last executing test programs:

1m18.623560984s ago: executing program 2 (id=70):
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x1000008, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x800000000003}, 0x1320, 0xffffffff, 0x3, 0x5, 0x3, 0x1, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f00000002c0)={0x1, 0x1, 0x1000, 0x39, &(0x7f0000000040)="ed14f17cb4b16034733e37457f24e1c8ec11f9b3b358ef207bca77c02eaed2a2b67344bd77f87e2b3c6678b49b7d56e6bb50cdf13803ba118d", 0xb0, 0x0, &(0x7f0000000200)="ec767ef5e7acccf4478b8e0cfce98cfde8ce87364101346ce528aa4fc5bd6195e9138847c600854394dd2b17a16ea17f8c5e7c0c7b283849e6c6fbee0921e879632ff52effe7373d10df4fb7dfe394587b06a6fe57cfdec7340e142fdba54980ab1324804895953b9f4e857fc0b6bcdffdc314e8b991bddd65976aa7a9da1e87d3e87a2c0fa3049829dcbc65416557b37afe9fb7fdbed594ed0d880e82886a2c380ebae45e0b756085d09fac9e5e7b2a"})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_mtu=0x6})
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = gettid()
setpgid(r3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f00000002c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r6, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x3c)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r8, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0xff, r8}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
r9 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r9, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route_sched(r10, &(0x7f0000000280)={0x0, 0x7400, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11}}, 0x24}}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010"], 0x44}}, 0x0)

1m18.589518566s ago: executing program 2 (id=71):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='cq_drain_complete\x00', r0, 0x0, 0x7a}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xcc, 0x30, 0xffff, 0x0, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0xfffd}}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x1}}]}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xcc}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
pipe(0xffffffffffffffff)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(r2, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x31, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0)

1m18.566817464s ago: executing program 2 (id=72):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='cq_drain_complete\x00', r0, 0x0, 0x7a}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xcc, 0x30, 0xffff, 0x0, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0xfffd}}}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x1}}]}, {0x4}, {0xc, 0x3}, {0xc}}}]}]}, 0xcc}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
pipe(0xffffffffffffffff)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(r2, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x31, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0)

1m18.545067192s ago: executing program 2 (id=73):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x44, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x18, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8, 0x1, 0x1, 0x0, 0x2000000}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}]}]}, @NFT_MSG_DELFLOWTABLE={0x5c, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x30, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'team0\x00'}, {0x14, 0x1, 'bond_slave_0\x00'}]}]}]}], {0x14, 0x10}}, 0xe8}}, 0x800)

1m18.479733436s ago: executing program 2 (id=74):
pipe(&(0x7f0000000d00)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a0000000400ff0f000007000000000000000000b6ea877b07e1e278288fae92ca2d542f4b56f20659d9c266447885fec47210f8221629ab5cef6446bfe8f456ad5193662f8b2b759db7b0b9462a9020610f201e120d73c79afc0bd9da7ad2cfa549325fde01f8904f99410a5c", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000006000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r3}, 0x10)
r4 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1600000000000000040000000500"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x600, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xfffffffffffffffe}}}]}, {0x25}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
r8 = syz_io_uring_setup(0x1114, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x21e}, &(0x7f00000001c0)=<r9=>0x0, &(0x7f0000000040)=<r10=>0x0)
r11 = syz_io_uring_setup(0x554, &(0x7f0000000800)={0x0, 0xbb4a, 0x2, 0x1, 0x8d}, &(0x7f00000000c0), &(0x7f0000000200))
io_uring_enter(r11, 0x3516, 0xaddf, 0x2, 0x0, 0x1517f)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(r8, 0x47fa, 0x0, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
write$binfmt_misc(r1, &(0x7f0000000240), 0xfffffecc)
splice(r0, 0x0, r4, 0x0, 0x714f, 0x0)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0xc)

1m18.339718767s ago: executing program 2 (id=77):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000001e00)=[{0x2, 0x3, {0x2, 0x1, 0x2}, {0x1, 0xf0, 0x1}, 0xfe, 0x1}, {0x2, 0x1, {0x1, 0xf0}, {0x0, 0x1, 0x2}, 0xff, 0xfd}, {0x1, 0x0, {0x0, 0x0, 0x4}, {0x0, 0xff, 0x3}, 0x0, 0xfc}, {0x1, 0x2, {0x1, 0xf0}, {0x2, 0x0, 0x4}, 0xff, 0xfd}], 0x80) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) (async)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2b, 0x0, {0x0, 0x0, 0x74, r4, {0xfff2, 0x4}, {0x0, 0xfff1}, {0xfff2, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x840)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r6=>0x0}) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x400, 0x40040)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r7}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000440)='kvm_ioapic_set_irq\x00', r8, 0x0, 0x2}, 0x31)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:mouse_device_t:s0\x00', 0x20, 0x0) (async)
r9 = syz_open_dev$loop(&(0x7f0000000080), 0x7a5, 0x204000)
ioctl$BLKPG(r9, 0x1269, &(0x7f0000000040)={0x2, 0x0, 0x98, &(0x7f0000000280)={0x3ff, 0xb68d, 0x13}}) (async)
r10 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb)
ioctl$LOOP_CTL_REMOVE(r9, 0x4c81, r10) (async)
r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000000000ffdbdf250f000000050033000100000008000300", @ANYRES32=r6, @ANYBLOB="02"], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x0) (async)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x8000000, {0x0, 0x0, 0x0, r6, {0x1f, 0x3}, {0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000000)

1m3.328701806s ago: executing program 32 (id=77):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000001e00)=[{0x2, 0x3, {0x2, 0x1, 0x2}, {0x1, 0xf0, 0x1}, 0xfe, 0x1}, {0x2, 0x1, {0x1, 0xf0}, {0x0, 0x1, 0x2}, 0xff, 0xfd}, {0x1, 0x0, {0x0, 0x0, 0x4}, {0x0, 0xff, 0x3}, 0x0, 0xfc}, {0x1, 0x2, {0x1, 0xf0}, {0x2, 0x0, 0x4}, 0xff, 0xfd}], 0x80) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) (async)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2b, 0x0, {0x0, 0x0, 0x74, r4, {0xfff2, 0x4}, {0x0, 0xfff1}, {0xfff2, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x840)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r6=>0x0}) (async)
syz_open_dev$loop(&(0x7f0000000000), 0x400, 0x40040)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r7}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000440)='kvm_ioapic_set_irq\x00', r8, 0x0, 0x2}, 0x31)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)='system_u:object_r:mouse_device_t:s0\x00', 0x20, 0x0) (async)
r9 = syz_open_dev$loop(&(0x7f0000000080), 0x7a5, 0x204000)
ioctl$BLKPG(r9, 0x1269, &(0x7f0000000040)={0x2, 0x0, 0x98, &(0x7f0000000280)={0x3ff, 0xb68d, 0x13}}) (async)
r10 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb)
ioctl$LOOP_CTL_REMOVE(r9, 0x4c81, r10) (async)
r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000000000ffdbdf250f000000050033000100000008000300", @ANYRES32=r6, @ANYBLOB="02"], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x0) (async)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x70bd2a, 0x8000000, {0x0, 0x0, 0x0, r6, {0x1f, 0x3}, {0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000000)

2.844005122s ago: executing program 3 (id=1595):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f00000001c0)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000400000004"], 0x48)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000040), 0x8, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f000001bff4))
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYRES32=r2, @ANYRESOCT=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffe4f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x3e, 0x41}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18010000008000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r7 = socket$inet6(0xa, 0x80002, 0x0)
r8 = socket$inet(0x2, 0x2, 0x0)
bind$inet(r8, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10)
bind$inet6(r7, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700)
perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x2c)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x12, r9, 0x0)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r6, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r10}, 0x10)
clock_nanosleep(0x2, 0x0, 0x0, 0x0)
unshare(0x40000000)
bind$tipc(r4, 0x0, 0x0)

2.567598823s ago: executing program 3 (id=1603):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r1}, 0x18)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x45c, 0x24, 0xd0f, 0x0, 0xfffffffd, {0x60, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x9, 0x45, 0x3ff, 0x10000, 0x3, 0x8, 0x4, 0xa0002, 0x5, 0x36, 0x59bc9fd6, 0x2, 0x2, 0x8000, 0x8, 0x4, 0x8, 0x6, 0x114b6000, 0xfffffffb, 0x2a70, 0xffff73cc, 0x81, 0x5, 0x0, 0xa, 0x45, 0x0, 0x8, 0x5, 0xba44, 0x3, 0x60b, 0x80000000, 0x8, 0x4, 0x5, 0x3, 0xffff, 0x3, 0xfffffff8, 0x5, 0x8, 0x1a0055ee, 0x1, 0x1, 0xffff4226, 0x7, 0x0, 0x5, 0x101, 0x4, 0x1, 0x2, 0x800, 0xf9, 0x9, 0x9, 0x2, 0x8, 0x2f, 0xfffffff8, 0x0, 0x101, 0x9, 0x7, 0x5, 0x5, 0x5, 0x0, 0x46, 0x2, 0x5, 0x3, 0x2, 0x9b58, 0x4, 0xb, 0x4be, 0xe, 0xef, 0xa, 0xcaa, 0x9fa7, 0xfffeffff, 0x38, 0x4, 0x0, 0x9, 0x44d, 0x7, 0x200, 0x8, 0x401, 0x7, 0x45, 0x3, 0x9, 0x0, 0x7, 0x6, 0x9, 0x3, 0x7, 0x4, 0x6, 0x7, 0x8002, 0x7, 0x7, 0x7, 0xc3c, 0x3, 0x28000000, 0x8, 0x30c7, 0xfad, 0x7, 0x8, 0x0, 0x5, 0x10, 0x400, 0xa97, 0x4, 0x422dd3f4, 0x4, 0x8, 0x2, 0x8, 0x10000, 0x8c1, 0x0, 0x45b6, 0x9, 0x864b, 0x0, 0x7, 0x9, 0x1, 0x7, 0x81, 0x3, 0x800, 0x6, 0xffffff80, 0x41, 0xc22, 0x1, 0x6, 0x9, 0x9, 0x7fffffff, 0x4, 0xfff, 0x6, 0xfffffffd, 0x7c1, 0x136, 0x6, 0x5, 0x4, 0x3ff, 0x4, 0xb, 0x2, 0x10001, 0x0, 0x5, 0x3, 0x400, 0x101, 0xffffffff, 0x1b, 0xd589, 0xffffff81, 0xffff0001, 0x4, 0x0, 0x300, 0x8, 0x60000000, 0xd39, 0x0, 0xfffffffe, 0x0, 0x81, 0x2, 0x55, 0x4000004, 0xbc6, 0x2, 0x8, 0x28a6a52, 0x1ff, 0xb, 0x7fff, 0x9, 0x2e4c20b9, 0xb, 0x2, 0x9, 0x7, 0x4, 0x8, 0x3, 0x2, 0x8, 0x3, 0x7, 0x4, 0x9, 0x8, 0xfffffffa, 0x76e8e800, 0x800, 0x400, 0x6, 0x0, 0xcc6, 0xfffffffb, 0x8000, 0xffffff00, 0x894, 0x7, 0xe, 0x6, 0x6, 0x2, 0x6, 0x10001, 0x9, 0x4, 0x8, 0x5d, 0x1000000, 0x7, 0x1, 0x8, 0x7ffffffd, 0x384, 0x9, 0x58a, 0x80000000, 0xe08, 0x0, 0x1, 0x2c821159, 0x0, 0x9, 0x7f, 0x0, 0x6, 0x0, 0x7f]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x6, 0x0, 0x2, 0x8, 0x0, 0xc}, {0xff, 0x1, 0x6, 0x5, 0x5e1d, 0x8}, 0x3ff, 0xa0, 0x99}}]}}]}, 0x45c}, 0x1, 0x0, 0x0, 0x4000050}, 0x20008840)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
socket$igmp(0x2, 0x3, 0x2)
syz_io_uring_submit(0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
unshare(0x68040200)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg(r4, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x2000410, &(0x7f0000000000)={[{@commit={'commit', 0x3d, 0x5}}]}, 0x1, 0x79f, &(0x7f00000012c0)="$eJzs3ctrXFUYAPDvTl5NGk0EQesqIGigdGJrbBUUKi5EsFDQtW1IpqFmkimZSWlCwRYR3AgqLgTddO2j7sSdj63+Fy6kpWpbrLqQkTuPdtLMTDOkM1PI7wc3c869d+ac7577OJNzuRPArjWV/slE7IuID5OIidr8JCKGKqnBiKPV9W5dPz+fTkmUy2/8kVTWuXn9/Hw0vCe1t5Z5PCJ+fC9if2ZrucX1jaW5fD63WsvPlJbPzBTXNw6cXp5bzC3mVg4fnJ09dOS5I4fvX6x//bIxfvWjV5/++ui/7z52+YOfkjga47VljXHcL1MxVdsmQ+km3OSV+11YnyVtlr3Uw3rQmfTQHKge5bEvJmKgkmphtJc1AwC65Z2IKAMAu0zi+g8Au0xETEZt/Ks+9ft/Er107eWI2FONvz6+WV0yWBuz21MZBx27mWwaGUnqG26HpiLi82/f+jKdokvjkADNXLgYEScnp7ae/5Mt9yx06pl2C8sjlZepu2Y7/0HvfJ/2f55v1v/L3O7/RJP+T3r0TpXb3fWzPfc+/jNXdlxIG2n/78WGe9tuNcRfMzlQyz1U6fMNJadO53Ppue3hiJiOoZE0f7CyavPtMX3jvxutym/s//358dtfpOVvvgMnc2VwZPN7FuZKczsKusG1ixFPDDaLP7nd/kmL/u/xbZbx2gvvf9ZqWRp/Gnd9SstPX3cUVAfKlyKeatr+d9oyaXt/4kxld5ip7xRNfPPrp2Otym9s/3RKy69/F+iFtP3H2sc/mTTer1nsvIyfL0380GrZveNvvv8PJ29W0sO1eefmSqXVgxHDyetb5x+68956vr5+Gv/0k82P/3b7f/qd8OQ24x+8+vtXtY9qGn/Fhf61/0JH7d8mUb8e3LXo8q2lgVblb6/9Zyup6dqc7Zz/7lHTHezNAAAAAAAAAAAAAAAAAAAAAAAAANC5TESMR5LJ3k5nMtls9Te8H42xTL5QLO0/VVhbWYjx76rPP83UH3U50fA81PJA9Xn49fyh2Jx/NiIeiYhPRkYr+ex8Ib/Q7+ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGZvi9//T/020u/aAQBds6ffFQAAes71HwB2n86u/6NdqwcA0Dsdf/8vJ92pCADQM9u+/p/sbj0AgN4x/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECXHT92LJ3Kf18/P5/mF86ury0Vzh5YyBWXsstr89n5wuqZ7GKhsJjPZecLyy0/6EL1JV8onJmNlbVzM6VcsTRTXN84sVxYWymdOL08t5g7kRvqWWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsH3F9Y2luXw+tyrRNjH6YFSjh4nkn3brDEb/a7gbEsN9K73xLDHavxMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPu/wAAAP//wJMmNg==")
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r8, 0x2000000, 0xe, 0x0, &(0x7f0000000500)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.030208019s ago: executing program 3 (id=1620):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)

1.651723967s ago: executing program 3 (id=1625):
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000f00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x401}, 0x18)
syz_io_uring_setup(0x5c26, &(0x7f0000000240)={0x0, 0x0, 0x13290}, &(0x7f0000000440)=<r1=>0x0, &(0x7f0000000700)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_RENAMEAT={0x23, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r4, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)

1.597123447s ago: executing program 3 (id=1629):
r0 = socket$inet6(0xa, 0x2, 0x39)
capset(&(0x7f0000000340)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x20000000})
setrlimit(0x40000000000008, &(0x7f0000000380))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=<r3=>r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2, 0x0, 0x5}, 0x18)
r4 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f00000003c0)={0x200000000000001}, 0x8)
sendto$inet6(r4, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="01", 0x1}], 0x1}}], 0x1, 0x400c404)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0xfffd, 0x6, @empty, 0x6}, 0x1c)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x401, 0x0, 0x1, 0x20400, 0xffffffffffffffff, 0xc9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000001440)={0x3, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRESHEX=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
r7 = syz_open_procfs(0x0, &(0x7f0000000140)='cgroup\x00')
preadv(r7, &(0x7f00000000c0)=[{&(0x7f0000000480)=""/128, 0x80}], 0x1, 0x12e, 0x0)
ioctl$USBDEVFS_CONNECTINFO(r5, 0x40085511, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000140)=0x8, 0x4)
sendto$inet6(r0, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$inet(0x2, 0x1, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000001500)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r9, 0x0)
read(r9, &(0x7f0000000400)=""/4096, 0x1000)
sendmsg$nl_route(r9, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=@getrule={0x14, 0x22, 0x2, 0x70bd2c, 0x25dfdbff, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000000}, 0x10)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000001400)='bridge_slave_0\x00', 0xffffffffffffff52)
setsockopt$inet_opts(r8, 0x0, 0x4, &(0x7f0000000080)="441f0801000000e8c94ef56491ee54be0e1c2074ed27c1c6fe76cef3e2", 0x1d)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e27, @loopback}, 0x10)

1.20715018s ago: executing program 5 (id=1642):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000400), 0x0}, 0x20)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r4 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
syz_emit_ethernet(0x16, &(0x7f00000000c0)={@local, @dev, @void, {@llc={0x4, {@snap={0xaa, 0x0, 'o', "26739c"}}}}}, 0x0)
pipe2$9p(&(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r8, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r9 = dup(r8)
write$P9_RLERRORu(r9, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r9, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r9, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000002d40)='kfree\x00', r10, 0x0, 0xb}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r9])
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000200)={0x1, <r11=>0xffffffffffffffff}, 0x4)
r12 = socket(0x400000000010, 0x3, 0x0)
r13 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f00000000c0)={'veth1_to_bond\x00', <r14=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xffffffff, {0x0, 0x0, 0x0, r14, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x2, 0x80000000}}]}}]}, 0x48}}, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000700)={r3, 0x20, &(0x7f00000006c0)={&(0x7f0000000640)=""/40, 0x28, <r15=>0x0, &(0x7f0000000680)=""/36, 0x24}}, 0x10)
r16 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000740), 0x84200, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x12, 0x18, &(0x7f0000000580)=@raw=[@cb_func={0x18, 0x2, 0x4, 0x0, 0x3}, @btf_id={0x18, 0xf, 0x3, 0x0, 0x4}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, @map_val={0x18, 0x9, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x2}, @exit, @btf_id={0x18, 0x7, 0x3, 0x0, 0x2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r11}}], &(0x7f0000000280)='GPL\x00', 0x1ff, 0x0, 0x0, 0x40f00, 0x1, '\x00', r14, @fallback=0x27, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000500)={0x4, 0x5, 0xdcf2, 0xffffffff}, 0x10, r15, r10, 0x3, &(0x7f0000000780)=[r2, r9, r9, r4, r0, r16], &(0x7f00000007c0)=[{0x4, 0x1, 0x0, 0x2}, {0x2, 0x3, 0x6, 0x3}, {0x5, 0x5, 0x8, 0x1}], 0x10, 0xffffff75, @void, @value}, 0x94)
creat(&(0x7f0000000380)='./file0\x00', 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.143902352s ago: executing program 5 (id=1644):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1, 0x0, 0x178}, 0x18)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00008, 0x0, 0x50032, 0xffffffffffffffff, 0x0)

1.087207144s ago: executing program 5 (id=1647):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000020000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x9a, &(0x7f0000000180)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x64, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x2, 0x1, "bb577147f8c63bab95cc025f2c123662d48c6e01d8630bf2addfd0edf624317d", "8ab859c3d9fe9a2f9edb8e36339e135d", {"1f142a168a75d33e838bef40d2fcff6c", "b8d91538c6c53fafd6fea68a0e45b49f"}}}}}}}}, 0x0)

1.011559541s ago: executing program 5 (id=1648):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000f3ff000085000000700000009505b6350c607945878f49d069f46530b581e95abfdcd053da25a9fbb17316e516a7a95c0e62e155dc0bd1d2ef291e686151d8e0170a94656cec76f4f23befbd897e307f2b89ef1c6775eed574240d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f0000000600)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x78, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x64, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @rand_addr=0x64010101}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @empty}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x401, 0x3d3, 0x3, 0x3ff, 0x9}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)

995.438417ms ago: executing program 5 (id=1650):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x25)
r1 = open$dir(0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811"], 0x0, 0x80, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001080)=ANY=[], 0x38}}, 0x0)
recvmsg$unix(r3, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{0x0}], 0x1}, 0x40000100)
write$qrtrtun(r0, &(0x7f0000000280)="ca1c808bb35bdabb49f35c09d456591f", 0x10)
write$qrtrtun(r0, &(0x7f0000000c00)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e8458e6f5f76e0e4e781bfca4c928c956321dd514877569805db6602f1584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26ce40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a6b657ff95930ea668649ad0003afe9a912179ce61631b3dab94642d2768f1f22299deb9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be71f412044b52b1ce32aac048cad9c413a8c19528dc1b432fe7f9fda7182a47243af427a76ede78aa5c6ef75ea1f48e2e9e9d203d4760a1ff6a0119b39a2458a050f9519d4bbd821684ef8356985e8f5b8d86346f428788fc374e7eaa0c2a2ef8478a13b4a56d0821", 0x1a2)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={0xffffffffffffffff, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c)
syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x0, &(0x7f00000021c0)={[{@dioread_nolock}, {@minixdf}, {@nolazytime}, {}]}, 0x1, 0x783, &(0x7f0000002200)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)

918.740225ms ago: executing program 0 (id=1652):
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000f00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x401}, 0x18)
syz_io_uring_setup(0x5c26, &(0x7f0000000240)={0x0, 0x0, 0x13290}, &(0x7f0000000440)=<r1=>0x0, &(0x7f0000000700)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_RENAMEAT={0x23, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r4, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)

803.777447ms ago: executing program 0 (id=1653):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000001540)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x98}}, {{&(0x7f00000000c0)=@file={0x1, './file1\x00'}, 0x6e, 0x0, 0xa4ff, 0x0, 0x0, 0x4800}}], 0x2, 0x20004800)

803.448227ms ago: executing program 0 (id=1654):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fffffff, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000100)={[{@nombcache}, {@resgid}, {@norecovery}, {@commit={'commit', 0x3d, 0x5}}, {@nombcache}]}, 0x8, 0x5fb, &(0x7f00000004c0)="$eJzs3c9vFGUfAPDvTH/Svu/bQt6oeJAmxkCitLSAIcZEuBOCP26eKi0EKZTQGi2SWBK8mBgvHkw8eRD/CyXx6sGrBy+eDAkxhoMYImtmO1Om293SX7tbup9PMnSeme48z5R++5199nlmAuhYI9k/acT+iLiaRAyV9nVHvnNk6fvu/3njXLYkUam8/UcSNz5JFsvHSvKvg/mL/xmK5Oc0Yl/X6nrnFq5fmpyZmb6Wl8fmL18dm1u4fvji5ckL0xemr0y8OnHi+LHjJ8aPbOn8ylWfvvX+h0OfnXn3268fJuPf/XomiZPxKP+G7LxqX9u3pZqzn9lIVJY8KG/Pfq4ntnjsneKvoeL35LGkdgM7Vpr/Pv4vIp6Noegq/W8OxadvtrVxQFNVkihyFNBxkk3Ff//2NwRoseI6oHhvX+998Gppk69KgFa4d2qpA2Ap9nsiooj/7qW+weiPbOvA/WRFP08SEVvrmVuS1fHTj2duZUs06IcDmmPxZtHLXZv/k2psDkd/tTRwP10R/2lpyba/tcn6R2rK4h9aZ/FmRDyX5//e2FD8j5Ti/71N1i/+AQAAAAAAYPvcORURr9Qb/5cuj//prTP+ZzAiTm5D/U/+/C+9m68k21AdUHLvVMTrdcf/Lo/xHe7KS/+tjgfoSc5fnJk+ks8ZPBQ9fVl5vOa45RHChz/f91Wj+svj/7Ilq78YC5gf6W53zUTcqcn5ya2eNxBx72bE89XxvwfyLSvH/2T5P6mT/7P4vrrOOva9dPtso31Pjn+gWSrfRBysm/8fX24na9+fY6x6PTBWXBWs9sLHX3zfqH7xD+2T5f+BteO/Lynfr2duY8fvjYijC92VRvs3e/3fm7zTVRw/89Hk/Py18Yje5PTq7RMbazPsVkU8FPGSxf+hF9fu/1u+/i/F4Z6IWFxnnc88Gvyt0T75H9oni/+ptfP/8Mr8v/GVidvDPzSq/+y68v+xak4/lG/R/wdlq+/Hsd4AbUtzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOApl0bEfyJJR5fX03R0NGIwIv4fA+nM7Nz8y+dnP7gyle2rPv8/LZ70O7RUTorn/w+XyhM15aMRsTcivuzaUy2PnpudmWr3yQMAAAAAAAAAAAAAAAAAAMAOMVid81/pq53/n/m9q92tA5quO/8q3qHzdG/6lZW+bW0I0HKbj3/gabf++O9pajuA1msc/w8eVqpa2hyghVz/Q+faZPz7uAB2AfkfOtU6+/T6m90OoB3kfwAAAAAA2FX2HrjzSxIRi6/tqS6Z3nyfwf6wu6XtbgDQNsbwQufqnm13C4B28R4fSJbX/q472b/x6P+kOQ0CAAAAAAAAAAAAAFY5uN/8f+hUa8//N7YfdrM15v/XC363C4BdpPGjP+R+2O28xweelO3N/wcAAAAAAAAAAACAHaD/+qXJmZnpa3MLT9/KGzujGRtbWZzcEc3Y1pVHzTlyT0TsjBNs9UpxC442NqPNf5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBl/wYAAP//SlcnIw==")
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r0 = socket$kcm(0x2, 0xa, 0x2)
getsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000080), &(0x7f0000000200)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x15, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$tipc(0x1e, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0)
write$selinux_load(r2, &(0x7f0000000000)=ANY=[], 0x202d)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, r4, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000300)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9232f328db0049d905d491ceaebfd26d4eef23248000000f858dbb8a19052", 0x34}, {&(0x7f0000000040)="8ece37b4e2d66e5245eb5b9b5d37", 0xe}], 0x2)

742.796889ms ago: executing program 0 (id=1655):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0a000000010000000900000008"], 0x50)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x49, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x5, @perf_config_ext={0x0, 0x4}, 0x45ff5eb5c5b462aa, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842)
ioctl$EVIOCGEFFECTS(r1, 0x80044584, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0) (async)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000013c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket(0x10, 0x80000, 0xcc6)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r4)
getsockname$packet(r4, &(0x7f0000000380)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xf1d, 0x1, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x2}, {0xffff, 0xffff}, {0xc, 0x4}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff3b, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r6}, 0x10)
kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x200000000000000) (async)
kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x200000000000000)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000fa7a8af8ff00000000bfa2000000000000070200b703000008000000b70400000000000085000000010000009500000000005356e759f7179c4c43ce60aca9c587bf7b1b70e65c"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8b, @void, @value}, 0x94)
socket$inet6_icmp(0xa, 0x2, 0x3a) (async)
socket$inet6_icmp(0xa, 0x2, 0x3a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00'}, 0x10)
r8 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000100)='asymmetric\x00', 0x0, &(0x7f0000000140)="1081", 0x1001, r8) (async)
add_key(&(0x7f0000000100)='asymmetric\x00', 0x0, &(0x7f0000000140)="1081", 0x1001, r8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000380)='kfree\x00', r7}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) (async)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x3, 0xc, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44000000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r10}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x10000, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x17, 0x0, 0x0, 0x10, 0x7fffffff, @void, @value}, 0x5c)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r11}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r11}, 0x10)
utime(&(0x7f0000000200)='./file0\x00', 0x0) (async)
utime(&(0x7f0000000200)='./file0\x00', 0x0)

683.583271ms ago: executing program 3 (id=1656):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB]})
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000000c0), 0xfe, 0x25e, &(0x7f0000001000)="$eJzs3T9o3FYcB/Cf7k9d16a47VIo/QOllNZg3KFQ6NIuLRhKMaUU2oJLKZ2CHXBssvkyZcmQzEnwlMWEbHEyhiwmSyCrk3hwlgwxGWIyJMMFne7C+Xwmjs93CtbnA7L09J70nkDfZ3mQHEBhjUXEDxFRjojxiKhGRNLe4LNsGWsWl4fXZiLq9d8eJ412WTnTOm4kImoR8V1EpVW3uPrX5tP1n788s1D94tLqn8ODur52W5sbv2xf/PX01alvFkvNfaPNdft1HKaky75KEvF+Pzp7QySVvEfAfkyfvHI3zf0HEfF5I//VKDUje3b+rZvV+PrCXseee3Tno0GOFTh89Xo1/R1YqwOFU2o8AyeliYjItkuliYnsGf5eOYljc/Mnxv+fW5j9L++ZCjgESS37u3fjp+tD10Y68v+wnOV/X77t80iBvkjz//v0yv10e7uc92iAgfg4W6X5H/9n6auQfygc+Yfikn8oLvmHI+CA2ZV/KC75h+KSfzjCqq2NWtdq+Yfikn8oro785/I+LpCP9vwDAMVSH8r7DWQgL3nPPwAAAAAAAAAAAAAAAAAAwG7Lw2szrWVQfd46H7H1Y0RUdvY/1KgtN/4fccTbjZ/vPEnSZi8l2WE9+fvTHk/Qo8s5v3397oN8+7/9SX/Oe2pncc9v2y3NRtTSxpOVyu77P2nefwf33ivqq//22MFrSjrK3/8x2P47PV/Jt/+p9Ygb6fwz2W3+K8WHjXX3+We0/RPLB3T8WY8nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYGBeBAAA//9hymrI")
pipe2$9p(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = creat(&(0x7f0000000080)='./bus\x00', 0x9)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[], 0x15)
splice(r2, 0x0, r4, 0x0, 0x15, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[@ANYBLOB='N'], 0x6a)
ioctl$KDGKBMODE(r1, 0x4bfa, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, r7)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000840)=ANY=[@ANYBLOB="2000000025cae2b897e89bc34856181cea1c6e0e0176aba92518632eef3f9c34d7c39993141e94ad017bb14763fe4ebf260c4b4fea69bc8adde7e01386ed91a7719156e105ef630dbb007891294ec6734f85f7a0b5996df99c16f0341236bcaf1fd8808fdfc5985cf4587ddf7a57e6ca8da5d1ad9af4ef4b5df6442212495587ea0f612bb8da283d490fe60b4c8d84a9b9981b59c61f072c0017e2a38730ef531ea6457bf47ab3f91aa65fdaa46ca3df503a9735a07aa6a1f8508304ba992619fafd1f4e14cc7f35bed50c40c5ec42d7aada26739b8ecef2a8eca73ec71820f7e0a602428323690e9bafe44606891f4fc3ba9ddfe4e13addd18264bc792cfa9f16a41224f32b3ee89fff1d92da4a587efa84923fe0187a0dc70e3b1ed45655d81c6fbf0796", @ANYRES16=r9, @ANYBLOB="010025bd7000fadbdf2501000000040001800400030004000280"], 0x20}, 0x1, 0x0, 0x0, 0x20004800}, 0x20040040)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x3ffffffffffffe96, &(0x7f0000000000)=[{0x2000, 0x5}]})
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r10}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r11, 0x0, 0x200000000200}, 0x18)
creat(&(0x7f0000000600)='./file0\x00', 0xca)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r12=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r12, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
socket$nl_netfilter(0x10, 0x3, 0xc)
r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000d2e0bc121ce56b4a2a8ec74a74282ec796c895d1592ef6ec204ac0636bf69e8c9ebc68f97c30a13800a81abe8af6cde22129ac486b4818fd5cf74cbd6c675d9cbec64dc7360659d135096a83c45a6eb8c8603f957be6d6793d51beac2e2008b0da233b303e8c79aa8e36ef6715a13844733378e61137c8ceee414ac163ab02a15dc3c2a4cd7e1a4ec0d90d08711967ac785415c28ad342fda8bfb58bd973e50808ff2075bf38189b2a0eaf200a26458ef1d6a808b3dc20dfa55ef5882e5c8b5501d151cf50ed62e8342fcf19e3b883ae52e42cdab06ccaedd1455841d1a6ff359ee371"], 0x48)
r14 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r13, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r14}, 0x10)

539.977843ms ago: executing program 0 (id=1660):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000f3ff000085000000700000009505b6350c607945878f49d069f46530b581e95abfdcd053da25a9fbb17316e516a7a95c0e62e155dc0bd1d2ef291e686151d8e0170a94656cec76f4f23befbd897e307f2b89ef1c6775eed574240d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f0000000600)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x78, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x64, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @rand_addr=0x64010101}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @empty}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x401, 0x3d3, 0x3, 0x3ff, 0x9}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)

508.428875ms ago: executing program 0 (id=1661):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000fc0), r0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000001080)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001040)={&(0x7f0000001000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="04012cbd76c6c3a3438978bed93e5fdcc500080006003c0f00000800"], 0x2c}, 0x1, 0x0, 0x0, 0x80004}, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001540)=ANY=[@ANYBLOB="0b00000007000000010001000800000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000001a0000000000000000a2ffffffed00000000001f66bcbc1b07b45599107ff29569673375b11d3a986574a5f759c98321e4f60c1bfae2efbcefd9055a11e7403347974fe9a5b8dece5cb409474007c4f0bb5020f7eefe5bf70b9752e69bc5a5ca52eaf8a346151e6ba70dee445251000142db8748993306c66106351ab60f8743a6aa404da163968e287c4755913f06b479ad4c5d955e931329e1b0a9138089c949df10550a7a3fe7fc05a5d036dcc0000000000000b738c3ad5a4d3c00f406703ab55f8e51643f0cf8a0c467247bc1fdb82c0f19ce8aab8d11c83fdf1869386674e6578521466224b893b67d810921801afe1659583a"], 0x48)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRES32=r2], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4, 0x0, 0x80000000}, 0x18)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
setgid(0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f88)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000200)='xprtrdma_dma_maperr\x00', r6}, 0x18)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x10800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
r7 = getpid()
sched_setscheduler(r7, 0x1, &(0x7f0000000100)=0x5)
r8 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000900)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r9, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0xa, 0x0, 0xfff, 0x1}}, 0x20)
close_range(r8, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmmsg$unix(r10, &(0x7f0000000400), 0x0, 0x0)
r11 = eventfd(0x0)
read$eventfd(r11, &(0x7f0000000000), 0x8)

332.292289ms ago: executing program 1 (id=1667):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x19, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000440)='kfree\x00', r3}, 0x18)
ptrace$pokeuser(0x6, 0x0, 0x358, 0xffff888237d0b000)
gettid()
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0x81, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, <r5=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r3}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0x1, <r6=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f00000002c0)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{0xffffffffffffffff, <r7=>0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)=r2}, 0x20)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfa69, 0x3ff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001880)=@gettfilter={0x4c, 0x2e, 0x2, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0xe, 0xfff2}, {0x10, 0xa}, {0xffff, 0xf}}, [{0x8, 0xb, 0x7fff}, {0x8, 0xb, 0x8}, {0x8, 0xb, 0x48}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x1000}]}, 0x4c}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001700)={0x6, 0x1c, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000000000085000000860000005528e0fffcffffff18110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000000000000850000008600000018470000070000000000000000000000087f03000300000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b74400000000000085000000820000009500000000000000"], &(0x7f0000000480)='GPL\x00', 0x1c1, 0x1000, &(0x7f0000000700)=""/4096, 0x41000, 0xb, '\x00', r10, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000500)={0x3, 0x0, 0x0, 0xbfdc}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x10000000)

254.989537ms ago: executing program 1 (id=1669):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000040018110000", @ANYRES32=r0, @ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = syz_io_uring_setup(0x10e, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4, 0x31c}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x13, 0x54, &(0x7f0000001140)=ANY=[@ANYRES64=0x0, @ANYRES8, @ANYRESHEX, @ANYRES8, @ANYRES8, @ANYRESDEC=0x0], &(0x7f0000000200)='GPL\x00', 0x7fffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
syz_emit_ethernet(0xb6, &(0x7f0000001040)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x80, 0x2c, 0x0, @dev, @mcast2, {[@srh={0x67, 0xa, 0x4, 0x5, 0x7, 0x0, 0x8, [@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @local, @remote, @dev={0xfe, 0x80, '\x00', 0x19}]}], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @ipv4={'\x00', '\xff\xff', @local}, @loopback}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x800000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x40000000, 0x0, 0x0, 0x41100, 0x30, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
pipe2$9p(&(0x7f0000001900)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = dup(r6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000002240)='9p_client_req\x00', r7}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[], [], 0x6b}})
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRES16], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000080)='sys_enter\x00', r9, 0x0, 0xfffffffffffffff9}, 0x18)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000f80)={[{@auto_da_alloc}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}], [{@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@context={'context', 0x3d, 'root'}}, {@fsuuid={'fsuuid', 0x3d, {[0x32, 0x38, 0x31, 0x32, 0x65, 0x38, 0x65, 0x34], 0x2d, [0x64, 0x65, 0x61, 0x37], 0x2d, [0x65, 0x31, 0x39, 0x38], 0x2d, [0x32, 0x38, 0x35, 0x32], 0x2d, [0x37, 0x6a, 0x39, 0x37, 0x65, 0x33, 0x36, 0x35]}}}, {@func={'func', 0x3d, 'FILE_CHECK'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$inet6_udp(0xa, 0x2, 0x0)
close_range(r1, r10, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000c80)={'lo\x00', <r12=>0x0})
bind$packet(r8, &(0x7f00000002c0)={0x11, 0xf5, r12, 0x1, 0x0, 0x6, @random="b5ad1ea900f3"}, 0x14)
sendmsg$nl_route_sched(r10, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newqdisc={0x130, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x100, 0x2, {{0x0, 0x10000, 0x0, 0x2}, [@TCA_NETEM_LOSS={0xc4, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8001, 0xfffffffc, 0x2, 0x5}}, @NETEM_LOSS_GE={0x14, 0x2, {0x2, 0x3, 0x3, 0x7}}, @NETEM_LOSS_GI={0x18, 0x1, {0x802, 0x3, 0xffff0001, 0xc5, 0x401}}, @NETEM_LOSS_GE={0x14, 0x2, {0x3, 0x6, 0x6, 0x81}}, @NETEM_LOSS_GI={0x18, 0x1, {0x409, 0xa4, 0x3, 0xc11a, 0x1}}, @NETEM_LOSS_GE={0x14, 0x2, {0xfff, 0xd2b0, 0x80000000, 0x200}}, @NETEM_LOSS_GI={0x18, 0x1, {0x2, 0x30, 0xffffffff, 0x200, 0xfffffffa}}, @NETEM_LOSS_GE={0x14, 0x2, {0x200, 0x8, 0x9, 0x1}}, @NETEM_LOSS_GE={0x14, 0x2, {0x40000000, 0x1, 0x3, 0x2}}]}, @TCA_NETEM_RATE={0x14, 0xd}, @TCA_NETEM_CORRUPT={0xc, 0x2}]}}}]}, 0x130}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000005c0)=ANY=[@ANYBLOB="ffffffffffff00080000001e0001ac1414aa05009078000000004500000000000000006cc133543a009d0000ac1c14aae00f000209ee0500b0e1875000000000000008000000"], 0x0)
write$binfmt_elf64(r10, &(0x7f00000015c0)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x7, 0xd6, 0x3, 0x0, 0x2, 0x3e, 0x754, 0x11, 0x40, 0x291, 0x4, 0x0, 0x38, 0x4, 0x735, 0xfffb, 0xd}, [{0x6474e551, 0x8, 0x6, 0x9, 0x10001, 0xe00000000000, 0x2, 0x2}, {0x2, 0xfffffff8, 0xfffffffffffffff4, 0x80000000, 0xd, 0x1, 0x0, 0x9}, {0x5, 0x7fffffff, 0x1ff, 0x6, 0x8, 0xffffffffffffffb7, 0x0, 0x100}, {0x3, 0x9, 0xfffffffffffffffa, 0x8, 0xf5, 0x7, 0x0, 0x6}], "289c9d07d2534d13c249449a7648620f1385d1f93920b4a9a252090563538588ee5088e34f6c56a44b83b53406fcfefc42b4ad8596571f1cfeb63e1acaad50c28df8db3d9493ab359dd8ebf15f9437ad740a674e24fd13661e1b7a2060b7fe8e51abed5d11bb20668ba7a2b0bff7626e9a4d54505ad95979c24a1d81a879fbb418e34d3664dacc2f38c50d2318ce3ad01a0a88d5ef4011bb07082b7aa365e949da0fda43cb86bfb975de002ee1d1aef420cb136a7da57622041169586a01eda0659c43350848f016fc1f3962", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xaec)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4)
io_uring_enter(r2, 0x1e76, 0x0, 0x6, 0x0, 0x0)

211.398843ms ago: executing program 4 (id=1672):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pipe2$9p(&(0x7f0000000240), 0x0)
r2 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
openat$cgroup_procs(r3, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a300000000040000380080001400000000008000240000000002c0003801400010076657468305f746f5f627269646765001400010067656e6576653000000000000000000048000000180a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380180003801400010067656e65766530"], 0xfc}}, 0x0)

181.766154ms ago: executing program 1 (id=1673):
syz_emit_ethernet(0x15a, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603000bb01242b00fc020000000000000000030000000000fe8000000000000000000000000000aa3b0a"], 0x0)

181.013855ms ago: executing program 4 (id=1674):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)

158.281883ms ago: executing program 1 (id=1675):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00"/13], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a300000000040000380080001400000000008000240000000002c0003801400010076657468305f746f5f627269646765001400010067656e6576653000000000000000000048000000180a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380180003801400010067656e65766530"], 0xfc}}, 0x0)

157.801773ms ago: executing program 4 (id=1676):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = dup(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0xa4}, [@ldst={0x4}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
epoll_create(0xf)
ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0x8, 0x9, 0x13, 0x9, 0x4, 0x5, 0x3, 0x16}})
syz_open_procfs(0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f00000001c0)={[{@quota}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpjquota}, {@norecovery}, {@nobarrier}]}, 0x3, 0x4c1, &(0x7f0000000680)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX9AofQX7VOf+lLocymU/AmlEGjfSyktoU3Shz60VZF81SSubMvEshLr84Hje8+9V/5+j4SOdO656AbQsU5FxFhEdEXE2YjoT7dn0hJr66V63IP7tyarJYlK5dqXSSTptvr/StLlkfRhvRHxr39E/Df5adzSyurcRKGQX0rrufL8Yq60snpudn5iJj+TXxgbGb44emn0wujQrrX18t8+e+WFt/5++f0/3vhk/Isz/6um1Zfue7wdzVhr8rj1pvfUnou67ohY2kmwZ1hX2p6edicCAEBTqt/xfx4Rv42Ih6+3OxsAAACgFSp/6Ytvk4gKAAAAsG9latfAJplsei1AX2Qy2ez6Nby/jMOZQrFU/sN0cXlhav1a2YHoyUzPFvJD6bXCA9GTVOvDtfVH9fMb6iMRcSwiXuo/VKtnJ4uFqXaf/AAAAIAOcWTD+P/r/vXxPwAAALDPDLQ7AQAAAKDljP8BAABg/9t0/J90720iAAAAQCv888qVaqnU7389dX1lea54/dxUvjSXnV+ezE4WlxazM8XiTO03++a3+3+FYnHxT7GwfDNXzpfKudLK6vh8cXmhPF67r/d43n2iAQAAYO8d+82dj5OIWPvzoVqpOpDua2KsPtba7IBWyuzs8KRVeQB7r6vdCQBt4wJf6Fzm44FtBvYvb6jv8LQBAADwLBj81VPN/5sPhOeYgTx0LvP/0LnM/0PnMv8PHe7g9of0brbjg13OBQAAaJm+Wkky2XQusC8ymWw24mjttgA9yfRsIT8UET+LiI/6ew5W68PtThoAAAAAAAAAAAAAAAAAAAAAAAAAnjOVShIVAAAAYF+LyHyepDfyH+w/3bfx/MCB5Jv+2jIibrxx7dWbE+Xy0nB1+1c/bi+/lm4/344zGAAAAMBG9XF6fRwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvpwf1bk/Wyl3Hv/TUiBhrF747e2rL33f6IOPwwie7HHpdERNcuxF+7HRHHG8VPqmnFQJrFxviZiDjU5vhHdiE+dLI71f5nrNH7LxOnasvG77/utDyte6c26/8y9f6v1s816v+ONhnjxN13cpvGvx1xortx/1OPnzxl//uff6+ubrav8mbEYMPPn+SJWLny/GKutLJ6bnZ+YiY/k18YGRm+OHpp9MLoUG56tpBP/zaM8eKv3/t+q/Yf3iT+wDbtP91k+7+7e/P+L7aIf+Z3jV//41vErz73v08/B6r7B+vra+vrjzv59ocnt2r/1Cbt3+71P9Nk+89e/f+nTR4KAOyB0srq3EShkF+yYsXK/lu5mr7Rd/zwNndMAADArnv0pb/dmQAAAAAAAAAAAAAAAAAAAEDnavmPkB188pcFetvXVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALf0QAAD//9sy0wA=")
lsetxattr$security_selinux(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), &(0x7f0000000180)='system_u:object_r:initrc_var_run_t:s0\x00', 0x26, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x40, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002220207b1af8ff0000008d2a777ea35b1e890007010000f8ffffffb702000000000000b703000006000000850000000400000085000000d00000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='tlb_flush\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
fcntl$setlease(r3, 0x400, 0x0)
syz_mount_image$msdos(&(0x7f00000003c0), &(0x7f0000000340)='.\x00', 0x126a4b5, &(0x7f0000001280)=ANY=[], 0x6, 0x0, &(0x7f0000000000))
connect$pppl2tp(r0, &(0x7f0000000340)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x400003, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local, 0x4}}}, 0x3a)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r7, 0x701, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4040050}, 0x20044844)
chdir(0x0)
syz_clone(0xa00200, 0x0, 0xfffffffffffffef2, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
socket$inet_udp(0x2, 0x2, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r8, 0x29, 0x19, &(0x7f0000000140)=0xa80, 0x4)
sendmmsg$inet6(r8, &(0x7f0000001540)=[{{&(0x7f0000000340)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="e8020000000000002900000004000000005a"], 0x2e8}}], 0x1, 0x80)

146.098967ms ago: executing program 1 (id=1677):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001200)=ANY=[@ANYBLOB="0b00000007000000088000000400000005"], 0x50)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace(0x10, r1)
tgkill(r1, r1, 0x12)
r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x8, 0x88240, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, @perf_bp={0x0, 0x13}, 0x400, 0xffffffff, 0x6, 0x6, 0x0, 0x1, 0xfff9, 0x0, 0x0, 0x0, 0x6}, r1, 0x0, 0xffffffffffffffff, 0x3)
socket$caif_seqpacket(0x25, 0x5, 0x4)
r3 = syz_io_uring_setup(0x6908, &(0x7f00000006c0)={0x0, 0x2, 0x4}, &(0x7f0000000200), &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000240))
syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r3, 0x184c, 0x0, 0x0, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r6)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000bc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r7}, 0x10)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
r9 = getpgrp(0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r9, r8, 0x0, 0x5, &(0x7f0000000080)='**#@\x00'}, 0x30)
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x40082406, &(0x7f0000000240)='{2-\xb9](!\x00')

71.610594ms ago: executing program 4 (id=1678):
r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000040)=""/54, 0x36)
getdents64(r1, 0xfffffffffffffffe, 0x29)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r3=>0x0})
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000cff5000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="00000000014006002000128008000100687372001400028008000200", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r5], 0x40}}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x10, 0x4, &(0x7f0000000340)=@raw=[@map_idx={0x18, 0x9, 0x5, 0x0, 0xa}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x100}], &(0x7f0000000380)='GPL\x00', 0x6, 0xe, &(0x7f00000003c0)=""/14, 0x41100, 0x6, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000440)={0x1, 0xf, 0x1, 0xfa2}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x5, &(0x7f0000000480)=[0x1], &(0x7f00000004c0)=[{0x2, 0x1, 0x4, 0xc}, {0x2, 0x4, 0x8, 0xc}, {0x2, 0x2, 0x1, 0xa}, {0x5, 0x2, 0x8, 0x2}, {0x4, 0x5, 0xd, 0x7}], 0x10, 0x4, @void, @value}, 0x94)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000740)={0x0, r2}, 0x8)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x9, 0x3, 0x8, 0xb, 0x2, 0xffffffffffffffff, 0xea, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = dup2(r0, r0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_tracing={0x1a, 0x14, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x7436}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@btf_id={0x18, 0x2, 0x3, 0x0, 0x4}, @ldst={0x0, 0x0, 0x0, 0x0, 0x7, 0x100, 0x10}, @initr0], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='GPL\x00', 0x4, 0x40, &(0x7f0000000280)=""/64, 0x41100, 0x15, '\x00', r5, 0x1a, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0x5, 0xffffffff, 0x8}, 0x10, 0x19b29, r6, 0x4, &(0x7f0000000600)=[r8, 0xffffffffffffffff, r8], &(0x7f0000000640)=[{0x3, 0x4, 0xb, 0x3}, {0x5, 0x5, 0x5, 0x5}, {0x0, 0x4, 0x8, 0x8}, {0x0, 0x1, 0xc, 0x3}], 0x10, 0x9, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x20, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000a0000000040000000000000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

32.339449ms ago: executing program 5 (id=1679):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_bp={0x0}, 0x8100, 0x0, 0x800000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r0 = socket$inet6_dccp(0xa, 0x6, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000480)={0x0, r0}, 0x8)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r2)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r1, 0x0, 0x40)
syz_genetlink_get_family_id$nl802154(&(0x7f0000001140), r1)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f000000e880)={'wpan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r3, &(0x7f000000ea00)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01a335579d00fe3702d076c96abd4c8669de330a312ddbdf25180000000400308008000395", @ANYRES32=r4, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000040)
accept$packet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000004880)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0)
read$eventfd(r6, &(0x7f0000000040), 0x8)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x200, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0xa, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000025c0)=@newtfilter={0x34, 0x2c, 0xd27, 0x170bd28, 0x0, {0x0, 0x0, 0x0, r9, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r11}, 0x10)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="a1ab0000000000000000320000000800170156000000958480f0642a7bbac3767c30f3d739f11b8caf40e0917ba870792edc5925ee20a5ecc3868d30a479af6e250ab6f1d76a46dd192b86be63abb049c2891b19dbfddcc1965b33822de3f151f6345e2826ac9b68da6228"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff00000000030000000000000000000000020000000000000000"], 0x0, 0x56, 0x0, 0x3, 0x0, 0x0, @void, @value}, 0x28)

32.088308ms ago: executing program 4 (id=1680):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x9135}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000021300011800b00010074617267657400002000028005000300c400000008000240000000000a0001004155444954"], 0xb4}}, 0x0)

21.951762ms ago: executing program 1 (id=1681):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e0000008500000050000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{}, &(0x7f0000000400), 0x0}, 0x20)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB="000400"/18, @ANYRES32], 0x50)
pipe2$9p(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r5 = dup(r4)
write$P9_RLERRORu(r5, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
r6 = creat(&(0x7f0000000380)='./file0\x00', 0x80)
write$binfmt_elf64(r6, &(0x7f0000000040)=ANY=[], 0xfffffecf)

0s ago: executing program 4 (id=1682):
syz_io_uring_setup(0x6f1a, &(0x7f0000000c40)={0x0, 0xf801, 0x10100, 0x0, 0x23c}, &(0x7f0000000000), &(0x7f00000002c0))
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r1, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$rds(r1, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

kernel console output (not intermixed with test programs):

41] loop1: detected capacity change from 0 to 512
[   60.744439][ T5141] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   60.763169][ T5145] loop5: detected capacity change from 0 to 512
[   60.775290][ T5145] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   60.809395][ T5141] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.528: invalid block
[   60.809531][ T5145] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2240: inode #15: comm syz.5.530: corrupted in-inode xattr: e_name out of bounds
[   60.832194][ T5141] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.528: invalid indirect mapped block 4294967295 (level 1)
[   60.869690][ T5141] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.528: invalid indirect mapped block 4294967295 (level 1)
[   60.898360][ T5141] EXT4-fs (loop1): 2 truncates cleaned up
[   60.907591][ T5145] EXT4-fs (loop5): Remounting filesystem read-only
[   60.925946][ T5145] EXT4-fs (loop5): 1 truncate cleaned up
[   60.933452][ T5145] SELinux: (dev loop5, type ext4) getxattr errno 5
[   60.948673][ T5141] EXT4-fs (loop1): shut down requested (0)
[   60.984582][   T29] audit: type=1326 audit(2000000030.750:5521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.5.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[   61.026767][   T29] audit: type=1326 audit(2000000030.750:5522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.5.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[   61.050868][   T29] audit: type=1326 audit(2000000030.790:5523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.5.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[   61.074498][   T29] audit: type=1326 audit(2000000030.790:5524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.5.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[   61.098182][   T29] audit: type=1326 audit(2000000030.790:5525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5156 comm="syz.5.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f5a4f50fa25 code=0x7ffc0000
[   61.123433][   T29] audit: type=1326 audit(2000000030.790:5526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5144 comm="syz.5.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[   61.147981][ T5157] FAULT_INJECTION: forcing a failure.
[   61.147981][ T5157] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   61.161644][ T5157] CPU: 0 UID: 0 PID: 5157 Comm: +}[@ Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[   61.161674][ T5157] Tainted: [W]=WARN
[   61.161680][ T5157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   61.161692][ T5157] Call Trace:
[   61.161698][ T5157]  <TASK>
[   61.161706][ T5157]  dump_stack_lvl+0xf2/0x150
[   61.161756][ T5157]  dump_stack+0x15/0x1a
[   61.161777][ T5157]  should_fail_ex+0x24a/0x260
[   61.161820][ T5157]  should_fail+0xb/0x10
[   61.161848][ T5157]  should_fail_usercopy+0x1a/0x20
[   61.161881][ T5157]  _copy_from_user+0x1c/0xa0
[   61.161899][ T5157]  do_sock_getsockopt+0xd3/0x260
[   61.161926][ T5157]  __x64_sys_getsockopt+0x18c/0x200
[   61.162020][ T5157]  x64_sys_call+0x1288/0x2dc0
[   61.162046][ T5157]  do_syscall_64+0xc9/0x1c0
[   61.162133][ T5157]  ? clear_bhb_loop+0x55/0xb0
[   61.162160][ T5157]  ? clear_bhb_loop+0x55/0xb0
[   61.162188][ T5157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.162215][ T5157] RIP: 0033:0x7f30fa10d169
[   61.162230][ T5157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.162247][ T5157] RSP: 002b:00007f30f8777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   61.162326][ T5157] RAX: ffffffffffffffda RBX: 00007f30fa325fa0 RCX: 00007f30fa10d169
[   61.162338][ T5157] RDX: 000000000000001f RSI: 0000000000000001 RDI: 0000000000000003
[   61.162349][ T5157] RBP: 00007f30f8777090 R08: 0000400000001000 R09: 0000000000000000
[   61.162361][ T5157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   61.162372][ T5157] R13: 0000000000000000 R14: 00007f30fa325fa0 R15: 00007ffc7b1f3678
[   61.162391][ T5157]  </TASK>
[   61.449731][ T5165] netlink: 'syz.1.536': attribute type 3 has an invalid length.
[   61.520298][ T5170] loop3: detected capacity change from 0 to 512
[   61.548575][ T5176] FAULT_INJECTION: forcing a failure.
[   61.548575][ T5176] name fail_futex, interval 1, probability 0, space 0, times 1
[   61.561542][ T5176] CPU: 1 UID: 0 PID: 5176 Comm: syz.0.541 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[   61.561617][ T5176] Tainted: [W]=WARN
[   61.561624][ T5176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   61.561636][ T5176] Call Trace:
[   61.561643][ T5176]  <TASK>
[   61.561653][ T5176]  dump_stack_lvl+0xf2/0x150
[   61.561687][ T5176]  dump_stack+0x15/0x1a
[   61.561783][ T5176]  should_fail_ex+0x24a/0x260
[   61.561814][ T5176]  should_fail+0xb/0x10
[   61.561845][ T5176]  should_fail_futex+0x50/0x60
[   61.561892][ T5176]  __se_sys_futex+0x13e/0x3a0
[   61.561924][ T5176]  __x64_sys_futex+0x78/0x90
[   61.561950][ T5176]  x64_sys_call+0x2d6a/0x2dc0
[   61.562031][ T5176]  do_syscall_64+0xc9/0x1c0
[   61.562069][ T5176]  ? clear_bhb_loop+0x55/0xb0
[   61.562179][ T5176]  ? clear_bhb_loop+0x55/0xb0
[   61.562272][ T5176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.562345][ T5176] RIP: 0033:0x7f302ef2d169
[   61.562412][ T5176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   61.562451][ T5176] RSP: 002b:00007f302d597038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   61.562472][ T5176] RAX: ffffffffffffffda RBX: 00007f302f145fa0 RCX: 00007f302ef2d169
[   61.562486][ T5176] RDX: 0000000000000004 RSI: 000080000000000b RDI: 000040000000cffc
[   61.562507][ T5176] RBP: 00007f302d597090 R08: 0000400000048000 R09: 0000000000000000
[   61.562521][ T5176] R10: 000040000000b000 R11: 0000000000000246 R12: 0000000000000001
[   61.562542][ T5176] R13: 0000000000000000 R14: 00007f302f145fa0 R15: 00007ffdb5ed1828
[   61.562561][ T5176]  </TASK>
[   61.825633][ T5180] loop0: detected capacity change from 0 to 1024
[   61.833046][ T5170] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.539: bg 0: block 35: padding at end of block bitmap is not set
[   61.868509][ T5170] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   61.877650][ T5180] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040c018, mo2=0002]
[   61.887094][ T5180] System zones: 0-1, 3-12
[   61.896453][ T5170] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.539: invalid indirect mapped block 4294967295 (level 1)
[   61.914057][ T5180] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2793: inode #12: comm syz.0.542: corrupted in-inode xattr: bad magic number in in-inode xattr
[   61.931886][ T5180] netlink: 17 bytes leftover after parsing attributes in process `syz.0.542'.
[   61.948290][ T5170] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.539: invalid indirect mapped block 4294967295 (level 2)
[   61.990463][ T5170] EXT4-fs (loop3): 1 truncate cleaned up
[   62.128415][ T5191] loop3: detected capacity change from 0 to 736
[   62.136363][ T5174] loop1: detected capacity change from 0 to 128
[   62.216374][ T5174] syz.1.540: attempt to access beyond end of device
[   62.216374][ T5174] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128
[   62.261273][ T5172] syz.1.540: attempt to access beyond end of device
[   62.261273][ T5172] loop1: rw=524288, sector=145, nr_sectors = 224 limit=128
[   62.290128][ T5174] syz.1.540: attempt to access beyond end of device
[   62.290128][ T5174] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[   62.318452][ T5174] syz.1.540: attempt to access beyond end of device
[   62.318452][ T5174] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[   62.345631][ T5174] syz.1.540: attempt to access beyond end of device
[   62.345631][ T5174] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[   62.366320][ T5174] syz.1.540: attempt to access beyond end of device
[   62.366320][ T5174] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[   62.381542][ T5174] syz.1.540: attempt to access beyond end of device
[   62.381542][ T5174] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[   62.396094][ T5174] syz.1.540: attempt to access beyond end of device
[   62.396094][ T5174] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[   62.411940][ T5174] syz.1.540: attempt to access beyond end of device
[   62.411940][ T5174] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[   62.431708][ T5174] syz.1.540: attempt to access beyond end of device
[   62.431708][ T5174] loop1: rw=0, sector=145, nr_sectors = 8 limit=128
[   62.457697][ T5201] loop5: detected capacity change from 0 to 2048
[   62.500124][ T5201] GPT:first_usable_lbas don't match.
[   62.505489][ T5201] GPT:34 != 290
[   62.509061][ T5201] GPT: Use GNU Parted to correct GPT errors.
[   62.515205][ T5201]  loop5: p1 p2 p3
[   62.536781][ T5212] loop1: detected capacity change from 0 to 1024
[   62.559394][ T5212] EXT4-fs: Ignoring removed oldalloc option
[   62.565479][ T5212] EXT4-fs: Ignoring removed bh option
[   62.577884][ T5212] EXT4-fs: Ignoring removed bh option
[   62.701240][ T5220] loop1: detected capacity change from 0 to 512
[   62.713068][ T5220] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.554: bg 0: block 35: padding at end of block bitmap is not set
[   62.729744][ T5220] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   62.739597][ T5220] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.554: invalid indirect mapped block 4294967295 (level 1)
[   62.754195][ T5220] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.554: invalid indirect mapped block 4294967295 (level 2)
[   62.768753][ T5220] EXT4-fs (loop1): 1 truncate cleaned up
[   62.859594][ T5234] loop1: detected capacity change from 0 to 1024
[   62.877053][ T5234] EXT4-fs: Ignoring removed i_version option
[   63.160011][ T5258] Driver unsupported XDP return value 0 on prog  (id 524) dev N/A, expect packet loss!
[   63.333786][ T5283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.573'.
[   63.546812][ T5281] netlink: 36 bytes leftover after parsing attributes in process `syz.1.571'.
[   63.631310][ T5297] loop1: detected capacity change from 0 to 2048
[   63.674947][ T5297] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.730141][ T5285] netlink: 36 bytes leftover after parsing attributes in process `syz.4.572'.
[   63.909771][ T5311] loop1: detected capacity change from 0 to 512
[   63.916587][ T5311] EXT4-fs: test_dummy_encryption option not supported
[   63.928425][ T5309] loop3: detected capacity change from 0 to 512
[   63.936734][ T5309] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.583: bg 0: block 35: padding at end of block bitmap is not set
[   63.953462][ T5309] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   63.962950][ T5309] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.583: invalid indirect mapped block 4294967295 (level 1)
[   63.979634][ T5309] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.583: invalid indirect mapped block 4294967295 (level 2)
[   63.994563][ T5309] EXT4-fs (loop3): 1 truncate cleaned up
[   64.091390][ T5326] netlink: 8 bytes leftover after parsing attributes in process `syz.4.590'.
[   64.193892][ T5338] tipc: New replicast peer: 255.0.0.255
[   64.200188][ T5338] tipc: Enabled bearer <udp:s>, priority 10
[   64.364906][ T5352] netlink: 8 bytes leftover after parsing attributes in process `syz.4.599'.
[   64.393267][ T5352] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.419183][ T5351] loop5: detected capacity change from 0 to 2048
[   64.426314][ T5351] EXT4-fs: inline encryption not supported
[   64.459882][ T5351] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   64.477518][ T5352] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.488280][ T5351] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 13 with max blocks 1 with error 28
[   64.503063][ T5351] EXT4-fs (loop5): This should not happen!! Data will be lost
[   64.503063][ T5351] 
[   64.510379][ T5353] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   64.514015][ T5351] EXT4-fs (loop5): Total free blocks count 0
[   64.526322][ T5353] EXT4-fs (loop5): This should not happen!! Data will be lost
[   64.526322][ T5353] 
[   64.526344][ T5353] EXT4-fs (loop5): Total free blocks count 0
[   64.526359][ T5353] EXT4-fs (loop5): Free/Dirty block details
[   64.526372][ T5353] EXT4-fs (loop5): free_blocks=2415919104
[   64.532924][ T5351] EXT4-fs (loop5): Free/Dirty block details
[   64.532941][ T5351] EXT4-fs (loop5): free_blocks=2415919104
[   64.610078][ T5352] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.650220][ T5352] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   64.741869][ T5388] loop3: detected capacity change from 0 to 512
[   64.766066][ T5352] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.780389][ T5388] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.609: bg 0: block 35: padding at end of block bitmap is not set
[   64.785474][ T5352] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.819685][ T5352] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.828714][ T5388] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   64.833124][ T5352] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.856803][ T5388] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.609: invalid indirect mapped block 4294967295 (level 1)
[   64.881083][ T5388] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.609: invalid indirect mapped block 4294967295 (level 2)
[   64.897988][ T5388] EXT4-fs (loop3): 1 truncate cleaned up
[   64.910017][ T5398] loop1: detected capacity change from 0 to 256
[   64.929617][   T29] kauditd_printk_skb: 387 callbacks suppressed
[   64.929633][   T29] audit: type=1326 audit(2000000034.700:5914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   64.959539][   T29] audit: type=1326 audit(2000000034.700:5915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   64.983958][   T29] audit: type=1326 audit(2000000034.700:5916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   65.008493][   T29] audit: type=1326 audit(2000000034.700:5917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   65.033222][   T29] audit: type=1326 audit(2000000034.700:5918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   65.060432][   T29] audit: type=1326 audit(2000000034.780:5919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   65.084229][   T29] audit: type=1326 audit(2000000034.780:5920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   65.108285][   T29] audit: type=1326 audit(2000000034.780:5921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   65.132628][   T29] audit: type=1326 audit(2000000034.860:5922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   65.156527][   T29] audit: type=1326 audit(2000000034.860:5923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5397 comm="syz.1.612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   65.367914][ T5427] loop3: detected capacity change from 0 to 128
[   65.386625][ T5427] ext4 filesystem being mounted at /137/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   65.441307][ T5431] IPv6: Can't replace route, no match found
[   65.456911][ T5407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   65.465996][ T5407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   65.692946][ T5460] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   65.726362][ T5465] loop3: detected capacity change from 0 to 1024
[   65.735491][ T5465] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   65.747693][ T5465] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[   65.761961][ T5465] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   65.775474][ T5465] EXT4-fs (loop3): invalid journal inode
[   65.791489][ T5465] EXT4-fs (loop3): can't get journal size
[   65.807905][ T5465] EXT4-fs error (device loop3): ext4_protect_reserved_inode:182: inode #3: comm syz.3.637: blocks 2-2 from inode overlap system zone
[   65.823793][ T5465] EXT4-fs (loop3): failed to initialize system zone (-117)
[   65.831219][ T5465] EXT4-fs (loop3): mount failed
[   65.852830][ T5470] netlink: 80 bytes leftover after parsing attributes in process `syz.0.639'.
[   65.869395][ T5472] validate_nla: 6 callbacks suppressed
[   65.869414][ T5472] netlink: 'syz.1.640': attribute type 3 has an invalid length.
[   65.893208][ T5472] netlink: 'syz.1.640': attribute type 3 has an invalid length.
[   65.928573][ T5478] loop1: detected capacity change from 0 to 256
[   65.996834][ T5474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.641'.
[   66.015669][ T5485] ALSA: seq fatal error: cannot create timer (-19)
[   66.024834][ T5489] netlink: 'syz.4.647': attribute type 21 has an invalid length.
[   66.033079][ T5489] netlink: 'syz.4.647': attribute type 20 has an invalid length.
[   66.041524][ T5489] IPv6: NLM_F_CREATE should be specified when creating new route
[   66.071958][ T5493] loop1: detected capacity change from 0 to 1024
[   66.094013][ T5493] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   66.112618][ T5493] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   66.170849][ T5493] EXT4-fs (loop1): orphan cleanup on readonly fs
[   66.194548][ T5493] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5838: Corrupt filesystem
[   66.210001][ T5493] EXT4-fs (loop1): Remounting filesystem read-only
[   66.216973][ T5493] EXT4-fs (loop1): 1 orphan inode deleted
[   66.256346][ T5509] 9pnet_fd: Insufficient options for proto=fd
[   66.266671][ T5493] SELinux: (dev loop1, type ext4) getxattr errno 5
[   66.304649][ T5511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.656'.
[   66.314178][ T5504] loop5: detected capacity change from 0 to 8192
[   66.322709][ T5511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.656'.
[   66.323762][ T5504] vfat: Unknown parameter ''
[   66.373720][ T5517] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5517 comm=syz.4.659
[   66.457655][ T5524] loop5: detected capacity change from 0 to 1024
[   66.465494][ T5526] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma?
[   66.481387][ T5524] EXT4-fs: Ignoring removed orlov option
[   66.487539][ T5524] EXT4-fs: Ignoring removed nomblk_io_submit option
[   66.803556][ T5556] loop5: detected capacity change from 0 to 512
[   66.852615][ T5556] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   66.867240][ T5563] xt_CT: No such helper "snmp_trap"
[   67.474704][ T5587] loop5: detected capacity change from 0 to 1024
[   67.488601][ T5587] EXT4-fs: Ignoring removed orlov option
[   67.494341][ T5587] EXT4-fs: Ignoring removed nomblk_io_submit option
[   67.502882][ T5591] __nla_validate_parse: 3 callbacks suppressed
[   67.502897][ T5591] netlink: 4 bytes leftover after parsing attributes in process `syz.1.683'.
[   67.534380][ T5591] netlink: 4 bytes leftover after parsing attributes in process `syz.1.683'.
[   67.565031][ T5579] netlink: 36 bytes leftover after parsing attributes in process `syz.0.677'.
[   67.620745][ T5602] netlink: 24 bytes leftover after parsing attributes in process `syz.1.687'.
[   67.634395][ T5602] netlink: 24 bytes leftover after parsing attributes in process `syz.1.687'.
[   67.652133][ T5602] netlink: 'syz.1.687': attribute type 4 has an invalid length.
[   67.768069][ T5608] loop3: detected capacity change from 0 to 512
[   67.776133][ T5608] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   67.811168][ T5608] EXT4-fs (loop3): 1 truncate cleaned up
[   67.857992][ T5613] netlink: 'syz.5.690': attribute type 3 has an invalid length.
[   67.884692][ T5613] netlink: 'syz.5.690': attribute type 3 has an invalid length.
[   67.897727][ T5608] EXT4-fs (loop3): shut down requested (0)
[   67.966273][ T5620] netlink: 56 bytes leftover after parsing attributes in process `syz.4.694'.
[   68.105222][ T5632] netlink: 'syz.0.699': attribute type 13 has an invalid length.
[   68.161350][ T5632] gretap0: refused to change device tx_queue_len
[   68.167779][ T5632] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   68.218575][ T3296] EXT4-fs unmount: 87 callbacks suppressed
[   68.218665][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.256647][ T5637] loop3: detected capacity change from 0 to 1024
[   68.265798][ T5637] EXT4-fs: Ignoring removed orlov option
[   68.272923][ T5637] EXT4-fs: Ignoring removed nomblk_io_submit option
[   68.290580][ T5637] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.314880][ T5644] netlink: 'syz.0.702': attribute type 21 has an invalid length.
[   68.316079][ T5630] netlink: 36 bytes leftover after parsing attributes in process `syz.5.696'.
[   68.322921][ T5644] netlink: 132 bytes leftover after parsing attributes in process `syz.0.702'.
[   68.406964][ T5642] loop5: detected capacity change from 0 to 2048
[   68.430748][ T5642] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.484266][ T5642] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   68.552486][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.576988][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.589537][ T5660] netlink: 28 bytes leftover after parsing attributes in process `syz.5.708'.
[   68.622395][ T5657] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.707'.
[   68.657474][ T5666] ref_ctr_offset mismatch. inode: 0x3d9 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0
[   68.770688][ T5673] loop5: detected capacity change from 0 to 512
[   68.847613][ T5686] loop5: detected capacity change from 0 to 1024
[   68.856318][ T5686] EXT4-fs: Ignoring removed orlov option
[   68.862378][ T5686] EXT4-fs: Ignoring removed nomblk_io_submit option
[   68.884286][ T5686] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.955609][ T5707] tmpfs: Bad value for 'mpol'
[   69.151284][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.242676][ T5737] loop5: detected capacity change from 0 to 2048
[   69.268665][ T5743] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   69.276882][ T5743] batman_adv: batadv0: Removing interface: batadv_slave_0
[   69.287765][ T5743] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   69.296078][ T5743] batman_adv: batadv0: Removing interface: batadv_slave_1
[   69.391155][ T5754] loop5: detected capacity change from 0 to 1024
[   69.398735][ T5754] EXT4-fs: Ignoring removed orlov option
[   69.404775][ T5754] EXT4-fs: Ignoring removed nomblk_io_submit option
[   69.420382][ T5754] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   69.518848][ T5763] Option '    ' to dns_resolver key: bad/missing value
[   69.590596][ T3355] IPVS: starting estimator thread 0...
[   69.660104][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.678296][ T5772] IPVS: using max 2160 ests per chain, 108000 per kthread
[   69.769735][ T5786] loop3: detected capacity change from 0 to 1024
[   69.807062][ T5786] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.073505][ T5802] loop1: detected capacity change from 0 to 764
[   70.082720][   T29] kauditd_printk_skb: 170 callbacks suppressed
[   70.082772][   T29] audit: type=1400 audit(2000000039.850:6090): avc:  denied  { mount } for  pid=5801 comm="syz.1.761" name="/" dev="loop1" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   70.131356][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.155644][   T29] audit: type=1400 audit(2000000039.920:6091): avc:  denied  { unmount } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   70.202774][ T5808] tipc: Started in network mode
[   70.207954][ T5808] tipc: Node identity ac14140f, cluster identity 4711
[   70.227681][ T5808] tipc: New replicast peer: 10.1.1.2
[   70.233401][ T5808] tipc: Enabled bearer <udp:syz2>, priority 10
[   70.277648][ T5819] netlink: 'syz.0.769': attribute type 3 has an invalid length.
[   70.294507][ T5822] loop3: detected capacity change from 0 to 128
[   70.332410][   T29] audit: type=1326 audit(2000000040.070:6092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.1.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   70.356817][   T29] audit: type=1326 audit(2000000040.070:6093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.1.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   70.381394][   T29] audit: type=1326 audit(2000000040.070:6094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.1.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   70.406051][   T29] audit: type=1326 audit(2000000040.070:6095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.1.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   70.430333][   T29] audit: type=1326 audit(2000000040.070:6096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.1.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   70.430498][ T5829] loop1: detected capacity change from 0 to 512
[   70.454931][   T29] audit: type=1326 audit(2000000040.070:6097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.1.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   70.484929][   T29] audit: type=1326 audit(2000000040.080:6098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.1.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   70.509697][   T29] audit: type=1326 audit(2000000040.080:6099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.1.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   70.569409][ T5829] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.598242][ T5829] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   70.638368][ T5829] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #2: comm syz.1.773: corrupted inode contents
[   70.638593][ T5829] EXT4-fs error (device loop1): ext4_dirty_inode:6042: inode #2: comm syz.1.773: mark_inode_dirty error
[   70.638801][ T5829] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #2: comm syz.1.773: corrupted inode contents
[   70.639196][ T5829] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #2: comm syz.1.773: mark_inode_dirty error
[   70.664632][ T5851] loop5: detected capacity change from 0 to 512
[   70.701380][ T5851] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   70.723714][ T5851] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002]
[   70.736132][ T3295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.736345][ T5851] System zones: 1-12
[   70.753346][ T5851] EXT4-fs (loop5): 1 truncate cleaned up
[   70.766716][ T5851] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   70.788718][ T5851] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.105301][ T5881] bond1: entered promiscuous mode
[   71.110585][ T5881] bond1: entered allmulticast mode
[   71.134481][ T5881] 8021q: adding VLAN 0 to HW filter on device bond1
[   71.252064][ T5881] bond1 (unregistering): Released all slaves
[   71.665665][ T3355] tipc: Node number set to 2886997007
[   71.754626][ T5905] validate_nla: 1 callbacks suppressed
[   71.754651][ T5905] netlink: 'syz.1.798': attribute type 9 has an invalid length.
[   71.786640][ T5900] loop5: detected capacity change from 0 to 8192
[   72.163665][ T5928] FAULT_INJECTION: forcing a failure.
[   72.163665][ T5928] name failslab, interval 1, probability 0, space 0, times 0
[   72.176511][ T5928] CPU: 0 UID: 0 PID: 5928 Comm: syz.1.801 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[   72.176547][ T5928] Tainted: [W]=WARN
[   72.176553][ T5928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   72.176571][ T5928] Call Trace:
[   72.176579][ T5928]  <TASK>
[   72.176588][ T5928]  dump_stack_lvl+0xf2/0x150
[   72.176622][ T5928]  dump_stack+0x15/0x1a
[   72.176648][ T5928]  should_fail_ex+0x24a/0x260
[   72.176680][ T5928]  should_failslab+0x8f/0xb0
[   72.176781][ T5928]  __kmalloc_noprof+0xab/0x3f0
[   72.176806][ T5928]  ? kernfs_fop_write_iter+0xe1/0x2c0
[   72.176880][ T5928]  kernfs_fop_write_iter+0xe1/0x2c0
[   72.176969][ T5928]  iter_file_splice_write+0x5f1/0x980
[   72.177012][ T5928]  ? __pfx_iter_file_splice_write+0x10/0x10
[   72.177086][ T5928]  do_splice+0x98f/0x1100
[   72.177111][ T5928]  ? get_pid_task+0x8e/0xc0
[   72.177138][ T5928]  ? proc_fail_nth_write+0x12a/0x150
[   72.177169][ T5928]  ? __rcu_read_unlock+0x4e/0x70
[   72.177196][ T5928]  ? __fget_files+0x17c/0x1c0
[   72.177297][ T5928]  __se_sys_splice+0x259/0x3a0
[   72.177327][ T5928]  __x64_sys_splice+0x78/0x90
[   72.177359][ T5928]  x64_sys_call+0x2ce8/0x2dc0
[   72.177386][ T5928]  do_syscall_64+0xc9/0x1c0
[   72.177461][ T5928]  ? clear_bhb_loop+0x55/0xb0
[   72.177632][ T5928]  ? clear_bhb_loop+0x55/0xb0
[   72.177661][ T5928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.177694][ T5928] RIP: 0033:0x7f236d76d169
[   72.177712][ T5928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.177732][ T5928] RSP: 002b:00007f236bdb0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   72.177803][ T5928] RAX: ffffffffffffffda RBX: 00007f236d986080 RCX: 00007f236d76d169
[   72.177818][ T5928] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[   72.177847][ T5928] RBP: 00007f236bdb0090 R08: 000000000000bfd1 R09: 0000000000000000
[   72.177858][ T5928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.177916][ T5928] R13: 0000000000000001 R14: 00007f236d986080 R15: 00007fffa1d14d68
[   72.177939][ T5928]  </TASK>
[   72.492747][ T5936] loop5: detected capacity change from 0 to 256
[   72.531612][ T5936] FAT-fs (loop5): Directory bread(block 1285) failed
[   72.629459][ T5936] FAT-fs (loop5): Directory bread(block 1285) failed
[   72.636685][ T5936] FAT-fs (loop5): Directory bread(block 1285) failed
[   72.679905][ T5936] FAT-fs (loop5): Directory bread(block 1285) failed
[   72.708946][ T5941] program syz.4.807 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   72.914751][ T5952] netlink: 'syz.5.810': attribute type 3 has an invalid length.
[   72.948487][ T5952] netlink: 'syz.5.810': attribute type 3 has an invalid length.
[   73.003407][ T5956] loop1: detected capacity change from 0 to 1024
[   73.031333][ T5956] journal_path: not usable as path
[   73.037751][ T5956] EXT4-fs: error: could not find journal device path
[   73.068838][ T5961] macsec1: entered promiscuous mode
[   73.074619][ T5961] macvlan0: entered promiscuous mode
[   73.081097][ T5961] macsec1: entered allmulticast mode
[   73.087137][ T5961] macvlan0: entered allmulticast mode
[   73.094016][ T5961] veth1_vlan: entered allmulticast mode
[   73.141965][ T5961] macvlan0: left allmulticast mode
[   73.147166][ T5961] veth1_vlan: left allmulticast mode
[   73.152672][ T5961] macvlan0: left promiscuous mode
[   73.241841][ T5972] loop1: detected capacity change from 0 to 512
[   73.250791][ T5972] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   73.310849][ T5972] EXT4-fs error (device loop1): ext4_acquire_dquot:6927: comm syz.1.816: Failed to acquire dquot type 0
[   73.337371][ T5972] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1145: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   73.383238][ T5972] EXT4-fs (loop1): 1 truncate cleaned up
[   73.395490][ T5972] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.442951][ T5987] netlink: 'syz.0.823': attribute type 3 has an invalid length.
[   73.456554][ T5987] netlink: 'syz.0.823': attribute type 3 has an invalid length.
[   73.458822][ T5969] EXT4-fs error (device loop1): ext4_xattr_block_get:596: inode #15: comm syz.1.816: corrupted xattr block 19: bad e_name length
[   73.532133][ T5969] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   73.543314][ T5969] EXT4-fs error (device loop1): ext4_xattr_block_get:596: inode #15: comm syz.1.816: corrupted xattr block 19: bad e_name length
[   73.546741][ T5991] __nla_validate_parse: 13 callbacks suppressed
[   73.546762][ T5991] netlink: 4 bytes leftover after parsing attributes in process `syz.0.825'.
[   73.557659][ T5969] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   73.587771][ T5991] netlink: 4 bytes leftover after parsing attributes in process `syz.0.825'.
[   73.633959][ T3295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.774668][ T5994] netlink: 36 bytes leftover after parsing attributes in process `syz.4.821'.
[   73.836581][ T6007] loop5: detected capacity change from 0 to 1024
[   73.881064][ T6007] EXT4-fs: Ignoring removed orlov option
[   73.888180][ T6007] EXT4-fs: Ignoring removed nomblk_io_submit option
[   73.952746][ T6007] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.980893][ T6019] 9pnet: p9_errstr2errno: server reported unknown error 
[   73.992809][ T6021] netlink: 'syz.3.835': attribute type 3 has an invalid length.
[   74.008204][ T6021] netlink: 'syz.3.835': attribute type 3 has an invalid length.
[   74.112281][ T6028] netlink: 4 bytes leftover after parsing attributes in process `syz.4.837'.
[   74.128783][ T6028] netlink: 4 bytes leftover after parsing attributes in process `syz.4.837'.
[   74.149240][ T6026] netlink: 36 bytes leftover after parsing attributes in process `syz.0.827'.
[   74.223114][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.483848][ T6047] netlink: 100 bytes leftover after parsing attributes in process `+}[@'.
[   74.555531][ T6053] FAULT_INJECTION: forcing a failure.
[   74.555531][ T6053] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   74.569000][ T6053] CPU: 0 UID: 0 PID: 6053 Comm: syz.4.845 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[   74.569038][ T6053] Tainted: [W]=WARN
[   74.569046][ T6053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   74.569063][ T6053] Call Trace:
[   74.569071][ T6053]  <TASK>
[   74.569144][ T6053]  dump_stack_lvl+0xf2/0x150
[   74.569181][ T6053]  dump_stack+0x15/0x1a
[   74.569260][ T6053]  should_fail_ex+0x24a/0x260
[   74.569297][ T6053]  should_fail+0xb/0x10
[   74.569329][ T6053]  should_fail_usercopy+0x1a/0x20
[   74.569368][ T6053]  _copy_from_iter+0xd5/0xd00
[   74.569480][ T6053]  ? kmalloc_reserve+0x16e/0x190
[   74.569524][ T6053]  ? __build_skb_around+0x196/0x1f0
[   74.569548][ T6053]  ? __alloc_skb+0x21f/0x310
[   74.569571][ T6053]  ? __virt_addr_valid+0x1ed/0x250
[   74.569598][ T6053]  ? __check_object_size+0x364/0x520
[   74.569681][ T6053]  netlink_sendmsg+0x460/0x6e0
[   74.569737][ T6053]  ? __pfx_netlink_sendmsg+0x10/0x10
[   74.569777][ T6053]  __sock_sendmsg+0x140/0x180
[   74.569879][ T6053]  ____sys_sendmsg+0x326/0x4b0
[   74.569914][ T6053]  __sys_sendmsg+0x19d/0x230
[   74.569957][ T6053]  __x64_sys_sendmsg+0x46/0x50
[   74.569986][ T6053]  x64_sys_call+0x2734/0x2dc0
[   74.570019][ T6053]  do_syscall_64+0xc9/0x1c0
[   74.570103][ T6053]  ? clear_bhb_loop+0x55/0xb0
[   74.570133][ T6053]  ? clear_bhb_loop+0x55/0xb0
[   74.570166][ T6053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.570205][ T6053] RIP: 0033:0x7fc25acbd169
[   74.570223][ T6053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.570245][ T6053] RSP: 002b:00007fc259327038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   74.570268][ T6053] RAX: ffffffffffffffda RBX: 00007fc25aed5fa0 RCX: 00007fc25acbd169
[   74.570281][ T6053] RDX: 0000000000000000 RSI: 0000400000000200 RDI: 0000000000000003
[   74.570339][ T6053] RBP: 00007fc259327090 R08: 0000000000000000 R09: 0000000000000000
[   74.570354][ T6053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.570366][ T6053] R13: 0000000000000000 R14: 00007fc25aed5fa0 R15: 00007ffe7ae5e428
[   74.570419][ T6053]  </TASK>
[   74.571713][ T6044] netlink: 36 bytes leftover after parsing attributes in process `syz.5.839'.
[   74.841048][ T6059] loop5: detected capacity change from 0 to 2048
[   74.864252][ T6062] netlink: 4 bytes leftover after parsing attributes in process `syz.1.848'.
[   74.881492][ T6062] netlink: 4 bytes leftover after parsing attributes in process `syz.1.848'.
[   74.897633][ T6059] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.910640][ T6059] ext4 filesystem being mounted at /105/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   74.940958][ T6070] loop3: detected capacity change from 0 to 1024
[   74.947956][ T6070] EXT4-fs: Ignoring removed orlov option
[   74.953939][ T6070] EXT4-fs: Ignoring removed nomblk_io_submit option
[   74.970832][ T6070] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.071398][ T6081] vlan0: entered allmulticast mode
[   75.144668][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.166201][   T29] kauditd_printk_skb: 118 callbacks suppressed
[   75.166217][   T29] audit: type=1400 audit(2000000044.930:6216): avc:  denied  { nlmsg_write } for  pid=6086 comm="syz.5.855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[   75.256098][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.587085][   T29] audit: type=1400 audit(2000000045.350:6217): avc:  denied  { create } for  pid=6124 comm="syz.5.867" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   75.635710][ T6109] loop1: detected capacity change from 0 to 2048
[   75.645323][ T6125] loop5: detected capacity change from 0 to 512
[   75.655958][ T6125] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[   75.688419][ T6125] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[   75.699350][ T6109] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.712948][ T6125] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2240: inode #15: comm syz.5.867: corrupted in-inode xattr: e_value size too large
[   75.727228][   T29] audit: type=1326 audit(2000000045.430:6218): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6128 comm="syz.0.868" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f302ef2d169 code=0x0
[   75.736439][ T6109] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.778825][ T6125] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.867: couldn't read orphan inode 15 (err -117)
[   75.792130][ T6125] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.818677][ T6125] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none.
[   75.838772][ T6125] dummy0 speed is unknown, defaulting to 1000
[   75.845904][ T6125] dummy0 speed is unknown, defaulting to 1000
[   75.857363][ T6125] dummy0 speed is unknown, defaulting to 1000
[   75.925229][ T6125] infiniband syz2: set active
[   75.930001][ T6125] infiniband syz2: added dummy0
[   75.934915][ T3372] dummy0 speed is unknown, defaulting to 1000
[   75.993560][ T3295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.014631][ T6125] RDS/IB: syz2: added
[   76.025312][ T6125] smc: adding ib device syz2 with port count 1
[   76.039724][ T6125] smc:    ib device syz2 port 1 has pnetid 
[   76.046377][ T3372] dummy0 speed is unknown, defaulting to 1000
[   76.053244][ T6125] dummy0 speed is unknown, defaulting to 1000
[   76.115939][ T6125] dummy0 speed is unknown, defaulting to 1000
[   76.150396][ T6125] dummy0 speed is unknown, defaulting to 1000
[   76.170085][   T29] audit: type=1326 audit(2000000045.940:6219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6142 comm="syz.1.869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   76.188127][ T6125] dummy0 speed is unknown, defaulting to 1000
[   76.242180][   T29] audit: type=1326 audit(2000000045.940:6220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6142 comm="syz.1.869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   76.252124][ T6125] dummy0 speed is unknown, defaulting to 1000
[   76.266150][   T29] audit: type=1326 audit(2000000045.940:6221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6142 comm="syz.1.869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   76.296688][   T29] audit: type=1326 audit(2000000045.940:6222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6142 comm="syz.1.869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   76.305452][ T6125] dummy0 speed is unknown, defaulting to 1000
[   76.320243][   T29] audit: type=1326 audit(2000000045.940:6223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6142 comm="syz.1.869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   76.350293][   T29] audit: type=1326 audit(2000000045.940:6224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6142 comm="syz.1.869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   76.374069][   T29] audit: type=1326 audit(2000000045.940:6225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6142 comm="syz.1.869" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f236d76d169 code=0x7ffc0000
[   76.407351][ T6131] loop3: detected capacity change from 0 to 2048
[   76.416293][ T6150] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1538 sclass=netlink_route_socket pid=6150 comm=syz.4.872
[   76.466901][ T6158] loop1: detected capacity change from 0 to 512
[   76.499950][ T6131] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.528237][ T6131] ext4 filesystem being mounted at /184/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   76.599369][ T6158] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.623228][ T6158] ext4 filesystem being mounted at /146/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   76.644344][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.851455][ T3295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.971125][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.035042][ T6185] loop3: detected capacity change from 0 to 256
[   77.066947][ T6185] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[   77.078564][ T6185] FAT-fs (loop3): Filesystem has been set read-only
[   77.087058][ T6185] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[   77.098559][ T6185] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[   77.159744][ T6194] macsec0: entered promiscuous mode
[   77.165140][ T6194] macvlan0: entered promiscuous mode
[   77.171195][ T6194] macsec0: entered allmulticast mode
[   77.177817][ T6194] macvlan0: entered allmulticast mode
[   77.184186][ T6194] veth1_vlan: entered allmulticast mode
[   77.201875][ T6194] macvlan0: left allmulticast mode
[   77.207352][ T6194] veth1_vlan: left allmulticast mode
[   77.212882][ T6194] macvlan0: left promiscuous mode
[   77.246182][ T6197] batman_adv: batadv0: Removing interface: batadv_slave_0
[   77.254594][ T6197] batman_adv: batadv0: Removing interface: batadv_slave_1
[   77.306141][ T6190] loop5: detected capacity change from 0 to 2048
[   77.331937][ T6190] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.345518][ T6190] ext4 filesystem being mounted at /112/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   77.383675][ T6206] loop3: detected capacity change from 0 to 2048
[   77.399190][ T6206] EXT4-fs: Ignoring removed bh option
[   77.476399][ T6206] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.539878][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.597904][ T6220] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   77.614662][ T6220] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 19 with error 28
[   77.627300][ T6220] EXT4-fs (loop3): This should not happen!! Data will be lost
[   77.627300][ T6220] 
[   77.637401][ T6220] EXT4-fs (loop3): Total free blocks count 0
[   77.643485][ T6220] EXT4-fs (loop3): Free/Dirty block details
[   77.649476][ T6220] EXT4-fs (loop3): free_blocks=2415919104
[   77.655667][ T6220] EXT4-fs (loop3): dirty_blocks=32
[   77.661377][ T6220] EXT4-fs (loop3): Block reservation details
[   77.667644][ T6220] EXT4-fs (loop3): i_reserved_data_blocks=2
[   77.774127][ T6233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   77.784845][ T6233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   77.823794][ T6242] loop1: detected capacity change from 0 to 1024
[   77.830780][ T6242] EXT4-fs: Ignoring removed orlov option
[   77.836597][ T6242] EXT4-fs: Ignoring removed nomblk_io_submit option
[   77.860444][ T6242] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.023191][ T6253] dummy0 speed is unknown, defaulting to 1000
[   78.100190][ T3295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.196538][ T6272] loop5: detected capacity change from 0 to 512
[   78.216986][ T6272] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.912: bg 0: block 418: padding at end of block bitmap is not set
[   78.232832][ T6272] EXT4-fs (loop5): Remounting filesystem read-only
[   78.241397][ T6272] EXT4-fs (loop5): 1 truncate cleaned up
[   78.248225][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.257997][ T6272] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.270801][ T6272] SELinux: (dev loop5, type ext4) getxattr errno 5
[   78.277932][ T6272] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.302401][ T6276] loop3: detected capacity change from 0 to 512
[   78.319746][ T6278] 9pnet: Could not find request transport: tcp
[   78.334739][ T6278] xt_TCPMSS: Only works on TCP SYN packets
[   78.353487][ T6276] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.376821][ T6276] ext4 filesystem being mounted at /188/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   78.430269][ T6285] bridge_slave_0: left allmulticast mode
[   78.436804][ T6285] bridge_slave_0: left promiscuous mode
[   78.443126][ T6285] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.469720][ T6290] netfs: Couldn't get user pages (rc=-14)
[   78.482263][ T6285] bridge_slave_1: left allmulticast mode
[   78.488116][ T6285] bridge_slave_1: left promiscuous mode
[   78.493934][ T6285] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.495213][ T6295] FAULT_INJECTION: forcing a failure.
[   78.495213][ T6295] name failslab, interval 1, probability 0, space 0, times 0
[   78.514108][ T6295] CPU: 1 UID: 0 PID: 6295 Comm: syz.1.919 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[   78.514157][ T6295] Tainted: [W]=WARN
[   78.514165][ T6295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   78.514178][ T6295] Call Trace:
[   78.514187][ T6295]  <TASK>
[   78.514196][ T6295]  dump_stack_lvl+0xf2/0x150
[   78.514298][ T6295]  dump_stack+0x15/0x1a
[   78.514345][ T6295]  should_fail_ex+0x24a/0x260
[   78.514378][ T6295]  should_failslab+0x8f/0xb0
[   78.514441][ T6295]  kmem_cache_alloc_noprof+0x52/0x320
[   78.514469][ T6295]  ? audit_log_start+0x34c/0x6b0
[   78.514544][ T6295]  audit_log_start+0x34c/0x6b0
[   78.514578][ T6295]  ? copy_fpstate_to_sigframe+0x6e6/0x7e0
[   78.514646][ T6295]  audit_seccomp+0x4b/0x130
[   78.514683][ T6295]  __seccomp_filter+0x6fa/0x1180
[   78.514757][ T6295]  ? freezing_slow_path+0x105/0x120
[   78.514791][ T6295]  ? __set_task_blocked+0x26f/0x280
[   78.514817][ T6295]  ? _raw_spin_unlock_irq+0x26/0x50
[   78.514842][ T6295]  ? 0xffffffffff600000
[   78.514910][ T6295]  ? 0xffffffffff600000
[   78.514927][ T6295]  __secure_computing+0x9f/0x1c0
[   78.514958][ T6295]  emulate_vsyscall+0x7d0/0xa70
[   78.515067][ T6295]  ? 0xffffffffff600000
[   78.515100][ T6295]  ? 0xffffffffff600000
[   78.515116][ T6295]  exc_page_fault+0x135/0x650
[   78.515158][ T6295]  ? do_syscall_64+0xd6/0x1c0
[   78.515195][ T6295]  asm_exc_page_fault+0x26/0x30
[   78.515240][ T6295] RIP: 0033:_end+0x767da000/0x0
[   78.515276][ T6295] Code: Unable to access opcode bytes at 0xffffffffff5fffd6.
[   78.515287][ T6295] RSP: 002b:00007f236bdd0a78 EFLAGS: 00010246 ORIG_RAX: 0000000000000060
[   78.515310][ T6295] RAX: ffffffffffffffda RBX: 00007f236d985fa0 RCX: 00007f236d76d169
[   78.515323][ T6295] RDX: 00007f236bdd0a80 RSI: 00007f236bdd0bb0 RDI: 0000000000000019
[   78.515360][ T6295] RBP: 00007f236bdd1090 R08: 0000000000000000 R09: 0000000000000000
[   78.515372][ T6295] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001
[   78.515386][ T6295] R13: 0000000000000000 R14: 00007f236d985fa0 R15: 00007fffa1d14d68
[   78.515480][ T6295]  </TASK>
[   78.724938][ T6285] bond0: (slave bond_slave_0): Releasing backup interface
[   78.735544][ T6285] bond0: (slave bond_slave_1): Releasing backup interface
[   78.865029][ T6318] __nla_validate_parse: 21 callbacks suppressed
[   78.865051][ T6318] netlink: 4 bytes leftover after parsing attributes in process `syz.4.925'.
[   78.881823][ T6318] netlink: 4 bytes leftover after parsing attributes in process `syz.4.925'.
[   78.906992][ T6320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.928'.
[   78.920858][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.944856][ T6325] loop3: detected capacity change from 0 to 512
[   78.951803][ T6325] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   78.972865][ T6325] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #17: comm syz.3.929: corrupted in-inode xattr: invalid ea_ino
[   78.994777][ T6325] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.929: couldn't read orphan inode 17 (err -117)
[   78.999344][ T6328] dummy0 speed is unknown, defaulting to 1000
[   79.015599][ T6325] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   79.034835][ T6317] loop1: detected capacity change from 0 to 512
[   79.041738][ T6317] EXT4-fs: mb_optimize_scan should be set to 0 or 1.
[   79.075139][ T6325] netlink: 192 bytes leftover after parsing attributes in process `syz.3.929'.
[   79.084795][ T6325] netlink: 48 bytes leftover after parsing attributes in process `syz.3.929'.
[   79.149619][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.561149][ T6356] loop3: detected capacity change from 0 to 128
[   79.622900][   T55] bio_check_eod: 350 callbacks suppressed
[   79.622920][   T55] kworker/u8:4: attempt to access beyond end of device
[   79.622920][   T55] loop3: rw=1, sector=145, nr_sectors = 896 limit=128
[   79.783739][ T6451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.940'.
[   79.795560][ T6451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.940'.
[   79.854362][ T6455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.942'.
[   79.911073][ T6462] loop3: detected capacity change from 0 to 256
[   80.095829][ T6476] netlink: 24 bytes leftover after parsing attributes in process `syz.3.950'.
[   80.138288][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.4.952'.
[   80.209707][ T6488] netfs: Couldn't get user pages (rc=-14)
[   80.281958][ T6498] netlink: 'syz.5.958': attribute type 39 has an invalid length.
[   80.386417][   T29] kauditd_printk_skb: 379 callbacks suppressed
[   80.386437][   T29] audit: type=1326 audit(2000000050.150:6603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   80.418665][   T29] audit: type=1326 audit(2000000050.150:6604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   80.445252][   T29] audit: type=1326 audit(2000000050.150:6605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   80.472265][   T29] audit: type=1326 audit(2000000050.150:6606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   80.498168][   T29] audit: type=1326 audit(2000000050.150:6607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   80.526248][   T29] audit: type=1326 audit(2000000050.150:6608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   80.553728][   T29] audit: type=1326 audit(2000000050.150:6609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   80.561711][ T6511] SELinux: ebitmap: truncated map
[   80.579530][   T29] audit: type=1326 audit(2000000050.150:6610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   80.579573][   T29] audit: type=1326 audit(2000000050.150:6611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   80.587154][ T6511] SELinux: failed to load policy
[   80.611225][   T29] audit: type=1326 audit(2000000050.150:6612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.4.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   80.702852][ T6511] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[   80.712395][ T6511] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   80.721670][ T6511] vhci_hcd vhci_hcd.0: Device attached
[   80.873675][ T6524] netlink: 'syz.4.965': attribute type 13 has an invalid length.
[   80.882417][ T6524] syz_tun: refused to change device tx_queue_len
[   80.889376][ T6524] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[   80.930079][ T6529] netlink: 'syz.0.967': attribute type 3 has an invalid length.
[   80.938948][ T6529] netlink: 'syz.0.967': attribute type 3 has an invalid length.
[   80.968145][ T1063] usb 7-1: new high-speed USB device number 2 using vhci_hcd
[   81.090423][ T6540] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   81.235229][ T6570] macsec1: entered promiscuous mode
[   81.240641][ T6570] macvlan0: entered promiscuous mode
[   81.246189][ T6570] macsec1: entered allmulticast mode
[   81.251619][ T6570] macvlan0: entered allmulticast mode
[   81.257117][ T6570] veth1_vlan: entered allmulticast mode
[   81.265915][ T6570] macvlan0: left allmulticast mode
[   81.271224][ T6570] veth1_vlan: left allmulticast mode
[   81.276652][ T6570] macvlan0: left promiscuous mode
[   81.289535][ T6573] loop5: detected capacity change from 0 to 164
[   81.313039][ T6573] ISOFS: unable to read i-node block
[   81.318755][ T6573] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[   81.328702][ T6517] vhci_hcd: connection reset by peer
[   81.330434][ T6573] isofs_fill_super: get root inode failed
[   81.340388][ T6437] vhci_hcd: stop threads
[   81.345011][ T6437] vhci_hcd: release socket
[   81.349588][ T6437] vhci_hcd: disconnect device
[   81.686370][ T6588] dummy0 speed is unknown, defaulting to 1000
[   81.820422][ T6593] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[   81.827309][ T6593] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   81.835488][ T6593] vhci_hcd vhci_hcd.0: Device attached
[   81.856426][ T6596] vhci_hcd: connection closed
[   81.858288][ T6439] vhci_hcd: stop threads
[   81.867569][ T6439] vhci_hcd: release socket
[   81.872422][ T6439] vhci_hcd: disconnect device
[   81.895599][ T6595] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=6595 comm=syz.1.990
[   81.911684][ T6595] loop1: detected capacity change from 0 to 128
[   81.993624][ T6609] loop3: detected capacity change from 0 to 164
[   82.038611][ T6609] Unable to read rock-ridge attributes
[   82.050318][ T6616] loop1: detected capacity change from 0 to 128
[   82.060713][ T6616] EXT4-fs: Ignoring removed nobh option
[   82.095500][ T6616] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   82.109064][ T6616] ext4 filesystem being mounted at /171/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   82.222345][ T6625] loop3: detected capacity change from 0 to 1024
[   82.243950][ T6625] EXT4-fs: Ignoring removed orlov option
[   82.250125][ T6625] EXT4-fs: Ignoring removed nomblk_io_submit option
[   82.303733][ T6631] loop5: detected capacity change from 0 to 512
[   82.313113][ T6625] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.361191][ T6631] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.394388][ T6631] ext4 filesystem being mounted at /131/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   82.428647][ T6635] capability: warning: `syz.0.1001' uses 32-bit capabilities (legacy support in use)
[   82.620624][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.632548][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.669203][ T6652] FAULT_INJECTION: forcing a failure.
[   82.669203][ T6652] name failslab, interval 1, probability 0, space 0, times 0
[   82.683310][ T6652] CPU: 0 UID: 0 PID: 6652 Comm: syz.5.1004 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[   82.683425][ T6652] Tainted: [W]=WARN
[   82.683434][ T6652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   82.683449][ T6652] Call Trace:
[   82.683455][ T6652]  <TASK>
[   82.683500][ T6652]  dump_stack_lvl+0xf2/0x150
[   82.683534][ T6652]  dump_stack+0x15/0x1a
[   82.683559][ T6652]  should_fail_ex+0x24a/0x260
[   82.683598][ T6652]  should_failslab+0x8f/0xb0
[   82.683635][ T6652]  kmem_cache_alloc_lru_noprof+0x57/0x320
[   82.683718][ T6652]  ? __d_alloc+0x3d/0x350
[   82.683739][ T6652]  ? __radix_tree_replace+0x1c1/0x1f0
[   82.683770][ T6652]  __d_alloc+0x3d/0x350
[   82.683798][ T6652]  d_alloc_pseudo+0x1e/0x80
[   82.683874][ T6652]  alloc_file_pseudo+0x73/0x160
[   82.683956][ T6652]  anon_inode_getfile+0xa3/0x120
[   82.683981][ T6652]  bpf_link_prime+0x10a/0x1e0
[   82.684013][ T6652]  bpf_uprobe_multi_link_attach+0x7ef/0x850
[   82.684112][ T6652]  link_create+0x627/0x660
[   82.684166][ T6652]  __sys_bpf+0x430/0x7a0
[   82.684211][ T6652]  __x64_sys_bpf+0x43/0x50
[   82.684280][ T6652]  x64_sys_call+0x2914/0x2dc0
[   82.684304][ T6652]  do_syscall_64+0xc9/0x1c0
[   82.684330][ T6652]  ? clear_bhb_loop+0x55/0xb0
[   82.684355][ T6652]  ? clear_bhb_loop+0x55/0xb0
[   82.684439][ T6652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.684461][ T6652] RIP: 0033:0x7f5a4f4dd169
[   82.684475][ T6652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.684490][ T6652] RSP: 002b:00007f5a4db41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   82.684582][ T6652] RAX: ffffffffffffffda RBX: 00007f5a4f6f5fa0 RCX: 00007f5a4f4dd169
[   82.684595][ T6652] RDX: 0000000000000040 RSI: 00004000000005c0 RDI: 000000000000001c
[   82.684605][ T6652] RBP: 00007f5a4db41090 R08: 0000000000000000 R09: 0000000000000000
[   82.684616][ T6652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   82.684626][ T6652] R13: 0000000000000000 R14: 00007f5a4f6f5fa0 R15: 00007fff5d02eca8
[   82.684643][ T6652]  </TASK>
[   82.934076][ T3295] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   83.094527][ T6670] atomic_op ffff88811804a128 conn xmit_atomic 0000000000000000
[   83.176673][ T6673] netlink: 'syz.4.1015': attribute type 6 has an invalid length.
[   83.177086][ T6680] FAULT_INJECTION: forcing a failure.
[   83.177086][ T6680] name failslab, interval 1, probability 0, space 0, times 0
[   83.198925][ T6680] CPU: 1 UID: 0 PID: 6680 Comm: syz.1.1018 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[   83.198956][ T6680] Tainted: [W]=WARN
[   83.198962][ T6680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   83.199010][ T6680] Call Trace:
[   83.199018][ T6680]  <TASK>
[   83.199027][ T6680]  dump_stack_lvl+0xf2/0x150
[   83.199064][ T6680]  dump_stack+0x15/0x1a
[   83.199090][ T6680]  should_fail_ex+0x24a/0x260
[   83.199127][ T6680]  should_failslab+0x8f/0xb0
[   83.199197][ T6680]  __kmalloc_node_track_caller_noprof+0xa8/0x410
[   83.199226][ T6680]  ? v9fs_session_init+0x4c/0xda0
[   83.199266][ T6680]  kstrdup+0x3d/0xd0
[   83.199296][ T6680]  v9fs_session_init+0x4c/0xda0
[   83.199349][ T6680]  ? should_fail_ex+0xd7/0x260
[   83.199383][ T6680]  ? v9fs_mount+0x53/0x570
[   83.199406][ T6680]  ? should_failslab+0x8f/0xb0
[   83.199518][ T6680]  ? __kmalloc_cache_noprof+0x186/0x320
[   83.199620][ T6680]  v9fs_mount+0x69/0x570
[   83.199641][ T6680]  ? __pfx_v9fs_mount+0x10/0x10
[   83.199662][ T6680]  legacy_get_tree+0x77/0xd0
[   83.199771][ T6680]  vfs_get_tree+0x56/0x1e0
[   83.199805][ T6680]  do_new_mount+0x227/0x690
[   83.199866][ T6680]  path_mount+0x49b/0xb30
[   83.199970][ T6680]  __se_sys_mount+0x27f/0x2d0
[   83.200001][ T6680]  ? fput+0x1c4/0x200
[   83.200026][ T6680]  __x64_sys_mount+0x67/0x80
[   83.200063][ T6680]  x64_sys_call+0x2c84/0x2dc0
[   83.200096][ T6680]  do_syscall_64+0xc9/0x1c0
[   83.200196][ T6680]  ? clear_bhb_loop+0x55/0xb0
[   83.200224][ T6680]  ? clear_bhb_loop+0x55/0xb0
[   83.200337][ T6680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.200372][ T6680] RIP: 0033:0x7f236d76d169
[   83.200388][ T6680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   83.200408][ T6680] RSP: 002b:00007f236bdd1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   83.200428][ T6680] RAX: ffffffffffffffda RBX: 00007f236d985fa0 RCX: 00007f236d76d169
[   83.200538][ T6680] RDX: 0000400000000040 RSI: 0000400000000100 RDI: 0000000000000000
[   83.200598][ T6680] RBP: 00007f236bdd1090 R08: 0000400000000880 R09: 0000000000000000
[   83.200686][ T6680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   83.200701][ T6680] R13: 0000000000000000 R14: 00007f236d985fa0 R15: 00007fffa1d14d68
[   83.200723][ T6680]  </TASK>
[   83.797506][ T6700] bond1: entered promiscuous mode
[   83.804845][ T6700] bond1: entered allmulticast mode
[   83.811571][ T6700] 8021q: adding VLAN 0 to HW filter on device bond1
[   83.823346][ T6700] bond1 (unregistering): Released all slaves
[   83.971498][ T6712] netlink: 'syz.5.1029': attribute type 10 has an invalid length.
[   83.996661][ T6712] batman_adv: batadv0: Adding interface: team0
[   84.003616][ T6712] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.031762][ T6712] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   84.091248][ T6712] netlink: 'syz.5.1029': attribute type 10 has an invalid length.
[   84.100877][ T6712] __nla_validate_parse: 28 callbacks suppressed
[   84.100893][ T6712] netlink: 2 bytes leftover after parsing attributes in process `syz.5.1029'.
[   84.177972][ T6718] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1030'.
[   84.213317][ T6722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1032'.
[   84.621512][ T6740] SELinux:  Context system_u:object_r:fixed_disk_device_t:s0 is not valid (left unmapped).
[   84.701371][ T6750] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1043'.
[   84.702118][ T4110] Process accounting resumed
[   84.715919][ T4110] Process accounting resumed
[   84.723403][ T4110] Process accounting resumed
[   84.731041][ T6755] netlink: 'syz.3.1041': attribute type 39 has an invalid length.
[   84.748289][ T6753] Process accounting resumed
[   84.811572][ T6767] netlink: 1196 bytes leftover after parsing attributes in process `syz.3.1041'.
[   84.832957][ T6762] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1045'.
[   84.973027][ T6777] dummy0 speed is unknown, defaulting to 1000
[   85.177031][ T6782] dummy0 speed is unknown, defaulting to 1000
[   85.252201][ T6784] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[   85.252850][ T6783] IPVS: stopping master sync thread 6784 ...
[   85.664557][   T29] kauditd_printk_skb: 430 callbacks suppressed
[   85.664592][   T29] audit: type=1400 audit(2000000055.430:7043): avc:  denied  { create } for  pid=6789 comm="syz.3.1054" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   85.695527][   T29] audit: type=1400 audit(2000000055.430:7044): avc:  denied  { setopt } for  pid=6789 comm="syz.3.1054" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   85.717478][   T29] audit: type=1400 audit(2000000055.430:7045): avc:  denied  { mounton } for  pid=6789 comm="syz.3.1054" path="/213/file0" dev="tmpfs" ino=1173 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   85.760072][ T6792] loop1: detected capacity change from 0 to 512
[   85.848645][   T29] audit: type=1326 audit(2000000055.590:7046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6795 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f302ef2d169 code=0x7ffc0000
[   85.875286][   T29] audit: type=1326 audit(2000000055.590:7047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6795 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7f302ef2d169 code=0x7ffc0000
[   85.902079][   T29] audit: type=1326 audit(2000000055.590:7048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6795 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f302ef2d169 code=0x7ffc0000
[   85.930339][   T29] audit: type=1326 audit(2000000055.590:7049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6795 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f302ef2d169 code=0x7ffc0000
[   85.960258][   T29] audit: type=1326 audit(2000000055.590:7050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6795 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f302ef2d169 code=0x7ffc0000
[   85.989189][   T29] audit: type=1326 audit(2000000055.590:7051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6795 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f302ef2d169 code=0x7ffc0000
[   86.015671][   T29] audit: type=1326 audit(2000000055.590:7052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6795 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f302ef2d169 code=0x7ffc0000
[   86.050819][ T6792] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.068172][ T6792] ext4 filesystem being mounted at /180/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.099876][ T6801] program syz.3.1057 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   86.108104][ T1063] vhci_hcd: vhci_device speed not set
[   86.122334][ T6803] netlink: 'syz.0.1056': attribute type 10 has an invalid length.
[   86.151111][ T6792] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1055'.
[   86.209481][ T6807] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1058'.
[   86.233179][ T3295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.292833][ T6811] macsec1: entered promiscuous mode
[   86.299176][ T6811] macvlan0: entered promiscuous mode
[   86.305716][ T6811] macsec1: entered allmulticast mode
[   86.312082][ T6811] macvlan0: entered allmulticast mode
[   86.336877][ T6811] macvlan0: left allmulticast mode
[   86.343985][ T6811] macvlan0: left promiscuous mode
[   86.382691][ T6817] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1063'.
[   86.534076][ T6829] loop5: detected capacity change from 0 to 1024
[   86.541601][ T6829] EXT4-fs: Ignoring removed orlov option
[   86.542430][ T6831] loop3: detected capacity change from 0 to 256
[   86.547600][ T6829] EXT4-fs: Ignoring removed nomblk_io_submit option
[   86.589127][ T6831] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   86.629574][ T6831] program syz.3.1069 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   86.657255][ T6829] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   86.785226][ T6846] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1075'.
[   86.851438][ T6853] macsec1: entered promiscuous mode
[   86.857250][ T6853] macvlan0: entered promiscuous mode
[   86.863966][ T6853] macsec1: entered allmulticast mode
[   86.871139][ T6853] macvlan0: entered allmulticast mode
[   86.877984][ T6853] veth1_vlan: entered allmulticast mode
[   86.888874][ T6853] macvlan0: left allmulticast mode
[   86.895410][ T6853] veth1_vlan: left allmulticast mode
[   86.901344][ T6853] macvlan0: left promiscuous mode
[   86.945000][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.034960][ T1063] kernel write not supported for file /399/oom_adj (pid: 1063 comm: kworker/0:2)
[   87.073606][ T6871] netlink: 'syz.3.1084': attribute type 3 has an invalid length.
[   87.093395][ T6871] netlink: 'syz.3.1084': attribute type 3 has an invalid length.
[   87.405492][ T6898] IPv4: Oversized IP packet from 127.202.26.0
[   87.624846][ T6907] loop1: detected capacity change from 0 to 2048
[   87.692510][ T6907] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.748993][ T6907] ext4 filesystem being mounted at /187/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   87.845572][ T6920] loop5: detected capacity change from 0 to 512
[   87.865508][ T6920] EXT4-fs (loop5): revision level too high, forcing read-only mode
[   87.889445][ T6920] EXT4-fs (loop5): orphan cleanup on readonly fs
[   87.918715][ T6920] EXT4-fs error (device loop5): ext4_acquire_dquot:6927: comm syz.5.1100: Failed to acquire dquot type 1
[   87.932900][ T3295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.944420][ T6920] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1100: bg 0: block 40: padding at end of block bitmap is not set
[   87.960741][ T6920] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   87.989164][ T6920] EXT4-fs (loop5): 1 truncate cleaned up
[   88.003832][ T6920] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   88.034121][ T6915] loop3: detected capacity change from 0 to 2048
[   88.103176][ T6915] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   88.116861][ T6932] macsec0: entered promiscuous mode
[   88.119986][ T6915] ext4 filesystem being mounted at /223/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   88.123734][ T6932] macvlan0: entered promiscuous mode
[   88.123888][ T6932] macsec0: entered allmulticast mode
[   88.147372][ T6932] macvlan0: entered allmulticast mode
[   88.153375][ T6932] veth1_vlan: entered allmulticast mode
[   88.161463][ T6932] macvlan0: left allmulticast mode
[   88.167495][ T6932] veth1_vlan: left allmulticast mode
[   88.173254][ T6932] macvlan0: left promiscuous mode
[   88.235805][ T6937] team0 (unregistering): Port device team_slave_0 removed
[   88.249698][ T6937] team0 (unregistering): Port device team_slave_1 removed
[   88.268636][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.324818][ T6946] loop3: detected capacity change from 0 to 256
[   88.342540][ T6944] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   88.387138][ T6948] netlink: 'syz.4.1108': attribute type 3 has an invalid length.
[   88.400242][ T6948] netlink: 'syz.4.1108': attribute type 3 has an invalid length.
[   88.758783][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.833789][ T6969] netlink: 'syz.3.1116': attribute type 10 has an invalid length.
[   88.908746][ T6973] tipc: Failed to remove unknown binding: 66,1,1/0:2387573999/2387574001
[   89.043624][ T6983] IPv4: Oversized IP packet from 127.202.26.0
[   89.102757][ T6990] dummy0 speed is unknown, defaulting to 1000
[   89.109153][ T6992] loop5: detected capacity change from 0 to 512
[   89.162207][ T6997] loop1: detected capacity change from 0 to 256
[   89.181563][ T6992] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   89.228733][ T6992] ext4 filesystem being mounted at /158/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   89.328826][ T6992] __nla_validate_parse: 6 callbacks suppressed
[   89.328846][ T6992] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1129'.
[   89.363094][ T7000] macsec0: entered promiscuous mode
[   89.368736][ T7000] macvlan0: entered promiscuous mode
[   89.374403][ T7000] macsec0: entered allmulticast mode
[   89.380253][ T7000] macvlan0: entered allmulticast mode
[   89.386424][ T7000] veth1_vlan: entered allmulticast mode
[   89.419066][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.431422][ T7000] macvlan0: left allmulticast mode
[   89.436676][ T7000] veth1_vlan: left allmulticast mode
[   89.442874][ T7000] macvlan0: left promiscuous mode
[   89.944467][ T7023] dummy0 speed is unknown, defaulting to 1000
[   89.985841][ T7022] loop1: detected capacity change from 0 to 2048
[   90.091850][ T7026] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1141'.
[   90.123900][ T7026] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1141'.
[   90.249522][ T7022] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.263132][ T7022] ext4 filesystem being mounted at /195/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   90.447105][ T7033] batman_adv: batadv0: Removing interface: team0
[   90.493568][ T7033] team0 (unregistering): Port device team_slave_0 removed
[   90.512825][ T3295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.563427][ T7033] team0 (unregistering): Port device team_slave_1 removed
[   90.601575][ T7039] loop1: detected capacity change from 0 to 1024
[   90.632857][ T7039] EXT4-fs: Ignoring removed orlov option
[   90.641409][ T7039] EXT4-fs: Ignoring removed nomblk_io_submit option
[   90.684633][ T7039] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.992174][ T7045] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1145'.
[   91.009068][ T7047] xt_hashlimit: size too large, truncated to 1048576
[   91.119540][ T7050] netlink: 'syz.3.1147': attribute type 3 has an invalid length.
[   91.127543][ T7050] netlink: 'syz.3.1147': attribute type 3 has an invalid length.
[   91.173435][ T7053] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1158'.
[   91.272983][ T7061] SELinux:  Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped).
[   91.283040][   T29] kauditd_printk_skb: 195 callbacks suppressed
[   91.283062][   T29] audit: type=1400 audit(2000000061.060:7246): avc:  denied  { relabelto } for  pid=7060 comm="syz.3.1150" name="file1" dev="tmpfs" ino=1302 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:semanage_exec_t:s0"
[   91.326242][ T7067] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1151'.
[   91.383461][ T7071] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1152'.
[   91.393494][   T29] audit: type=1400 audit(2000000061.060:7247): avc:  denied  { associate } for  pid=7060 comm="syz.3.1150" name="file1" dev="tmpfs" ino=1302 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:semanage_exec_t:s0"
[   91.457741][ T7071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1152'.
[   91.476617][ T7073] loop3: detected capacity change from 0 to 256
[   91.555427][   T29] audit: type=1326 audit(2000000061.310:7248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7077 comm="syz.4.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   91.579508][   T29] audit: type=1326 audit(2000000061.320:7249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7077 comm="syz.4.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   91.603452][   T29] audit: type=1326 audit(2000000061.320:7250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7077 comm="syz.4.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   91.627332][   T29] audit: type=1326 audit(2000000061.320:7251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7077 comm="syz.4.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   91.651000][   T29] audit: type=1326 audit(2000000061.320:7252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7077 comm="syz.4.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   91.674988][   T29] audit: type=1326 audit(2000000061.320:7253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7077 comm="syz.4.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   91.699616][   T29] audit: type=1326 audit(2000000061.320:7254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7077 comm="syz.4.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   91.723635][   T29] audit: type=1326 audit(2000000061.320:7255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7077 comm="syz.4.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fc25acbd169 code=0x7ffc0000
[   91.812181][ T7069] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1149'.
[   91.965277][ T7096] loop3: detected capacity change from 0 to 128
[   92.028224][ T7098] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.118748][ T7098] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.196928][ T7098] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.282874][ T7098] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   92.358999][ T7109] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1167'.
[   92.375706][ T7110] netlink: 'syz.0.1165': attribute type 29 has an invalid length.
[   92.384480][ T7110] netlink: 'syz.0.1165': attribute type 29 has an invalid length.
[   92.397043][ T7098] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.410134][ T7098] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.422144][ T7098] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.434321][ T7098] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.504240][ T7119] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   92.534302][ T7119] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   93.126213][ T7149] loop5: detected capacity change from 0 to 256
[   93.272885][ T7151] bond0: (slave bridge0): Releasing backup interface
[   93.281957][ T7151] tipc: Resetting bearer <eth:bond0>
[   93.308173][ T7151] tipc: Resetting bearer <eth:bond0>
[   93.327466][ T7154] loop3: detected capacity change from 0 to 2048
[   93.391902][ T7154] ext4 filesystem being mounted at /248/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   93.412416][ T6437] tipc: Resetting bearer <eth:bond0>
[   93.521169][ T7162] netlink: 'syz.4.1187': attribute type 10 has an invalid length.
[   93.521515][ T7162] hsr_slave_0: left promiscuous mode
[   93.522611][ T7162] hsr_slave_1: left promiscuous mode
[   94.320062][ T7202] bond2: entered promiscuous mode
[   94.325330][ T7202] bond2: entered allmulticast mode
[   94.331809][ T7202] 8021q: adding VLAN 0 to HW filter on device bond2
[   94.356069][ T7208] loop1: detected capacity change from 0 to 2048
[   94.366920][ T7202] bond2 (unregistering): Released all slaves
[   94.376262][ T7208] ext4 filesystem being mounted at /209/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   94.409949][ T7208] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1201: bg 0: block 345: padding at end of block bitmap is not set
[   94.458627][ T7208] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 512 with max blocks 1 with error 117
[   94.471157][ T7208] EXT4-fs (loop1): This should not happen!! Data will be lost
[   94.471157][ T7208] 
[   94.515971][ T7214] loop3: detected capacity change from 0 to 2048
[   94.557166][ T7214] ext4 filesystem being mounted at /256/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   94.761466][ T7227] __nla_validate_parse: 11 callbacks suppressed
[   94.761484][ T7227] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1208'.
[   94.777897][ T7227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1208'.
[   94.804093][ T7226] netlink: 'syz.1.1209': attribute type 10 has an invalid length.
[   94.862526][ T7240] random: crng reseeded on system resumption
[   94.871619][ T7238] team0 (unregistering): Port device team_slave_0 removed
[   94.884750][ T7238] team0 (unregistering): Port device team_slave_1 removed
[   95.022852][ T7256] loop3: detected capacity change from 0 to 512
[   95.071173][ T7256] ext4 filesystem being mounted at /259/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   95.085192][ T7263] FAULT_INJECTION: forcing a failure.
[   95.085192][ T7263] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   95.087181][ T7265] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1223'.
[   95.099624][ T7263] CPU: 1 UID: 0 PID: 7263 Comm: syz.0.1222 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[   95.099667][ T7263] Tainted: [W]=WARN
[   95.099677][ T7263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   95.099757][ T7263] Call Trace:
[   95.099768][ T7263]  <TASK>
[   95.099780][ T7263]  dump_stack_lvl+0xf2/0x150
[   95.099822][ T7263]  dump_stack+0x15/0x1a
[   95.099849][ T7263]  should_fail_ex+0x24a/0x260
[   95.099890][ T7263]  should_fail+0xb/0x10
[   95.099931][ T7263]  should_fail_usercopy+0x1a/0x20
[   95.100043][ T7263]  _copy_from_user+0x1c/0xa0
[   95.100068][ T7263]  do_sock_getsockopt+0xd3/0x260
[   95.100162][ T7263]  __x64_sys_getsockopt+0x18c/0x200
[   95.100198][ T7263]  x64_sys_call+0x1288/0x2dc0
[   95.100232][ T7263]  do_syscall_64+0xc9/0x1c0
[   95.100273][ T7263]  ? clear_bhb_loop+0x55/0xb0
[   95.100308][ T7263]  ? clear_bhb_loop+0x55/0xb0
[   95.100399][ T7263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.100432][ T7263] RIP: 0033:0x7f302ef2d169
[   95.100454][ T7263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.100477][ T7263] RSP: 002b:00007f302d597038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   95.100503][ T7263] RAX: ffffffffffffffda RBX: 00007f302f145fa0 RCX: 00007f302ef2d169
[   95.100518][ T7263] RDX: 0000000000000022 RSI: 0000000000000084 RDI: 0000000000000004
[   95.100594][ T7263] RBP: 00007f302d597090 R08: 0000000000000000 R09: 0000000000000000
[   95.100609][ T7263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   95.100624][ T7263] R13: 0000000000000000 R14: 00007f302f145fa0 R15: 00007ffdb5ed1828
[   95.100651][ T7263]  </TASK>
[   95.144178][ T7256] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1220'.
[   95.318711][ T7273] dummy0 speed is unknown, defaulting to 1000
[   95.320291][ T7279] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1227'.
[   95.345149][ T7279] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1227'.
[   95.480439][ T7290] dummy0 speed is unknown, defaulting to 1000
[   95.628418][ T7298] dummy0 speed is unknown, defaulting to 1000
[   96.047837][ T7317] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1238'.
[   96.062159][ T7319] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1242'.
[   96.073632][ T7319] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1242'.
[   96.347359][ T7338] loop3: detected capacity change from 0 to 1024
[   96.363059][ T7338] EXT4-fs: Ignoring removed orlov option
[   96.369154][ T7338] EXT4-fs: Ignoring removed nomblk_io_submit option
[   96.405512][ T7344] 9pnet_fd: Insufficient options for proto=fd
[   96.528620][ T7351] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1254'.
[   96.652492][   T29] kauditd_printk_skb: 401 callbacks suppressed
[   96.652511][   T29] audit: type=1326 audit(2000000066.127:7657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fa10d169 code=0x7ffc0000
[   96.671526][ T7370] gretap0: entered promiscuous mode
[   96.696448][   T29] audit: type=1326 audit(2000000066.127:7658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30fa10d169 code=0x7ffc0000
[   96.702622][ T7370] gretap0: left promiscuous mode
[   96.721401][   T29] audit: type=1326 audit(2000000066.127:7659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fa10d169 code=0x7ffc0000
[   96.750894][   T29] audit: type=1326 audit(2000000066.127:7660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fa10d169 code=0x7ffc0000
[   96.757359][ T7377] 9pnet_rdma: rdma_create_trans (7377): problem binding to privport: 13
[   96.775494][   T29] audit: type=1326 audit(2000000066.127:7661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30fa10d169 code=0x7ffc0000
[   96.808700][   T29] audit: type=1326 audit(2000000066.127:7662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fa10d169 code=0x7ffc0000
[   96.832277][   T29] audit: type=1326 audit(2000000066.127:7663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fa10d169 code=0x7ffc0000
[   96.856790][   T29] audit: type=1326 audit(2000000066.127:7664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30fa10d169 code=0x7ffc0000
[   96.881201][   T29] audit: type=1326 audit(2000000066.127:7665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fa10d169 code=0x7ffc0000
[   96.905588][   T29] audit: type=1326 audit(2000000066.127:7666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7372 comm="syz.3.1263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7f30fa10d169 code=0x7ffc0000
[   97.295740][ T7411] vhci_hcd: default hub control req: 0017 v0010 i0005 l0
[   97.650371][ T7423] loop5: detected capacity change from 0 to 128
[   97.758482][ T7423] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[   97.767447][ T7423] FAT-fs (loop5): Filesystem has been set read-only
[   97.859078][ T7423] syz.5.1293: attempt to access beyond end of device
[   97.859078][ T7423] loop5: rw=524288, sector=2065, nr_sectors = 8 limit=128
[   97.875210][ T7423] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[   97.883518][ T7423] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100)
[   97.892888][ T7423] syz.5.1293: attempt to access beyond end of device
[   97.892888][ T7423] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128
[   97.990209][ T7432] loop3: detected capacity change from 0 to 256
[   98.152075][ T7448] random: crng reseeded on system resumption
[   98.288112][ T7447] loop3: detected capacity change from 0 to 8192
[   98.295265][ T7447] vfat: Unknown parameter '
'
[   98.687980][ T7465] FAULT_INJECTION: forcing a failure.
[   98.687980][ T7465] name failslab, interval 1, probability 0, space 0, times 0
[   98.701325][ T7465] CPU: 1 UID: 0 PID: 7465 Comm: syz.5.1301 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[   98.701360][ T7465] Tainted: [W]=WARN
[   98.701369][ T7465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   98.701383][ T7465] Call Trace:
[   98.701390][ T7465]  <TASK>
[   98.701399][ T7465]  dump_stack_lvl+0xf2/0x150
[   98.701434][ T7465]  dump_stack+0x15/0x1a
[   98.701463][ T7465]  should_fail_ex+0x24a/0x260
[   98.701504][ T7465]  ? slhc_init+0x57/0x380
[   98.701526][ T7465]  should_failslab+0x8f/0xb0
[   98.701636][ T7465]  __kmalloc_cache_noprof+0x4e/0x320
[   98.701668][ T7465]  slhc_init+0x57/0x380
[   98.701694][ T7465]  ppp_ioctl+0xe73/0x11b0
[   98.701717][ T7465]  ? __fget_files+0x17c/0x1c0
[   98.701836][ T7465]  ? __pfx_ppp_ioctl+0x10/0x10
[   98.701857][ T7465]  __se_sys_ioctl+0xc9/0x140
[   98.701882][ T7465]  __x64_sys_ioctl+0x43/0x50
[   98.701911][ T7465]  x64_sys_call+0x1690/0x2dc0
[   98.701947][ T7465]  do_syscall_64+0xc9/0x1c0
[   98.702077][ T7465]  ? clear_bhb_loop+0x55/0xb0
[   98.702110][ T7465]  ? clear_bhb_loop+0x55/0xb0
[   98.702150][ T7465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.702195][ T7465] RIP: 0033:0x7f5a4f4dd169
[   98.702214][ T7465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.702235][ T7465] RSP: 002b:00007f5a4db41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   98.702255][ T7465] RAX: ffffffffffffffda RBX: 00007f5a4f6f5fa0 RCX: 00007f5a4f4dd169
[   98.702267][ T7465] RDX: 0000400000000240 RSI: 0000000040047451 RDI: 0000000000000003
[   98.702279][ T7465] RBP: 00007f5a4db41090 R08: 0000000000000000 R09: 0000000000000000
[   98.702291][ T7465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.702306][ T7465] R13: 0000000000000000 R14: 00007f5a4f6f5fa0 R15: 00007fff5d02eca8
[   98.702346][ T7465]  </TASK>
[   99.037216][ T7481] loop5: detected capacity change from 0 to 1024
[   99.055238][ T7481] EXT4-fs: Ignoring removed orlov option
[   99.061365][ T7481] EXT4-fs: Ignoring removed nomblk_io_submit option
[   99.091415][ T7481] EXT4-fs mount: 11 callbacks suppressed
[   99.091436][ T7481] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.279574][ T7509] 9pnet_fd: Insufficient options for proto=fd
[   99.325044][ T7515] 9pnet_fd: Insufficient options for proto=fd
[   99.335496][ T7511] netlink: 'syz.4.1318': attribute type 1 has an invalid length.
[   99.343754][ T7515] dummy0 speed is unknown, defaulting to 1000
[   99.379064][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.415864][ T7517] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.424314][ T7517] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.432766][ T7517] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.441694][ T7517] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.464928][ T7517] geneve2: entered allmulticast mode
[   99.517787][ T7524] xt_CT: You must specify a L4 protocol and not use inversions on it
[   99.538088][ T7524] dummy0 speed is unknown, defaulting to 1000
[   99.699929][ T7536] loop3: detected capacity change from 0 to 512
[   99.737544][ T7541] netlink: 'syz.5.1327': attribute type 7 has an invalid length.
[   99.811066][ T7546] loop5: detected capacity change from 0 to 512
[   99.827108][ T7546] EXT4-fs (loop5): corrupt root inode, run e2fsck
[   99.844680][ T7546] EXT4-fs (loop5): mount failed
[   99.854003][ T7544] dummy0 speed is unknown, defaulting to 1000
[   99.913377][ T7552] 9pnet_fd: Insufficient options for proto=fd
[   99.955345][ T7550] dummy0 speed is unknown, defaulting to 1000
[  100.130809][ T7561] __nla_validate_parse: 18 callbacks suppressed
[  100.130830][ T7561] netlink: 312 bytes leftover after parsing attributes in process `syz.4.1333'.
[  100.376131][ T7581] loop3: detected capacity change from 0 to 2048
[  100.404503][ T7587] loop5: detected capacity change from 0 to 256
[  100.412887][ T7587] vfat: Unknown parameter 'ÿÿÿÿÿÿÿ'
[  100.436303][ T7581] Alternate GPT is invalid, using primary GPT.
[  100.442892][ T7581]  loop3: p1 p2 p3
[  100.486612][ T7591] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1344'.
[  100.520181][ T7595] 9pnet_fd: Insufficient options for proto=fd
[  100.640764][ T7606] loop3: detected capacity change from 0 to 1024
[  100.689572][ T7606] EXT4-fs: Ignoring removed orlov option
[  100.695533][ T7606] EXT4-fs: Ignoring removed nomblk_io_submit option
[  100.754119][ T7606] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  100.898180][ T7626] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.910321][ T7626] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1357'.
[  100.973915][ T7641] loop5: detected capacity change from 0 to 512
[  101.007071][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.017925][ T7641] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.030962][ T7641] ext4 filesystem being mounted at /210/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.089313][ T7659] loop3: detected capacity change from 0 to 512
[  101.096672][ T7659] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  101.115466][ T7659] loop3: detected capacity change from 0 to 512
[  101.125989][ T7659] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  101.126734][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.135782][ T7659] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[  101.154163][ T7659] EXT4-fs (loop3): 1 truncate cleaned up
[  101.167530][ T7659] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  101.239774][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.357592][ T7678] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1376'.
[  101.470692][ T7697] dummy0 speed is unknown, defaulting to 1000
[  101.523153][ T7699] lo speed is unknown, defaulting to 1000
[  101.529808][ T7699] lo speed is unknown, defaulting to 1000
[  101.536679][ T7699] lo speed is unknown, defaulting to 1000
[  101.543330][ T7699] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  101.551779][ T7699] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  101.563488][ T7699] lo speed is unknown, defaulting to 1000
[  101.570552][ T7699] lo speed is unknown, defaulting to 1000
[  101.577107][ T7699] lo speed is unknown, defaulting to 1000
[  101.584367][ T7699] lo speed is unknown, defaulting to 1000
[  101.591406][ T7699] lo speed is unknown, defaulting to 1000
[  101.598789][ T7699] lo speed is unknown, defaulting to 1000
[  101.605927][ T7699] lo speed is unknown, defaulting to 1000
[  101.802673][ T7713] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1388'.
[  101.813456][ T7713] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1388'.
[  101.822928][ T7713] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1388'.
[  101.835540][ T7713] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1388'.
[  101.916616][ T7723] netlink: 316 bytes leftover after parsing attributes in process `syz.3.1392'.
[  102.023078][   T29] kauditd_printk_skb: 259 callbacks suppressed
[  102.023163][   T29] audit: type=1400 audit(2000000071.140:7926): avc:  denied  { bind } for  pid=7728 comm="syz.3.1394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  102.054218][   T29] audit: type=1400 audit(2000000071.169:7927): avc:  denied  { listen } for  pid=7728 comm="syz.3.1394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  102.145156][ T7733] loop3: detected capacity change from 0 to 164
[  102.154162][   T29] audit: type=1400 audit(2000000071.271:7928): avc:  denied  { mount } for  pid=7732 comm="syz.3.1395" name="/" dev="loop3" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  102.192785][ T7733] syz.3.1395: attempt to access beyond end of device
[  102.192785][ T7733] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  102.208674][ T7733] syz.3.1395: attempt to access beyond end of device
[  102.208674][ T7733] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  102.237666][   T29] audit: type=1400 audit(2000000071.346:7929): avc:  denied  { unmount } for  pid=3296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  102.269401][ T7736] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1397'.
[  102.341285][ T7746] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  102.344784][ T7747] loop5: detected capacity change from 0 to 256
[  102.351379][   T29] audit: type=1400 audit(2000000071.440:7930): avc:  denied  { create } for  pid=7745 comm="syz.5.1402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  102.358068][ T7747] vfat: Unknown parameter 'nnonumtail'
[  102.376591][   T29] audit: type=1400 audit(2000000071.440:7931): avc:  denied  { bind } for  pid=7745 comm="syz.5.1402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  102.376663][   T29] audit: type=1400 audit(2000000071.440:7932): avc:  denied  { node_bind } for  pid=7745 comm="syz.5.1402" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  102.436881][   T29] audit: type=1400 audit(2000000071.533:7933): avc:  denied  { name_bind } for  pid=7745 comm="syz.5.1402" src=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  102.458525][   T29] audit: type=1400 audit(2000000071.533:7934): avc:  denied  { shutdown } for  pid=7745 comm="syz.5.1402" lport=105 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  102.828294][ T7772] loop5: detected capacity change from 0 to 256
[  102.861317][   T29] audit: type=1400 audit(2000000071.926:7935): avc:  denied  { create } for  pid=7773 comm="syz.3.1413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  103.037957][ T7799] loop3: detected capacity change from 0 to 256
[  103.300379][ T7826] FAULT_INJECTION: forcing a failure.
[  103.300379][ T7826] name failslab, interval 1, probability 0, space 0, times 0
[  103.314254][ T7826] CPU: 1 UID: 0 PID: 7826 Comm: syz.5.1437 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[  103.314305][ T7826] Tainted: [W]=WARN
[  103.314312][ T7826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  103.314394][ T7826] Call Trace:
[  103.314403][ T7826]  <TASK>
[  103.314413][ T7826]  dump_stack_lvl+0xf2/0x150
[  103.314444][ T7826]  dump_stack+0x15/0x1a
[  103.314551][ T7826]  should_fail_ex+0x24a/0x260
[  103.314587][ T7826]  ? slhc_init+0x57/0x380
[  103.314613][ T7826]  should_failslab+0x8f/0xb0
[  103.314696][ T7826]  __kmalloc_cache_noprof+0x4e/0x320
[  103.314770][ T7826]  slhc_init+0x57/0x380
[  103.314792][ T7826]  ppp_ioctl+0xe73/0x11b0
[  103.314813][ T7826]  ? __fget_files+0x17c/0x1c0
[  103.314906][ T7826]  ? __pfx_ppp_ioctl+0x10/0x10
[  103.314928][ T7826]  __se_sys_ioctl+0xc9/0x140
[  103.314960][ T7826]  __x64_sys_ioctl+0x43/0x50
[  103.314990][ T7826]  x64_sys_call+0x1690/0x2dc0
[  103.315061][ T7826]  do_syscall_64+0xc9/0x1c0
[  103.315148][ T7826]  ? clear_bhb_loop+0x55/0xb0
[  103.315231][ T7826]  ? clear_bhb_loop+0x55/0xb0
[  103.315264][ T7826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.315296][ T7826] RIP: 0033:0x7f5a4f4dd169
[  103.315316][ T7826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.315334][ T7826] RSP: 002b:00007f5a4db41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  103.315351][ T7826] RAX: ffffffffffffffda RBX: 00007f5a4f6f5fa0 RCX: 00007f5a4f4dd169
[  103.315413][ T7826] RDX: 0000400000000240 RSI: 0000000040047451 RDI: 0000000000000003
[  103.315425][ T7826] RBP: 00007f5a4db41090 R08: 0000000000000000 R09: 0000000000000000
[  103.315436][ T7826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  103.315447][ T7826] R13: 0000000000000000 R14: 00007f5a4f6f5fa0 R15: 00007fff5d02eca8
[  103.315498][ T7826]  </TASK>
[  103.995041][ T7896] loop3: detected capacity change from 0 to 764
[  104.005358][ T7896] iso9660: Unknown parameter 'xœìÝKlg'
[  104.027492][ T7896] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.078571][ T7896] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.112502][ T7917] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[  104.123330][ T7917] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[  104.145968][ T7896] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.199710][ T7896] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  104.261075][ T7896] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  104.273170][ T7896] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  104.285752][ T7896] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  104.298090][ T7896] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  104.365831][ T7942] ALSA: seq fatal error: cannot create timer (-19)
[  105.121613][ T7969] loop5: detected capacity change from 0 to 764
[  105.194038][ T7969] FAULT_INJECTION: forcing a failure.
[  105.194038][ T7969] name failslab, interval 1, probability 0, space 0, times 0
[  105.210941][ T7969] CPU: 1 UID: 0 PID: 7969 Comm: syz.5.1492 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[  105.210987][ T7969] Tainted: [W]=WARN
[  105.210995][ T7969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  105.211089][ T7969] Call Trace:
[  105.211098][ T7969]  <TASK>
[  105.211108][ T7969]  dump_stack_lvl+0xf2/0x150
[  105.211164][ T7969]  dump_stack+0x15/0x1a
[  105.211215][ T7969]  should_fail_ex+0x24a/0x260
[  105.211246][ T7969]  should_failslab+0x8f/0xb0
[  105.211276][ T7969]  kmem_cache_alloc_lru_noprof+0x57/0x320
[  105.211304][ T7969]  ? __d_alloc+0x3d/0x350
[  105.211331][ T7969]  __d_alloc+0x3d/0x350
[  105.211355][ T7969]  ? __rcu_read_unlock+0x34/0x70
[  105.211385][ T7969]  d_alloc_parallel+0x54/0xc80
[  105.211413][ T7969]  ? selinux_inode_permission+0x341/0x410
[  105.211503][ T7969]  ? lockref_get_not_dead+0x117/0x1b0
[  105.211527][ T7969]  ? down_read+0x171/0x4b0
[  105.211563][ T7969]  __lookup_slow+0x8d/0x250
[  105.211592][ T7969]  lookup_slow+0x3c/0x60
[  105.211618][ T7969]  walk_component+0x1f5/0x230
[  105.211650][ T7969]  ? path_lookupat+0xfd/0x2b0
[  105.211681][ T7969]  path_lookupat+0x10a/0x2b0
[  105.211708][ T7969]  filename_lookup+0x150/0x340
[  105.211798][ T7969]  user_path_at+0x3c/0x120
[  105.211824][ T7969]  __se_sys_name_to_handle_at+0xfa/0x560
[  105.211866][ T7969]  ? ksys_write+0x176/0x1b0
[  105.211898][ T7969]  __x64_sys_name_to_handle_at+0x67/0x80
[  105.211932][ T7969]  x64_sys_call+0xe82/0x2dc0
[  105.212067][ T7969]  do_syscall_64+0xc9/0x1c0
[  105.212098][ T7969]  ? clear_bhb_loop+0x55/0xb0
[  105.212126][ T7969]  ? clear_bhb_loop+0x55/0xb0
[  105.212156][ T7969]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.212182][ T7969] RIP: 0033:0x7f5a4f4dd169
[  105.212221][ T7969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.212242][ T7969] RSP: 002b:00007f5a4db41038 EFLAGS: 00000246 ORIG_RAX: 000000000000012f
[  105.212262][ T7969] RAX: ffffffffffffffda RBX: 00007f5a4f6f5fa0 RCX: 00007f5a4f4dd169
[  105.212285][ T7969] RDX: 00004000000000c0 RSI: 0000400000000080 RDI: ffffffffffffff9c
[  105.212296][ T7969] RBP: 00007f5a4db41090 R08: 0000000000000000 R09: 0000000000000000
[  105.212307][ T7969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.212318][ T7969] R13: 0000000000000000 R14: 00007f5a4f6f5fa0 R15: 00007fff5d02eca8
[  105.212338][ T7969]  </TASK>
[  105.684262][ T7992] loop5: detected capacity change from 0 to 1024
[  105.699509][ T7992] EXT4-fs: Ignoring removed orlov option
[  105.706278][ T7992] EXT4-fs: Ignoring removed nomblk_io_submit option
[  105.749308][ T7992] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.750913][ T8002] __nla_validate_parse: 7 callbacks suppressed
[  105.750935][ T8002] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1503'.
[  105.827340][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.858203][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1503'.
[  105.879953][ T4431] IPVS: starting estimator thread 0...
[  105.902732][ T8009] loop5: detected capacity change from 0 to 512
[  105.953699][ T8009] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  105.982662][ T8009] ext4 filesystem being mounted at /243/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  105.994670][ T8007] IPVS: using max 2304 ests per chain, 115200 per kthread
[  106.099804][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.101253][ T8024] netlink: 'syz.4.1511': attribute type 10 has an invalid length.
[  106.121591][ T8024] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1511'.
[  106.134961][ T8024] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  106.239609][ T8030] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1512'.
[  106.271536][ T8032] loop3: detected capacity change from 0 to 1024
[  106.311384][ T8032] EXT4-fs: Ignoring removed orlov option
[  106.319579][ T8032] EXT4-fs: Ignoring removed nomblk_io_submit option
[  106.340030][ T8036] loop5: detected capacity change from 0 to 512
[  106.348363][ T8032] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.382119][ T8036] EXT4-fs error (device loop5): ext4_quota_enable:7097: comm syz.5.1516: Bad quota inum: 1, type: 2
[  106.396425][ T8036] EXT4-fs warning (device loop5): ext4_enable_quotas:7145: Failed to enable quota tracking (type=2, err=-117, ino=1). Please run e2fsck to fix.
[  106.415159][ T8036] EXT4-fs (loop5): mount failed
[  106.509117][ T8052] xt_CT: No such helper "pptp"
[  106.619476][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.687857][ T8064] loop3: detected capacity change from 0 to 1024
[  106.699833][ T8064] EXT4-fs: Ignoring removed orlov option
[  106.711322][ T8064] EXT4-fs: Ignoring removed nomblk_io_submit option
[  106.756746][ T8064] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.793547][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.877132][ T8076] loop3: detected capacity change from 0 to 164
[  107.142412][ T8078] Cannot find set identified by id 0 to match
[  107.154549][ T8076] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  107.257018][ T8076] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  107.415323][ T8085] netlink: 'syz.3.1529': attribute type 21 has an invalid length.
[  107.428302][ T8085] netlink: 'syz.3.1529': attribute type 20 has an invalid length.
[  107.442121][ T8085] IPv6: NLM_F_CREATE should be specified when creating new route
[  107.831025][ T8074] kexec: Could not allocate control_code_buffer
[  107.846506][ T8117] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1544'.
[  107.943360][ T8124] program syz.4.1547 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  107.973803][ T8104] loop3: detected capacity change from 0 to 2048
[  107.977176][ T8119] netfs: Couldn't get user pages (rc=-14)
[  108.002737][ T8127] xt_CT: No such helper "pptp"
[  108.028411][ T8104] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.047947][ T8104] ext4 filesystem being mounted at /318/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.146216][ T8140] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1550'.
[  108.196665][ T8140] netem: change failed
[  108.356039][ T8153] netfs: Couldn't get user pages (rc=-14)
[  108.397931][ T8161] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1559'.
[  108.412102][ T8161] 0ªX¹¦À: renamed from caif0
[  108.419369][ T8161] 0ªX¹¦À: entered allmulticast mode
[  108.426389][ T8161] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  108.446668][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.487680][   T29] kauditd_printk_skb: 383 callbacks suppressed
[  108.487698][   T29] audit: type=1326 audit(2000000077.193:8319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8167 comm="syz.5.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[  108.563029][   T29] audit: type=1326 audit(2000000077.193:8320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8167 comm="syz.5.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[  108.591040][   T29] audit: type=1326 audit(2000000077.193:8321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8167 comm="syz.5.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[  108.618163][   T29] audit: type=1326 audit(2000000077.193:8322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8167 comm="syz.5.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[  108.624308][ T8179] loop3: detected capacity change from 0 to 1024
[  108.642303][   T29] audit: type=1326 audit(2000000077.193:8323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8167 comm="syz.5.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[  108.675923][   T29] audit: type=1326 audit(2000000077.193:8324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8167 comm="syz.5.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[  108.703055][   T29] audit: type=1326 audit(2000000077.202:8325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8167 comm="syz.5.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[  108.731201][   T29] audit: type=1326 audit(2000000077.202:8326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8167 comm="syz.5.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[  108.760059][   T29] audit: type=1326 audit(2000000077.202:8327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8167 comm="syz.5.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[  108.774674][ T8179] EXT4-fs: Ignoring removed oldalloc option
[  108.786892][   T29] audit: type=1326 audit(2000000077.202:8328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8167 comm="syz.5.1560" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a4f4dd169 code=0x7ffc0000
[  108.807352][ T8179] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  108.894649][ T8179] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.968207][ T8178] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4115: comm syz.3.1564: Allocating blocks 481-513 which overlap fs metadata
[  109.036309][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.112564][ T8207] loop5: detected capacity change from 0 to 1024
[  109.129844][ T8211] loop3: detected capacity change from 0 to 1024
[  109.138740][ T8207] EXT4-fs: Ignoring removed orlov option
[  109.149234][ T8207] EXT4-fs: Ignoring removed nomblk_io_submit option
[  109.150712][ T8211] EXT4-fs: Ignoring removed orlov option
[  109.170037][ T8211] EXT4-fs: Ignoring removed nomblk_io_submit option
[  109.204237][ T8211] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.233468][ T8207] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  109.285826][ T8214] netfs: Couldn't get user pages (rc=-14)
[  109.336329][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.393461][ T8222] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1577'.
[  109.467198][ T8227] netfs: Couldn't get user pages (rc=-14)
[  109.516327][ T8235] netlink: 'syz.5.1584': attribute type 10 has an invalid length.
[  109.526578][ T8235] hsr_slave_0: left promiscuous mode
[  109.532908][ T8235] hsr_slave_1: left promiscuous mode
[  109.552147][ T8239] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1583'.
[  109.565958][ T8237] netfs: Couldn't get user pages (rc=-14)
[  109.623207][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.675775][ T8250] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8250 comm=syz.5.1590
[  109.702025][ T8253] xt_hashlimit: max too large, truncated to 1048576
[  109.784710][ T8264] program syz.4.1597 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  109.820094][ T8266] dummy0 speed is unknown, defaulting to 1000
[  109.878688][ T8266] lo speed is unknown, defaulting to 1000
[  110.045685][ T8282] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  110.109751][ T8287] 9pnet_fd: Insufficient options for proto=fd
[  110.119974][ T8282] dummy0 speed is unknown, defaulting to 1000
[  110.150203][ T8284] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1605'.
[  110.180629][ T8290] loop3: detected capacity change from 0 to 2048
[  110.268504][ T8282] lo speed is unknown, defaulting to 1000
[  110.294003][ T8290] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  110.562874][ T3296] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  110.587291][ T8325] netfs: Couldn't get user pages (rc=-14)
[  110.727897][ T8321] loop5: detected capacity change from 0 to 2048
[  110.771688][ T8321] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  110.807788][ T8321] ext4 filesystem being mounted at /264/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  110.835407][ T8334] netlink: 'syz.1.1621': attribute type 3 has an invalid length.
[  111.033395][ T8358] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  111.324311][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.394108][ T8380] smc: net device bond0 applied user defined pnetid SYZ0
[  111.405148][ T8380] smc: net device bond0 erased user defined pnetid SYZ0
[  111.440452][ T8388] __nla_validate_parse: 2 callbacks suppressed
[  111.440470][ T8388] netlink: 312 bytes leftover after parsing attributes in process `syz.4.1643'.
[  111.522898][ T8398] netlink: 'syz.0.1645': attribute type 3 has an invalid length.
[  111.543789][ T8398] netlink: 360 bytes leftover after parsing attributes in process `syz.0.1645'.
[  111.556459][ T8398] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1645'.
[  111.856987][ T8419] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1655'.
[  111.877677][ T8415] loop5: detected capacity change from 0 to 2048
[  111.888245][ T8420] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1655'.
[  111.918204][ T8422] loop3: detected capacity change from 0 to 128
[  111.918634][ T8415] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  111.947097][ T8415] ext4 filesystem being mounted at /270/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  111.977132][ T8422] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  112.006473][ T8422] ext4 filesystem being mounted at /329/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  112.120058][ T8437] block device autoloading is deprecated and will be removed.
[  112.185709][ T8445] loop1: detected capacity change from 0 to 164
[  112.198489][ T8445] /dev/loop1: Can't open blockdev
[  112.202733][ T8447] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1666'.
[  112.525001][ T4472] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.604703][ T8486] netfs: Couldn't get user pages (rc=-14)
[  112.624505][ T6437] ==================================================================
[  112.633796][ T6437] BUG: KCSAN: data-race in netfs_advance_write / netfs_write_collection_worker
[  112.644682][ T6437] 
[  112.647754][ T6437] write to 0xffff8881406d4338 of 8 bytes by task 8486 on cpu 0:
[  112.656560][ T6437]  netfs_advance_write+0x36f/0x610
[  112.662262][ T6437]  netfs_unbuffered_write+0xde/0x330
[  112.668395][ T6437]  netfs_unbuffered_write_iter_locked+0x2b7/0x570
[  112.675086][ T6437]  netfs_unbuffered_write_iter+0x2b7/0x3b0
[  112.681540][ T6437]  v9fs_file_write_iter+0x60/0x80
[  112.686717][ T6437]  vfs_write+0x77b/0x920
[  112.691372][ T6437]  ksys_write+0xe8/0x1b0
[  112.695943][ T6437]  __x64_sys_write+0x42/0x50
[  112.700675][ T6437]  x64_sys_call+0x287e/0x2dc0
[  112.705691][ T6437]  do_syscall_64+0xc9/0x1c0
[  112.710901][ T6437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.717876][ T6437] 
[  112.720495][ T6437] read to 0xffff8881406d4338 of 8 bytes by task 6437 on cpu 1:
[  112.728691][ T6437]  netfs_write_collection_worker+0x3ee/0x2530
[  112.735004][ T6437]  process_scheduled_works+0x4db/0xa20
[  112.740935][ T6437]  worker_thread+0x51d/0x6f0
[  112.745675][ T6437]  kthread+0x4ae/0x520
[  112.751353][ T6437]  ret_from_fork+0x4b/0x60
[  112.756682][ T6437]  ret_from_fork_asm+0x1a/0x30
[  112.762182][ T6437] 
[  112.764787][ T6437] value changed: 0x0000000000000000 -> 0xffff888101e00e40
[  112.772998][ T6437] 
[  112.775578][ T6437] Reported by Kernel Concurrency Sanitizer on:
[  112.782227][ T6437] CPU: 1 UID: 0 PID: 6437 Comm: kworker/u8:11 Tainted: G        W          6.14.0-rc5-syzkaller-00013-g99fa936e8e4f #0
[  112.796030][ T6437] Tainted: [W]=WARN
[  112.800544][ T6437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  112.812213][ T6437] Workqueue: events_unbound netfs_write_collection_worker
[  112.819459][ T6437] ==================================================================
[  112.882538][ T3296] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.