.839546][   T29] audit: type=1326 audit(1739384776.224:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3728 comm="syz.4.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148143cde9 code=0x7ffc0000
[   32.862833][   T29] audit: type=1326 audit(1739384776.224:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3728 comm="syz.4.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148143cde9 code=0x7ffc0000
[   32.886111][   T29] audit: type=1326 audit(1739384776.244:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3728 comm="syz.4.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f148143cde9 code=0x7ffc0000
[   32.890498][ T3746] loop0: detected capacity change from 0 to 2048
[   32.909337][   T29] audit: type=1326 audit(1739384776.244:612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3728 comm="syz.4.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f148143cde9 code=0x7ffc0000
[   32.913822][ T3730] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 196)
[   32.947719][ T3730] FAT-fs (loop4): Filesystem has been set read-only
[   32.987297][ T3746] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.019746][ T3746] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   33.032750][ T3759] SELinux:  policydb string SEºLinuz does not match my string SE Linux
[   33.036457][ T3746] EXT4-fs (loop0): Remounting filesystem read-only
[   33.060322][ T3759] SELinux: failed to load policy
[   33.071855][ T3759] SELinux:  policydb string SEºLinuz does not match my string SE Linux
[   33.080426][ T3759] SELinux: failed to load policy
[   33.091176][ T3759] SELinux:  policydb string SEºLinuz does not match my string SE Linux
[   33.099910][ T3759] SELinux: failed to load policy
[   33.105231][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.106140][ T3759] SELinux:  policydb string SEºLinuz does not match my string SE Linux
[   33.122766][ T3759] SELinux: failed to load policy
[   33.123849][ T3752] syz.4.106: attempt to access beyond end of device
[   33.123849][ T3752] loop4: rw=0, sector=4108, nr_sectors = 4 limit=128
[   33.127985][ T3759] SELinux:  policydb string SEºLinuz does not match my string SE Linux
[   33.149787][ T3759] SELinux: failed to load policy
[   33.154870][ T3759] SELinux:  policydb string SEºLinuz does not match my string SE Linux
[   33.164616][ T3759] SELinux: failed to load policy
[   33.171090][ T3759] SELinux:  policydb string SEºLinuz does not match my string SE Linux
[   33.179800][ T3759] SELinux: failed to load policy
[   33.184798][ T3752] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 196)
[   33.185248][ T3759] SELinux:  policydb string SEºLinuz does not match my string SE Linux
[   33.214981][ T3759] SELinux: failed to load policy
[   33.220482][ T3759] SELinux:  policydb string SEºLinuz does not match my string SE Linux
[   33.241652][ T3759] SELinux: failed to load policy
[   33.293169][ T3775] loop2: detected capacity change from 0 to 2048
[   33.312310][ T3782] loop0: detected capacity change from 0 to 512
[   33.319069][ T3782] EXT4-fs: Ignoring removed nomblk_io_submit option
[   33.326542][ T3775] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.339467][ T3782] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   33.361956][ T3773] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   33.381248][ T3782] EXT4-fs (loop0): 1 truncate cleaned up
[   33.391127][ T3773] EXT4-fs (loop2): Remounting filesystem read-only
[   33.392317][ T3782] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.466031][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.501704][ T3799] loop1: detected capacity change from 0 to 2048
[   33.547655][ T3799] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.565161][ T3807] netlink: 16 bytes leftover after parsing attributes in process `syz.4.131'.
[   33.603139][ T3799] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   33.619288][ T3799] EXT4-fs (loop1): Remounting filesystem read-only
[   33.657987][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.684398][ T3823] netlink: 8 bytes leftover after parsing attributes in process `syz.4.137'.
[   33.704398][ T3823] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   33.748273][ T3823] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   33.778418][ T3837] loop3: detected capacity change from 0 to 512
[   33.786266][ T3837] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[   33.794727][ T3837] EXT4-fs (loop3): invalid journal inode
[   33.800888][ T3837] EXT4-fs (loop3): can't get journal size
[   33.807685][ T3837] EXT4-fs (loop3): 1 truncate cleaned up
[   33.816959][ T3837] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.818133][ T3823] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   33.839625][ T3840] netlink: 24 bytes leftover after parsing attributes in process `syz.1.142'.
[   33.851065][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.880356][ T3842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.144'.
[   33.890537][ T3844] netlink: 12 bytes leftover after parsing attributes in process `syz.3.143'.
[   33.905997][ T3823] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   33.938886][ T3848] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3848 comm=syz.3.146
[   33.938901][ T3846] +
: renamed from syzkaller0
[   33.957855][ T3848] netlink: 4 bytes leftover after parsing attributes in process `syz.3.146'.
[   33.970568][ T3848] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   33.978269][ T3848] batman_adv: batadv0: Removing interface: batadv_slave_0
[   33.992818][ T3848] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   34.000425][ T3848] batman_adv: batadv0: Removing interface: batadv_slave_1
[   34.017447][ T3823] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   34.028521][ T3823] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   34.039213][ T3823] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   34.050754][ T3823] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   34.079119][ T3852] loop2: detected capacity change from 0 to 2048
[   34.117537][ T3856] loop4: detected capacity change from 0 to 512
[   34.137178][ T3856] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.149861][ T3856] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   34.163763][ T3856] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.150: corrupted inode contents
[   34.185030][ T3856] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #2: comm syz.4.150: mark_inode_dirty error
[   34.193484][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.201982][ T3856] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.150: corrupted inode contents
[   34.217280][ T3856] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.150: mark_inode_dirty error
[   34.268279][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.279453][ T3868] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   34.291657][ T3868] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   34.299276][ T3868] batman_adv: batadv0: Removing interface: batadv_slave_0
[   34.314790][ T3868] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   34.322328][ T3868] batman_adv: batadv0: Removing interface: batadv_slave_1
[   34.353264][ T3874] netlink: 4 bytes leftover after parsing attributes in process `syz.3.158'.
[   34.443895][ T3886] loop0: detected capacity change from 0 to 512
[   34.451311][ T3886] EXT4-fs: Ignoring removed nomblk_io_submit option
[   34.459527][ T3886] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   34.480762][ T3886] EXT4-fs (loop0): 1 truncate cleaned up
[   34.487033][ T3886] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.619859][ T3901] loop2: detected capacity change from 0 to 512
[   34.636460][ T3901] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   34.644595][ T3900] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.167'.
[   34.644799][ T3901] EXT4-fs (loop2): orphan cleanup on readonly fs
[   34.661831][ T3901] EXT4-fs warning (device loop2): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   34.677052][ T3901] EXT4-fs (loop2): Cannot turn on quotas: error -117
[   34.684027][ T3901] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.165: bg 0: block 40: padding at end of block bitmap is not set
[   34.699524][ T3901] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   34.708641][ T3901] EXT4-fs (loop2): 1 truncate cleaned up
[   34.714876][ T3901] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   34.733783][ T3901] netlink: 24 bytes leftover after parsing attributes in process `syz.2.165'.
[   35.299656][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.323782][ T3930] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   35.323817][ T3930] batman_adv: batadv0: Removing interface: batadv_slave_0
[   35.332110][ T3930] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   35.332169][ T3930] batman_adv: batadv0: Removing interface: batadv_slave_1
[   35.406940][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.426272][ T3938] loop0: detected capacity change from 0 to 512
[   35.426497][ T3938] EXT4-fs: Ignoring removed i_version option
[   35.426515][ T3938] EXT4-fs: Ignoring removed mblk_io_submit option
[   35.426562][ T3938] EXT4-fs: quotafile must be on filesystem root
[   35.613858][ T3957] loop1: detected capacity change from 0 to 512
[   35.622293][ T3957] EXT4-fs: Ignoring removed nomblk_io_submit option
[   35.622671][ T3957] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   35.652968][ T3957] EXT4-fs (loop1): 1 truncate cleaned up
[   35.661181][ T3957] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.673397][ T3963] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   35.673430][ T3963] batman_adv: batadv0: Removing interface: batadv_slave_0
[   35.673913][ T3963] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   35.673931][ T3963] batman_adv: batadv0: Removing interface: batadv_slave_1
[   36.449132][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.470559][ T3992] FAULT_INJECTION: forcing a failure.
[   36.470559][ T3992] name failslab, interval 1, probability 0, space 0, times 0
[   36.483256][ T3992] CPU: 1 UID: 0 PID: 3992 Comm: syz.1.203 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
[   36.483276][ T3992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   36.483285][ T3992] Call Trace:
[   36.483291][ T3992]  <TASK>
[   36.483297][ T3992]  dump_stack_lvl+0xf2/0x150
[   36.483375][ T3992]  dump_stack+0x15/0x1a
[   36.483390][ T3992]  should_fail_ex+0x24a/0x260
[   36.483444][ T3992]  should_failslab+0x8f/0xb0
[   36.483466][ T3992]  kmem_cache_alloc_noprof+0x52/0x320
[   36.483491][ T3992]  ? __proc_create+0x254/0x4a0
[   36.483515][ T3992]  __proc_create+0x254/0x4a0
[   36.483536][ T3992]  ? should_failslab+0x8f/0xb0
[   36.483599][ T3992]  proc_create_data+0xa9/0x170
[   36.483624][ T3992]  recent_mt_check+0x67b/0x7c0
[   36.483720][ T3992]  recent_mt_check_v0+0x66/0x90
[   36.483743][ T3992]  xt_check_match+0x259/0x4b0
[   36.483763][ T3992]  ? strnlen+0x28/0x50
[   36.483784][ T3992]  ? strcmp+0x21/0x50
[   36.483803][ T3992]  ? xt_find_match+0x1c1/0x1e0
[   36.483826][ T3992]  translate_table+0xb44/0x1040
[   36.483857][ T3992]  ? _copy_from_user+0x89/0xa0
[   36.483943][ T3992]  do_ip6t_set_ctl+0x7cc/0x8c0
[   36.483965][ T3992]  ? avc_has_perm_noaudit+0xa2/0x210
[   36.483992][ T3992]  nf_setsockopt+0x195/0x1b0
[   36.484154][ T3992]  ipv6_setsockopt+0x10f/0x130
[   36.484179][ T3992]  tcp_setsockopt+0x93/0xb0
[   36.484205][ T3992]  sock_common_setsockopt+0x64/0x80
[   36.484250][ T3992]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   36.484267][ T3992]  __sys_setsockopt+0x187/0x200
[   36.484289][ T3992]  __x64_sys_setsockopt+0x66/0x80
[   36.484378][ T3992]  x64_sys_call+0x282e/0x2dc0
[   36.484399][ T3992]  do_syscall_64+0xc9/0x1c0
[   36.484418][ T3992]  ? clear_bhb_loop+0x55/0xb0
[   36.484438][ T3992]  ? clear_bhb_loop+0x55/0xb0
[   36.484512][ T3992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   36.484535][ T3992] RIP: 0033:0x7fe3110bcde9
[   36.484549][ T3992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   36.484615][ T3992] RSP: 002b:00007fe30f727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   36.484633][ T3992] RAX: ffffffffffffffda RBX: 00007fe3112d5fa0 RCX: 00007fe3110bcde9
[   36.484645][ T3992] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000006
[   36.484656][ T3992] RBP: 00007fe30f727090 R08: 0000000000000565 R09: 0000000000000000
[   36.484667][ T3992] R10: 0000400000000c80 R11: 0000000000000246 R12: 0000000000000001
[   36.484677][ T3992] R13: 0000000000000000 R14: 00007fe3112d5fa0 R15: 00007ffced177268
[   36.484692][ T3992]  </TASK>
[   36.880202][    C1] hrtimer: interrupt took 33745 ns
[   36.899617][ T4000] Illegal XDP return value 4294967274 on prog  (id 212) dev N/A, expect packet loss!
[   36.910622][ T4000] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[   36.937327][ T4009] loop1: detected capacity change from 0 to 128
[   36.950368][ T4009] FAT-fs (loop1): Directory bread(block 32) failed
[   36.959426][ T4009] FAT-fs (loop1): Directory bread(block 33) failed
[   36.966169][ T4009] FAT-fs (loop1): Directory bread(block 34) failed
[   36.977970][ T4009] FAT-fs (loop1): Directory bread(block 35) failed
[   36.984527][ T4009] FAT-fs (loop1): Directory bread(block 36) failed
[   36.993605][ T4013] syz.2.211 uses obsolete (PF_INET,SOCK_PACKET)
[   36.996584][ T4009] FAT-fs (loop1): Directory bread(block 37) failed
[   37.006465][ T4009] FAT-fs (loop1): Directory bread(block 38) failed
[   37.013042][ T4009] FAT-fs (loop1): Directory bread(block 39) failed
[   37.019789][ T4009] FAT-fs (loop1): Directory bread(block 40) failed
[   37.026675][ T4009] FAT-fs (loop1): Directory bread(block 41) failed
[   37.041212][ T4013] loop2: detected capacity change from 0 to 2048
[   37.052589][ T4009] syz.1.209: attempt to access beyond end of device
[   37.052589][ T4009] loop1: rw=0, sector=4108, nr_sectors = 4 limit=128
[   37.066202][ T4009] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 196)
[   37.074337][ T4009] FAT-fs (loop1): Filesystem has been set read-only
[   37.077286][ T4013] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.097793][ T4009] syz.1.209: attempt to access beyond end of device
[   37.097793][ T4009] loop1: rw=0, sector=4108, nr_sectors = 4 limit=128
[   37.111263][ T4009] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 196)
[   37.120451][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.148447][ T4019] loop2: detected capacity change from 0 to 512
[   37.157307][ T4019] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   37.167129][ T4019] EXT4-fs (loop2): invalid journal inode
[   37.172974][ T4019] EXT4-fs (loop2): can't get journal size
[   37.179695][ T4019] EXT4-fs (loop2): 1 truncate cleaned up
[   37.187091][ T4019] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.200071][ T4027] loop1: detected capacity change from 0 to 512
[   37.209857][ T4027] EXT4-fs: Ignoring removed nomblk_io_submit option
[   37.210127][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.217231][ T4027] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   37.236255][ T4027] EXT4-fs (loop1): 1 truncate cleaned up
[   37.252140][ T4027] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.035191][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.052664][   T29] kauditd_printk_skb: 486 callbacks suppressed
[   38.052676][   T29] audit: type=1400 audit(1739384781.584:1098): avc:  denied  { tracepoint } for  pid=4041 comm="syz.1.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   38.083446][   T29] audit: type=1400 audit(1739384781.614:1099): avc:  denied  { create } for  pid=4041 comm="syz.1.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   38.103957][   T29] audit: type=1400 audit(1739384781.614:1100): avc:  denied  { write } for  pid=4041 comm="syz.1.220" path="socket:[6681]" dev="sockfs" ino=6681 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   38.128083][   T29] audit: type=1400 audit(1739384781.614:1101): avc:  denied  { nlmsg_read } for  pid=4041 comm="syz.1.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   38.148839][   T29] audit: type=1400 audit(1739384781.624:1102): avc:  denied  { read write } for  pid=4041 comm="syz.1.220" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   38.223499][   T29] audit: type=1326 audit(1739384781.754:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4049 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   38.246982][   T29] audit: type=1326 audit(1739384781.754:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4049 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   38.247654][ T4050] loop2: detected capacity change from 0 to 128
[   38.270248][   T29] audit: type=1326 audit(1739384781.754:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4049 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   38.300342][   T29] audit: type=1326 audit(1739384781.754:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4049 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   38.306624][ T4050] FAT-fs (loop2): Directory bread(block 32) failed
[   38.323764][   T29] audit: type=1326 audit(1739384781.754:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4049 comm="syz.2.223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   38.338965][ T4050] FAT-fs (loop2): Directory bread(block 33) failed
[   38.360472][ T4050] FAT-fs (loop2): Directory bread(block 34) failed
[   38.367111][ T4050] FAT-fs (loop2): Directory bread(block 35) failed
[   38.373716][ T4050] FAT-fs (loop2): Directory bread(block 36) failed
[   38.380781][ T4050] FAT-fs (loop2): Directory bread(block 37) failed
[   38.389315][ T4050] FAT-fs (loop2): Directory bread(block 38) failed
[   38.397381][ T4050] FAT-fs (loop2): Directory bread(block 39) failed
[   38.404096][ T4050] FAT-fs (loop2): Directory bread(block 40) failed
[   38.411158][ T4050] FAT-fs (loop2): Directory bread(block 41) failed
[   38.462646][ T4050] syz.2.223: attempt to access beyond end of device
[   38.462646][ T4050] loop2: rw=0, sector=4108, nr_sectors = 4 limit=128
[   38.483842][ T4065] loop4: detected capacity change from 0 to 2048
[   38.501082][ T4050] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 196)
[   38.509206][ T4050] FAT-fs (loop2): Filesystem has been set read-only
[   38.517322][ T4065] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.532779][ T4050] syz.2.223: attempt to access beyond end of device
[   38.532779][ T4050] loop2: rw=0, sector=4108, nr_sectors = 4 limit=128
[   38.541108][ T4065] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   38.546239][ T4050] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 196)
[   38.575863][ T4065] EXT4-fs (loop4): Remounting filesystem read-only
[   38.600760][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.250325][ T4092] loop4: detected capacity change from 0 to 512
[   39.257057][ T4092] EXT4-fs: Ignoring removed orlov option
[   40.312019][ T4092] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.236: bg 0: block 248: padding at end of block bitmap is not set
[   40.326607][ T4092] EXT4-fs error (device loop4): ext4_acquire_dquot:6927: comm syz.4.236: Failed to acquire dquot type 1
[   40.329107][ T4096] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[   40.350584][ T4092] EXT4-fs (loop4): 1 truncate cleaned up
[   40.356906][ T4092] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.369726][ T4092] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   40.390969][ T4087] EXT4-fs error (device loop4): ext4_lookup:1817: inode #2: comm syz.4.236: deleted inode referenced: 12
[   40.403230][ T4087] EXT4-fs error (device loop4): ext4_lookup:1817: inode #2: comm syz.4.236: deleted inode referenced: 12
[   40.419686][ T4096] __nla_validate_parse: 5 callbacks suppressed
[   40.419699][ T4096] netlink: 24 bytes leftover after parsing attributes in process `syz.3.238'.
[   40.437643][ T4096] loop3: detected capacity change from 0 to 128
[   40.481607][ T4108] loop1: detected capacity change from 0 to 128
[   40.495101][ T4108] FAT-fs (loop1): Directory bread(block 32) failed
[   40.501710][ T4108] FAT-fs (loop1): Directory bread(block 33) failed
[   40.508528][ T4108] FAT-fs (loop1): Directory bread(block 34) failed
[   40.515479][ T4108] FAT-fs (loop1): Directory bread(block 35) failed
[   40.522077][ T4108] FAT-fs (loop1): Directory bread(block 36) failed
[   40.539616][ T4108] FAT-fs (loop1): Directory bread(block 37) failed
[   40.549744][ T4108] FAT-fs (loop1): Directory bread(block 38) failed
[   40.565155][ T4108] FAT-fs (loop1): Directory bread(block 39) failed
[   40.574115][ T4108] FAT-fs (loop1): Directory bread(block 40) failed
[   40.581079][ T4108] FAT-fs (loop1): Directory bread(block 41) failed
[   40.581254][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.624718][ T4115] netlink: 16 bytes leftover after parsing attributes in process `syz.0.247'.
[   40.624801][ T4108] syz.1.243: attempt to access beyond end of device
[   40.624801][ T4108] loop1: rw=0, sector=4108, nr_sectors = 4 limit=128
[   40.647625][ T4108] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 196)
[   40.655797][ T4108] FAT-fs (loop1): Filesystem has been set read-only
[   40.683872][ T4120] loop4: detected capacity change from 0 to 2048
[   40.686609][ T4121] loop3: detected capacity change from 0 to 2048
[   40.701286][ T4108] syz.1.243: attempt to access beyond end of device
[   40.701286][ T4108] loop1: rw=0, sector=4108, nr_sectors = 4 limit=128
[   40.715319][ T4108] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 196)
[   40.728919][ T4120] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.736222][ T4121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.759529][ T4120] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   40.775871][ T4120] EXT4-fs (loop4): Remounting filesystem read-only
[   40.791572][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.805848][ T4129] FAULT_INJECTION: forcing a failure.
[   40.805848][ T4129] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   40.819009][ T4129] CPU: 1 UID: 0 PID: 4129 Comm: syz.1.250 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
[   40.819032][ T4129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   40.819043][ T4129] Call Trace:
[   40.819047][ T4129]  <TASK>
[   40.819054][ T4129]  dump_stack_lvl+0xf2/0x150
[   40.819078][ T4129]  dump_stack+0x15/0x1a
[   40.819149][ T4129]  should_fail_ex+0x24a/0x260
[   40.819176][ T4129]  should_fail+0xb/0x10
[   40.819197][ T4129]  should_fail_usercopy+0x1a/0x20
[   40.819214][ T4129]  _copy_from_user+0x1c/0xa0
[   40.819246][ T4129]  clear_refs_write+0x8c/0x4a0
[   40.819264][ T4129]  ? __import_iovec+0x315/0x560
[   40.819303][ T4129]  ? avc_policy_seqno+0x15/0x20
[   40.819324][ T4129]  ? selinux_file_permission+0x22a/0x360
[   40.819418][ T4129]  vfs_writev+0x3fa/0x880
[   40.819474][ T4129]  ? __pfx_clear_refs_write+0x10/0x10
[   40.819497][ T4129]  ? mutex_lock+0xd/0x40
[   40.819514][ T4129]  do_writev+0xf4/0x220
[   40.819573][ T4129]  __x64_sys_writev+0x45/0x50
[   40.819666][ T4129]  x64_sys_call+0x1fab/0x2dc0
[   40.819686][ T4129]  do_syscall_64+0xc9/0x1c0
[   40.819722][ T4129]  ? clear_bhb_loop+0x55/0xb0
[   40.819745][ T4129]  ? clear_bhb_loop+0x55/0xb0
[   40.819768][ T4129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   40.819861][ T4129] RIP: 0033:0x7fe3110bcde9
[   40.819875][ T4129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   40.819937][ T4129] RSP: 002b:00007fe30f727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   40.819952][ T4129] RAX: ffffffffffffffda RBX: 00007fe3112d5fa0 RCX: 00007fe3110bcde9
[   40.819963][ T4129] RDX: 0000000000000009 RSI: 0000400000000100 RDI: 0000000000000003
[   40.819974][ T4129] RBP: 00007fe30f727090 R08: 0000000000000000 R09: 0000000000000000
[   40.819984][ T4129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   40.819996][ T4129] R13: 0000000000000000 R14: 00007fe3112d5fa0 R15: 00007ffced177268
[   40.820011][ T4129]  </TASK>
[   41.055516][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.585428][ T4161] netlink: 4 bytes leftover after parsing attributes in process `syz.0.262'.
[   41.679246][ T4165] netlink: 24 bytes leftover after parsing attributes in process `syz.0.263'.
[   42.198215][ T4176] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=4176 comm=syz.1.265
[   42.234812][ T4178] loop3: detected capacity change from 0 to 512
[   42.247608][ T4178] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.260545][ T4178] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   42.273763][ T4178] EXT4-fs error (device loop3): ext4_do_update_inode:5154: inode #2: comm syz.3.268: corrupted inode contents
[   42.286199][ T4178] EXT4-fs error (device loop3): ext4_dirty_inode:6042: inode #2: comm syz.3.268: mark_inode_dirty error
[   42.300814][ T4185] netlink: 24 bytes leftover after parsing attributes in process `syz.2.269'.
[   42.305445][ T4178] EXT4-fs error (device loop3): ext4_do_update_inode:5154: inode #2: comm syz.3.268: corrupted inode contents
[   42.321730][ T4178] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #2: comm syz.3.268: mark_inode_dirty error
[   42.350505][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.473740][ T4195] loop3: detected capacity change from 0 to 128
[   42.486180][ T4195] FAT-fs (loop3): Directory bread(block 32) failed
[   42.496115][ T4197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.274'.
[   42.498606][ T4195] FAT-fs (loop3): Directory bread(block 33) failed
[   42.505011][ T4197] bridge_slave_1: left allmulticast mode
[   42.511676][ T4195] FAT-fs (loop3): Directory bread(block 34) failed
[   42.517205][ T4197] bridge_slave_1: left promiscuous mode
[   42.525587][ T4195] FAT-fs (loop3): Directory bread(block 35) failed
[   42.529570][ T4197] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.541193][ T4195] FAT-fs (loop3): Directory bread(block 36) failed
[   42.550661][ T4195] FAT-fs (loop3): Directory bread(block 37) failed
[   42.557634][ T4195] FAT-fs (loop3): Directory bread(block 38) failed
[   42.564251][ T4195] FAT-fs (loop3): Directory bread(block 39) failed
[   42.571135][ T4195] FAT-fs (loop3): Directory bread(block 40) failed
[   42.577899][ T4195] FAT-fs (loop3): Directory bread(block 41) failed
[   42.615778][ T4197] bridge_slave_0: left allmulticast mode
[   42.621437][ T4197] bridge_slave_0: left promiscuous mode
[   42.627253][ T4197] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.628935][ T4195] syz.3.273: attempt to access beyond end of device
[   42.628935][ T4195] loop3: rw=0, sector=4108, nr_sectors = 4 limit=128
[   42.648609][ T4195] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 196)
[   42.656779][ T4195] FAT-fs (loop3): Filesystem has been set read-only
[   42.668483][ T4195] syz.3.273: attempt to access beyond end of device
[   42.668483][ T4195] loop3: rw=0, sector=4108, nr_sectors = 4 limit=128
[   42.681824][ T4195] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 196)
[   42.720496][ T4204] loop4: detected capacity change from 0 to 512
[   42.757810][ T4204] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   42.771039][ T4204] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   42.797843][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   42.957865][ T4220] loop3: detected capacity change from 0 to 512
[   42.996481][ T4220] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   43.005670][ T4220] EXT4-fs (loop3): orphan cleanup on readonly fs
[   43.015035][ T4220] EXT4-fs warning (device loop3): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   43.030036][ T4220] EXT4-fs (loop3): Cannot turn on quotas: error -117
[   43.037180][ T4220] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.279: bg 0: block 40: padding at end of block bitmap is not set
[   43.051577][ T4226] loop1: detected capacity change from 0 to 2048
[   43.052048][ T4220] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   43.071331][ T4220] EXT4-fs (loop3): 1 truncate cleaned up
[   43.077839][ T4220] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   43.093641][ T4220] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #16: comm syz.3.279: corrupted xattr block 31: invalid header
[   43.096671][ T4226] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.107477][ T4228] FAULT_INJECTION: forcing a failure.
[   43.107477][ T4228] name failslab, interval 1, probability 0, space 0, times 0
[   43.131548][ T4228] CPU: 0 UID: 0 PID: 4228 Comm: syz.2.282 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
[   43.131569][ T4228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   43.131579][ T4228] Call Trace:
[   43.131585][ T4228]  <TASK>
[   43.131592][ T4228]  dump_stack_lvl+0xf2/0x150
[   43.131641][ T4228]  dump_stack+0x15/0x1a
[   43.131648][ T4220] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=16
[   43.131658][ T4228]  should_fail_ex+0x24a/0x260
[   43.131686][ T4228]  should_failslab+0x8f/0xb0
[   43.131750][ T4228]  __kmalloc_noprof+0xab/0x3f0
[   43.131777][ T4228]  ? memcg_list_lru_alloc+0x187/0x4e0
[   43.131804][ T4228]  memcg_list_lru_alloc+0x187/0x4e0
[   43.131905][ T4228]  __memcg_slab_post_alloc_hook+0x1a2/0x660
[   43.131935][ T4228]  ? should_fail_ex+0xd7/0x260
[   43.131962][ T4228]  kmem_cache_alloc_lru_noprof+0x230/0x320
[   43.132025][ T4228]  ? __d_alloc+0x3d/0x340
[   43.132052][ T4228]  __d_alloc+0x3d/0x340
[   43.132078][ T4228]  d_alloc_parallel+0x54/0xc80
[   43.132096][ T4228]  ? selinux_inode_permission+0x341/0x410
[   43.132144][ T4228]  ? __rcu_read_unlock+0x4e/0x70
[   43.132163][ T4228]  ? __d_lookup+0x342/0x370
[   43.132178][ T4228]  ? security_inode_permission+0x4e/0xc0
[   43.132236][ T4228]  ? down_read+0x171/0x4b0
[   43.132256][ T4228]  __lookup_slow+0x8d/0x250
[   43.132284][ T4228]  lookup_slow+0x3c/0x60
[   43.132311][ T4228]  walk_component+0x1f5/0x230
[   43.132393][ T4228]  ? path_lookupat+0xfd/0x2b0
[   43.132418][ T4228]  path_lookupat+0x10a/0x2b0
[   43.132451][ T4228]  filename_lookup+0x150/0x340
[   43.132485][ T4228]  user_path_at+0x3c/0x120
[   43.132542][ T4228]  user_statfs+0x7a/0x2a0
[   43.132571][ T4228]  __x64_sys_statfs+0x64/0xf0
[   43.132599][ T4228]  ? fput+0x1c4/0x200
[   43.132664][ T4228]  ? ksys_write+0x176/0x1b0
[   43.132682][ T4228]  ? fpregs_assert_state_consistent+0x83/0xa0
[   43.132719][ T4228]  x64_sys_call+0x1fcd/0x2dc0
[   43.132742][ T4228]  do_syscall_64+0xc9/0x1c0
[   43.132763][ T4228]  ? clear_bhb_loop+0x55/0xb0
[   43.132787][ T4228]  ? clear_bhb_loop+0x55/0xb0
[   43.132832][ T4228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.132854][ T4228] RIP: 0033:0x7f94a285cde9
[   43.132869][ T4228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   43.132884][ T4228] RSP: 002b:00007f94a0ec7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000089
[   43.132900][ T4228] RAX: ffffffffffffffda RBX: 00007f94a2a75fa0 RCX: 00007f94a285cde9
[   43.132911][ T4228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000001000
[   43.132922][ T4228] RBP: 00007f94a0ec7090 R08: 0000000000000000 R09: 0000000000000000
[   43.132932][ T4228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   43.132974][ T4228] R13: 0000000000000000 R14: 00007f94a2a75fa0 R15: 00007fff7c058e68
[   43.132989][ T4228]  </TASK>
[   43.156457][ T4226] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, 
[   43.174203][   T29] kauditd_printk_skb: 421 callbacks suppressed
[   43.174217][   T29] audit: type=1326 audit(2000000002.379:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4231 comm="syz.2.283" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f94a285cde9 code=0x0
[   43.176441][ T4226] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   43.228109][ T4234] loop2: detected capacity change from 0 to 512
[   43.231201][ T4226] EXT4-fs (loop1): Remounting filesystem read-only
[   43.257333][ T4234] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   43.479658][ T4234] EXT4-fs (loop2): orphan cleanup on readonly fs
[   43.486890][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.494500][ T4234] Quota error (device loop2): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[   43.506221][ T4234] EXT4-fs warning (device loop2): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   43.520996][ T4234] EXT4-fs (loop2): Cannot turn on quotas: error -117
[   43.530970][ T4234] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.283: bg 0: block 40: padding at end of block bitmap is not set
[   43.545946][ T4234] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   43.555040][ T4234] EXT4-fs (loop2): 1 truncate cleaned up
[   43.561006][ T4234] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   43.576517][ T4234] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #16: comm syz.2.283: corrupted xattr block 31: invalid header
[   43.590065][ T4234] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=16
[   43.601386][ T4234] netlink: 24 bytes leftover after parsing attributes in process `syz.2.283'.
[   43.617583][ T4247] loop1: detected capacity change from 0 to 512
[   43.625526][ T4247] EXT4-fs error (device loop1): ext4_orphan_get:1389: inode #15: comm syz.1.287: casefold flag without casefold feature
[   43.638292][ T4247] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.287: couldn't read orphan inode 15 (err -117)
[   43.650523][ T4247] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.695955][ T3297] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.730182][ T4256] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[   43.741517][ T4256] netlink: 24 bytes leftover after parsing attributes in process `syz.4.290'.
[   43.752794][ T4256] loop4: detected capacity change from 0 to 128
[   43.773662][ T4261] netlink: 4 bytes leftover after parsing attributes in process `syz.3.292'.
[   43.855265][ T4269] loop4: detected capacity change from 0 to 512
[   43.861893][ T4269] EXT4-fs: Ignoring removed nomblk_io_submit option
[   43.869581][ T4269] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   43.880583][ T4269] EXT4-fs (loop4): 1 truncate cleaned up
[   43.886705][ T4269] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.010007][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.028440][   T29] audit: type=1326 audit(2000000003.239:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   44.052336][   T29] audit: type=1326 audit(2000000003.239:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   44.075854][   T29] audit: type=1326 audit(2000000003.239:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   44.099211][   T29] audit: type=1326 audit(2000000003.239:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   44.122535][   T29] audit: type=1326 audit(2000000003.239:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   44.145908][   T29] audit: type=1326 audit(2000000003.239:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   44.169213][   T29] audit: type=1326 audit(2000000003.239:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   44.192903][   T29] audit: type=1326 audit(2000000003.259:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.2.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94a285cde9 code=0x7ffc0000
[   44.229555][ T4276] loop2: detected capacity change from 0 to 128
[   44.292777][ T4282] loop2: detected capacity change from 0 to 512
[   44.299706][ T4282] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   44.312268][ T4282] EXT4-fs (loop2): invalid journal inode
[   44.318204][ T4282] EXT4-fs (loop2): can't get journal size
[   44.324822][ T4282] EXT4-fs (loop2): 1 truncate cleaned up
[   44.331178][ T4282] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.354764][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.384111][ T4289] loop2: detected capacity change from 0 to 2048
[   44.406380][ T4289] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.420917][ T4289] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   44.435941][ T4289] EXT4-fs (loop2): Remounting filesystem read-only
[   44.449680][ T4289] syz.2.304 (4289) used greatest stack depth: 9168 bytes left
[   44.458576][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.459004][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.607309][ T4308] netlink: 4 bytes leftover after parsing attributes in process `syz.2.312'.
[   44.618369][ T4309] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=4309 comm=syz.1.311
[   44.713437][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.849616][ T4340] loop4: detected capacity change from 0 to 512
[   44.856381][ T4340] EXT4-fs: Ignoring removed i_version option
[   44.877018][ T4340] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.897537][ T4340] ext4 filesystem being mounted at /57/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.919109][ T4340] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #4: comm syz.4.326: corrupted inode contents
[   44.919165][ T4346] loop2: detected capacity change from 0 to 512
[   44.940230][ T4346] EXT4-fs: Ignoring removed nomblk_io_submit option
[   44.950909][ T4340] EXT4-fs (loop4): Remounting filesystem read-only
[   44.957531][ T4346] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   44.968447][ T4346] EXT4-fs (loop2): 1 truncate cleaned up
[   44.974433][ T4346] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.984292][ T4349] =======================================================
[   44.984292][ T4349] WARNING: The mand mount option has been deprecated and
[   44.984292][ T4349]          and is ignored by this kernel. Remove the mand
[   44.984292][ T4349]          option from the mount to silence this warning.
[   44.984292][ T4349] =======================================================
[   45.030153][ T4340] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=15
[   45.039306][ T4340] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=15
[   45.059634][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.129922][ T4352] loop4: detected capacity change from 0 to 2048
[   45.146419][ T4352] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.170155][ T2078] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   45.186225][ T2078] EXT4-fs (loop4): Remounting filesystem read-only
[   45.193319][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.245822][ T4358] loop4: detected capacity change from 0 to 512
[   45.252679][ T4358] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[   45.261157][ T4358] EXT4-fs (loop4): invalid journal inode
[   45.267302][ T4358] EXT4-fs (loop4): can't get journal size
[   45.284015][ T4358] EXT4-fs (loop4): 1 truncate cleaned up
[   45.289946][ T4358] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.311262][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.392878][ T4363] loop4: detected capacity change from 0 to 8192
[   45.403447][ T4363] FAT-fs (loop4): error, corrupted directory (invalid entries)
[   45.411084][ T4363] FAT-fs (loop4): Filesystem has been set read-only
[   45.471961][ T4371] __nla_validate_parse: 1 callbacks suppressed
[   45.471990][ T4371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.336'.
[   45.504464][ T4373] loop4: detected capacity change from 0 to 128
[   45.523665][ T4373] FAT-fs (loop4): Directory bread(block 32) failed
[   45.530303][ T4373] FAT-fs (loop4): Directory bread(block 33) failed
[   45.537244][ T4373] FAT-fs (loop4): Directory bread(block 34) failed
[   45.543853][ T4373] FAT-fs (loop4): Directory bread(block 35) failed
[   45.550616][ T4373] FAT-fs (loop4): Directory bread(block 36) failed
[   45.557386][ T4373] FAT-fs (loop4): Directory bread(block 37) failed
[   45.563966][ T4373] FAT-fs (loop4): Directory bread(block 38) failed
[   45.570582][ T4373] FAT-fs (loop4): Directory bread(block 39) failed
[   45.577121][ T4373] FAT-fs (loop4): Directory bread(block 40) failed
[   45.583700][ T4373] FAT-fs (loop4): Directory bread(block 41) failed
[   45.603487][ T4373] syz.4.337: attempt to access beyond end of device
[   45.603487][ T4373] loop4: rw=0, sector=4108, nr_sectors = 4 limit=128
[   45.617231][ T4373] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 196)
[   45.625366][ T4373] FAT-fs (loop4): Filesystem has been set read-only
[   45.634372][ T4373] syz.4.337: attempt to access beyond end of device
[   45.634372][ T4373] loop4: rw=0, sector=4108, nr_sectors = 4 limit=128
[   45.648011][ T4373] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 196)
[   45.697754][ T4383] netlink: 8 bytes leftover after parsing attributes in process `syz.4.340'.
[   45.706760][ T4383] netlink: 12 bytes leftover after parsing attributes in process `syz.4.340'.
[   45.715785][ T4383] netlink: 'syz.4.340': attribute type 5 has an invalid length.
[   45.734736][ T4383] hub 9-0:1.0: USB hub found
[   45.740127][ T4383] hub 9-0:1.0: 8 ports detected
[   45.768100][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.794091][ T4391] loop4: detected capacity change from 0 to 512
[   45.811841][ T4395] loop2: detected capacity change from 0 to 512
[   45.842113][ T4395] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.855019][ T4395] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   45.865466][ T4404] loop1: detected capacity change from 0 to 512
[   45.875494][ T4391] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.877758][ T4395] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #2: comm syz.2.346: corrupted inode contents
[   45.888492][ T4391] ext4 filesystem being mounted at /67/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   45.900858][ T4404] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   45.915578][ T4391] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.345: corrupted inode contents
[   45.918577][ T4395] EXT4-fs error (device loop2): ext4_dirty_inode:6042: inode #2: comm syz.2.346: mark_inode_dirty error
[   45.931369][ T4391] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #2: comm syz.4.345: mark_inode_dirty error
[   45.957138][ T4395] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #2: comm syz.2.346: corrupted inode contents
[   45.969413][ T4395] EXT4-fs error (device loop2): __ext4_ext_dirty:207: inode #2: comm syz.2.346: mark_inode_dirty error
[   45.969514][ T4391] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.345: corrupted inode contents
[   45.982005][ T4404] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.007315][ T4391] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.345: mark_inode_dirty error
[   46.019458][ T4404] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   46.050063][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.106483][ T3298] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.117265][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.168154][ T4420] netlink: 16 bytes leftover after parsing attributes in process `syz.1.356'.
[   46.196891][ T4422] netlink: 24 bytes leftover after parsing attributes in process `syz.2.357'.
[   46.216923][ T4422] netlink: 8 bytes leftover after parsing attributes in process `syz.2.357'.
[   46.236704][ T4422] SELinux: syz.2.357 (4422) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   46.310325][ T4432] loop1: detected capacity change from 0 to 512
[   46.316793][ T4434] loop4: detected capacity change from 0 to 2048
[   46.326057][ T4436] serio: Serial port ptm0
[   46.334484][ T4432] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.348101][ T4432] ext4 filesystem being mounted at /71/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   46.361295][ T4434] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.373089][ T4432] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #2: comm syz.1.362: corrupted inode contents
[   46.390438][ T4432] EXT4-fs error (device loop1): ext4_dirty_inode:6042: inode #2: comm syz.1.362: mark_inode_dirty error
[   46.404246][ T4432] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #2: comm syz.1.362: corrupted inode contents
[   46.417228][ T4431] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   46.422643][ T4432] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #2: comm syz.1.362: mark_inode_dirty error
[   46.449374][ T4431] EXT4-fs (loop4): Remounting filesystem read-only
[   46.483986][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.492399][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.556784][ T4462] loop4: detected capacity change from 0 to 512
[   46.563412][ T4462] EXT4-fs: Ignoring removed i_version option
[   46.585428][ T4469] loop2: detected capacity change from 0 to 128
[   46.596123][ T4462] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.610277][ T4469] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   46.612007][ T4462] ext4 filesystem being mounted at /72/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   46.623053][ T4469] ext4 filesystem being mounted at /93/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   46.637603][ T4462] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #4: comm syz.4.371: corrupted inode contents
[   46.677854][ T4462] EXT4-fs (loop4): Remounting filesystem read-only
[   46.692470][ T4462] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=15
[   46.702187][ T4462] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=15
[   46.723090][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.862127][ T4485] loop4: detected capacity change from 0 to 2048
[   46.876494][ T4485] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.901293][ T4484] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   46.916873][ T4484] EXT4-fs (loop4): Remounting filesystem read-only
[   46.928206][ T3298] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   46.938848][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.009414][ T4493] loop4: detected capacity change from 0 to 128
[   47.028652][ T4493] FAT-fs (loop4): Directory bread(block 32) failed
[   47.035476][ T4493] FAT-fs (loop4): Directory bread(block 33) failed
[   47.042284][ T4493] FAT-fs (loop4): Directory bread(block 34) failed
[   47.049518][ T4493] FAT-fs (loop4): Directory bread(block 35) failed
[   47.056178][ T4493] FAT-fs (loop4): Directory bread(block 36) failed
[   47.062834][ T4493] FAT-fs (loop4): Directory bread(block 37) failed
[   47.069791][ T4493] FAT-fs (loop4): Directory bread(block 38) failed
[   47.076520][ T4493] FAT-fs (loop4): Directory bread(block 39) failed
[   47.083252][ T4493] FAT-fs (loop4): Directory bread(block 40) failed
[   47.090212][ T4493] FAT-fs (loop4): Directory bread(block 41) failed
[   47.116488][ T4493] syz.4.384: attempt to access beyond end of device
[   47.116488][ T4493] loop4: rw=0, sector=4108, nr_sectors = 4 limit=128
[   47.129954][ T4493] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 196)
[   47.138094][ T4493] FAT-fs (loop4): Filesystem has been set read-only
[   47.146296][ T4493] syz.4.384: attempt to access beyond end of device
[   47.146296][ T4493] loop4: rw=0, sector=4108, nr_sectors = 4 limit=128
[   47.159585][ T4493] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 196)
[   47.198309][ T4500] FAULT_INJECTION: forcing a failure.
[   47.198309][ T4500] name failslab, interval 1, probability 0, space 0, times 0
[   47.211007][ T4500] CPU: 1 UID: 0 PID: 4500 Comm: syz.4.386 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
[   47.211029][ T4500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   47.211039][ T4500] Call Trace:
[   47.211044][ T4500]  <TASK>
[   47.211051][ T4500]  dump_stack_lvl+0xf2/0x150
[   47.211075][ T4500]  dump_stack+0x15/0x1a
[   47.211092][ T4500]  should_fail_ex+0x24a/0x260
[   47.211118][ T4500]  should_failslab+0x8f/0xb0
[   47.211140][ T4500]  kmem_cache_alloc_noprof+0x52/0x320
[   47.211165][ T4500]  ? mas_alloc_nodes+0x1e3/0x490
[   47.211188][ T4500]  mas_alloc_nodes+0x1e3/0x490
[   47.211211][ T4500]  mas_preallocate+0x44a/0x650
[   47.211234][ T4500]  mmap_region+0x96d/0x1620
[   47.211275][ T4500]  do_mmap+0x98a/0xc30
[   47.211298][ T4500]  vm_mmap_pgoff+0x16d/0x2d0
[   47.211322][ T4500]  ksys_mmap_pgoff+0xd0/0x330
[   47.211342][ T4500]  ? syscall_trace_enter+0x104/0x1f0
[   47.211360][ T4500]  ? fpregs_assert_state_consistent+0x83/0xa0
[   47.211396][ T4500]  x64_sys_call+0x1940/0x2dc0
[   47.211417][ T4500]  do_syscall_64+0xc9/0x1c0
[   47.211437][ T4500]  ? clear_bhb_loop+0x55/0xb0
[   47.211458][ T4500]  ? clear_bhb_loop+0x55/0xb0
[   47.211479][ T4500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   47.211501][ T4500] RIP: 0033:0x7f148143ce23
[   47.211515][ T4500] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
[   47.211529][ T4500] RSP: 002b:00007f147faa6e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   47.211546][ T4500] RAX: ffffffffffffffda RBX: 00000000000004c2 RCX: 00007f148143ce23
[   47.211556][ T4500] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000
[   47.211567][ T4500] RBP: 0000400000000a42 R08: 00000000ffffffff R09: 0000000000000000
[   47.211577][ T4500] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000006
[   47.211587][ T4500] R13: 00007f147faa6ef0 R14: 00007f147faa6eb0 R15: 0000400000000440
[   47.211603][ T4500]  </TASK>
[   47.213439][ T4498] tipc: Started in network mode
[   47.396782][ T4507] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4507 comm=syz.4.387
[   47.404406][ T4498] tipc: Node identity 369513fd1cd9, cluster identity 4711
[   47.404527][ T4498] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   47.478835][ T4497] tipc: Resetting bearer <eth:syzkaller0>
[   47.526947][ T4497] tipc: Disabling bearer <eth:syzkaller0>
[   47.582663][ T4520] loop1: detected capacity change from 0 to 2048
[   47.624737][ T4520] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.662731][ T4518] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   47.696654][ T4530] loop2: detected capacity change from 0 to 512
[   47.716842][ T4530] EXT4-fs: Ignoring removed nomblk_io_submit option
[   47.723792][ T4518] EXT4-fs (loop1): Remounting filesystem read-only
[   47.730382][ T4530] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   47.758973][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.769496][ T4530] EXT4-fs (loop2): 1 truncate cleaned up
[   47.775683][ T4530] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.878212][ T4549] loop1: detected capacity change from 0 to 512
[   47.885090][ T4549] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   47.893812][ T4549] EXT4-fs (loop1): invalid journal inode
[   47.899910][ T4549] EXT4-fs (loop1): can't get journal size
[   47.918596][ T4549] EXT4-fs (loop1): 1 truncate cleaned up
[   47.924657][ T4549] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.992870][ T4552] loop1: detected capacity change from 0 to 512
[   48.000827][ T4552] EXT4-fs: Ignoring removed i_version option
[   48.016538][ T4552] ext4 filesystem being mounted at /82/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.036149][ T4552] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #4: comm syz.1.405: corrupted inode contents
[   48.048344][ T4552] EXT4-fs (loop1): Remounting filesystem read-only
[   48.063848][ T4552] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=15
[   48.072754][ T4552] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=15
[   48.132846][ T4556] loop4: detected capacity change from 0 to 512
[   48.145424][ T4556] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   48.168159][ T4559] netlink: 4 bytes leftover after parsing attributes in process `syz.1.406'.
[   48.178459][   T29] kauditd_printk_skb: 607 callbacks suppressed
[   48.178533][   T29] audit: type=1400 audit(2000000007.389:2131): avc:  denied  { setattr } for  pid=4555 comm="syz.4.407" path="/83/bus/blkio.bfq.idle_time" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   48.209256][ T4556] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #19: comm syz.4.407: corrupted inode contents
[   48.221252][ T4556] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #19: comm syz.4.407: mark_inode_dirty error
[   48.232725][ T4556] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #19: comm syz.4.407: corrupted inode contents
[   48.245729][ T4556] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3006: inode #19: comm syz.4.407: mark_inode_dirty error
[   48.258004][ T4556] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3009: inode #19: comm syz.4.407: mark inode dirty (error -117)
[   48.274124][ T4556] EXT4-fs warning (device loop4): ext4_evict_inode:276: xattr delete (err -117)
[   48.275355][ T4564] loop1: detected capacity change from 0 to 512
[   48.300725][ T4564] ext4 filesystem being mounted at /85/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   48.327670][ T4564] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #19: comm syz.1.409: corrupted inode contents
[   48.340107][ T4564] EXT4-fs error (device loop1): ext4_dirty_inode:6042: inode #19: comm syz.1.409: mark_inode_dirty error
[   48.352002][ T4564] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #19: comm syz.1.409: corrupted inode contents
[   48.365091][ T4564] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3006: inode #19: comm syz.1.409: mark_inode_dirty error
[   48.378331][ T4564] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3009: inode #19: comm syz.1.409: mark inode dirty (error -117)
[   48.395296][ T4564] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -117)
[   48.751168][ T4584] loop2: detected capacity change from 0 to 512
[   48.758866][ T4584] EXT4-fs: Ignoring removed i_version option
[   48.833039][ T4587] xt_TPROXY: Can be used only with -p tcp or -p udp
[   48.841243][   T29] audit: type=1326 audit(2000000008.049:2132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4585 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb786fccde9 code=0x7ffc0000
[   48.901443][ T4584] ext4 filesystem being mounted at /99/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.929219][ T4584] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #4: comm syz.2.417: corrupted inode contents
[   48.947218][   T29] audit: type=1400 audit(2000000008.079:2133): avc:  denied  { write } for  pid=4586 comm="syz.3.419" name="usbmon6" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   48.970585][   T29] audit: type=1400 audit(2000000008.079:2134): avc:  denied  { open } for  pid=4586 comm="syz.3.419" path="/dev/usbmon6" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   48.994272][   T29] audit: type=1326 audit(2000000008.089:2135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4585 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7fb786fccde9 code=0x7ffc0000
[   49.017599][   T29] audit: type=1326 audit(2000000008.089:2136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4585 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb786fccde9 code=0x7ffc0000
[   49.040916][   T29] audit: type=1326 audit(2000000008.089:2137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4585 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb786fccde9 code=0x7ffc0000
[   49.063425][ T4584] EXT4-fs (loop2): Remounting filesystem read-only
[   49.064263][   T29] audit: type=1326 audit(2000000008.089:2138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4585 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fb786fccde9 code=0x7ffc0000
[   49.071013][ T4584] Quota error (device loop2): write_blk: dquota write failed
[   49.093948][   T29] audit: type=1326 audit(2000000008.089:2139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4585 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb786fccde9 code=0x7ffc0000
[   49.158611][ T4594] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=4594 comm=syz.0.420
[   49.178515][ T4563] Set syz1 is full, maxelem 65536 reached
[   49.209117][ T4584] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[   49.218344][ T4584] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[   49.238567][ T4598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   49.249222][ T4598] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   49.291783][ T4564] Set syz1 is full, maxelem 65536 reached
[   49.301862][ T4600] loop4: detected capacity change from 0 to 2048
[   49.339956][ T4605] loop2: detected capacity change from 0 to 512
[   49.352778][ T4605] EXT4-fs: Ignoring removed nomblk_io_submit option
[   49.353120][ T4600] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   49.359922][ T4605] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   49.398798][ T4600] EXT4-fs (loop4): Remounting filesystem read-only
[   49.405765][ T4605] EXT4-fs (loop2): 1 truncate cleaned up
[   49.411967][ T4600] EXT4-fs (loop4): error restoring inline_data for inode -- potential data loss! (inode 18, error -5)
[   49.609420][ T4630] netlink: 4 bytes leftover after parsing attributes in process `syz.4.432'.
[   49.649991][ T4634] loop1: detected capacity change from 0 to 512
[   49.657360][ T4634] EXT4-fs: Ignoring removed i_version option
[   49.669944][ T4636] tmpfs: Unknown parameter '!uge'
[   49.689153][ T4634] ext4 filesystem being mounted at /92/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.702876][ T4634] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #4: comm syz.1.434: corrupted inode contents
[   49.722755][ T4634] EXT4-fs (loop1): Remounting filesystem read-only
[   49.734453][ T4634] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=15
[   49.744521][ T4634] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=15
[   49.844671][ T4649] loop4: detected capacity change from 0 to 256
[   49.849059][ T4651] loop1: detected capacity change from 0 to 2048
[   49.866259][ T4649] FAT-fs (loop4): Directory bread(block 64) failed
[   49.870948][ T4651] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   49.873071][ T4649] FAT-fs (loop4): Directory bread(block 65) failed
[   49.894853][ T4649] FAT-fs (loop4): Directory bread(block 66) failed
[   49.901433][ T4649] FAT-fs (loop4): Directory bread(block 67) failed
[   49.903847][ T4651] EXT4-fs (loop1): Remounting filesystem read-only
[   49.909674][ T4649] FAT-fs (loop4): Directory bread(block 68) failed
[   49.921294][ T4649] FAT-fs (loop4): Directory bread(block 69) failed
[   49.928012][ T4649] FAT-fs (loop4): Directory bread(block 70) failed
[   49.934555][ T4649] FAT-fs (loop4): Directory bread(block 71) failed
[   49.934647][ T4651] EXT4-fs (loop1): error restoring inline_data for inode -- potential data loss! (inode 18, error -5)
[   49.941531][ T4649] FAT-fs (loop4): Directory bread(block 72) failed
[   49.958795][ T4649] FAT-fs (loop4): Directory bread(block 73) failed
[   50.056147][ T4658] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.443'.
[   50.084150][ T4664] netlink: 'syz.0.445': attribute type 21 has an invalid length.
[   50.084301][ T4664] netlink: 156 bytes leftover after parsing attributes in process `syz.0.445'.
[   50.228258][ T4675] loop4: detected capacity change from 0 to 512
[   50.237838][ T4675] EXT4-fs: Ignoring removed i_version option
[   50.257161][ T4675] ext4 filesystem being mounted at /92/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.268950][ T4675] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #4: comm syz.4.451: corrupted inode contents
[   50.281055][ T4675] EXT4-fs (loop4): Remounting filesystem read-only
[   50.289719][ T4675] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=15
[   50.298884][ T4675] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=15
[   50.488379][ T4696] loop4: detected capacity change from 0 to 512
[   50.503373][ T4696] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   50.513610][ T4696] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[   50.513647][ T4696] EXT4-fs: failed to create workqueue
[   50.528575][ T4696] EXT4-fs (loop4): mount failed
[   50.534307][ T4701] __nla_validate_parse: 2 callbacks suppressed
[   50.534319][ T4701] netlink: 4 bytes leftover after parsing attributes in process `syz.2.459'.
[   50.556880][ T4704] 9pnet_fd: Insufficient options for proto=fd
[   50.601269][ T4710] loop4: detected capacity change from 0 to 512
[   50.607983][ T4710] EXT4-fs: Ignoring removed i_version option
[   50.616678][ T4710] ext4 filesystem being mounted at /98/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.628240][ T4710] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #4: comm syz.4.463: corrupted inode contents
[   50.640208][ T4710] EXT4-fs (loop4): Remounting filesystem read-only
[   50.649021][ T4710] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=15
[   50.657962][ T4710] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=15
[   50.838000][ T4725] capability: warning: `syz.2.461' uses deprecated v2 capabilities in a way that may be insecure
[   50.849389][ T4724] loop4: detected capacity change from 0 to 512
[   50.876695][ T4724] ext4 filesystem being mounted at /103/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   50.889426][ T4724] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.468: corrupted inode contents
[   50.901368][ T4724] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #2: comm syz.4.468: mark_inode_dirty error
[   50.912859][ T4724] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.468: corrupted inode contents
[   50.924861][ T4724] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.468: mark_inode_dirty error
[   51.001905][ T4734] netlink: 4 bytes leftover after parsing attributes in process `syz.4.471'.
[   51.031818][ T4738] 9pnet_fd: Insufficient options for proto=fd
[   51.082377][ T4742] loop4: detected capacity change from 0 to 512
[   51.106847][ T4742] ext4 filesystem being mounted at /107/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   51.118931][ T4742] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.474: corrupted inode contents
[   51.131399][ T4742] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #2: comm syz.4.474: mark_inode_dirty error
[   51.142968][ T4742] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.474: corrupted inode contents
[   51.155685][ T4742] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.474: mark_inode_dirty error
[   51.246103][ T4763] netem: change failed
[   51.274168][ T4762] loop4: detected capacity change from 0 to 512
[   51.286376][ T4767] 9pnet_fd: Insufficient options for proto=fd
[   51.287371][ T4765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.483'.
[   51.310808][ T4771] 9pnet_fd: Insufficient options for proto=fd
[   51.318012][ T4762] ext4 filesystem being mounted at /109/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   51.334497][ T4762] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.481: corrupted inode contents
[   51.347293][ T4762] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #2: comm syz.4.481: mark_inode_dirty error
[   51.371163][ T4762] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.481: corrupted inode contents
[   51.386785][ T4762] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.481: mark_inode_dirty error
[   51.471009][ T4788] loop1: detected capacity change from 0 to 512
[   51.478835][ T4788] EXT4-fs: Ignoring removed i_version option
[   51.495715][ T4792] 9pnet_fd: Insufficient options for proto=fd
[   51.496649][ T4788] ext4 filesystem being mounted at /103/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   51.523305][ T4797] netlink: 4 bytes leftover after parsing attributes in process `syz.0.496'.
[   51.535911][ T4788] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #4: comm syz.1.492: corrupted inode contents
[   51.548015][ T4788] EXT4-fs (loop1): Remounting filesystem read-only
[   51.557979][ T4788] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=15
[   51.567098][ T4788] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=15
[   51.667351][ T4804] loop1: detected capacity change from 0 to 2048
[   51.699235][ T4803] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   51.723087][ T4803] EXT4-fs (loop1): Remounting filesystem read-only
[   51.760821][ T4808] netlink: 4 bytes leftover after parsing attributes in process `syz.4.500'.
[   51.778690][ T4812] netlink: 172 bytes leftover after parsing attributes in process `syz.1.501'.
[   51.945725][ T4823] 9pnet_fd: Insufficient options for proto=fd
[   51.985302][ T4828] netlink: '+}[@': attribute type 4 has an invalid length.
[   51.992564][ T4828] netlink: 152 bytes leftover after parsing attributes in process `+}[@'.
[   52.010954][ T4828] : renamed from bond0 (while UP)
[   52.020829][ T4826] netlink: 4 bytes leftover after parsing attributes in process `syz.2.507'.
[   52.118876][ T4836] loop2: detected capacity change from 0 to 2048
[   52.150765][ T4835] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   52.265049][ T4835] EXT4-fs (loop2): Remounting filesystem read-only
[   52.319957][ T4851] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=4851 comm=syz.1.515
[   52.352996][ T4854] loop2: detected capacity change from 0 to 512
[   52.369244][ T4854] EXT4-fs: Ignoring removed i_version option
[   52.490188][ T4854] ext4 filesystem being mounted at /112/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.522078][ T4854] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #4: comm syz.2.517: corrupted inode contents
[   52.550873][ T4854] EXT4-fs (loop2): Remounting filesystem read-only
[   52.642512][ T4854] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[   52.651376][ T4854] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[   52.694608][ T4856] Set syz1 is full, maxelem 65536 reached
[   52.730489][ T4874] loop4: detected capacity change from 0 to 512
[   52.746323][ T4874] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   52.754541][ T4874] EXT4-fs (loop4): orphan cleanup on readonly fs
[   52.761558][ T4874] EXT4-fs warning (device loop4): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   52.777893][ T4874] EXT4-fs (loop4): Cannot turn on quotas: error -117
[   52.787640][ T4874] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.523: bg 0: block 40: padding at end of block bitmap is not set
[   52.802411][ T4874] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   52.812039][ T4874] EXT4-fs (loop4): 1 truncate cleaned up
[   52.823130][ T4874] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #16: comm syz.4.523: corrupted xattr block 31: invalid header
[   52.855219][ T4874] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[   52.866666][ T4874] netlink: 24 bytes leftover after parsing attributes in process `syz.4.523'.
[   53.290059][ T4923] unsupported nla_type 52263
[   53.396888][   T29] kauditd_printk_skb: 243 callbacks suppressed
[   53.396902][   T29] audit: type=1400 audit(2000000012.609:2365): avc:  denied  { bind } for  pid=4929 comm="syz.1.543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   53.546957][   T29] audit: type=1400 audit(2000000012.759:2366): avc:  denied  { bind } for  pid=4935 comm="syz.1.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   53.587585][ T4939] netlink: 4 bytes leftover after parsing attributes in process `syz.4.548'.
[   53.599027][   T29] audit: type=1400 audit(2000000012.809:2367): avc:  denied  { accept } for  pid=4935 comm="syz.1.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   53.621031][ T4944] 9pnet_fd: Insufficient options for proto=fd
[   53.630135][   T29] audit: type=1326 audit(2000000012.839:2368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4935 comm="syz.1.546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3110bcde9 code=0x7ffc0000
[   53.653559][   T29] audit: type=1326 audit(2000000012.839:2369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4935 comm="syz.1.546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fe3110bcde9 code=0x7ffc0000
[   53.680877][ T4946] loop4: detected capacity change from 0 to 512
[   53.696339][ T4946] ext4 filesystem being mounted at /123/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.708134][ T4946] xt_l2tp: v2 tid > 0xffff: 134217728
[   53.756397][   T29] audit: type=1400 audit(2000000012.959:2370): avc:  denied  { mount } for  pid=4955 comm="syz.4.553" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[   53.842880][ T4959] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[   53.851145][ T4959] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[   53.934088][ T4975] loop2: detected capacity change from 0 to 512
[   53.949214][ T4975] ext4 filesystem being mounted at /122/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   53.975314][ T4975] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #19: comm syz.2.562: corrupted inode contents
[   53.988917][ T4975] EXT4-fs error (device loop2): ext4_dirty_inode:6042: inode #19: comm syz.2.562: mark_inode_dirty error
[   54.000845][ T4975] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #19: comm syz.2.562: corrupted inode contents
[   54.013415][ T4975] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3006: inode #19: comm syz.2.562: mark_inode_dirty error
[   54.026120][ T4975] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3009: inode #19: comm syz.2.562: mark inode dirty (error -117)
[   54.040808][ T4975] EXT4-fs warning (device loop2): ext4_evict_inode:276: xattr delete (err -117)
[   54.070485][   T29] audit: type=1326 audit(2000000013.279:2371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.3.563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bee9bcde9 code=0x7ffc0000
[   54.094416][   T29] audit: type=1326 audit(2000000013.279:2372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.3.563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bee9bcde9 code=0x7ffc0000
[   54.117902][   T29] audit: type=1326 audit(2000000013.279:2373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.3.563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3bee9bcde9 code=0x7ffc0000
[   54.141212][   T29] audit: type=1326 audit(2000000013.279:2374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4981 comm="syz.3.563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bee9bcde9 code=0x7ffc0000
[   54.444012][ T4975] Set syz1 is full, maxelem 65536 reached
[   54.539056][ T4991] netlink: 'syz.1.565': attribute type 3 has an invalid length.
[   54.597604][ T5004] loop4: detected capacity change from 0 to 512
[   54.605795][ T5004] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.571: invalid indirect mapped block 11 (level 0)
[   54.620966][ T5004] EXT4-fs (loop4): Remounting filesystem read-only
[   54.638303][ T5004] EXT4-fs (loop4): 1 truncate cleaned up
[   54.646349][ T5004] SELinux: (dev loop4, type ext4) getxattr errno 5
[   54.709395][ T3372] IPVS: starting estimator thread 0...
[   54.785268][ T5011] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   54.821588][ T5024] loop4: detected capacity change from 0 to 512
[   54.825661][ T5017] IPVS: using max 2928 ests per chain, 146400 per kthread
[   54.869351][ T5024] ext4 filesystem being mounted at /126/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   54.905155][ T5024] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #19: comm syz.4.577: corrupted inode contents
[   54.931411][ T5024] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #19: comm syz.4.577: mark_inode_dirty error
[   54.942970][ T5024] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #19: comm syz.4.577: corrupted inode contents
[   54.955751][ T5024] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3006: inode #19: comm syz.4.577: mark_inode_dirty error
[   54.977512][ T5024] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3009: inode #19: comm syz.4.577: mark inode dirty (error -117)
[   54.994316][ T5024] EXT4-fs warning (device loop4): ext4_evict_inode:276: xattr delete (err -117)
[   55.064295][ T5054] 9pnet_fd: Insufficient options for proto=fd
[   55.111090][ T5058] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=5058 comm=syz.1.583
[   55.217711][ T5075] loop4: detected capacity change from 0 to 512
[   55.230117][ T5080] loop2: detected capacity change from 0 to 512
[   55.259750][ T5075] EXT4-fs: Ignoring removed i_version option
[   55.270715][ T5092] rdma_op ffff88811d1e7d80 conn xmit_rdma 0000000000000000
[   55.289445][ T5080] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   55.301690][ T5083] vlan2: entered allmulticast mode
[   55.309092][ T5080] EXT4-fs (loop2): orphan cleanup on readonly fs
[   55.319187][ T5080] EXT4-fs warning (device loop2): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   55.319957][ T5075] ext4 filesystem being mounted at /128/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.361936][ T5080] EXT4-fs (loop2): Cannot turn on quotas: error -117
[   55.381123][ T5075] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #4: comm syz.4.589: corrupted inode contents
[   55.382728][ T5080] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.591: bg 0: block 40: padding at end of block bitmap is not set
[   55.393337][ T5075] EXT4-fs (loop4): Remounting filesystem read-only
[   55.414148][ T5080] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   55.423452][ T5080] EXT4-fs (loop2): 1 truncate cleaned up
[   55.435619][ T5080] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #16: comm syz.2.591: corrupted xattr block 31: invalid header
[   55.474694][ T5080] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=16
[   55.488012][ T5075] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=15
[   55.497053][ T5075] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop4 ino=15
[   55.563848][ T5113] 9pnet_fd: Insufficient options for proto=fd
[   55.597388][ T5117] loop4: detected capacity change from 0 to 512
[   55.606729][ T5117] ext4 filesystem being mounted at /129/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   55.629984][ T5122] __nla_validate_parse: 7 callbacks suppressed
[   55.630028][ T5122] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   55.644790][ T5122] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   55.645379][ T5117] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #19: comm syz.4.596: corrupted inode contents
[   55.652327][ T5122] batman_adv: batadv0: Removing interface: batadv_slave_0
[   55.673283][ T5122] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   55.680749][ T5122] batman_adv: batadv0: Removing interface: batadv_slave_1
[   55.688245][ T5117] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #19: comm syz.4.596: mark_inode_dirty error
[   55.711436][ T5117] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #19: comm syz.4.596: corrupted inode contents
[   55.724937][ T5117] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3006: inode #19: comm syz.4.596: mark_inode_dirty error
[   55.744057][ T5117] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3009: inode #19: comm syz.4.596: mark inode dirty (error -117)
[   55.761274][ T5117] EXT4-fs warning (device loop4): ext4_evict_inode:276: xattr delete (err -117)
[   55.967066][ T5139] netlink: 24 bytes leftover after parsing attributes in process `syz.1.608'.
[   57.030507][ T5146] random: crng reseeded on system resumption
[   57.041255][ T5152] 9pnet_fd: Insufficient options for proto=fd
[   57.242143][ T5168] FAULT_INJECTION: forcing a failure.
[   57.242143][ T5168] name failslab, interval 1, probability 0, space 0, times 0
[   57.252320][ T5169] loop2: detected capacity change from 0 to 512
[   57.254817][ T5168] CPU: 1 UID: 0 PID: 5168 Comm: syz.1.618 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
[   57.254904][ T5168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   57.254943][ T5168] Call Trace:
[   57.254949][ T5168]  <TASK>
[   57.254957][ T5168]  dump_stack_lvl+0xf2/0x150
[   57.254981][ T5168]  dump_stack+0x15/0x1a
[   57.255010][ T5168]  should_fail_ex+0x24a/0x260
[   57.255038][ T5168]  should_failslab+0x8f/0xb0
[   57.255061][ T5168]  __kmalloc_noprof+0xab/0x3f0
[   57.255087][ T5168]  ? security_prepare_creds+0x53/0x120
[   57.255116][ T5168]  security_prepare_creds+0x53/0x120
[   57.255136][ T5168]  prepare_kernel_cred+0x2c0/0x650
[   57.255219][ T5168]  _request_firmware+0x2c7/0xa00
[   57.255262][ T5168]  ? avc_has_perm_noaudit+0x1cc/0x210
[   57.255286][ T5168]  ? rpm_resume+0x655/0xd00
[   57.255346][ T5168]  ? __rcu_read_unlock+0x4e/0x70
[   57.255398][ T5168]  request_firmware+0x36/0x50
[   57.255419][ T5168]  devlink_compat_flash_update+0xaf/0x1b0
[   57.255444][ T5168]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[   57.255473][ T5168]  dev_ethtool+0x138b/0x14c0
[   57.255492][ T5168]  ? __rcu_read_unlock+0x4e/0x70
[   57.255541][ T5168]  dev_ioctl+0x854/0xab0
[   57.255563][ T5168]  sock_do_ioctl+0x11c/0x260
[   57.255583][ T5168]  sock_ioctl+0x40f/0x600
[   57.255610][ T5168]  ? __pfx_sock_ioctl+0x10/0x10
[   57.255671][ T5168]  __se_sys_ioctl+0xc9/0x140
[   57.255690][ T5168]  __x64_sys_ioctl+0x43/0x50
[   57.255707][ T5168]  x64_sys_call+0x1690/0x2dc0
[   57.255729][ T5168]  do_syscall_64+0xc9/0x1c0
[   57.255808][ T5168]  ? clear_bhb_loop+0x55/0xb0
[   57.255832][ T5168]  ? clear_bhb_loop+0x55/0xb0
[   57.255854][ T5168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.255877][ T5168] RIP: 0033:0x7fe3110bcde9
[   57.255893][ T5168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.255965][ T5168] RSP: 002b:00007fe30f727038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   57.255982][ T5168] RAX: ffffffffffffffda RBX: 00007fe3112d5fa0 RCX: 00007fe3110bcde9
[   57.255992][ T5168] RDX: 0000400000000280 RSI: 0000000000008946 RDI: 0000000000000006
[   57.256057][ T5168] RBP: 00007fe30f727090 R08: 0000000000000000 R09: 0000000000000000
[   57.256068][ T5168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.256079][ T5168] R13: 0000000000000000 R14: 00007fe3112d5fa0 R15: 00007ffced177268
[   57.256094][ T5168]  </TASK>
[   57.400311][ T5179] 9pnet_fd: Insufficient options for proto=fd
[   57.454186][ T5177] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=5177 comm=syz.3.619
[   57.485643][ T5169] ext4 filesystem being mounted at /133/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   57.555348][ T5169] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #19: comm syz.2.616: corrupted inode contents
[   57.569432][ T5169] EXT4-fs error (device loop2): ext4_dirty_inode:6042: inode #19: comm syz.2.616: mark_inode_dirty error
[   57.580926][ T5169] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #19: comm syz.2.616: corrupted inode contents
[   57.593679][ T5169] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3006: inode #19: comm syz.2.616: mark_inode_dirty error
[   57.606253][ T5169] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3009: inode #19: comm syz.2.616: mark inode dirty (error -117)
[   57.619130][ T5169] EXT4-fs warning (device loop2): ext4_evict_inode:276: xattr delete (err -117)
[   57.875787][ T5211] 9pnet_fd: Insufficient options for proto=fd
[   57.906631][    T9] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   58.016159][ T5222] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[   58.120096][ T5231] netlink: 8 bytes leftover after parsing attributes in process `syz.2.643'.
[   58.154282][ T5235] lo speed is unknown, defaulting to 1000
[   58.161798][ T5235] lo speed is unknown, defaulting to 1000
[   58.167951][ T5235] lo speed is unknown, defaulting to 1000
[   58.191810][ T5239] loop2: detected capacity change from 0 to 512
[   58.198466][ T5239] EXT4-fs: Ignoring removed i_version option
[   58.214143][ T5235] infiniband syz2: set active
[   58.218923][ T5235] infiniband syz2: added lo
[   58.223471][ T1055] lo speed is unknown, defaulting to 1000
[   58.232259][ T5239] ext4 filesystem being mounted at /144/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.247454][ T5235] RDS/IB: syz2: added
[   58.247550][ T5239] EXT4-fs error (device loop2): ext4_do_update_inode:5154: inode #4: comm syz.2.644: corrupted inode contents
[   58.251566][ T5235] smc: adding ib device syz2 with port count 1
[   58.263745][ T5239] EXT4-fs (loop2): Remounting filesystem read-only
[   58.269323][ T5235] smc:    ib device syz2 port 1 has pnetid 
[   58.269360][ T1055] lo speed is unknown, defaulting to 1000
[   58.269592][ T5235] lo speed is unknown, defaulting to 1000
[   58.294492][ T5239] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[   58.303620][ T5239] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[   58.318937][ T5235] lo speed is unknown, defaulting to 1000
[   58.343854][ T5235] lo speed is unknown, defaulting to 1000
[   58.372897][ T5235] lo speed is unknown, defaulting to 1000
[   58.409734][ T5235] lo speed is unknown, defaulting to 1000
[   58.562204][ T5253] lo speed is unknown, defaulting to 1000
[   58.625925][ T5265] loop2: detected capacity change from 0 to 512
[   58.650542][ T5265] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.655: bg 0: block 248: padding at end of block bitmap is not set
[   58.679091][ T5265] __quota_error: 303 callbacks suppressed
[   58.679107][ T5265] Quota error (device loop2): write_blk: dquota write failed
[   58.692358][ T5265] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   58.705627][ T5265] EXT4-fs error (device loop2): ext4_acquire_dquot:6927: comm syz.2.655: Failed to acquire dquot type 1
[   58.724320][ T5265] EXT4-fs (loop2): 1 truncate cleaned up
[   58.739820][ T5265] ext4 filesystem being mounted at /148/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.884946][   T29] audit: type=1326 audit(2000000018.079:2671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3110bcde9 code=0x7ffc0000
[   58.886195][ T5286] lo speed is unknown, defaulting to 1000
[   58.907868][   T29] audit: type=1326 audit(2000000018.079:2672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3110bcde9 code=0x7ffc0000
[   58.936576][   T29] audit: type=1326 audit(2000000018.079:2673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3110bcde9 code=0x7ffc0000
[   58.959496][   T29] audit: type=1326 audit(2000000018.079:2674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3110bcde9 code=0x7ffc0000
[   58.982481][   T29] audit: type=1326 audit(2000000018.079:2675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3110bcde9 code=0x7ffc0000
[   58.985306][ T5288] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   59.006071][   T29] audit: type=1326 audit(2000000018.079:2676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe3110bcde9 code=0x7ffc0000
[   59.037225][   T29] audit: type=1326 audit(2000000018.079:2677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3110bcde9 code=0x7ffc0000
[   59.070364][   T29] audit: type=1326 audit(2000000018.169:2678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5287 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe3110bcde9 code=0x7ffc0000
[   59.135416][ T5301] loop4: detected capacity change from 0 to 512
[   59.169831][ T5301] ext4 filesystem being mounted at /134/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   59.194675][ T5308] netlink: 4 bytes leftover after parsing attributes in process `syz.3.671'.
[   59.235492][ T5301] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #19: comm syz.4.668: corrupted inode contents
[   59.255781][ T5301] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #19: comm syz.4.668: mark_inode_dirty error
[   59.269503][ T5301] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #19: comm syz.4.668: corrupted inode contents
[   59.283130][ T5301] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3006: inode #19: comm syz.4.668: mark_inode_dirty error
[   59.298616][ T5301] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3009: inode #19: comm syz.4.668: mark inode dirty (error -117)
[   59.312448][ T5301] EXT4-fs warning (device loop4): ext4_evict_inode:276: xattr delete (err -117)
[   59.449711][ T5337] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   59.502809][ T5343] netlink: 28 bytes leftover after parsing attributes in process `syz.4.684'.
[   59.511750][ T5343] netlink: 108 bytes leftover after parsing attributes in process `syz.4.684'.
[   59.520914][ T5343] netlink: 28 bytes leftover after parsing attributes in process `syz.4.684'.
[   59.529868][ T5343] netlink: 108 bytes leftover after parsing attributes in process `syz.4.684'.
[   59.678914][ T5361] loop4: detected capacity change from 0 to 512
[   59.695875][ T5363]  (unregistering): (slave bond_slave_0): Releasing backup interface
[   59.706168][ T5363]  (unregistering): (slave bond_slave_1): Releasing backup interface
[   59.706633][ T5361] ext4 filesystem being mounted at /140/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   59.726085][ T5363]  (unregistering): Released all slaves
[   59.728639][ T5361] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.691: corrupted inode contents
[   59.743685][ T5361] EXT4-fs error (device loop4): ext4_dirty_inode:6042: inode #2: comm syz.4.691: mark_inode_dirty error
[   59.755183][ T5361] EXT4-fs error (device loop4): ext4_do_update_inode:5154: inode #2: comm syz.4.691: corrupted inode contents
[   59.767146][ T5361] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #2: comm syz.4.691: mark_inode_dirty error
[   60.288656][ T5443] Zero length message leads to an empty skb
[   60.358416][ T5456] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=5456 comm=syz.2.731
[   60.392178][ T5460] IPVS: set_ctl: invalid protocol: 47 172.20.20.170:20001
[   60.399792][ T5455] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   60.606083][ T5491] lo speed is unknown, defaulting to 1000
[   60.661671][ T5491] __nla_validate_parse: 7 callbacks suppressed
[   60.661685][ T5491] netlink: 8 bytes leftover after parsing attributes in process `syz.2.745'.
[   60.689116][ T5496] binfmt_misc: register: failed to install interpreter file ./file2
[   60.789763][ T5495] SELinux:  Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped).
[   60.821914][ T5491] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5491 comm=syz.2.745
[   60.981245][ T5506] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[   61.086278][ T5511] lo speed is unknown, defaulting to 1000
[   61.168908][ T5514] FAULT_INJECTION: forcing a failure.
[   61.168908][ T5514] name failslab, interval 1, probability 0, space 0, times 0
[   61.181601][ T5514] CPU: 1 UID: 0 PID: 5514 Comm: syz.0.751 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
[   61.181622][ T5514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   61.181632][ T5514] Call Trace:
[   61.181638][ T5514]  <TASK>
[   61.181646][ T5514]  dump_stack_lvl+0xf2/0x150
[   61.181670][ T5514]  dump_stack+0x15/0x1a
[   61.181688][ T5514]  should_fail_ex+0x24a/0x260
[   61.181715][ T5514]  should_failslab+0x8f/0xb0
[   61.181737][ T5514]  kmem_cache_alloc_noprof+0x52/0x320
[   61.181764][ T5514]  ? vm_area_dup+0x2c/0x130
[   61.181783][ T5514]  ? _raw_spin_lock_irqsave+0x3c/0xb0
[   61.181808][ T5514]  vm_area_dup+0x2c/0x130
[   61.181824][ T5514]  __split_vma+0xf7/0x6a0
[   61.181851][ T5514]  vma_modify+0xd3/0x1e0
[   61.181872][ T5514]  vma_modify_flags+0xf1/0x120
[   61.181899][ T5514]  mlock_fixup+0x113/0x450
[   61.181919][ T5514]  apply_vma_lock_flags+0x194/0x240
[   61.181941][ T5514]  do_mlock+0x3f4/0x570
[   61.181960][ T5514]  ? __secure_computing+0x9f/0x1c0
[   61.181980][ T5514]  __x64_sys_mlock2+0x72/0x90
[   61.181996][ T5514]  x64_sys_call+0x971/0x2dc0
[   61.182017][ T5514]  do_syscall_64+0xc9/0x1c0
[   61.182037][ T5514]  ? clear_bhb_loop+0x55/0xb0
[   61.182059][ T5514]  ? clear_bhb_loop+0x55/0xb0
[   61.182081][ T5514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.182102][ T5514] RIP: 0033:0x7fb786fccde9
[   61.182116][ T5514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.182131][ T5514] RSP: 002b:00007fb785637038 EFLAGS: 00000246 ORIG_RAX: 0000000000000145
[   61.182149][ T5514] RAX: ffffffffffffffda RBX: 00007fb7871e5fa0 RCX: 00007fb786fccde9
[   61.182159][ T5514] RDX: 0000000000000000 RSI: 00000000000040ef RDI: 0000400000004000
[   61.182180][ T5514] RBP: 00007fb785637090 R08: 0000000000000000 R09: 0000000000000000
[   61.182190][ T5514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   61.182200][ T5514] R13: 0000000000000000 R14: 00007fb7871e5fa0 R15: 00007fff2b848748
[   61.182217][ T5514]  </TASK>
[   61.430965][ T5523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.754'.
[   61.446945][ T5527] ==================================================================
[   61.455057][ T5527] BUG: KCSAN: data-race in mas_wr_store_entry / mtree_range_walk
[   61.462781][ T5527] 
[   61.465093][ T5527] write to 0xffff8881041a9560 of 8 bytes by task 5524 on cpu 1:
[   61.472707][ T5527]  mas_wr_store_entry+0x162b/0x2e80
[   61.477895][ T5527]  mas_store_prealloc+0x6bf/0x960
[   61.482908][ T5527]  commit_merge+0x441/0x740
[   61.487403][ T5527]  vma_expand+0x211/0x360
[   61.491726][ T5527]  vma_merge_new_range+0x2da/0x340
[   61.496829][ T5527]  mmap_region+0x7e0/0x1620
[   61.501329][ T5527]  do_mmap+0x98a/0xc30
[   61.505388][ T5527]  vm_mmap_pgoff+0x16d/0x2d0
[   61.509966][ T5527]  ksys_mmap_pgoff+0xd0/0x330
[   61.514631][ T5527]  x64_sys_call+0x1940/0x2dc0
[   61.519299][ T5527]  do_syscall_64+0xc9/0x1c0
[   61.523791][ T5527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.529675][ T5527] 
[   61.531983][ T5527] read to 0xffff8881041a9560 of 8 bytes by task 5527 on cpu 0:
[   61.539513][ T5527]  mtree_range_walk+0x1b4/0x460
[   61.544355][ T5527]  mas_walk+0x16e/0x320
[   61.548500][ T5527]  lock_vma_under_rcu+0x95/0x270
[   61.553430][ T5527]  exc_page_fault+0x150/0x650
[   61.558094][ T5527]  asm_exc_page_fault+0x26/0x30
[   61.562937][ T5527] 
[   61.565243][ T5527] value changed: 0x00007f147fa44fff -> 0x00007f147fa23fff
[   61.572334][ T5527] 
[   61.574639][ T5527] Reported by Kernel Concurrency Sanitizer on:
[   61.580771][ T5527] CPU: 0 UID: 0 PID: 5527 Comm: syz.4.756 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
[   61.591343][ T5527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   61.601396][ T5527] ==================================================================