last executing test programs:

1.841485477s ago: executing program 0 (id=375):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
rt_sigaction(0x14, &(0x7f0000000080)={&(0x7f0000000000)="2e450f479560566666640fb1ffc481d5c623f3c402bdaaa70900000066420f6b21643ed28600200000c423417d6742b0c4017928e4c4610165f9c4c3a9694ed626", 0x2, 0x0, {[0x12]}}, 0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000"], 0xfdef)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x5, 0x47, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='kmem_cache_free\x00', r0}, 0x10)
io_setup(0x8, &(0x7f0000000100))
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000008c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x9}}, {@mblk_io_submit}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
chown(&(0x7f0000000340)='./file0\x00', 0x0, 0x0)
listxattr(&(0x7f0000000300)='./file0\x00', 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xbe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000340)='cpu\t|0&&\t')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r3=>0xffffffffffffffff})
memfd_create(&(0x7f0000000140)='GPL\x00', 0x3)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="9fedcb7968ddc36c8f263408008d"], 0xfdef)
setsockopt$packet_fanout_data(r4, 0x107, 0x16, 0x0, 0x0)

1.611273346s ago: executing program 1 (id=379):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000810"], 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xae}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="580000000206050000000000000000000000010005000400000000000900020073797a320000000014000780050014007c0000000800084000000020050005000a00000005000100060000000c000300686173683a6970"], 0x58}}, 0x0)
r1 = syz_open_pts(0xffffffffffffffff, 0x2400)
r2 = syz_open_pts(r1, 0x20000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r2}, 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000111e89c0100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8057, @void, @value}, 0x94)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x1c1842, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000000c0)='find_free_extent\x00', r3, 0x0, 0x334e}, 0x18)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000001c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup2(r1, 0xffffffffffffffff)
close(r6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r6, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"})

1.567048625s ago: executing program 4 (id=380):
r0 = open(&(0x7f0000000080)='./file1\x00', 0x141142, 0x0)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000001040)={0x240, 0x9, 0x5770, 0x0, 0x6})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb)
open(&(0x7f0000000080)='./file1\x00', 0x141142, 0x0) (async)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000001040)={0x240, 0x9, 0x5770, 0x0, 0x6}) (async)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb) (async)

1.548729895s ago: executing program 4 (id=381):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r2)
socket(0x400000000010, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
r3 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000000314010000000000000008000900020073797a310000000008004100736977001400330073797a6b616c6c657230"], 0x38}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r6, 0x2007ffc)
sendfile(r6, r6, 0x0, 0x800000009)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'dummy0\x00'})
ioctl$sock_kcm_SIOCKCMUNATTACH(r6, 0x89e1, &(0x7f0000000280)={r7})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000300)='rpcb_register\x00', r5, 0x0, 0x3}, 0x18)
syz_mount_image$iso9660(&(0x7f0000000200), &(0x7f0000000240)='./file1\x00', 0x8c48, &(0x7f00000002c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT=0x0, @ANYRES32], 0x3, 0x5d8, &(0x7f0000000b00)="$eJzs3E1v3MbdAPChLEUL5XmMAkFtxTEQxsnBPVjZXdUyhPTgLUVJTHaXC5IK5FMR1HIqVEqLuAUa33xJG7RFTz0XufYT9EvlM6jgvih6yyp2bG9b/H6APbPL/8z8h6Y5EO1hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABClGw0m60odLP+zm783ZKNIu9NOT7p71+nilMWQgjzx+OGENW/QqMRlkdfLb/xbeyP699uheujT9dDoy4a4cnr1370wRvzc3XDhSgKUxJ6JR5/8eTXnxwc7H0+60RegKPo2dtspf2szLNeZyuNszKP19fWmu9vb5bxZtZNywdllfbipEg7VV7Et5P7IYT11ThdeZDv9Lc2Ot00vp38JG6tr9+702421+IPVwZppyjz/vsfrpTJdtbtZv2tYUx9+E777XCvvhA/yqq4Sju9OH60f7C3elmSdVDr+wS1LwtqN9vtVqvdbq3dXb97r9lsjK/W4y/mm2eEs03mZ3/R8sq9Fhp/ri+U4YfJPe61F3ojh+dwlPxt1ikAAAAAL1k0fMYeDZ/OLw9rm1k3bZ6KOYpmlh4AAADwAgx/tL8+fgAQwnKIzv/8DwAAAPx3+9PUPXYhikI5WIwmW1UGu+9Fh5261jm8Mvrqytkeq80b0dVxJ8NibX78KUlvRm+Ogt6cRH8zLh5dlkdUFAvR0x+WQPhLuDGKufFwVD6cHBmNsrSZddOVJO9+0AqdztW5Kt2tfv/Z/v+FUBRHV77q965G4dH+wd7KL39z8HCYy9O6l6eH4/8hEZ3d1XM6l8VwIpffheXRbsjl8Yzvn57xwvBBTD3rr/q9pdG4zUF3/nj+c8PWR+f+SKfM/8vw1ijmraVRuXR6/o16zNbK6dn/oZ79ySxag933FseDjWe+8GxZ3BzF3Lz9bl28e3t8ZOFEFu3LsmifPP+jcxHmQlib/6FZnDwXq1OyOAr7B3urF2fxvc8FwKw8Ot59f2rdDd+u/+fW3fHtLT7b1ZS73CWre72EX7q6/+rSUb4M74xi3rkxP/6XjRDCmTt687J1pXnxun5uriFcnMU/w61//D2EnXBrEvxda2w97l9PrarR4dd1g6/PjTvZaV5221H94cri4W/DtcdfPLmzf/jJp3uf7n3Wbq+uNX/abN5th4XhNMaFtQeAC6TFN9FS9ceoKLLBL1rr661OtZ3GRZ58FBfZxlYaZ/0qLZLtTn8rjQdFXuVJ3q0rH2cbaRmXO4NBXlTxZl7Eg7zMdodvfonHr34p016nX2XJXOimnTKNk7xfdZIq3sjKJB7s/LybldtpMWxcDtIk28ySTpXl/bjMd4okXYnjMk1PBGYbab/KNrO62o8HRdbrFA/ij/PuTi+NN9IyKbJBlY86nIyV9TfzojfsdmXWJxsA/kM8DuM32B2/ym56ZdLuxKHQuHYvhCmtLhr33DNSAOCVObtKL846IQAAAAAAAAAAAAAA4JyT2/V+Nt6U92w7Ap+10gjHlam7Bp+7cv/1iw69/ZKm85yVEML8Sx1i8uKkmc/0f6PS+Hz4l2PWaUzes/i8/UQhhMuD/7+OmdENCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm+HcAAAD//zglh5E=")
syz_emit_ethernet(0x1de, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a601a80000fc020000000000000000000000000000fe8000000000000000000000000000aa223405"], 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x100)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_bp={0x0}, 0x0, 0x3, 0xffff, 0x0, 0x0, 0xfffffffa, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380), 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f00000000c0)='dns_resolver\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000280)="dee7030022cf5c6c7bc31bd2599759fafa9e5e1dbac27b041bfc026dc41fb9b9761a1b44dac894f365ae68edf335abf35ebc3d67518d34fec500", 0x3a, r8)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000000)={0x0, 0x3d2e, 0xc, 0x29cd, 0xe, "31ad727ed575beb138e3218eef058e75d2fb25"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r4}, 0x18)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r4}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRESDEC], 0x48)

1.469950605s ago: executing program 3 (id=382):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
fremovexattr(r0, &(0x7f0000000580)=@known='trusted.overlay.redirect\x00')
mmap(&(0x7f0000941000/0x1000)=nil, 0x1000, 0x2000002, 0x10, r0, 0xd74d4000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
sched_getscheduler(0x0)
r2 = syz_io_uring_setup(0xec5, &(0x7f0000000240)={0x0, 0x0, 0x1300, 0x0, 0x4}, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x2, &(0x7f00000001c0)={0x0, 0x3938700}, 0x1, 0x40})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r2, 0x2, 0x10a5, 0x3, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000c"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r5}, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, 'v\x00', "07f217bd74511f465bbbd5de01000000f91800", "0000f600", "8ce63ecbc640735f"}, 0x38)
sendto$inet6(r6, &(0x7f0000000100)='S', 0x1, 0x8000, 0x0, 0x0)
close(r6)

1.202808134s ago: executing program 3 (id=384):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2, <r3=>0xffffffffffffffff}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
r5 = socket$kcm(0x2, 0xa, 0x2)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000200)={@val={0xa}, @void, @eth={@multicast, @remote, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, "75a3d0", 0x30, 0x11, 0x1, @empty, @mcast2, {[], {0x4e21, 0x4e20, 0x58, 0x0, @gue={{0x2, 0x0, 0x1, 0x6}, "319b30e37888631ba08ff908da1166191412b03893cb48c179699fdb90daed29"}}}}}}}}, 0x6a)

923.877993ms ago: executing program 1 (id=387):
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f00000000c0)='./file0\x00', 0x20000, &(0x7f0000001a80)=ANY=[@ANYBLOB="002918d910d46be7099c66b02010b1f0b7c3dc1dabe625969fb0adc922385af53d57a1d35dd71c90d9dd649b53142dd3d4108b4c7db82e8475d5bb6fa2fa626cd92c7326ce1ba2f33b0aef2b2164e01d910058b51684696959ea7f5a607a6572d2640cf9312a07000000260e3651a0cbfd2c080990fb4c76e9e613a759863734a70d0600ec77e8ba76aacbb21e4b903aa4873a9951f269a9c0f87805a1a0cbdf6b8644a1de05a8d9dd9687d67c8af7f68cb59e60d1fbefb49b93d6b72cce4162edc4468a13987d94d428df36915621aeff6dc1358a7331fa69e05c417c2e1e6b8dc29c496c76d02dfc2d7b48616fb3f01b221f4f8f484a00090964922de8909a1f9f7ef655a12a68a56cb341a8fba4cd81cedec9cb518d13d2a2564427b63b037494748a24daa21fe1256df68d000b2778bf0437cc642cd83c5a1b34eeffdf93ecbd85bb340eeef68dd60101769c74f94d217264c171feea0305bfc87c36247d90b129a9973f00000001d99b195d2f75653a0193672783c6dbca5d1445110621d8095064f0a034f492cf5aa4767a772d6f4967722546bfd83d3202f76c20a9d7f40f9e7818d77129df7fd072804e0227ecaa03dddd303a318d6f7763ce011543587e6a306780ca2f37db7e8a5b64a5059ac91ff2110e40ea13d70e1504653ba9eebcf61b427797fb3fd79d2bb9aaa13c9729fe323c4ac222991981381e004684fb200b17d2f6ede181067662ad8a31f45b613869ca8fc5b1dbe62407a1f6dcb86a4c430210e9bcfca9b83283b87316c4d17f388e0bab0500000092a82e12f8e5348f11e7739033e9081bfc598746cf032fa55d9581470000000019ac65f89ca7d96da3ca2db52f8ec80462fddf42dbbca24b7200"/643], 0x1, 0x120b, &(0x7f00000036c0)="$eJzs3M9rXFUUB/CTNv1hajJRa7UF6UE3unk2WbhyEyQF6YDSNoVWEF7NRIeZzIS8ITBFbHdu/TvEpTtB/AeyceNacJeNyy7EJ84LtglxEcFOWz6fzRzm3i9zH28YeJd7Zu/9bzZ7G1WxUY7ixMxMzG5F5MOMjBNxMhoP4p1bv/z6xo3bd66ttNur1zOvrtxcei8zFy7/+MmX37350+jcre8XfjgTu4uf7v2+/Nvuhd2Le3/e/KJbZbfKwXCUZd4dDkfl3X4n17tVr8j8uN8pq052B1Vn+8D4Rn+4tTXOcrA+P7e13amqLAfj7HXGORrmaHuc5edld5BFUeT8XPDfnY61bx/WdR1R16fidNR1Xb8Qc3EuXoz5WIhWLMZL8XK8Eufj1bgQr8XrcXEya9orBwAAAAAAAAAAAAAAAAAAgOeL/n8AAAAAAAAAAAAAAAAAAACYPv3/AAAAAAAAAAAAAAAAAAAAMH36/wEAAAAAAAAAAAAAAAAAAGD6bty+c22l3V69nnk2YvPrnbWdtea1GV/ZiG70oxNXohV/xKT7v9HUVz9sr17JicV4d/P+fv7+ztrJg/mlyd8JHJlfavJ5MH8m5h7PL0crzh+dXz4yfzbefuuxfBGt+PmzGEY/1uPv7KP8V0uZH3zUPpS/NJkHAAAAz4Mi/3Hk83tR5MxMM/XQePPmv+8P1K1D+wOHnq9n49LsFC+ciWp8r1f2+53tZ6vY/0rGvV55+WlYj+IYxf69e/C0rOcZLU5FxP/4EVP8UeKJeXTTp70SAAAAAAAAAAAAjuMYBwNnm/O2xz9OOO1rBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5iB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFcFAAD//78558w=")
open_tree(0xffffffffffffff9c, 0x0, 0x81000)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a31000000004c000000050a01020000100000000000010020000c00024000000000000000010900010073797a310000000020000480140003006e657464657673696d300000000000000800014000000005"], 0xd4}}, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000000340)={0x0, 0x5}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000900)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570)

918.585523ms ago: executing program 4 (id=388):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
close(r0)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
listen(r0, 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000006a001902"], 0x14}}, 0x0)

873.262673ms ago: executing program 3 (id=389):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=@newtaction={0x104, 0x30, 0x1, 0x0, 0x2000, {}, [{0xf0, 0x1, [@m_mpls={0xec, 0x5, 0x0, 0x0, {{0x9}, {0x4c, 0x2, 0x0, 0x1, [@TCA_MPLS_LABEL={0x8, 0x5, 0x5a48c}, @TCA_MPLS_TTL={0x5}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0xa7, 0x9, 0x3, 0x6, 0x9}, 0x3}}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x7, 0x6, 0x6, 0x7cf8e081, 0x7fffffff}, 0x1}}]}, {0x76, 0x6, "3e71786ce2f4af33dd1fceb9f954c38d48044f163561db0c2fc4edc21e6a8abc0a040440a4c5bfd011a11fba88b02bc0550278f39f61f087289c0a447a8d5b0df39338ffd658176c834a4bb5bc7533cf4cd58771ef27522819fcb0c87ac2ff720d2c1ad92d1b1bc97d2d972faa3f909e75b5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x6, 0x3}}}}]}]}, 0x104}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$netlink(r2, 0x10e, 0x4, 0x0, &(0x7f0000000040))

821.067323ms ago: executing program 0 (id=391):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080))
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt_acct\x00')
r2 = socket(0x18, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r4}, 0x8)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
tkill(r5, 0x2e)
ptrace$peeksig(0x4209, r5, &(0x7f0000000340)={0x0, 0x0, 0x2e}, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETA(r6, 0x560a, &(0x7f0000001040)={0x0, 0x1, 0x4, 0x20, 0x0, "0000e5ff0100"})
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r9 = syz_io_uring_setup(0x6574, &(0x7f00000003c0)={0x0, 0xfad6, 0x1000, 0x1, 0x29}, &(0x7f0000000240), &(0x7f0000000280))
io_uring_enter(r9, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r9, 0x18, &(0x7f0000000440)={0xfe, 0xffffffffffffffff, 0x29, {0x6, 0x9}, 0xf0}, 0x1)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={r9, 0x20, &(0x7f0000000200)={&(0x7f00000007c0)=""/97, 0x61, <r10=>0x0, &(0x7f0000000840)=""/195, 0xc3}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x2b, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000200000000c90000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0xd5, &(0x7f00000006c0)=""/213, 0x41000, 0x32, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x5, 0x10, 0x3, 0x80000}, 0x10, r10, r8, 0x2, &(0x7f0000000380)=[r6, r7, r7, r7, r7, r7, r7, r7, r7], &(0x7f0000000480)=[{0x2, 0x4, 0x10, 0x7}, {0x5, 0x2, 0x0, 0x5}], 0x10, 0x100, @void, @value}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r11}, 0x10)
connect$pppoe(r2, &(0x7f0000000100)={0x18, 0x0, {0x2, @broadcast, 'vxcan1\x00'}}, 0x1e)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000000), 0x4, 0x5eb, &(0x7f0000000c00)="$eJzs3ctvFEcaAPCvxw9sjNYDWu0ue1gsrVYg7WJjAysU5QDXCFnkoVxyiYMNIRiwsKPEJBJGIpdIUS5RFCmnHEL+iwSFK6fklEMuOUVIKIk4RspEPdNtPHaPX9jTiP79pGG6q6Zd1djfVHVNVU8AlTWS/lOLOBgRc0nEcLK0nNcbWeZI63WPfnv/fPpIotF4+Zckkiwtf32SPQ9lBw9ExHffJnGgZ22584s3Lk/Nzs5cz/bHFq7Mjc0v3jh66crUxZmLM1cn/j9x6uSJk6fGj23rvG4WpJ29/dY7wx9Ovvbl578n41/9OJnE6Xghe+HK89gpIzHS/D9J1mYNndrpwkrSk/2dNBqNRp6W9JZbJzYv//31RcTfYzh64vEvbzg+eLHUygG7qpG03ruBKkrEP1RU3g/Ir+1XXwfXSumVAN3w8ExrAGBt/Pe2xgZjoDk2sPdREiuHdZKI2N7IXLt9EXH/3uTtC/cmb8cujcMBxZZuRcQ/iuI/acZ/PQai3oz/Wlv8p/2Cc9lzmv7SNstfPVQs/qF7WvE/sG78R4f4fz19vtmK4Te2WX798eabg23xP7jdUwIAAAAAAIDKunsmIv5X9Pl/bXn+TxTM/xmKiNM7UP7Iqv21n//XHuxAMUCBh2cini+c/1vLZ//We1YsYa1HX3Lh0uzMsYj4S0Qcib496f74OmUc/ejAZ53yRrL5f/kjLf9+Nhcwq8eD3j3tx0xPLUw9wSkDmYe3Iv5ZOP83WW7/k4L2P31nmNtkGQf+c+dcp7yN4x/YLY0vIg4Xtv+P71qRrH9/jrFmf2As7xWs9a/3Pv66U/nbjX+3mIAnl7b/e9eP/3qy8n4981sv4/hib6NT3nb7//3JK827CvVnae9OLSxcH4/oT872pKlt6RNbrzM8i/J4yOMljf8j/15//K+o/z8YEUurfnbya/ua4tzf/hj6qVN99P+hPGn8T2+p/d/6xsSd+jedyt9c+3+i2dYfyVKM/0HLp3mY9renF4Rjb1FWt+sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM+CWkTsi6Q2urxdq42ORgxFxF9jb2322vzCfy9ce/vqdJrX/P7/Wv5Nv8Ot/ST//v/6iv2JVfvHI2J/RHzSM9jcHz1/bXa67JMHAAAAAAAAAAAAAAAAAACAp8RQh/X/qZ97yq4dsOt6y64AUJqC+P++jHoA3af9h+oS/1Bd4h+qS/xDdYl/qC7xD9Ul/qG6xD8AAAAAADxT9h+6+0MSEUvPDTYfqf4sr6/UmgG7rVZ2BYDSuMUPVJepP1BdrvGBZIP8gY4HbXTkeubOP8HBAAAAAAAAAAAAAFA5hw9a/w9VZf0/VJf1/1Bd+fr/QyXXA+g+1/hAbLCSv3D9/4ZHAQAAAAAAAAAAAAA7aX7xxuWp2dmZ6zZefTqq0c2NRqNxM/0reFrqs/MbSTZDvSuF5lPhu3+m/Zs5wXyt3+Z+cnnvSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLs/AwAA//+JjCTl")
r12 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r12, &(0x7f0000000180)='./bus\x00', 0x0)
sendfile(r2, r1, 0x0, 0x8)

761.493563ms ago: executing program 3 (id=392):
syz_open_dev$tty20(0xc, 0x4, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x747cf17da9370000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000001480)={'syzkaller0\x00', 0x7101})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1600000000000000040000000100000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRESOCT=r0], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socketpair(0x0, 0x1, 0x101, &(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8914, &(0x7f0000000080))
perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r2)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r6}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r7 = open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x19)
r8 = open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0)
ftruncate(r8, 0x2007ffb)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001e40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e841cca555077e3a159110193dd2ff1fa7c3205bfedbe9d8f3bd23cd78a07e32fe0231368b2264f9c504b2f1f65515b2e1a38d522be18bd10a48b043ccc42673d06d7535f7866925d86751dfced1fd8accae669e173a659c1cfd6587d47578f4c35235138d5521f9453559c35da860e8efbcbfb42c30d294a55e1c46680bee88956f2b3599f455c7a3a49a01010000009f2f0517e4ca0e1803a20000000013d4e21b3336f1ae0796f23526ec0fd97f7325eac34c4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b09789d99b3d0524f39d5ae913b2d22eb2c09244ba5dbe9180950f76f7049db5cb19d7962fed44e00f39ed8c13a11fa798de504e2865cd81f2b77fdd76c677f812d249c8130b018d4300000020000000db3947c85c3a9027ce9e856fa8b7fb05000000000000593d60abc9b3e67d127e56f3d3759dcfeb820634fd4d419efaefc74305b2bea2000600000051fcf5d62205561b6efaad206335a309f7b9e01446a6285f4665a7fe3cda2349f8bf400100000000000000f435f28fbeda75cf971f54a9698cf3270f420ee83f2d9babe7b922401639ce3c4ff0850a8e078374909413f3fbd3ced3285252dc81a46ef7ce29484dc6b6adfd7a4db730fc594609654d97836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be71b0417d33d3ab25493418ba0fbacf768e07c1a939d31f606085b9e3efc93b0f58d5ec37494d9d10d76e603129e9a726579ac7d672cacd581b7ca77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66da2254a6f911b1469c62a6e1e3f9c1715c009a58e6eadac8f61b45853673df72dc813f7454ae22d79ac48034282f03040889500000000179dcf66d93907cedd49e0c5752f755849953957143a0335d2f62acbf18b251ce63b29fe177745448ccc925770fac12cf9e291200df6bb669d5a57dd74df817ef2f8698f710c359afe73947afebdf5536e4db8b0231d0cbc798766ec60586f14b44775bc9d250e4515cb83275d3b495fa90000e69a68b47ac4595463e1442d88e0606a060000cc914fae896ab129ccdf8792a8435972c8391d132a2fcbd40e865d62cc7c4200000000000000000000000000000800002a77fbbccfdb1ab3d8434905f09726b8145ea99c7640faab578dc98a6134df0a10a54ce7e7ddbb709a27d977d1f91ab9ee940700009594c9a50961b7fcc56d82584dc8254df7c411fa61353a6897c4f3b9f6f2ab47adb29aefecce96c94f360e129c9f2af569c794b68b2ead404bcdd4aa9cb6a128e1ad45fd4030e1e69adf4986b7860f3122d59c079f0f9a1732f691590f45512aec4ed2413f66cac7dd022301741c576dea82005b166d6c3b9ed0c297ac197a92188a618745e78dca0b3c62f1601243089d9c687563382b0b88a7d80fd7bf7fae8a690f52db1464d29b1b926414cd35705c89662c585e32c881d917b74f027674dbc017499ba15a2e2900000000000000000000000000007b593ecbdd162fee9f239a3c615b3e9a3fb0af254bdd247a5a5abdbc0123c950eec0f1800b295be71418dd65de15e11beef9630499c70fce74135a7c7c8e818b79b85ff65d59d89492d7a663d3f25651e252ab49d358eac853ffe182ee37a5db085a072647719cb8604ba2e0b80af3f1867bd8fb6afca671437e0a5a9d5a088436739262d894986882ec0fb419a377ef47f4920a5de6d8de0d3090b4cb6b773e825442d351f980eed0d997a4d98a51220c41b145e2186546c646128a3e69f52fcad83a026def90b9eb55f4a0a2251bbae428c6c017b5a47f1580831a7ce232857e6aa9e777e99da1a3ad03fdc93fa7ed96228deac5e3bce983971041297a6ba18783a2edc7e3901cc891035872c61e7ea375b0902be0c5cc7fdef968ba1ca17ce5e11f2f384cd28c1194f56d3cf074e8ba4e60e84dc2f352c3cd170581aee0c93ca8ceff84cda40325d340759e79e5c4bcec227e37f7ec2193c78877fb319ec1f2d4dcf1d46a15cde1d6cecce6ecdb0c0a3413394d51341a7b3606ad8c29b6dbf6be3265b528c3208de35161bfe19678df43a45b314e5a0f8754cfaf4f9d3fdf9c8f7b7c296bf2e632d25ba8ee6369b362a8e4c9dff176d482d32249c93680a04f6464f184acfd0376662fee9e1031e569248db9bc724cdd97976a4d7c5c5172d1383fa1e442f68a14b747a9f2597bf115dd0111fe8ba3584a43176f33bd39a408f8648b19839bba9cc47624ea19e46dbbdf0faf591bcdc8613828a0c5a40c04ae34bbf4a0e27828b0c7cb9d7a7455db030425a4bd69cf6dcb4b1d066f8ef4ea1c710e05819df82d5cc94ace6b41c2de37a2eaf24f24b3d9a7dd4d197d51407be3e90000000000000000dbc0b0d6e11ccb71437ebea7ad01d5b93a7a0561e4a1b3fa1aa9c75f3aaec4ace1b6201a3e007b657be62df59133b4d8f0f145d9fc954cc7792077268bf0977e2a699722ce3dbb97248b8a8a771dd0f7d9c97e6587524a44fd6d49330ccbc39ca277b84f7f0a39759ef0b42388bd69fe341a925e8cdc5d7b2d6ddb7331a081bd0672bf4d02255de095a179e51bf5492d4e89c3cbad59db725c0dd7e35cbd9887175286a37d7621a361eb830cc5b842b11b5d040ccceb254d6a0c9c43718d0816bb2465928e236101b8cd46b5ef9cb930378a9249cbb41bcde9bb78d71c512153d2f1d765b56d2e5ef3e3d34975787646630051074c9706747fda873ccfdb394fc269c8cfadc0a52c3402f392a38052f859ab5600000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000240)='kmem_cache_free\x00', r9}, 0x10)
sendfile(r8, r8, 0x0, 0x800000009)
pwritev2(r7, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0)
mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\"Zm\x1c\x18\x11\x93\xb5z \xc2\x8b\xa9\xc5\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x2c, &(0x7f0000000300)={0x0, 0xfffffffffffffffd, 0x3})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0))

760.977102ms ago: executing program 2 (id=393):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r0, 0x6, 0x7, 0x0, &(0x7f0000000180))
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a500850000002d00"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r2}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00'})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
creat(&(0x7f0000000180)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x0)
setresuid(0x0, r9, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r10, 0x10e, 0x1, &(0x7f0000000080)=0x1e, 0x4)
socket$unix(0x1, 0x5, 0x0)

713.522892ms ago: executing program 1 (id=394):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x28}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddb357f7adf97affffffff7d1800"})
r3 = syz_open_pts(r2, 0x0)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
dup3(r2, r3, 0x0) (async)
dup3(r2, r3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000200)="e3", 0x1}], 0x1) (async)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000200)="e3", 0x1}], 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0) (async)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0)
write$cgroup_devices(r4, &(0x7f0000000000)=ANY=[], 0xffdd)
ioctl$TCSETA(r3, 0x5406, &(0x7f0000000000)={0x0, 0x8000, 0x0, 0x0, 0x11, '\x00\x00\x00\x00 #\x00'}) (async)
ioctl$TCSETA(r3, 0x5406, &(0x7f0000000000)={0x0, 0x8000, 0x0, 0x0, 0x11, '\x00\x00\x00\x00 #\x00'})
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x40, 0x7, 0x6, 0x801, 0x0, 0x0, {0x3, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x400}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x9}]}, 0x40}}, 0x20000800)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100))
ioctl$TIOCGPTPEER(r2, 0x5441, 0x2000000)

650.242362ms ago: executing program 2 (id=395):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x11, 0x800000003, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002304e800000000000000ea850000007b000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='netlink_extack\x00', r1}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='module_request\x00', 0xffffffffffffffff, 0x0, 0xe}, 0x18)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="540100001000010000001000ffdbdf25fe8800000000000000000000000000010000000000000000000000000000000100000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc0100000000000000000000000000010000000032000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff0000000000000000ffffffffffffff7f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000a000000af0000000000000056000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00170000000000000000002abd7000000040000000000000000000c684f78fce6e9489ca53fd5ca1decaf059"], 0x154}}, 0x0)

577.812532ms ago: executing program 2 (id=396):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x3, 0x3}, 0x4)
vmsplice(r0, &(0x7f0000000440)=[{&(0x7f0000000000)="fffda3bf1dbfddf70eacb2c0bc912602ad3134d7c52b72dd854a90795a91adc6b5a6d2c6ef36b969df8e97c589121b842a4925d8b1f7d35433ddfcb032de8b366d71c58b5d5d6582be28209985b6ff95afaf21d5a1008fcbb4", 0x59}, {&(0x7f0000000140)="0e9001fc65d0701abdfb439d08c82a380a1bc260f4e4f9a3b762357487a98bc1757d63bbb905fa13a1f67186f32617565e0af44094f0f2476a73ec4453f8e66040368cd8d031d333a33cf1ab19fb79de499aa96289b61a220fb28845874e2cb504ec92e77c0af7c4734ca31799f6b47159a6cb254718e3914c2569a54af592d5b91ac066e2f4d0c9da78de391cd49dfc8eba437101a9bc14778ea86df1a80aa76007bfef55d117725343b00d5736c70e65fdc99686038d62ef1f64dea10f4d4a4f6f14578cd05a7c", 0xc8}, {&(0x7f0000000240)="7022f860d8536c018eb3603067a69fcfc4333010d1ffb6b4a91126e347ce7fa87a424c9e28a2e519ddfc4d49043ce70d7f7ce5124c6ca4fda45b1dd5e2f71f64fefb4b65326b3fbfd8f43c8fb7d2b385bbe25b84a3ead26defb890a8dea2ce185542eb317362ebce614ab6cff17464e2764f3528d57f04d05eb62bffadf4cd32d9fdf0088cf324aa5ef99588126d29749b7167aaa168695b", 0x98}, {&(0x7f0000000080)="dd41ce70ab2ebdf2a57a12fc8529d04f0339a331dd290ac16c45cb167e7e48f754c4e5d1d51ecd8907bc", 0x2a}, {&(0x7f00000000c0)="4a0835152774d04decca6ca8419b5fa3a473ac5d57a7d6bf80e5b3fa31c1b784030c33ebe969a92c110ed26a", 0x2c}, {&(0x7f0000000300)="1b751f32a82d6230cc2214a85a78f3acaa98bc06b12125ff06180202a3b0444f06ea9be1574d8e24024a4d4477cddc1979451b5f29633ef97494002bbacdb1a53f18da9f0d67c319de1c2c2fa6cfde92a6aad690f59a0d69fce9488bc5c0c41806747fc6037fed8c1d65497a200db605569739dd6859d676234b333f9c6352ed213cd30f412c4edae7a09f6fceae8c7f", 0x90}, {&(0x7f00000003c0)="d700a0ae8498e61b00b9171cf5", 0xd}, {&(0x7f0000000400)="6aaf450eb1c67d649ba0b5bc2bca4f1545cd95a404e433d749b41bf875b73e2fca63a52f15b7d0502218ca4fbf57", 0x2e}], 0x8, 0x5)

527.130932ms ago: executing program 4 (id=397):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
r1 = syz_open_dev$loop(&(0x7f00000005c0), 0x10000, 0xc0000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r2, &(0x7f0000001000), 0xe09)
ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000280)=0x5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000400)=ANY=[@ANYRESOCT=r2, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0xe1, &(0x7f0000000000)={0x0, 0x1, 0x8})
mq_timedreceive(r3, &(0x7f0000000180)=""/196, 0xc4, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001000004d232000000ac1414aa0000000000000000"], 0x144}}, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x100000000000000, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c559265406c09306003d8002000", [0x0, 0x2]}})
sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x2, 0x4e22, @multicast2}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000080)="b8817c73a0e47c42edc65e80a60e0c3471c6e6f2b07123c93e77ef2e2454743d9a2bb387e106a14d1a6fdc26da9e218cf95b09db1d53ea1b8f919940f108c8f64334dc88abbafe86d7b32460e8e953ca5c20d1cd2109e7c62c67be4a9a845c3dedaffc73ba83e465abb2a7925a6ffb432766892a04b668ede318c370f8f6f0b23d9e2c2ddf11d883b3", 0x89}, {&(0x7f0000000140)="7076d896e7913719591b83f770b88b62f6d4331e91926d0741", 0x19}], 0x2, &(0x7f00000001c0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xfffffff7}}], 0x30}, 0x8010)
open(&(0x7f0000000000)='./file0\x00', 0x2a0800, 0xa0)

522.259072ms ago: executing program 1 (id=398):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r0, 0x0, 0x4004)

478.255592ms ago: executing program 1 (id=399):
getpeername$packet(0xffffffffffffffff, &(0x7f0000000580)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000005c0)=0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="188000000000000000000080000000180100002020702500000000002020207b1af8ff00000000bf958def0cf161a745d54eab6119724e395b39fbe53f010000f8ff00548a9b4e3dd7edfdd59c6b6c9d9ce4fe28b3c4860cfac4e4844783f8bac6f603d041c1cbe0de607858be4ddf87d407a8575509e575cf68b0f3710ec1f3c35339355986e7eaaf9b744726a23b06fba16fd01cd8342e974f2a776c03479d0e52e8b226fc10e0a2df8450d4653bb394b812f8cbd7245d3e3eb82448712507aa3ba77ac6ea3d4d7fa316d674cb20"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="06000000000000000075e1e5593464f362110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000030000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x18, 0x32, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280), 0x1}, 0x0, 0x2}, 0x0, 0xaffffffeffffffff, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000140)='./file0\x00', 0xec40, 0x12)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x65, 0xffff, 0x30ff, 0x8, '9P2000.u'}, 0x15)
pipe2$9p(&(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000300)=ANY=[], 0x15)
r7 = dup(r6)
write$P9_RLERRORu(r7, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r7, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
setxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)='system.posix_acl_access\x00', &(0x7f0000001140)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket(0x11, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000600)={'team0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r10, {}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x1, [], 0x0, [0x8, 0x0, 0x0, 0x1002], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0xc7c7}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION={0xc, 0x9, 0x9}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x10}, 0x0)
listxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r11 = fsmount(r1, 0x0, 0x0)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r11)
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r4, &(0x7f0000000540)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x20, r12, 0x8, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0xe}}}}, ["", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20008800}, 0x4004090)
symlinkat(&(0x7f0000000000)='.\x00', r11, &(0x7f0000000140)='./file0\x00')

466.922801ms ago: executing program 0 (id=400):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000700000e0000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002600000000c0a01080000000000000000010000000900020073797a32000000003400038030000080080003400000000224000b80200001800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a"], 0xe4}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x10, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f00000001c0)='cpu&00\t&&')

414.194601ms ago: executing program 2 (id=401):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
r1 = syz_open_dev$loop(&(0x7f00000005c0), 0x10000, 0xc0000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r2, &(0x7f0000001000), 0xe09)
ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000280)=0x5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000400)=ANY=[@ANYRESOCT=r2, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0xe1, &(0x7f0000000000)={0x0, 0x1, 0x8})
mq_timedreceive(r3, &(0x7f0000000180)=""/196, 0xc4, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001000004d232000000ac1414aa0000000000000000"], 0x144}}, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x100000000000000, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c559265406c09306003d8002000", [0x0, 0x2]}})
sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x2, 0x4e22, @multicast2}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000080)="b8817c73a0e47c42edc65e80a60e0c3471c6e6f2b07123c93e77ef2e2454743d9a2bb387e106a14d1a6fdc26da9e218cf95b09db1d53ea1b8f919940f108c8f64334dc88abbafe86d7b32460e8e953ca5c20d1cd2109e7c62c67be4a9a845c3dedaffc73ba83e465abb2a7925a6ffb432766892a04b668ede318c370f8f6f0b23d9e2c2ddf11d883b3", 0x89}, {&(0x7f0000000140)="7076d896e7913719591b83f770b88b62f6d4331e91926d0741", 0x19}], 0x2, &(0x7f00000001c0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xfffffff7}}], 0x30}, 0x8010)
open(&(0x7f0000000000)='./file0\x00', 0x2a0800, 0xa0)

390.129881ms ago: executing program 0 (id=402):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=@newtaction={0x104, 0x30, 0x1, 0x0, 0x2000, {}, [{0xf0, 0x1, [@m_mpls={0xec, 0x5, 0x0, 0x0, {{0x9}, {0x4c, 0x2, 0x0, 0x1, [@TCA_MPLS_LABEL={0x8, 0x5, 0x5a48c}, @TCA_MPLS_TTL={0x5}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0xa7, 0x9, 0x3, 0x6, 0x9}, 0x3}}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x7, 0x6, 0x6, 0x7cf8e081, 0x7fffffff}, 0x1}}]}, {0x76, 0x6, "3e71786ce2f4af33dd1fceb9f954c38d48044f163561db0c2fc4edc21e6a8abc0a040440a4c5bfd011a11fba88b02bc0550278f39f61f087289c0a447a8d5b0df39338ffd658176c834a4bb5bc7533cf4cd58771ef27522819fcb0c87ac2ff720d2c1ad92d1b1bc97d2d972faa3f909e75b5"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x6, 0x3}}}}]}]}, 0x104}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$netlink(r2, 0x10e, 0x4, 0x0, &(0x7f0000000040))

368.003691ms ago: executing program 3 (id=403):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000280)={[{@user_xattr}, {@nogrpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x58}}, {@noauto_da_alloc}, {@noauto_da_alloc}, {@grpquota}, {@usrjquota}, {@prjquota}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
chdir(&(0x7f0000000000)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r0}, 0x18)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETSW2(r1, 0x5453, 0x0)
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x5)

333.288321ms ago: executing program 4 (id=404):
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0x4000423)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00')
preadv(r1, &(0x7f0000001240)=[{&(0x7f0000000040)=""/18, 0x12}], 0x1, 0x8, 0x0)

331.821081ms ago: executing program 2 (id=405):
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES16, @ANYRESHEX, @ANYRESHEX], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g")
r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0)
pwritev2(r0, &(0x7f00000015c0)=[{&(0x7f00000002c0)='\f', 0x1}], 0x1, 0xfffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3)

239.760201ms ago: executing program 0 (id=406):
r0 = io_uring_setup(0x1fc4, &(0x7f0000000bc0)={0x0, 0x77a3, 0x12, 0x3, 0x104})
r1 = semget(0x3, 0x4, 0x10)
semop(r1, &(0x7f0000000000)=[{0x4, 0xcc, 0x800}, {0x3, 0x2c6b, 0x800}], 0x2)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
recvmsg$can_bcm(r2, &(0x7f0000000380)={&(0x7f0000000140)=@l2tp6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000040)}, {&(0x7f00000001c0)=""/189, 0xbd}, {&(0x7f00000000c0)=""/11, 0xb}], 0x3, &(0x7f00000002c0)=""/148, 0x94}, 0x2141)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r3, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
recvmmsg(r3, &(0x7f0000003e40)=[{{0x0, 0x0, &(0x7f0000003780)=[{&(0x7f0000000100)=""/17, 0x11}], 0x1}}], 0x1, 0x121, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

212.213581ms ago: executing program 1 (id=407):
socket$key(0xf, 0x3, 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r0, 0x0)
pipe2(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="20000000100000000000000a0000000c0002006e6c3830323131000000000000"], 0x20}}, 0x0)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000000)=0x8, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = msgget$private(0x0, 0x0)
msgctl$IPC_SET(r4, 0x1, &(0x7f0000258f88))
msgsnd(r4, &(0x7f0000000380)=ANY=[@ANYBLOB="03000000000000001f686d0decff6db2f8d1a4d7d797508ba08c71c76aaf3e3ae8c7a648d026cd427ae3da794ba555f3e97dfca596bf090801df8c907bcc"], 0x0, 0x0)
msgrcv(r4, 0x0, 0x0, 0x1, 0x1000)
msgctl$IPC_SET(r4, 0x1, &(0x7f0000258f88)={{0x1}, 0x0, 0x0, 0x800000000000000, 0x7, 0x2, 0x0, 0x3, 0xe8, 0x0, 0x0, 0x0, 0xffffffffffffffff})
ioperm(0x1215, 0xba, 0xa42)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="a26178c76a79641104000000000100000200ffff180008000000000000000140e000000208000a462f77a5060900020073797a31000000002257010007000000"], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
io_setup(0x25fc, &(0x7f0000000280)=<r6=>0x0)
io_destroy(r6)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x2)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000003c0)='sched_switch\x00', r7}, 0x10)
readv(r5, &(0x7f0000000000)=[{&(0x7f0000001300)=""/241, 0xf1}], 0x1)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

211.963351ms ago: executing program 4 (id=408):
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES16, @ANYRESHEX, @ANYRESHEX], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g")
r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0)
pwritev2(r0, &(0x7f00000015c0)=[{&(0x7f00000002c0)='\f', 0x1}], 0x1, 0xfffff, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3)

137.11704ms ago: executing program 0 (id=409):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000810"], 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xae}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="580000000206050000000000000000000000010005000400000000000900020073797a320000000014000780050014007c0000000800084000000020050005000a00000005000100060000000c000300686173683a6970"], 0x58}}, 0x0)
r1 = syz_open_pts(0xffffffffffffffff, 0x2400)
r2 = syz_open_pts(r1, 0x20000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r2}, 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000140)=ANY=[@ANYRESDEC=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000111e89c0100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8057, @void, @value}, 0x94)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x1c1842, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000000c0)='find_free_extent\x00', r3, 0x0, 0x334e}, 0x18)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000001c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup2(r1, 0xffffffffffffffff)
close(r6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r6, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"})

37.65522ms ago: executing program 3 (id=410):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
fremovexattr(r0, &(0x7f0000000580)=@known='trusted.overlay.redirect\x00')
mmap(&(0x7f0000941000/0x1000)=nil, 0x1000, 0x2000002, 0x10, r0, 0xd74d4000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
sched_getscheduler(0x0)
r2 = syz_io_uring_setup(0xec5, &(0x7f0000000240)={0x0, 0x0, 0x1300, 0x0, 0x4}, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x1, 0x0, 0x0, 0x2, &(0x7f00000001c0)={0x0, 0x3938700}, 0x1, 0x40})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r2, 0x2, 0x10a5, 0x3, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000c"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r5}, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, 'v\x00', "07f217bd74511f465bbbd5de01000000f91800", "0000f600", "8ce63ecbc640735f"}, 0x38)
sendto$inet6(r6, &(0x7f0000000100)='S', 0x1, 0x8000, 0x0, 0x0)
close(r6)

0s ago: executing program 2 (id=411):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000810"], 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xae}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="580000000206050000000000000000000000010005000400000000000900020073797a320000000014000780050014007c0000000800084000000020050005000a00000005000100060000000c000300686173683a6970"], 0x58}}, 0x0)
r1 = syz_open_pts(0xffffffffffffffff, 0x2400)
r2 = syz_open_pts(r1, 0x20000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r2}, 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000140)=ANY=[@ANYRESDEC=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000111e89c0100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8057, @void, @value}, 0x94)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x1c1842, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000000c0)='find_free_extent\x00', r3, 0x0, 0x334e}, 0x18)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000001c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup2(r1, 0xffffffffffffffff)
close(r6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r6, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"})

kernel console output (not intermixed with test programs):

ive=1
[   18.290203][   T29] audit: type=1400 audit(1738748149.833:80): avc:  denied  { siginh } for  pid=3177 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   20.867391][   T29] audit: type=1400 audit(1738748152.413:81): avc:  denied  { read } for  pid=2982 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.0.55' (ED25519) to the list of known hosts.
[   26.641618][   T29] audit: type=1400 audit(1738748158.193:82): avc:  denied  { mounton } for  pid=3287 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   26.642625][ T3287] cgroup: Unknown subsys name 'net'
[   26.664437][   T29] audit: type=1400 audit(1738748158.193:83): avc:  denied  { mount } for  pid=3287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.691838][   T29] audit: type=1400 audit(1738748158.223:84): avc:  denied  { unmount } for  pid=3287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   26.848809][ T3287] cgroup: Unknown subsys name 'cpuset'
[   26.855068][ T3287] cgroup: Unknown subsys name 'rlimit'
[   27.025648][   T29] audit: type=1400 audit(1738748158.573:85): avc:  denied  { setattr } for  pid=3287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   27.050064][   T29] audit: type=1400 audit(1738748158.573:86): avc:  denied  { create } for  pid=3287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.070639][   T29] audit: type=1400 audit(1738748158.573:87): avc:  denied  { write } for  pid=3287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.091026][   T29] audit: type=1400 audit(1738748158.573:88): avc:  denied  { read } for  pid=3287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.111456][   T29] audit: type=1400 audit(1738748158.583:89): avc:  denied  { mounton } for  pid=3287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   27.116990][ T3290] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   27.136255][   T29] audit: type=1400 audit(1738748158.583:90): avc:  denied  { mount } for  pid=3287 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   27.168160][   T29] audit: type=1400 audit(1738748158.703:91): avc:  denied  { relabelto } for  pid=3290 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   27.197478][ T3287] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   28.359781][ T3301] chnl_net:caif_netlink_parms(): no params data found
[   28.410582][ T3297] chnl_net:caif_netlink_parms(): no params data found
[   28.449596][ T3298] chnl_net:caif_netlink_parms(): no params data found
[   28.492502][ T3301] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.499603][ T3301] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.506750][ T3301] bridge_slave_0: entered allmulticast mode
[   28.513289][ T3301] bridge_slave_0: entered promiscuous mode
[   28.538024][ T3301] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.545143][ T3301] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.552475][ T3301] bridge_slave_1: entered allmulticast mode
[   28.559047][ T3301] bridge_slave_1: entered promiscuous mode
[   28.589115][ T3302] chnl_net:caif_netlink_parms(): no params data found
[   28.616092][ T3301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   28.628940][ T3301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   28.638162][ T3297] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.645267][ T3297] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.652530][ T3297] bridge_slave_0: entered allmulticast mode
[   28.658946][ T3297] bridge_slave_0: entered promiscuous mode
[   28.678729][ T3297] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.685802][ T3297] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.693223][ T3297] bridge_slave_1: entered allmulticast mode
[   28.699791][ T3297] bridge_slave_1: entered promiscuous mode
[   28.730038][ T3304] chnl_net:caif_netlink_parms(): no params data found
[   28.741769][ T3298] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.748910][ T3298] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.756080][ T3298] bridge_slave_0: entered allmulticast mode
[   28.762754][ T3298] bridge_slave_0: entered promiscuous mode
[   28.772241][ T3301] team0: Port device team_slave_0 added
[   28.779445][ T3297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   28.789911][ T3297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   28.806454][ T3298] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.813570][ T3298] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.820793][ T3298] bridge_slave_1: entered allmulticast mode
[   28.827233][ T3298] bridge_slave_1: entered promiscuous mode
[   28.838641][ T3301] team0: Port device team_slave_1 added
[   28.867421][ T3302] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.874636][ T3302] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.881829][ T3302] bridge_slave_0: entered allmulticast mode
[   28.888274][ T3302] bridge_slave_0: entered promiscuous mode
[   28.897507][ T3297] team0: Port device team_slave_0 added
[   28.912375][ T3302] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.919545][ T3302] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.926698][ T3302] bridge_slave_1: entered allmulticast mode
[   28.933272][ T3302] bridge_slave_1: entered promiscuous mode
[   28.941852][ T3297] team0: Port device team_slave_1 added
[   28.950777][ T3298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   28.960178][ T3301] batman_adv: batadv0: Adding interface: batadv_slave_0
[   28.967109][ T3301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   28.993039][ T3301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.023583][ T3298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   29.033048][ T3301] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.040070][ T3301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.066024][ T3301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.080864][ T3302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   29.110767][ T3298] team0: Port device team_slave_0 added
[   29.117618][ T3298] team0: Port device team_slave_1 added
[   29.124477][ T3302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   29.139259][ T3297] batman_adv: batadv0: Adding interface: batadv_slave_0
[   29.146216][ T3297] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.172225][ T3297] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.183029][ T3304] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.190129][ T3304] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.197312][ T3304] bridge_slave_0: entered allmulticast mode
[   29.203606][ T3304] bridge_slave_0: entered promiscuous mode
[   29.224567][ T3297] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.231604][ T3297] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.257638][ T3297] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.268595][ T3304] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.275649][ T3304] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.282996][ T3304] bridge_slave_1: entered allmulticast mode
[   29.289443][ T3304] bridge_slave_1: entered promiscuous mode
[   29.304696][ T3298] batman_adv: batadv0: Adding interface: batadv_slave_0
[   29.311830][ T3298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.337898][ T3298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.349518][ T3298] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.356483][ T3298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.382518][ T3298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.402267][ T3301] hsr_slave_0: entered promiscuous mode
[   29.408404][ T3301] hsr_slave_1: entered promiscuous mode
[   29.415092][ T3302] team0: Port device team_slave_0 added
[   29.423493][ T3302] team0: Port device team_slave_1 added
[   29.435732][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   29.462564][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   29.502061][ T3298] hsr_slave_0: entered promiscuous mode
[   29.508261][ T3298] hsr_slave_1: entered promiscuous mode
[   29.514126][ T3298] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   29.521877][ T3298] Cannot create hsr debugfs directory
[   29.527572][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_0
[   29.534563][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.560588][ T3302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.578448][ T3297] hsr_slave_0: entered promiscuous mode
[   29.584681][ T3297] hsr_slave_1: entered promiscuous mode
[   29.590491][ T3297] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   29.598211][ T3297] Cannot create hsr debugfs directory
[   29.609037][ T3304] team0: Port device team_slave_0 added
[   29.615672][ T3304] team0: Port device team_slave_1 added
[   29.621692][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.628746][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.654775][ T3302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.692767][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_0
[   29.699860][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.725855][ T3304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.745034][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.752139][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.778103][ T3304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.836186][ T3302] hsr_slave_0: entered promiscuous mode
[   29.842331][ T3302] hsr_slave_1: entered promiscuous mode
[   29.848201][ T3302] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   29.855762][ T3302] Cannot create hsr debugfs directory
[   29.900642][ T3304] hsr_slave_0: entered promiscuous mode
[   29.906543][ T3304] hsr_slave_1: entered promiscuous mode
[   29.912466][ T3304] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   29.920078][ T3304] Cannot create hsr debugfs directory
[   29.987709][ T3301] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   30.013504][ T3301] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   30.030899][ T3301] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   30.041950][ T3301] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   30.064952][ T3298] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   30.073728][ T3298] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   30.099542][ T3298] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   30.114996][ T3298] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   30.130811][ T3297] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   30.149420][ T3297] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   30.158722][ T3297] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   30.177902][ T3297] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   30.216287][ T3304] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   30.226168][ T3302] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   30.235160][ T3302] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   30.243648][ T3304] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   30.256301][ T3302] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   30.265621][ T3302] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   30.274098][ T3304] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   30.287629][ T3304] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   30.315251][ T3301] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.342716][ T3298] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.366347][ T3301] 8021q: adding VLAN 0 to HW filter on device team0
[   30.382964][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.390351][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.400744][ T3298] 8021q: adding VLAN 0 to HW filter on device team0
[   30.425756][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.432822][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.444838][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.451954][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.479086][ T3297] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.490668][ T3302] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.499575][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.506639][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.524748][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.539825][ T3302] 8021q: adding VLAN 0 to HW filter on device team0
[   30.554204][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.561302][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.571884][ T3297] 8021q: adding VLAN 0 to HW filter on device team0
[   30.584057][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.591232][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.600141][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.607217][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.630209][ T3304] 8021q: adding VLAN 0 to HW filter on device team0
[   30.642367][ T3298] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   30.652916][ T3298] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   30.664967][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.672082][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.695530][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.702647][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.711694][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.718848][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.755329][ T3302] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   30.765757][ T3302] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   30.799872][ T3301] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.823161][ T3298] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.839694][ T3297] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.853329][ T3304] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   30.895481][ T3302] 8021q: adding VLAN 0 to HW filter on device batadv0
[   30.981200][ T3297] veth0_vlan: entered promiscuous mode
[   31.000114][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0
[   31.021943][ T3297] veth1_vlan: entered promiscuous mode
[   31.062784][ T3298] veth0_vlan: entered promiscuous mode
[   31.075025][ T3297] veth0_macvtap: entered promiscuous mode
[   31.089191][ T3301] veth0_vlan: entered promiscuous mode
[   31.095159][ T3298] veth1_vlan: entered promiscuous mode
[   31.102909][ T3297] veth1_macvtap: entered promiscuous mode
[   31.117541][ T3301] veth1_vlan: entered promiscuous mode
[   31.137096][ T3302] veth0_vlan: entered promiscuous mode
[   31.150534][ T3297] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.159117][ T3302] veth1_vlan: entered promiscuous mode
[   31.167804][ T3297] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.177603][ T3297] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.186590][ T3297] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.195487][ T3297] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.204249][ T3297] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.223735][ T3298] veth0_macvtap: entered promiscuous mode
[   31.231080][ T3298] veth1_macvtap: entered promiscuous mode
[   31.237861][ T3304] veth0_vlan: entered promiscuous mode
[   31.259929][ T3302] veth0_macvtap: entered promiscuous mode
[   31.266569][ T3301] veth0_macvtap: entered promiscuous mode
[   31.275418][ T3302] veth1_macvtap: entered promiscuous mode
[   31.284329][ T3301] veth1_macvtap: entered promiscuous mode
[   31.293228][ T3304] veth1_vlan: entered promiscuous mode
[   31.308522][ T3298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.319136][ T3298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.331807][ T3297] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   31.332900][ T3298] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.360217][ T3301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.370758][ T3301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.380635][ T3301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.391199][ T3301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.403804][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.413557][ T3302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.424111][ T3302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.434027][ T3302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.444547][ T3302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.454479][ T3302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.464975][ T3302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.476827][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.479240][ T3439] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=3439 comm=syz.0.6
[   31.490626][ T3304] veth0_macvtap: entered promiscuous mode
[   31.505954][ T3298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.516576][ T3298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.527299][ T3298] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.544640][ T3302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.549737][ T3439] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6'.
[   31.555125][ T3302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.567270][ T3439] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6'.
[   31.574103][ T3302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.574125][ T3302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.604492][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.614919][ T3298] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.623712][ T3298] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.632624][ T3298] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.641449][ T3298] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.652044][ T3304] veth1_macvtap: entered promiscuous mode
[   31.660414][ T3301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.671068][ T3301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.680963][ T3301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.691597][ T3301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.701728][ T3301] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.712475][ T3301] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.723310][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.730894][ T3302] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.739678][ T3302] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.748434][ T3302] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.757135][ T3302] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.775502][ T3301] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   31.784490][ T3301] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   31.793379][ T3301] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   31.802234][ T3301] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   31.850803][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.861352][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.871303][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.881843][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.891862][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.902422][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.912464][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   31.923366][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   31.935176][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.950563][   T29] kauditd_printk_skb: 74 callbacks suppressed
[   31.950576][   T29] audit: type=1400 audit(1738748163.503:166): avc:  denied  { write } for  pid=3440 comm="syz.0.7" name="mcfilter" dev="proc" ino=4026532610 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   31.988580][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   31.999160][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.009013][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.019481][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.027953][   T29] audit: type=1400 audit(1738748163.573:167): avc:  denied  { mounton } for  pid=3447 comm="syz.3.8" path="/proc/4/task" dev="proc" ino=3654 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   32.029379][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.062793][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.072677][ T3304] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   32.083524][ T3304] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   32.097232][   T29] audit: type=1400 audit(1738748163.653:168): avc:  denied  { create } for  pid=3450 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   32.098267][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.132093][ T3304] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.140934][ T3304] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.149826][ T3304] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.158807][ T3304] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.171546][   T29] audit: type=1326 audit(1738748163.723:169): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3447 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad7b9cde9 code=0x7ffc0000
[   32.195262][   T29] audit: type=1326 audit(1738748163.723:170): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3447 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad7b9cde9 code=0x7ffc0000
[   32.218751][   T29] audit: type=1326 audit(1738748163.723:171): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3447 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=460 compat=0 ip=0x7f8ad7b9cde9 code=0x7ffc0000
[   32.242313][   T29] audit: type=1326 audit(1738748163.723:172): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3447 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad7b9cde9 code=0x7ffc0000
[   32.265779][   T29] audit: type=1326 audit(1738748163.723:173): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3447 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f8ad7b9cde9 code=0x7ffc0000
[   32.266199][ T3454] loop4: detected capacity change from 0 to 1024
[   32.289643][   T29] audit: type=1326 audit(1738748163.723:174): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3447 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad7b9cde9 code=0x7ffc0000
[   32.319455][   T29] audit: type=1326 audit(1738748163.743:175): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3447 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad7b9cde9 code=0x7ffc0000
[   32.357735][ T3454] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.376288][ T3453] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2863: Unable to expand inode 12. Delete some EAs or run e2fsck.
[   32.436831][ T3461] loop2: detected capacity change from 0 to 1024
[   32.453714][ T3461] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   32.464702][ T3461] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[   32.482797][ T3465] loop1: detected capacity change from 0 to 512
[   32.496056][ T3461] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   32.510174][ T3461] EXT4-fs (loop2): invalid journal inode
[   32.515951][ T3461] EXT4-fs (loop2): can't get journal size
[   32.533398][ T3465] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   32.548968][ T3465] EXT4-fs (loop1): orphan cleanup on readonly fs
[   32.559278][ T3465] EXT4-fs warning (device loop1): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   32.584600][ T3465] EXT4-fs (loop1): Cannot turn on quotas: error -117
[   32.585674][ T3461] EXT4-fs error (device loop2): ext4_protect_reserved_inode:182: inode #3: comm syz.2.3: blocks 2-2 from inode overlap system zone
[   32.601391][ T3465] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2: bg 0: block 40: padding at end of block bitmap is not set
[   32.619608][ T3461] EXT4-fs (loop2): failed to initialize system zone (-117)
[   32.622715][ T3465] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   32.636579][ T3461] EXT4-fs (loop2): mount failed
[   32.642509][ T3465] EXT4-fs (loop1): 1 truncate cleaned up
[   32.661906][ T3465] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   32.824092][ T3465] EXT4-fs error (device loop1): ext4_xattr_block_get:596: inode #16: comm syz.1.2: corrupted xattr block 31: invalid header
[   32.852555][ T3465] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[   32.927777][ T3478] loop0: detected capacity change from 0 to 736
[   32.934509][ T3478] =======================================================
[   32.934509][ T3478] WARNING: The mand mount option has been deprecated and
[   32.934509][ T3478]          and is ignored by this kernel. Remove the mand
[   32.934509][ T3478]          option from the mount to silence this warning.
[   32.934509][ T3478] =======================================================
[   32.990445][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.200417][ T3486] loop0: detected capacity change from 0 to 736
[   33.335136][ T3488] loop0: detected capacity change from 0 to 8192
[   33.599991][ T3501] netlink: 'syz.0.16': attribute type 10 has an invalid length.
[   33.613246][ T3501] team0: Port device dummy0 added
[   33.678730][ T3502] loop6: detected capacity change from 0 to 7
[   33.685530][ T3502] Buffer I/O error on dev loop6, logical block 0, async page read
[   33.695851][ T3502] Buffer I/O error on dev loop6, logical block 0, async page read
[   33.703791][ T3502]  loop6: unable to read partition table
[   33.718134][ T3502] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   33.718134][ T3502] 
) failed (rc=-5)
[   33.745412][ T3501] syz.0.16 (3501) used greatest stack depth: 10848 bytes left
[   33.787592][ T3506] random: crng reseeded on system resumption
[   33.932476][ T3508] loop2: detected capacity change from 0 to 8192
[   33.933314][ T3510] loop0: detected capacity change from 0 to 512
[   33.992122][ T3508] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   34.020004][ T3510] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.20: bg 0: block 393: padding at end of block bitmap is not set
[   34.024144][ T3508] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   34.046024][ T3512] loop1: detected capacity change from 0 to 8192
[   34.053066][ T3510] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   34.062480][ T3510] EXT4-fs (loop0): 2 truncates cleaned up
[   34.068643][ T3510] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.147005][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.180654][ T3518] netlink: 'syz.2.24': attribute type 10 has an invalid length.
[   34.215272][ T3518] team0: Port device dummy0 added
[   34.243848][ T3520] netlink: 16 bytes leftover after parsing attributes in process `syz.0.23'.
[   34.291531][ T3518] loop6: detected capacity change from 0 to 7
[   34.315633][ T3518] Buffer I/O error on dev loop6, logical block 0, async page read
[   34.339217][ T3523] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[   34.348028][ T3523] ref_ctr increment failed for inode: 0x4a offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888104264780
[   34.352119][ T3518] Buffer I/O error on dev loop6, logical block 0, async page read
[   34.366800][ T3518]  loop6: unable to read partition table
[   34.373699][ T3518] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   34.373699][ T3518] 
) failed (rc=-5)
[   34.434816][ T3529] FAULT_INJECTION: forcing a failure.
[   34.434816][ T3529] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   34.447967][ T3529] CPU: 0 UID: 0 PID: 3529 Comm: syz.2.26 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   34.447990][ T3529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   34.448011][ T3529] Call Trace:
[   34.448019][ T3529]  <TASK>
[   34.448034][ T3529]  dump_stack_lvl+0xf2/0x150
[   34.448060][ T3529]  dump_stack+0x15/0x1a
[   34.448091][ T3529]  should_fail_ex+0x24a/0x260
[   34.448146][ T3529]  should_fail+0xb/0x10
[   34.448245][ T3529]  should_fail_usercopy+0x1a/0x20
[   34.448268][ T3529]  _copy_from_user+0x1c/0xa0
[   34.448361][ T3529]  vmemdup_user+0x12e/0x1b0
[   34.448386][ T3529]  path_setxattrat+0x1c9/0x310
[   34.448426][ T3529]  __x64_sys_fsetxattr+0x6d/0x80
[   34.448457][ T3529]  x64_sys_call+0x29d2/0x2dc0
[   34.448530][ T3529]  do_syscall_64+0xc9/0x1c0
[   34.448553][ T3529]  ? clear_bhb_loop+0x55/0xb0
[   34.448580][ T3529]  ? clear_bhb_loop+0x55/0xb0
[   34.448609][ T3529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   34.448641][ T3529] RIP: 0033:0x7fd7c308cde9
[   34.448671][ T3529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   34.448688][ T3529] RSP: 002b:00007fd7c16f1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[   34.448705][ T3529] RAX: ffffffffffffffda RBX: 00007fd7c32a5fa0 RCX: 00007fd7c308cde9
[   34.448837][ T3529] RDX: 0000200000000200 RSI: 0000200000000000 RDI: 0000000000000006
[   34.448851][ T3529] RBP: 00007fd7c16f1090 R08: 0000000000000000 R09: 0000000000000000
[   34.448865][ T3529] R10: 000000000000fe44 R11: 0000000000000246 R12: 0000000000000001
[   34.448879][ T3529] R13: 0000000000000000 R14: 00007fd7c32a5fa0 R15: 00007fff5b81bcf8
[   34.448895][ T3529]  </TASK>
[   34.685109][ T3533] loop2: detected capacity change from 0 to 8192
[   34.726939][ T3531] loop1: detected capacity change from 0 to 8192
[   34.748464][ T3535] loop0: detected capacity change from 0 to 512
[   34.786761][ T3535] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.835497][ T3535] ext4 filesystem being mounted at /11/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   34.867687][ T3541] loop3: detected capacity change from 0 to 512
[   34.886772][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.917729][ T3541] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.30: bg 0: block 393: padding at end of block bitmap is not set
[   34.940774][ T3541] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   34.968765][ T3541] EXT4-fs (loop3): 2 truncates cleaned up
[   34.975161][ T3541] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.004849][ T3546] random: crng reseeded on system resumption
[   35.086001][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.097950][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.176725][ T3560] xt_TCPMSS: Only works on TCP SYN packets
[   35.187660][ T3554] tmpfs: Cannot disable swap on remount
[   35.207047][ T3562] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   35.217200][ T3564] netlink: 'syz.2.39': attribute type 10 has an invalid length.
[   35.223428][ T3562] netlink: 16 bytes leftover after parsing attributes in process `syz.0.38'.
[   35.243616][ T3564] loop6: detected capacity change from 0 to 7
[   35.255510][ T3564] Buffer I/O error on dev loop6, logical block 0, async page read
[   35.278347][ T3564] Buffer I/O error on dev loop6, logical block 0, async page read
[   35.286293][ T3564]  loop6: unable to read partition table
[   35.317348][ T3564] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   35.317348][ T3564] 
) failed (rc=-5)
[   35.330741][ T3573] netlink: 'syz.3.42': attribute type 10 has an invalid length.
[   35.345991][ T3573] team0: Port device dummy0 added
[   35.380459][ T3576] netlink: 16 bytes leftover after parsing attributes in process `syz.0.43'.
[   35.396002][ T3576] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   35.404943][ T3576] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   35.413953][ T3576] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   35.423061][ T3576] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   35.426653][ T3573] loop6: detected capacity change from 0 to 7
[   35.438631][ T3573] Buffer I/O error on dev loop6, logical block 0, async page read
[   35.446544][ T3573] Buffer I/O error on dev loop6, logical block 0, async page read
[   35.449515][ T3576] geneve2: entered promiscuous mode
[   35.454405][ T3573]  loop6: unable to read partition table
[   35.459570][ T3576] geneve2: entered allmulticast mode
[   35.485928][ T3573] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   35.485928][ T3573] 
) failed (rc=-5)
[   35.501210][ T3581] serio: Serial port ptm0
[   35.540792][ T3576] syz.0.43 uses obsolete (PF_INET,SOCK_PACKET)
[   35.570095][ T3584] loop3: detected capacity change from 0 to 512
[   35.584655][ T3584] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.45: bg 0: block 393: padding at end of block bitmap is not set
[   35.605360][ T3584] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   35.614609][ T3584] EXT4-fs (loop3): 2 truncates cleaned up
[   35.620881][ T3584] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.689923][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.757067][ T3593] FAULT_INJECTION: forcing a failure.
[   35.757067][ T3593] name failslab, interval 1, probability 0, space 0, times 1
[   35.769789][ T3593] CPU: 1 UID: 0 PID: 3593 Comm: syz.3.48 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   35.769816][ T3593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   35.769830][ T3593] Call Trace:
[   35.769837][ T3593]  <TASK>
[   35.769866][ T3593]  dump_stack_lvl+0xf2/0x150
[   35.769897][ T3593]  dump_stack+0x15/0x1a
[   35.769922][ T3593]  should_fail_ex+0x24a/0x260
[   35.769956][ T3593]  should_failslab+0x8f/0xb0
[   35.770000][ T3593]  kmem_cache_alloc_noprof+0x52/0x320
[   35.770099][ T3593]  ? __break_lease+0x7a/0xf60
[   35.770121][ T3593]  __break_lease+0x7a/0xf60
[   35.770145][ T3593]  ? selinux_inode_removexattr+0x227/0x270
[   35.770182][ T3593]  __vfs_removexattr_locked+0x124/0x2f0
[   35.770292][ T3593]  vfs_removexattr+0x77/0x180
[   35.770319][ T3593]  path_removexattrat+0x41a/0x4b0
[   35.770402][ T3593]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   35.770513][ T3593]  __x64_sys_fremovexattr+0x35/0x40
[   35.770543][ T3593]  x64_sys_call+0x1c51/0x2dc0
[   35.770633][ T3593]  do_syscall_64+0xc9/0x1c0
[   35.770702][ T3593]  ? clear_bhb_loop+0x55/0xb0
[   35.770738][ T3593]  ? clear_bhb_loop+0x55/0xb0
[   35.770777][ T3593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   35.770809][ T3593] RIP: 0033:0x7f8ad7b9cde9
[   35.770827][ T3593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   35.770847][ T3593] RSP: 002b:00007f8ad6207038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c7
[   35.770904][ T3593] RAX: ffffffffffffffda RBX: 00007f8ad7db5fa0 RCX: 00007f8ad7b9cde9
[   35.770918][ T3593] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000005
[   35.770931][ T3593] RBP: 00007f8ad6207090 R08: 0000000000000000 R09: 0000000000000000
[   35.770945][ T3593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   35.770956][ T3593] R13: 0000000000000000 R14: 00007f8ad7db5fa0 R15: 00007ffd0425a348
[   35.770972][ T3593]  </TASK>
[   35.787560][ T3596] veth1_to_team: entered promiscuous mode
[   35.962085][ T3602] serio: Serial port ptm0
[   35.980056][ T3596] veth1_to_team: left promiscuous mode
[   35.987680][ T3601] SELinux: syz.3.50 (3601) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   36.079284][ T3608] netlink: 8 bytes leftover after parsing attributes in process `syz.0.51'.
[   36.088121][ T3608] netlink: 24 bytes leftover after parsing attributes in process `syz.0.51'.
[   36.160581][ T3610] loop1: detected capacity change from 0 to 8192
[   36.175131][ T3610] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   36.225785][ T3621] netlink: 12 bytes leftover after parsing attributes in process `syz.2.55'.
[   36.310391][ T3626] loop2: detected capacity change from 0 to 512
[   36.332046][ T3626] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.58: bg 0: block 393: padding at end of block bitmap is not set
[   36.336386][ T3629] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   36.348309][ T3626] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   36.354511][ T3629] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   36.364962][ T3626] EXT4-fs (loop2): 2 truncates cleaned up
[   36.382900][ T3626] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.427093][ T3629] loop1: detected capacity change from 0 to 736
[   36.460059][ T3301] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.518690][ T3634] syz.4.61 (3634) used greatest stack depth: 10720 bytes left
[   36.550390][ T3638] netlink: 44 bytes leftover after parsing attributes in process `syz.4.63'.
[   36.624179][ T3650] loop1: detected capacity change from 0 to 8192
[   36.775957][ T3669] loop4: detected capacity change from 0 to 512
[   36.789205][ T3669] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   36.806032][ T3669] EXT4-fs (loop4): orphan cleanup on readonly fs
[   36.814041][ T3669] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.65: bg 0: block 248: padding at end of block bitmap is not set
[   36.829483][ T3669] EXT4-fs error (device loop4): ext4_acquire_dquot:6927: comm syz.4.65: Failed to acquire dquot type 1
[   36.842705][ T3669] EXT4-fs (loop4): 1 truncate cleaned up
[   36.852430][ T3669] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   36.868603][ T3669] netlink: 'syz.4.65': attribute type 1 has an invalid length.
[   36.876177][ T3669] netlink: 16 bytes leftover after parsing attributes in process `syz.4.65'.
[   37.314192][   T29] kauditd_printk_skb: 224 callbacks suppressed
[   37.314210][   T29] audit: type=1326 audit(1738748168.863:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3631 comm="syz.2.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7c308cde9 code=0x7fc00000
[   37.474026][ T3680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.69'.
[   37.535972][ T3669] syz.4.65 (3669) used greatest stack depth: 9552 bytes left
[   38.024334][ T3695] netlink: 28 bytes leftover after parsing attributes in process `syz.1.74'.
[   38.101181][   T29] audit: type=1400 audit(1738748169.643:398): avc:  denied  { setopt } for  pid=3696 comm="syz.3.75" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   38.300206][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.317415][ T3701] loop3: detected capacity change from 0 to 8192
[   38.409759][   T29] audit: type=1400 audit(1738748169.963:399): avc:  denied  { read write } for  pid=3703 comm="syz.4.78" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   38.448196][ T3706] sg_write: data in/out 134217695/120 bytes for SCSI command 0x0-- guessing data in;
[   38.448196][ T3706]    program syz.4.78 not setting count and/or reply_len properly
[   38.473753][   T29] audit: type=1400 audit(1738748169.993:400): avc:  denied  { open } for  pid=3703 comm="syz.4.78" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   38.500867][ T3710] serio: Serial port ptm1
[   38.518125][   T29] audit: type=1326 audit(1738748170.043:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3704 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e701cde9 code=0x7ffc0000
[   38.541588][   T29] audit: type=1326 audit(1738748170.043:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3704 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e701cde9 code=0x7ffc0000
[   38.564945][   T29] audit: type=1326 audit(1738748170.043:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3704 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f92e701cde9 code=0x7ffc0000
[   38.588108][   T29] audit: type=1326 audit(1738748170.043:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3704 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e701cde9 code=0x7ffc0000
[   38.611255][   T29] audit: type=1326 audit(1738748170.043:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3704 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e701cde9 code=0x7ffc0000
[   38.634425][   T29] audit: type=1326 audit(1738748170.043:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3704 comm="syz.0.79" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f92e701cde9 code=0x7ffc0000
[   38.658235][ T3714] loop0: detected capacity change from 0 to 256
[   38.686148][ T3714] Zero length message leads to an empty skb
[   38.783526][ T3726] loop3: detected capacity change from 0 to 1024
[   38.812467][ T3724] loop4: detected capacity change from 0 to 8192
[   38.818989][ T3726] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   38.829981][ T3726] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   38.846005][ T3726] JBD2: no valid journal superblock found
[   38.851840][ T3726] EXT4-fs (loop3): Could not load journal inode
[   38.855706][ T3724] Process accounting resumed
[   38.940919][ T3729] IPv6: Can't replace route, no match found
[   39.060812][ T3740] loop1: detected capacity change from 0 to 512
[   39.078875][ T3738] loop4: detected capacity change from 0 to 512
[   39.090159][ T3740] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.128442][ T3738] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.88: bg 0: block 393: padding at end of block bitmap is not set
[   39.131017][ T3740] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.159505][ T3749] netlink: 'syz.0.90': attribute type 10 has an invalid length.
[   39.168217][ T3738] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   39.178414][ T3749] netlink: 84 bytes leftover after parsing attributes in process `syz.0.90'.
[   39.189090][ T3749] loop6: detected capacity change from 0 to 7
[   39.189656][ T3738] EXT4-fs (loop4): 2 truncates cleaned up
[   39.195291][ T3749] Buffer I/O error on dev loop6, logical block 0, async page read
[   39.201292][ T3738] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.232543][ T3749] Buffer I/O error on dev loop6, logical block 0, async page read
[   39.240458][ T3749]  loop6: unable to read partition table
[   39.247660][ T3749] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   39.247660][ T3749] 
) failed (rc=-5)
[   39.270935][ T3740] EXT4-fs error (device loop1): ext4_add_entry:2444: inode #12: comm syz.1.87: Directory hole found for htree leaf block 0
[   39.287748][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.342435][ T3752] random: crng reseeded on system resumption
[   39.390488][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.433769][ T3756] loop0: detected capacity change from 0 to 256
[   39.544490][ T3758] loop1: detected capacity change from 0 to 8192
[   39.683647][ T3766] loop0: detected capacity change from 0 to 8192
[   39.748554][ T3766]  loop0: p2 p3 p4
[   39.752364][ T3766] loop0: p2 start 452985600 is beyond EOD, truncated
[   39.759085][ T3766] loop0: p3 size 33554432 extends beyond EOD, truncated
[   39.790702][ T3766] loop0: p4 start 8388607 is beyond EOD, truncated
[   39.867088][ T3778] loop4: detected capacity change from 0 to 512
[   39.877054][ T3766] serio: Serial port ptm0
[   39.897468][ T3778] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.102: bg 0: block 393: padding at end of block bitmap is not set
[   39.912281][ T3778] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   39.924873][ T3782] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   39.934594][ T3785] netlink: 12 bytes leftover after parsing attributes in process `syz.3.103'.
[   39.991471][ T3778] EXT4-fs (loop4): 2 truncates cleaned up
[   40.026090][ T3778] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.071449][ T3788] loop1: detected capacity change from 0 to 736
[   40.132111][ T3792] netlink: 'syz.3.106': attribute type 4 has an invalid length.
[   40.154960][ T3792] netlink: 'syz.3.106': attribute type 4 has an invalid length.
[   40.171245][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.233755][ T3794] loop3: detected capacity change from 0 to 512
[   40.254035][ T3796] random: crng reseeded on system resumption
[   40.258567][ T3794] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.108: corrupted in-inode xattr: invalid ea_ino
[   40.326464][ T3794] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.108: couldn't read orphan inode 15 (err -117)
[   40.453528][ T3794] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.493080][ T3799] loop4: detected capacity change from 0 to 1024
[   40.619815][ T3804] loop4: detected capacity change from 0 to 164
[   40.641372][ T3804] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   40.671219][ T3804] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[   40.753388][ T3811] loop4: detected capacity change from 0 to 512
[   40.761029][ T3811] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   40.774179][ T3811] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   40.790896][ T3814] netlink: 12 bytes leftover after parsing attributes in process `syz.2.115'.
[   40.808551][ T3816] loop1: detected capacity change from 0 to 512
[   40.815272][ T3816] EXT4-fs: Ignoring removed mblk_io_submit option
[   40.822045][ T3811] EXT4-fs (loop4): 1 truncate cleaned up
[   40.829100][ T3811] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.842028][ T3816] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.116: corrupted in-inode xattr: invalid ea_ino
[   40.856188][ T3816] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.116: couldn't read orphan inode 15 (err -117)
[   40.875205][ T3816] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.887858][ T3820] loop2: detected capacity change from 0 to 512
[   40.907180][ T3820] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.117: bg 0: block 393: padding at end of block bitmap is not set
[   40.929305][ T3820] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   40.940173][ T3820] EXT4-fs (loop2): 2 truncates cleaned up
[   40.946392][ T3820] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.961890][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.010512][ T3372] IPVS: starting estimator thread 0...
[   41.019268][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.047534][ T3301] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.077223][ T3829] netlink: 4 bytes leftover after parsing attributes in process `syz.4.119'.
[   41.086645][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.098091][ T3827] IPVS: using max 2400 ests per chain, 120000 per kthread
[   41.115478][ T3829] team0 (unregistering): Port device team_slave_0 removed
[   41.131963][ T3834] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in;
[   41.131963][ T3834]    program syz.3.121 not setting count and/or reply_len properly
[   41.160726][ T3829] team0 (unregistering): Port device team_slave_1 removed
[   41.247827][ T3837] netlink: 32 bytes leftover after parsing attributes in process `syz.1.122'.
[   41.265664][ T3847] FAULT_INJECTION: forcing a failure.
[   41.265664][ T3847] name failslab, interval 1, probability 0, space 0, times 0
[   41.278352][ T3847] CPU: 1 UID: 0 PID: 3847 Comm: syz.2.127 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   41.278380][ T3847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   41.278391][ T3847] Call Trace:
[   41.278397][ T3847]  <TASK>
[   41.278404][ T3847]  dump_stack_lvl+0xf2/0x150
[   41.278495][ T3847]  dump_stack+0x15/0x1a
[   41.278520][ T3847]  should_fail_ex+0x24a/0x260
[   41.278622][ T3847]  should_failslab+0x8f/0xb0
[   41.278653][ T3847]  kmem_cache_alloc_noprof+0x52/0x320
[   41.278691][ T3847]  ? __kernfs_new_node+0x6a/0x380
[   41.278717][ T3847]  __kernfs_new_node+0x6a/0x380
[   41.278801][ T3847]  ? radix_tree_iter_tag_clear+0x109/0x180
[   41.278880][ T3847]  ? mutex_lock+0xd/0x40
[   41.278910][ T3847]  ? kernfs_xattr_get+0x67/0x80
[   41.278957][ T3847]  kernfs_new_node+0xc8/0x140
[   41.278986][ T3847]  __kernfs_create_file+0x49/0x180
[   41.279018][ T3847]  ? __pfx_dev_attr_store+0x10/0x10
[   41.279044][ T3847]  sysfs_add_file_mode_ns+0x136/0x1c0
[   41.279115][ T3847]  internal_create_group+0x462/0xa20
[   41.279147][ T3847]  sysfs_create_groups+0x3c/0xe0
[   41.279204][ T3847]  device_add_attrs+0x69/0x400
[   41.279223][ T3847]  ? kobject_put+0x10a/0x180
[   41.279253][ T3847]  device_add+0x38d/0x790
[   41.279271][ T3847]  netdev_register_kobject+0xe6/0x210
[   41.279371][ T3847]  register_netdevice+0x913/0xe40
[   41.279401][ T3847]  vti6_tnl_create2+0x87/0x1e0
[   41.279466][ T3847]  vti6_locate+0x359/0x3c0
[   41.279497][ T3847]  vti6_siocdevprivate+0x57b/0x910
[   41.279536][ T3847]  ? __pfx_vti6_siocdevprivate+0x10/0x10
[   41.279588][ T3847]  dev_ifsioc+0x84e/0xa10
[   41.279613][ T3847]  dev_ioctl+0x8e9/0xab0
[   41.279638][ T3847]  sock_ioctl+0x57d/0x600
[   41.279670][ T3847]  ? __pfx_sock_ioctl+0x10/0x10
[   41.279710][ T3847]  __se_sys_ioctl+0xc9/0x140
[   41.279731][ T3847]  __x64_sys_ioctl+0x43/0x50
[   41.279750][ T3847]  x64_sys_call+0x1690/0x2dc0
[   41.279782][ T3847]  do_syscall_64+0xc9/0x1c0
[   41.279810][ T3847]  ? clear_bhb_loop+0x55/0xb0
[   41.279859][ T3847]  ? clear_bhb_loop+0x55/0xb0
[   41.279909][ T3847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.279941][ T3847] RIP: 0033:0x7fd7c308cde9
[   41.279958][ T3847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.279975][ T3847] RSP: 002b:00007fd7c16f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   41.279992][ T3847] RAX: ffffffffffffffda RBX: 00007fd7c32a5fa0 RCX: 00007fd7c308cde9
[   41.280004][ T3847] RDX: 0000200000000080 RSI: 00000000000089f1 RDI: 0000000000000007
[   41.280016][ T3847] RBP: 00007fd7c16f1090 R08: 0000000000000000 R09: 0000000000000000
[   41.280061][ T3847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   41.280073][ T3847] R13: 0000000000000000 R14: 00007fd7c32a5fa0 R15: 00007fff5b81bcf8
[   41.280096][ T3847]  </TASK>
[   41.301320][ T3843] loop3: detected capacity change from 0 to 8192
[   41.339617][ T3850] loop2: detected capacity change from 0 to 512
[   41.626988][ T3850] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.642801][ T3850] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   41.663834][ T3859] loop0: detected capacity change from 0 to 512
[   41.691927][ T3859] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.130: bg 0: block 393: padding at end of block bitmap is not set
[   41.713934][ T3301] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.724390][ T3863] SELinux:  Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped).
[   41.740292][ T3863] loop3: detected capacity change from 0 to 512
[   41.749796][ T3859] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   41.773898][ T3859] EXT4-fs (loop0): 2 truncates cleaned up
[   41.781627][ T3863] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.783404][ T3859] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.822850][ T3865] loop1: detected capacity change from 0 to 8192
[   41.826986][ T3863] ext4 filesystem being mounted at /26/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   41.851485][ T3865] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   41.872944][ T3871] loop2: detected capacity change from 0 to 512
[   41.883878][ T3871] EXT4-fs (loop2): bad geometry: first data block 786433 is beyond end of filesystem (256)
[   41.904434][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.915486][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.944268][ T3878] netlink: 'syz.0.138': attribute type 10 has an invalid length.
[   41.955093][ T3878] netlink: 84 bytes leftover after parsing attributes in process `syz.0.138'.
[   41.983532][ T3878] loop6: detected capacity change from 0 to 7
[   41.993945][ T3878] Buffer I/O error on dev loop6, logical block 0, async page read
[   42.028755][ T3878] Buffer I/O error on dev loop6, logical block 0, async page read
[   42.036604][ T3878]  loop6: unable to read partition table
[   42.042712][ T3878] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   42.042712][ T3878] 
) failed (rc=-5)
[   42.207789][ T3892] loop3: detected capacity change from 0 to 8192
[   42.283490][ T3898] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   42.394077][ T3901] loop0: detected capacity change from 0 to 736
[   42.469601][ T3903] mmap: syz.3.144 (3903) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   42.507596][ T3906] netlink: 12 bytes leftover after parsing attributes in process `syz.4.145'.
[   42.613476][ T3917] random: crng reseeded on system resumption
[   42.622376][ T3915] loop4: detected capacity change from 0 to 8192
[   42.701141][ T3915] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   42.736919][ T3919] netlink: 'syz.3.150': attribute type 10 has an invalid length.
[   42.751451][ T3919] netlink: 84 bytes leftover after parsing attributes in process `syz.3.150'.
[   42.761350][ T3919] loop6: detected capacity change from 0 to 7
[   42.764073][ T3921] random: crng reseeded on system resumption
[   42.775625][ T3919] Buffer I/O error on dev loop6, logical block 0, async page read
[   42.783891][ T3919] Buffer I/O error on dev loop6, logical block 0, async page read
[   42.791917][ T3919]  loop6: unable to read partition table
[   42.805726][ T3919] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   42.805726][ T3919] 
) failed (rc=-5)
[   42.912438][ T3928] FAULT_INJECTION: forcing a failure.
[   42.912438][ T3928] name failslab, interval 1, probability 0, space 0, times 0
[   42.925118][ T3928] CPU: 1 UID: 0 PID: 3928 Comm: syz.1.154 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   42.925154][ T3928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   42.925165][ T3928] Call Trace:
[   42.925172][ T3928]  <TASK>
[   42.925179][ T3928]  dump_stack_lvl+0xf2/0x150
[   42.925236][ T3928]  dump_stack+0x15/0x1a
[   42.925311][ T3928]  should_fail_ex+0x24a/0x260
[   42.925351][ T3928]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[   42.925382][ T3928]  should_failslab+0x8f/0xb0
[   42.925407][ T3928]  __kmalloc_noprof+0xab/0x3f0
[   42.925462][ T3928]  ? tracepoint_add_func+0x1f3/0x6f0
[   42.925499][ T3928]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[   42.925523][ T3928]  tracepoint_add_func+0x1f3/0x6f0
[   42.925558][ T3928]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[   42.925663][ T3928]  tracepoint_probe_register_prio_may_exist+0x5e/0xa0
[   42.925699][ T3928]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[   42.925731][ T3928]  bpf_probe_register+0xd3/0xf0
[   42.925761][ T3928]  bpf_raw_tp_link_attach+0x312/0x3e0
[   42.925878][ T3928]  bpf_raw_tracepoint_open+0x135/0x2c0
[   42.925911][ T3928]  __sys_bpf+0x32b/0x7a0
[   42.925943][ T3928]  __x64_sys_bpf+0x43/0x50
[   42.925971][ T3928]  x64_sys_call+0x2914/0x2dc0
[   42.926025][ T3928]  do_syscall_64+0xc9/0x1c0
[   42.926048][ T3928]  ? clear_bhb_loop+0x55/0xb0
[   42.926075][ T3928]  ? clear_bhb_loop+0x55/0xb0
[   42.926107][ T3928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.926166][ T3928] RIP: 0033:0x7f6ee918cde9
[   42.926181][ T3928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   42.926202][ T3928] RSP: 002b:00007f6ee77f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   42.926223][ T3928] RAX: ffffffffffffffda RBX: 00007f6ee93a5fa0 RCX: 00007f6ee918cde9
[   42.926237][ T3928] RDX: 0000000000000018 RSI: 0000200000000380 RDI: 0000000000000011
[   42.926251][ T3928] RBP: 00007f6ee77f7090 R08: 0000000000000000 R09: 0000000000000000
[   42.926318][ T3928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   42.926331][ T3928] R13: 0000000000000000 R14: 00007f6ee93a5fa0 R15: 00007ffe664bf508
[   42.926353][ T3928]  </TASK>
[   43.169331][ T3933] netlink: 'syz.1.158': attribute type 39 has an invalid length.
[   43.183403][ T3930] netlink: 12 bytes leftover after parsing attributes in process `syz.3.157'.
[   43.198341][ T3936] loop4: detected capacity change from 0 to 512
[   43.228074][ T3936] EXT4-fs error (device loop4): ext4_orphan_get:1389: inode #15: comm syz.4.156: casefold flag without casefold feature
[   43.257643][ T3936] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.156: couldn't read orphan inode 15 (err -117)
[   43.275671][   T29] kauditd_printk_skb: 151 callbacks suppressed
[   43.275736][   T29] audit: type=1400 audit(1738748174.823:558): avc:  denied  { ioctl } for  pid=3940 comm="syz.2.159" path="/dev/input/event0" dev="devtmpfs" ino=242 ioctlcmd=0x4508 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   43.291259][ T3943] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   43.359941][ T3946] random: crng reseeded on system resumption
[   43.385008][ T3936] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.442136][ T3948] loop2: detected capacity change from 0 to 512
[   43.468120][   T29] audit: type=1400 audit(1738748175.003:559): avc:  denied  { create } for  pid=3935 comm="syz.4.156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   43.503802][ T3948] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.162: bg 0: block 393: padding at end of block bitmap is not set
[   43.518194][   T29] audit: type=1400 audit(1738748175.063:560): avc:  denied  { bind } for  pid=3935 comm="syz.4.156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   43.537498][ T3948] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   43.546316][ T3955] loop1: detected capacity change from 0 to 512
[   43.546717][ T3948] EXT4-fs (loop2): 2 truncates cleaned up
[   43.560448][ T3948] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.577484][ T3944] loop3: detected capacity change from 0 to 736
[   43.582021][   T29] audit: type=1400 audit(1738748175.133:561): avc:  denied  { listen } for  pid=3935 comm="syz.4.156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   43.603084][   T29] audit: type=1400 audit(1738748175.133:562): avc:  denied  { mounton } for  pid=3935 comm="syz.4.156" path="/29/file0/file0" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   43.626485][   T29] audit: type=1326 audit(1738748175.133:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3935 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   43.649835][   T29] audit: type=1326 audit(1738748175.133:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3935 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   43.673101][   T29] audit: type=1326 audit(1738748175.133:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3935 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   43.696477][   T29] audit: type=1326 audit(1738748175.133:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3935 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   43.719819][   T29] audit: type=1326 audit(1738748175.133:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3935 comm="syz.4.156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   43.779812][ T3955] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.805077][ T3955] ext4 filesystem being mounted at /33/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   43.830736][ T3301] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.899262][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.978196][ T3962] loop2: detected capacity change from 0 to 512
[   43.985145][ T3962] EXT4-fs: Ignoring removed bh option
[   43.994387][ T3962] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   44.019300][ T3961] 9pnet: Could not find request transport: f
[   44.042693][ T3961] loop0: detected capacity change from 0 to 512
[   44.046260][ T3962] EXT4-fs error (device loop2): __ext4_iget:4984: inode #16: block 1778384930: comm syz.2.164: invalid block
[   44.068372][ T3961] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   44.072707][ T3962] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.164: couldn't read orphan inode 16 (err -117)
[   44.092466][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.102539][ T3961] EXT4-fs (loop0): 1 truncate cleaned up
[   44.111091][ T3961] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.136627][ T3962] EXT4-fs (loop2): 1 orphan inode deleted
[   44.146069][ T3970] loop1: detected capacity change from 0 to 8192
[   44.153591][ T3962] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.187200][ T3959] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.164: bg 0: block 255: padding at end of block bitmap is not set
[   44.239602][ T3975] loop3: detected capacity change from 0 to 8192
[   44.261127][ T3301] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.274949][ T3961] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.382010][ T3982] loop0: detected capacity change from 0 to 512
[   44.412236][ T3982] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.426190][ T3982] ext4 filesystem being mounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   44.489782][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.499261][ T3987] loop1: detected capacity change from 0 to 2048
[   44.520425][ T3987] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.567376][ T3992] loop0: detected capacity change from 0 to 736
[   44.639366][ T3997] loop3: detected capacity change from 0 to 512
[   44.661192][ T3997] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.175: bg 0: block 393: padding at end of block bitmap is not set
[   44.702047][ T4000] netlink: 4 bytes leftover after parsing attributes in process `syz.0.176'.
[   44.711178][ T4000] vxcan1: Master is either lo or non-ether device
[   44.724447][ T3997] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   44.724954][ T3996] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[   44.742740][ T3997] EXT4-fs (loop3): 2 truncates cleaned up
[   44.748202][ T3996] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   44.766238][ T3996] EXT4-fs (loop1): This should not happen!! Data will be lost
[   44.766238][ T3996] 
[   44.775958][ T3996] EXT4-fs (loop1): Total free blocks count 0
[   44.782042][ T3996] EXT4-fs (loop1): Free/Dirty block details
[   44.787947][ T3996] EXT4-fs (loop1): free_blocks=2415919504
[   44.793766][ T3996] EXT4-fs (loop1): dirty_blocks=8192
[   44.799089][ T3996] EXT4-fs (loop1): Block reservation details
[   44.805085][ T3996] EXT4-fs (loop1): i_reserved_data_blocks=512
[   44.812596][ T3997] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.825470][ T3996] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   44.866213][ T4002] loop0: detected capacity change from 0 to 512
[   44.883419][ T4002] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.896308][ T4002] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.913345][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.924738][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.957832][ T4006] random: crng reseeded on system resumption
[   45.016230][ T4010] netlink: 'syz.4.181': attribute type 1 has an invalid length.
[   45.024003][ T4010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.181'.
[   45.058750][ T4010] 9pnet_fd: Insufficient options for proto=fd
[   45.093430][ T4013] netlink: 132 bytes leftover after parsing attributes in process `syz.0.182'.
[   45.106383][ T4014] netlink: 132 bytes leftover after parsing attributes in process `syz.0.182'.
[   45.203727][ T4013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.182'.
[   45.215616][ T4022] loop4: detected capacity change from 0 to 2048
[   45.237641][ T4023] loop2: detected capacity change from 0 to 512
[   45.314749][ T4012] loop0: detected capacity change from 0 to 512
[   45.324295][ T4023] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.343504][ T4023] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   45.389916][ T3301] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.580813][ T4012] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[   45.591914][ T4012] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 0 not in group (block 2)!
[   45.601962][ T4012] EXT4-fs (loop0): group descriptors corrupted!
[   45.642635][ T4028] loop2: detected capacity change from 0 to 736
[   45.871148][ T4032] FAULT_INJECTION: forcing a failure.
[   45.871148][ T4032] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   45.884268][ T4032] CPU: 1 UID: 0 PID: 4032 Comm: syz.1.187 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   45.884295][ T4032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   45.884309][ T4032] Call Trace:
[   45.884366][ T4032]  <TASK>
[   45.884373][ T4032]  dump_stack_lvl+0xf2/0x150
[   45.884400][ T4032]  dump_stack+0x15/0x1a
[   45.884446][ T4032]  should_fail_ex+0x24a/0x260
[   45.884478][ T4032]  should_fail+0xb/0x10
[   45.884506][ T4032]  should_fail_usercopy+0x1a/0x20
[   45.884604][ T4032]  copy_to_user_nofault+0x7d/0x110
[   45.884641][ T4032]  bpf_probe_write_user+0x80/0xc0
[   45.884683][ T4032]  bpf_prog_853ff409725e1ea5+0x44/0x48
[   45.884703][ T4032]  bpf_trace_run2+0x104/0x1d0
[   45.884803][ T4032]  ? __dev_map_alloc_node+0x1f2/0x230
[   45.884828][ T4032]  ? __dev_map_alloc_node+0x1f2/0x230
[   45.884850][ T4032]  __traceiter_kfree+0x2b/0x50
[   45.884871][ T4032]  ? __dev_map_alloc_node+0x1f2/0x230
[   45.884892][ T4032]  kfree+0x247/0x2f0
[   45.884926][ T4032]  ? __rcu_read_unlock+0x34/0x70
[   45.884983][ T4032]  __dev_map_alloc_node+0x1f2/0x230
[   45.885004][ T4032]  dev_map_update_elem+0xf4/0x1d0
[   45.885125][ T4032]  bpf_map_update_value+0x365/0x3b0
[   45.885152][ T4032]  map_update_elem+0x3af/0x470
[   45.885187][ T4032]  __sys_bpf+0x713/0x7a0
[   45.885224][ T4032]  __x64_sys_bpf+0x43/0x50
[   45.885247][ T4032]  x64_sys_call+0x2914/0x2dc0
[   45.885289][ T4032]  do_syscall_64+0xc9/0x1c0
[   45.885317][ T4032]  ? clear_bhb_loop+0x55/0xb0
[   45.885349][ T4032]  ? clear_bhb_loop+0x55/0xb0
[   45.885380][ T4032]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.885461][ T4032] RIP: 0033:0x7f6ee918cde9
[   45.885475][ T4032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.885492][ T4032] RSP: 002b:00007f6ee77f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   45.885585][ T4032] RAX: ffffffffffffffda RBX: 00007f6ee93a5fa0 RCX: 00007f6ee918cde9
[   45.885600][ T4032] RDX: 0000000000000020 RSI: 0000200000000080 RDI: 0000000000000002
[   45.885613][ T4032] RBP: 00007f6ee77f7090 R08: 0000000000000000 R09: 0000000000000000
[   45.885674][ T4032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   45.885688][ T4032] R13: 0000000000000000 R14: 00007f6ee93a5fa0 R15: 00007ffe664bf508
[   45.885709][ T4032]  </TASK>
[   46.168481][ T4034] netlink: 'syz.2.189': attribute type 1 has an invalid length.
[   46.176204][ T4034] netlink: 4 bytes leftover after parsing attributes in process `syz.2.189'.
[   46.220411][ T4038] Illegal XDP return value 4294967274 on prog  (id 146) dev N/A, expect packet loss!
[   46.235865][ T4037] loop3: detected capacity change from 0 to 512
[   46.342091][ T4034] loop2: detected capacity change from 0 to 256
[   46.354509][ T4034] vfat: Unknown parameter ''
[   46.364483][ T4037] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.190: bg 0: block 393: padding at end of block bitmap is not set
[   46.383318][ T4037] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   46.474171][ T4034] loop2: detected capacity change from 0 to 764
[   46.688581][ T4044] loop0: detected capacity change from 0 to 8192
[   46.810118][ T4055] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   46.896093][ T4044] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   47.116365][ T4055] loop2: detected capacity change from 0 to 736
[   47.158102][ T4037] EXT4-fs (loop3): 2 truncates cleaned up
[   47.195207][ T4037] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   47.345728][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.490059][ T4071] loop3: detected capacity change from 0 to 8192
[   47.927274][ T4076] __nla_validate_parse: 1 callbacks suppressed
[   47.927291][ T4076] netlink: 12 bytes leftover after parsing attributes in process `syz.2.198'.
[   48.106944][ T4084] netlink: 'syz.3.202': attribute type 1 has an invalid length.
[   48.114873][ T4084] netlink: 16 bytes leftover after parsing attributes in process `syz.3.202'.
[   48.195209][ T4089] loop0: detected capacity change from 0 to 2048
[   48.238972][ T4087] loop4: detected capacity change from 0 to 8192
[   48.269428][ T4096] netlink: 'syz.1.207': attribute type 10 has an invalid length.
[   48.288232][ T4087] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   48.312010][ T4096] team0: Port device dummy0 added
[   48.340070][   T29] kauditd_printk_skb: 135 callbacks suppressed
[   48.340085][   T29] audit: type=1400 audit(1738748179.893:703): avc:  denied  { read write } for  pid=4097 comm="syz.4.208" name="uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   48.386246][ T4099] netlink: 84 bytes leftover after parsing attributes in process `syz.1.207'.
[   48.411289][ T4096] loop6: detected capacity change from 0 to 7
[   48.417670][   T29] audit: type=1400 audit(1738748179.923:704): avc:  denied  { open } for  pid=4097 comm="syz.4.208" path="/dev/uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   48.418471][ T4101] netlink: 12 bytes leftover after parsing attributes in process `syz.0.210'.
[   48.441410][ T4096] Buffer I/O error on dev loop6, logical block 0, async page read
[   48.460463][ T4096] Buffer I/O error on dev loop6, logical block 0, async page read
[   48.468361][ T4096]  loop6: unable to read partition table
[   48.510356][   T29] audit: type=1326 audit(1738748180.063:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   48.510727][ T4096] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   48.510727][ T4096] 
) failed (rc=-5)
[   48.533781][   T29] audit: type=1326 audit(1738748180.063:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   48.555411][ T4106] netlink: 'syz.4.211': attribute type 1 has an invalid length.
[   48.570620][   T29] audit: type=1326 audit(1738748180.063:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   48.601608][   T29] audit: type=1326 audit(1738748180.063:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   48.624930][   T29] audit: type=1326 audit(1738748180.063:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   48.660824][   T29] audit: type=1326 audit(1738748180.063:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   48.660867][   T29] audit: type=1326 audit(1738748180.063:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   48.660902][   T29] audit: type=1326 audit(1738748180.063:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4105 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6083cde9 code=0x7ffc0000
[   48.847673][ T4124] loop1: detected capacity change from 0 to 512
[   48.854722][ T4126] random: crng reseeded on system resumption
[   48.870931][ T4128] FAULT_INJECTION: forcing a failure.
[   48.870931][ T4128] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   48.884207][ T4128] CPU: 1 UID: 0 PID: 4128 Comm: syz.4.220 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   48.884267][ T4128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   48.884279][ T4128] Call Trace:
[   48.884285][ T4128]  <TASK>
[   48.884292][ T4128]  dump_stack_lvl+0xf2/0x150
[   48.884364][ T4128]  dump_stack+0x15/0x1a
[   48.884402][ T4128]  should_fail_ex+0x24a/0x260
[   48.884439][ T4128]  should_fail+0xb/0x10
[   48.884467][ T4128]  should_fail_usercopy+0x1a/0x20
[   48.884485][ T4128]  _copy_from_user+0x1c/0xa0
[   48.884529][ T4128]  __sys_bpf+0x14e/0x7a0
[   48.884574][ T4128]  __x64_sys_bpf+0x43/0x50
[   48.884597][ T4128]  x64_sys_call+0x2914/0x2dc0
[   48.884629][ T4128]  do_syscall_64+0xc9/0x1c0
[   48.884750][ T4128]  ? clear_bhb_loop+0x55/0xb0
[   48.884777][ T4128]  ? clear_bhb_loop+0x55/0xb0
[   48.884807][ T4128]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.884907][ T4128] RIP: 0033:0x7fab6083cde9
[   48.884924][ T4128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.884957][ T4128] RSP: 002b:00007fab5eea1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   48.885044][ T4128] RAX: ffffffffffffffda RBX: 00007fab60a55fa0 RCX: 00007fab6083cde9
[   48.885058][ T4128] RDX: 0000000000000048 RSI: 0000200000000040 RDI: 0000000000000000
[   48.885072][ T4128] RBP: 00007fab5eea1090 R08: 0000000000000000 R09: 0000000000000000
[   48.885083][ T4128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   48.885094][ T4128] R13: 0000000000000000 R14: 00007fab60a55fa0 R15: 00007ffda8d56a28
[   48.885112][ T4128]  </TASK>
[   48.936826][ T4124] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.218: bg 0: block 393: padding at end of block bitmap is not set
[   49.034302][ T4132] loop4: detected capacity change from 0 to 256
[   49.079055][ T4124] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   49.090954][ T4124] EXT4-fs (loop1): 2 truncates cleaned up
[   49.097084][ T4124] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   49.122202][ T4138] netlink: 12 bytes leftover after parsing attributes in process `syz.2.222'.
[   49.159675][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.195919][ T4145] SELinux:  Context system_u:object_r: is not valid (left unmapped).
[   49.204768][ T4144] loop2: detected capacity change from 0 to 1764
[   49.217043][ T4145] loop6: detected capacity change from 0 to 7
[   49.223811][ T4145] Buffer I/O error on dev loop6, logical block 0, async page read
[   49.232951][ T4145] Buffer I/O error on dev loop6, logical block 0, async page read
[   49.240918][ T4145]  loop6: unable to read partition table
[   49.253091][ T4145] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   49.253091][ T4145] 
) failed (rc=-5)
[   49.321692][ T4154] loop4: detected capacity change from 0 to 128
[   49.359676][ T4154] syz.4.230: attempt to access beyond end of device
[   49.359676][ T4154] loop4: rw=2049, sector=145, nr_sectors = 896 limit=128
[   49.401127][ T4154] syz.4.230: attempt to access beyond end of device
[   49.401127][ T4154] loop4: rw=524288, sector=145, nr_sectors = 896 limit=128
[   49.441198][ T4158] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   49.509310][ T4160] siw: device registration error -23
[   49.515028][ T4163] random: crng reseeded on system resumption
[   49.566183][ T4158] loop2: detected capacity change from 0 to 736
[   49.661115][ T4168] loop4: detected capacity change from 0 to 256
[   49.667977][ T4167] netlink: 12 bytes leftover after parsing attributes in process `syz.1.235'.
[   49.797070][ T4172] loop4: detected capacity change from 0 to 1024
[   49.804155][ T4172] EXT4-fs: Ignoring removed nomblk_io_submit option
[   49.829548][ T4172] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842c119, mo2=0002]
[   49.838248][ T4172] System zones: 0-1, 3-12
[   49.843410][ T4172] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.868827][ T4185] loop1: detected capacity change from 0 to 512
[   49.883007][ T4187] netlink: 'syz.0.240': attribute type 10 has an invalid length.
[   49.899618][ T4189] pim6reg1: entered promiscuous mode
[   49.904958][ T4189] pim6reg1: entered allmulticast mode
[   49.929204][ T4187] netlink: 84 bytes leftover after parsing attributes in process `syz.0.240'.
[   49.939248][ T4187] loop6: detected capacity change from 0 to 7
[   49.945504][ T4187] Buffer I/O error on dev loop6, logical block 0, async page read
[   49.953605][ T4187] Buffer I/O error on dev loop6, logical block 0, async page read
[   49.961473][ T4187]  loop6: unable to read partition table
[   49.967370][ T4187] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   49.967370][ T4187] 
) failed (rc=-5)
[   50.002858][ T4193] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[   50.024489][ T4193] netlink: 8 bytes leftover after parsing attributes in process `syz.0.242'.
[   50.059008][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.075636][    C1] hrtimer: interrupt took 28632 ns
[   50.083984][ T4199] netlink: 'syz.4.245': attribute type 3 has an invalid length.
[   50.085271][ T4193] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   50.093187][ T4199] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=4199 comm=syz.4.245
[   50.147107][ T4195] netlink: 'syz.3.243': attribute type 4 has an invalid length.
[   50.158171][ T4195] netlink: 'syz.3.243': attribute type 4 has an invalid length.
[   50.331215][ T4206] loop0: detected capacity change from 0 to 8192
[   50.341107][ T4213] syz_tun: entered allmulticast mode
[   50.363835][ T4212] syz_tun: left allmulticast mode
[   50.713311][ T4228] netlink: 20 bytes leftover after parsing attributes in process `syz.0.256'.
[   50.786618][ T4229] loop1: detected capacity change from 0 to 512
[   51.173682][ T4231] FAULT_INJECTION: forcing a failure.
[   51.173682][ T4231] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   51.186865][ T4231] CPU: 1 UID: 0 PID: 4231 Comm: syz.2.257 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   51.186901][ T4231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   51.186916][ T4231] Call Trace:
[   51.186923][ T4231]  <TASK>
[   51.186931][ T4231]  dump_stack_lvl+0xf2/0x150
[   51.186999][ T4231]  dump_stack+0x15/0x1a
[   51.187058][ T4231]  should_fail_ex+0x24a/0x260
[   51.187094][ T4231]  should_fail+0xb/0x10
[   51.187126][ T4231]  should_fail_usercopy+0x1a/0x20
[   51.187210][ T4231]  _copy_to_iter+0x248/0xd00
[   51.187231][ T4231]  ? iovec_from_user+0xcb/0x210
[   51.187253][ T4231]  ? down_read+0x171/0x4b0
[   51.187357][ T4231]  copy_page_to_iter+0x171/0x2b0
[   51.187384][ T4231]  process_vm_rw+0x5b6/0x890
[   51.187440][ T4231]  __x64_sys_process_vm_readv+0x7a/0x90
[   51.187632][ T4231]  x64_sys_call+0xb24/0x2dc0
[   51.187664][ T4231]  do_syscall_64+0xc9/0x1c0
[   51.187692][ T4231]  ? clear_bhb_loop+0x55/0xb0
[   51.187797][ T4231]  ? clear_bhb_loop+0x55/0xb0
[   51.187825][ T4231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.187850][ T4231] RIP: 0033:0x7fd7c308cde9
[   51.187867][ T4231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   51.187888][ T4231] RSP: 002b:00007fd7c16f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[   51.187909][ T4231] RAX: ffffffffffffffda RBX: 00007fd7c32a5fa0 RCX: 00007fd7c308cde9
[   51.187946][ T4231] RDX: 0000000000000002 RSI: 0000200000008400 RDI: 0000000000000074
[   51.187959][ T4231] RBP: 00007fd7c16f1090 R08: 0000000000000001 R09: 0000000000000000
[   51.187972][ T4231] R10: 0000200000008640 R11: 0000000000000246 R12: 0000000000000001
[   51.187990][ T4231] R13: 0000000000000000 R14: 00007fd7c32a5fa0 R15: 00007fff5b81bcf8
[   51.188012][ T4231]  </TASK>
[   51.437630][ T4237] random: crng reseeded on system resumption
[   51.556466][ T4239] capability: warning: `syz.3.260' uses deprecated v2 capabilities in a way that may be insecure
[   51.845079][ T4247] xt_hashlimit: max too large, truncated to 1048576
[   51.854214][ T4229] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.866898][ T4229] ext4 filesystem being mounted at /58/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   52.205179][ T4255] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.230103][ T4257] FAULT_INJECTION: forcing a failure.
[   52.230103][ T4257] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   52.243252][ T4257] CPU: 1 UID: 0 PID: 4257 Comm: syz.0.265 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   52.243281][ T4257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   52.243296][ T4257] Call Trace:
[   52.243303][ T4257]  <TASK>
[   52.243335][ T4257]  dump_stack_lvl+0xf2/0x150
[   52.243430][ T4257]  dump_stack+0x15/0x1a
[   52.243456][ T4257]  should_fail_ex+0x24a/0x260
[   52.243556][ T4257]  should_fail+0xb/0x10
[   52.243588][ T4257]  should_fail_usercopy+0x1a/0x20
[   52.243642][ T4257]  _copy_to_user+0x20/0xa0
[   52.243669][ T4257]  simple_read_from_buffer+0xa0/0x110
[   52.243697][ T4257]  proc_fail_nth_read+0xf9/0x140
[   52.243728][ T4257]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   52.243752][ T4257]  vfs_read+0x19b/0x6f0
[   52.243815][ T4257]  ? __rcu_read_unlock+0x4e/0x70
[   52.243885][ T4257]  ? __fget_files+0x17c/0x1c0
[   52.244069][ T4257]  ksys_read+0xe8/0x1b0
[   52.244092][ T4257]  __x64_sys_read+0x42/0x50
[   52.244112][ T4257]  x64_sys_call+0x2874/0x2dc0
[   52.244138][ T4257]  do_syscall_64+0xc9/0x1c0
[   52.244183][ T4257]  ? clear_bhb_loop+0x55/0xb0
[   52.244294][ T4257]  ? clear_bhb_loop+0x55/0xb0
[   52.244327][ T4257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   52.244413][ T4257] RIP: 0033:0x7f92e701b7fc
[   52.244427][ T4257] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   52.244444][ T4257] RSP: 002b:00007f92e5687030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   52.244465][ T4257] RAX: ffffffffffffffda RBX: 00007f92e7235fa0 RCX: 00007f92e701b7fc
[   52.244479][ T4257] RDX: 000000000000000f RSI: 00007f92e56870a0 RDI: 0000000000000007
[   52.244493][ T4257] RBP: 00007f92e5687090 R08: 0000000000000000 R09: 0000000000000000
[   52.244564][ T4257] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[   52.244575][ T4257] R13: 0000000000000000 R14: 00007f92e7235fa0 R15: 00007ffc8bbdb738
[   52.244593][ T4257]  </TASK>
[   52.520867][ T4255] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.612444][ T4255] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.683711][ T4255] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   52.723839][ T4272] netlink: 56 bytes leftover after parsing attributes in process `syz.0.269'.
[   52.768233][ T4255] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   52.785754][ T4255] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   52.846768][ T4255] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   52.886854][ T4255] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   52.905720][ T4277] loop3: detected capacity change from 0 to 512
[   52.932784][ T4277] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   52.969910][ T4277] ext4 filesystem being mounted at /52/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   53.011266][ T4281] loop4: detected capacity change from 0 to 256
[   53.045703][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.135726][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.154865][ T4285] loop3: detected capacity change from 0 to 512
[   53.173947][ T4283] loop4: detected capacity change from 0 to 8192
[   53.178407][ T4285] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.274: bg 0: block 393: padding at end of block bitmap is not set
[   53.204871][ T4285] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   53.224990][ T4285] EXT4-fs (loop3): 2 truncates cleaned up
[   53.241160][ T4285] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.245701][ T4283] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   53.296810][ T4290] loop4: detected capacity change from 0 to 2048
[   53.313690][ T3302] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.348901][ T4290]  loop4: p1 < > p4
[   53.353522][ T4290] loop4: p4 size 8388608 extends beyond EOD, truncated
[   53.390905][ T3000]  loop4: p1 < > p4
[   53.398807][ T3000] loop4: p4 size 8388608 extends beyond EOD, truncated
[   53.445741][ T3556] udevd[3556]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[   53.447157][ T3291] udevd[3291]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory
[   53.487205][ T4296] loop4: detected capacity change from 0 to 512
[   53.496867][ T4296] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   53.516237][ T4296] EXT4-fs (loop4): 1 truncate cleaned up
[   53.522798][ T4296] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   53.561830][ T4304] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   53.610548][ T4304] loop2: detected capacity change from 0 to 736
[   53.667929][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.686879][ T4312] syz.4.281 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   53.734357][ T4315] netlink: 'syz.2.282': attribute type 10 has an invalid length.
[   53.760878][ T4315] netlink: 84 bytes leftover after parsing attributes in process `syz.2.282'.
[   53.772503][ T4315] loop6: detected capacity change from 0 to 7
[   53.783921][ T4315] Buffer I/O error on dev loop6, logical block 0, async page read
[   53.795501][ T4317] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   53.804455][ T4315] Buffer I/O error on dev loop6, logical block 0, async page read
[   53.812360][ T4315]  loop6: unable to read partition table
[   53.829070][ T4315] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   53.829070][ T4315] 
) failed (rc=-5)
[   53.859770][ T4317] loop4: detected capacity change from 0 to 736
[   53.962675][ T4320] loop2: detected capacity change from 0 to 512
[   53.990486][ T4320] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.014164][ T4320] ext4 filesystem being mounted at /48/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   54.036156][ T4324] loop4: detected capacity change from 0 to 256
[   54.060264][ T3301] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   54.087758][ T4326] loop1: detected capacity change from 0 to 128
[   54.095114][ T4326] vfat: Unknown parameter '���$�*��%��X�UЎ�ҍ�l��m/��NZc�K�z�m����X�i���$̰���&���p�	f����sN�Ak �D@R���*��HF0�،E����끘M/�M�&8(�!Z�S~ޠŷ�2��ɤ@A����V��x_���>�ZM�٣��Kbzdk��o%e4Ԥ�X��{���4J'C�bD^��W&�
�&2'
[   54.130391][ T4326] gre1: entered allmulticast mode
[   54.186369][ T4331] netlink: 12 bytes leftover after parsing attributes in process `syz.3.289'.
[   54.209555][ T4328] syzkaller0: entered promiscuous mode
[   54.215175][ T4328] syzkaller0: entered allmulticast mode
[   54.239719][ T4332] syzkaller0: tun_chr_ioctl cmd 1074025677
[   54.245623][ T4332] syzkaller0: Linktype set failed because interface is up
[   54.253224][   T11] syzkaller0: tun_net_xmit 48
[   54.408378][ T4344] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   54.470739][ T4344] loop2: detected capacity change from 0 to 736
[   54.477161][ T4354] loop0: detected capacity change from 0 to 2048
[   54.518775][ T4354]  loop0: p1 < > p4
[   54.524101][ T4354] loop0: p4 size 8388608 extends beyond EOD, truncated
[   54.551478][ T3000]  loop0: p1 < > p4
[   54.561359][ T3000] loop0: p4 size 8388608 extends beyond EOD, truncated
[   54.571235][ T4356] FAULT_INJECTION: forcing a failure.
[   54.571235][ T4356] name failslab, interval 1, probability 0, space 0, times 0
[   54.583911][ T4356] CPU: 0 UID: 0 PID: 4356 Comm: syz.2.296 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   54.583940][ T4356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   54.584004][ T4356] Call Trace:
[   54.584012][ T4356]  <TASK>
[   54.584021][ T4356]  dump_stack_lvl+0xf2/0x150
[   54.584056][ T4356]  dump_stack+0x15/0x1a
[   54.584081][ T4356]  should_fail_ex+0x24a/0x260
[   54.584114][ T4356]  should_failslab+0x8f/0xb0
[   54.584165][ T4356]  kmem_cache_alloc_noprof+0x52/0x320
[   54.584250][ T4356]  ? skb_clone+0x154/0x1f0
[   54.584289][ T4356]  skb_clone+0x154/0x1f0
[   54.584338][ T4356]  __netlink_deliver_tap+0x2bd/0x4f0
[   54.584440][ T4356]  netlink_unicast+0x64a/0x670
[   54.584489][ T4356]  netlink_sendmsg+0x5cc/0x6e0
[   54.584534][ T4356]  ? __pfx_netlink_sendmsg+0x10/0x10
[   54.584566][ T4356]  __sock_sendmsg+0x140/0x180
[   54.584592][ T4356]  ____sys_sendmsg+0x312/0x410
[   54.584632][ T4356]  __sys_sendmsg+0x19d/0x230
[   54.584688][ T4356]  __x64_sys_sendmsg+0x46/0x50
[   54.584723][ T4356]  x64_sys_call+0x2734/0x2dc0
[   54.584751][ T4356]  do_syscall_64+0xc9/0x1c0
[   54.584838][ T4356]  ? clear_bhb_loop+0x55/0xb0
[   54.584868][ T4356]  ? clear_bhb_loop+0x55/0xb0
[   54.584903][ T4356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.585012][ T4356] RIP: 0033:0x7fd7c308cde9
[   54.585031][ T4356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.585059][ T4356] RSP: 002b:00007fd7c16f1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   54.585124][ T4356] RAX: ffffffffffffffda RBX: 00007fd7c32a5fa0 RCX: 00007fd7c308cde9
[   54.585139][ T4356] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000003
[   54.585170][ T4356] RBP: 00007fd7c16f1090 R08: 0000000000000000 R09: 0000000000000000
[   54.585185][ T4356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   54.585198][ T4356] R13: 0000000000000000 R14: 00007fd7c32a5fa0 R15: 00007fff5b81bcf8
[   54.585229][ T4356]  </TASK>
[   54.795950][ T4354] 9pnet: Could not find request transport: r
[   54.828538][ T3000]  loop0: p1 < > p4
[   54.834078][ T3000] loop0: p4 size 8388608 extends beyond EOD, truncated
[   54.879396][   T29] kauditd_printk_skb: 258 callbacks suppressed
[   54.879426][   T29] audit: type=1326 audit(1738748186.433:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4363 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7c308cde9 code=0x7ffc0000
[   54.917511][   T29] audit: type=1326 audit(1738748186.433:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4363 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7c308cde9 code=0x7ffc0000
[   54.924058][ T4366] netlink: 12 bytes leftover after parsing attributes in process `syz.0.300'.
[   54.940997][   T29] audit: type=1326 audit(1738748186.433:973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4363 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7c308cde9 code=0x7ffc0000
[   54.973178][   T29] audit: type=1326 audit(1738748186.433:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4363 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7c308cde9 code=0x7ffc0000
[   54.973620][ T3291] udevd[3291]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory
[   55.009413][ T4364] netlink: 16 bytes leftover after parsing attributes in process `syz.2.299'.
[   55.024223][ T3556] udevd[3556]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory
[   55.147496][ T4372] loop2: detected capacity change from 0 to 512
[   55.175277][ T4372] EXT4-fs: Ignoring removed bh option
[   55.188445][ T4372] /dev/loop2: Can't open blockdev
[   55.233190][ T4381] audit: audit_backlog=65 > audit_backlog_limit=64
[   55.236239][ T4382] loop1: detected capacity change from 0 to 512
[   55.239786][ T4381] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[   55.239803][ T4381] audit: backlog limit exceeded
[   55.260730][   T29] audit: type=1326 audit(1738748186.513:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4363 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7c308cde9 code=0x7ffc0000
[   55.281760][ T4384] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   55.284160][   T29] audit: type=1326 audit(1738748186.513:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4363 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7c308cde9 code=0x7ffc0000
[   55.310520][ T4377] loop0: detected capacity change from 0 to 8192
[   55.314389][   T29] audit: type=1326 audit(1738748186.513:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4363 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fd7c308cde9 code=0x7ffc0000
[   55.370038][ T4382] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.306: bg 0: block 393: padding at end of block bitmap is not set
[   55.424119][ T4390] loop3: detected capacity change from 0 to 1024
[   55.432516][ T4390] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   55.443582][ T4390] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (14919!=20869)
[   55.453756][ T4390] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   55.467379][ T4382] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   55.476313][ T4391] loop2: detected capacity change from 0 to 736
[   55.494228][ T4390] EXT4-fs (loop3): invalid journal inode
[   55.504468][ T4390] EXT4-fs (loop3): can't get journal size
[   55.506597][ T4382] EXT4-fs (loop1): 2 truncates cleaned up
[   55.510949][ T4390] EXT4-fs error (device loop3): ext4_protect_reserved_inode:182: inode #3: comm syz.3.308: blocks 2-2 from inode overlap system zone
[   55.530158][ T4390] EXT4-fs (loop3): failed to initialize system zone (-117)
[   55.537463][ T4390] EXT4-fs (loop3): mount failed
[   55.561496][ T4382] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   55.695436][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   55.732727][ T4399] netlink: 12 bytes leftover after parsing attributes in process `syz.3.312'.
[   55.760239][ T4401] random: crng reseeded on system resumption
[   55.850728][ T4407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   55.860652][ T4407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   56.009206][ T4417] netlink: 'syz.0.318': attribute type 10 has an invalid length.
[   56.024505][ T4417] netlink: 84 bytes leftover after parsing attributes in process `syz.0.318'.
[   56.034356][ T4417] loop6: detected capacity change from 0 to 7
[   56.040846][ T4417] Buffer I/O error on dev loop6, logical block 0, async page read
[   56.058322][ T4417] Buffer I/O error on dev loop6, logical block 0, async page read
[   56.066236][ T4417]  loop6: unable to read partition table
[   56.072510][ T4417] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   56.072510][ T4417] 
) failed (rc=-5)
[   56.202254][ T4424] loop0: detected capacity change from 0 to 512
[   56.221887][ T4424] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.322: bg 0: block 393: padding at end of block bitmap is not set
[   56.242334][ T4420] loop1: detected capacity change from 0 to 8192
[   56.260509][ T4424] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   56.296254][ T4424] EXT4-fs (loop0): 2 truncates cleaned up
[   56.318522][ T4424] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   56.370538][ T4428] loop2: detected capacity change from 0 to 8192
[   56.421527][ T4428] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   56.430863][ T4433] netlink: 12 bytes leftover after parsing attributes in process `syz.3.324'.
[   56.459727][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   56.488203][ T4430] loop4: detected capacity change from 0 to 8192
[   56.669915][ T4450] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   56.784439][ T4457] loop3: detected capacity change from 0 to 736
[   56.861870][ T4461] netlink: 12 bytes leftover after parsing attributes in process `syz.2.336'.
[   56.894498][ T4463] loop4: detected capacity change from 0 to 512
[   56.920352][ T4463] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.337: bg 0: block 393: padding at end of block bitmap is not set
[   56.957721][ T4463] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   56.998790][ T4463] EXT4-fs (loop4): 2 truncates cleaned up
[   57.015010][ T4463] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   57.095917][ T4472] FAULT_INJECTION: forcing a failure.
[   57.095917][ T4472] name failslab, interval 1, probability 0, space 0, times 0
[   57.108647][ T4472] CPU: 1 UID: 0 PID: 4472 Comm: syz.2.340 Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   57.108671][ T4472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   57.108683][ T4472] Call Trace:
[   57.108690][ T4472]  <TASK>
[   57.108699][ T4472]  dump_stack_lvl+0xf2/0x150
[   57.108778][ T4472]  dump_stack+0x15/0x1a
[   57.108799][ T4472]  should_fail_ex+0x24a/0x260
[   57.108838][ T4472]  should_failslab+0x8f/0xb0
[   57.108919][ T4472]  kmem_cache_alloc_noprof+0x52/0x320
[   57.108979][ T4472]  ? radix_tree_node_alloc+0x8b/0x1e0
[   57.109009][ T4472]  radix_tree_node_alloc+0x8b/0x1e0
[   57.109038][ T4472]  idr_get_free+0x1f5/0x550
[   57.109105][ T4472]  idr_alloc_u32+0xcb/0x180
[   57.109139][ T4472]  tcf_idr_check_alloc+0x171/0x270
[   57.109180][ T4472]  tcf_mirred_init+0x185/0x8f0
[   57.109335][ T4472]  ? __nla_parse+0x40/0x60
[   57.109360][ T4472]  tcf_action_init_1+0x339/0x490
[   57.109395][ T4472]  tcf_action_init+0x1cc/0x610
[   57.109449][ T4472]  tc_ctl_action+0x292/0x840
[   57.109564][ T4472]  ? __pfx_tc_ctl_action+0x10/0x10
[   57.109588][ T4472]  rtnetlink_rcv_msg+0x6aa/0x710
[   57.109711][ T4472]  ? ref_tracker_free+0x3a5/0x410
[   57.109748][ T4472]  ? __dev_queue_xmit+0x186/0x2090
[   57.109785][ T4472]  netlink_rcv_skb+0x12c/0x230
[   57.109827][ T4472]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   57.109884][ T4472]  rtnetlink_rcv+0x1c/0x30
[   57.109974][ T4472]  netlink_unicast+0x599/0x670
[   57.110010][ T4472]  netlink_sendmsg+0x5cc/0x6e0
[   57.110052][ T4472]  ? __pfx_netlink_sendmsg+0x10/0x10
[   57.110122][ T4472]  __sock_sendmsg+0x140/0x180
[   57.110147][ T4472]  ____sys_sendmsg+0x312/0x410
[   57.110184][ T4472]  __sys_sendmsg+0x19d/0x230
[   57.110241][ T4472]  __x64_sys_sendmsg+0x46/0x50
[   57.110276][ T4472]  x64_sys_call+0x2734/0x2dc0
[   57.110318][ T4472]  do_syscall_64+0xc9/0x1c0
[   57.110408][ T4472]  ? clear_bhb_loop+0x55/0xb0
[   57.110436][ T4472]  ? clear_bhb_loop+0x55/0xb0
[   57.110469][ T4472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.110501][ T4472] RIP: 0033:0x7fd7c308cde9
[   57.110581][ T4472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.110598][ T4472] RSP: 002b:00007fd7c16f1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   57.110618][ T4472] RAX: ffffffffffffffda RBX: 00007fd7c32a5fa0 RCX: 00007fd7c308cde9
[   57.110633][ T4472] RDX: 0000000000000000 RSI: 0000200000006280 RDI: 0000000000000004
[   57.110647][ T4472] RBP: 00007fd7c16f1090 R08: 0000000000000000 R09: 0000000000000000
[   57.110671][ T4472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.110683][ T4472] R13: 0000000000000000 R14: 00007fd7c32a5fa0 R15: 00007fff5b81bcf8
[   57.110703][ T4472]  </TASK>
[   57.459595][ T4482] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   57.459763][ T3298] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.491903][ T4484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.346'.
[   57.559629][ T4488] random: crng reseeded on system resumption
[   57.641703][ T4494] ip6gretap0 speed is unknown, defaulting to 1000
[   57.656810][ T4494] ip6gretap0 speed is unknown, defaulting to 1000
[   57.661704][ T4491] siw: device registration error -23
[   57.663691][ T4494] ip6gretap0 speed is unknown, defaulting to 1000
[   57.683530][ T4494] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   57.695100][ T4491] loop1: detected capacity change from 0 to 736
[   57.713099][ T4494] ip6gretap0 speed is unknown, defaulting to 1000
[   57.730596][ T4494] ip6gretap0 speed is unknown, defaulting to 1000
[   57.756414][ T4494] ip6gretap0 speed is unknown, defaulting to 1000
[   57.767045][ T4499] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4499 comm=syz.0.354
[   57.789419][ T4494] ip6gretap0 speed is unknown, defaulting to 1000
[   57.798375][ T4494] ip6gretap0 speed is unknown, defaulting to 1000
[   57.826721][ T4499] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[   57.833464][ T4499] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   57.841046][ T4499] vhci_hcd vhci_hcd.0: Device attached
[   57.861415][ T4500] loop4: detected capacity change from 0 to 8192
[   57.889300][ T4501] vhci_hcd: connection closed
[   57.889448][   T28] vhci_hcd: stop threads
[   57.897388][ T4500] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   57.898939][   T28] vhci_hcd: release socket
[   57.911934][   T28] vhci_hcd: disconnect device
[   57.934387][ T4510] netlink: 'syz.1.357': attribute type 10 has an invalid length.
[   57.956121][ T4510] loop6: detected capacity change from 0 to 7
[   57.963765][ T4510] Buffer I/O error on dev loop6, logical block 0, async page read
[   57.985529][ T4506] loop3: detected capacity change from 0 to 8192
[   57.989309][ T4510] Buffer I/O error on dev loop6, logical block 0, async page read
[   57.999954][ T4510]  loop6: unable to read partition table
[   58.003239][ T4516] ip6gretap0 speed is unknown, defaulting to 1000
[   58.006893][ T4510] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   58.006893][ T4510] 
) failed (rc=-5)
[   58.012724][ T4512] netlink: 12 bytes leftover after parsing attributes in process `syz.4.358'.
[   58.088248][ T4506] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   58.129074][ T4524] siw: device registration error -23
[   58.171474][ T4520] loop1: detected capacity change from 0 to 512
[   58.180352][ T4520] EXT4-fs: Ignoring removed orlov option
[   58.200110][ T4520] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   58.213045][ T4526] loop3: detected capacity change from 0 to 736
[   58.229910][ T4520] EXT4-fs (loop1): orphan cleanup on readonly fs
[   58.239502][ T4520] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.360: bg 0: block 248: padding at end of block bitmap is not set
[   58.316288][ T4520] EXT4-fs error (device loop1): ext4_acquire_dquot:6927: comm syz.1.360: Failed to acquire dquot type 1
[   58.356691][ T4520] EXT4-fs (loop1): 1 truncate cleaned up
[   58.370059][ T4520] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   58.399415][ T4534] random: crng reseeded on system resumption
[   58.465736][ T4520] syz.1.360 (4520) used greatest stack depth: 9272 bytes left
[   58.547626][ T4537] siw: device registration error -23
[   58.600040][ T4537] loop1: detected capacity change from 0 to 736
[   58.626046][ T4543] siw: device registration error -23
[   58.689370][ T4548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=48656 sclass=netlink_route_socket pid=4548 comm=syz.0.373
[   58.720207][ T4550] netlink: 'syz.4.374': attribute type 3 has an invalid length.
[   58.805373][ T4558] loop0: detected capacity change from 0 to 512
[   58.832944][ T4558] EXT4-fs: Ignoring removed mblk_io_submit option
[   58.857112][ T4560] loop3: detected capacity change from 0 to 256
[   58.892186][ T4558] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.375: corrupted in-inode xattr: invalid ea_ino
[   58.921711][ T4563] loop1: detected capacity change from 0 to 256
[   58.941592][ T4560] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[   58.951923][ T4560] FAT-fs (loop3): Filesystem has been set read-only
[   58.961513][ T4560] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[   59.005979][ T4558] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.375: couldn't read orphan inode 15 (err -117)
[   59.012566][ T4560] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[   59.028289][ T4560] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001)
[   59.056438][ T4560] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4560 comm=syz.3.376
[   59.107272][ T4567] loop1: detected capacity change from 0 to 512
[   59.132939][ T4573] siw: device registration error -23
[   59.160947][ T4567] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.379: bg 0: block 393: padding at end of block bitmap is not set
[   59.223414][ T4575] loop4: detected capacity change from 0 to 736
[   59.275906][ T4567] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   59.380585][ T4567] EXT4-fs (loop1): 2 truncates cleaned up
[   59.501118][ T4586] __nla_validate_parse: 4 callbacks suppressed
[   59.501133][ T4586] netlink: 12 bytes leftover after parsing attributes in process `syz.2.383'.
[   59.576293][ T4588] loop2: detected capacity change from 0 to 8192
[   59.613104][ T4588] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   59.792378][ T4592] loop1: detected capacity change from 0 to 8192
[   59.879854][ T4592] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[   59.997183][ T4610] loop3: detected capacity change from 0 to 2048
[   60.021104][ T4613] netlink: 12 bytes leftover after parsing attributes in process `syz.2.395'.
[   60.021178][   T29] kauditd_printk_skb: 108 callbacks suppressed
[   60.021235][   T29] audit: type=1400 audit(1738748191.573:1084): avc:  denied  { listen } for  pid=4605 comm="syz.4.388" lport=59036 faddr=::ffff:10.1.1.2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[   60.103764][ T4607] loop0: detected capacity change from 0 to 1024
[   60.142801][ T4620] netlink: 'syz.4.397': attribute type 10 has an invalid length.
[   60.151007][   T29] audit: type=1400 audit(1738748191.693:1085): avc:  denied  { create } for  pid=4602 comm="syz.0.391" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   60.216713][ T4627] netlink: 'syz.2.401': attribute type 10 has an invalid length.
[   60.227061][ T4620] loop6: detected capacity change from 0 to 7
[   60.233327][ T4620] Buffer I/O error on dev loop6, logical block 0, async page read
[   60.241609][ T4620] Buffer I/O error on dev loop6, logical block 0, async page read
[   60.249583][ T4620]  loop6: unable to read partition table
[   60.271477][ T4620] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[   60.271477][ T4620] 
) failed (rc=-5)
[   60.316422][ T4634] loop3: detected capacity change from 0 to 512
[   60.330964][ T4629] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4629 comm=syz.1.399
[   60.350073][ T4634] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.403: corrupted in-inode xattr: invalid ea_ino
[   60.377353][   T29] audit: type=1400 audit(1738748191.923:1086): avc:  denied  { sqpoll } for  pid=4640 comm="syz.0.406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   60.396639][   T29] audit: type=1400 audit(1738748191.923:1087): avc:  denied  { read } for  pid=4640 comm="syz.0.406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   60.416521][ T4636] loop2: detected capacity change from 0 to 8192
[   60.489093][ T4634] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.403: couldn't read orphan inode 15 (err -117)
[   60.548883][ T4651] loop0: detected capacity change from 0 to 512
[   60.576490][   T29] audit: type=1400 audit(1738748192.113:1088): avc:  denied  { create } for  pid=4633 comm="syz.3.403" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1
[   60.625011][ T4651] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.409: bg 0: block 393: padding at end of block bitmap is not set
[   60.660028][ T4646] loop4: detected capacity change from 0 to 8192
[   60.670250][ T4651] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   60.701371][ T3556] ==================================================================
[   60.709496][ T3556] BUG: KCSAN: data-race in _copy_to_iter / fat16_ent_put
[   60.716554][ T3556] 
[   60.718885][ T3556] write to 0xffff888126a431e8 of 2 bytes by task 4646 on cpu 0:
[   60.726538][ T3556]  fat16_ent_put+0x28/0x60
[   60.731424][ T3556]  fat_alloc_clusters+0x4c9/0xa80
[   60.736463][ T3556]  fat_get_block+0x25c/0x5e0
[   60.741096][ T3556]  __block_write_begin_int+0x417/0xfa0
[   60.746574][ T3556]  cont_write_begin+0x546/0x860
[   60.751455][ T3556]  fat_write_begin+0x51/0xe0
[   60.756072][ T3556]  cont_write_begin+0x18b/0x860
[   60.760940][ T3556]  fat_write_begin+0x51/0xe0
[   60.765555][ T3556]  generic_perform_write+0x1a8/0x4a0
[   60.770848][ T3556]  __generic_file_write_iter+0xa1/0x120
[   60.776409][ T3556]  generic_file_write_iter+0x8f/0x310
[   60.781788][ T3556]  do_iter_readv_writev+0x403/0x4b0
[   60.786996][ T3556]  vfs_writev+0x2d9/0x880
[   60.791430][ T3556]  __se_sys_pwritev2+0x100/0x1c0
[   60.796386][ T3556]  __x64_sys_pwritev2+0x78/0x90
[   60.801249][ T3556]  x64_sys_call+0x2afe/0x2dc0
[   60.805952][ T3556]  do_syscall_64+0xc9/0x1c0
[   60.810548][ T3556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.816454][ T3556] 
[   60.818780][ T3556] read to 0xffff888126a43000 of 512 bytes by task 3556 on cpu 1:
[   60.826494][ T3556]  _copy_to_iter+0x130/0xd00
[   60.831097][ T3556]  copy_page_to_iter+0x171/0x2b0
[   60.836037][ T3556]  filemap_read+0x43d/0x8c0
[   60.840557][ T3556]  blkdev_read_iter+0x228/0x2d0
[   60.845412][ T3556]  vfs_read+0x5cc/0x6f0
[   60.849586][ T3556]  ksys_read+0xe8/0x1b0
[   60.853766][ T3556]  __x64_sys_read+0x42/0x50
[   60.858285][ T3556]  x64_sys_call+0x2874/0x2dc0
[   60.863031][ T3556]  do_syscall_64+0xc9/0x1c0
[   60.867548][ T3556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   60.873455][ T3556] 
[   60.875830][ T3556] Reported by Kernel Concurrency Sanitizer on:
[   60.882000][ T3556] CPU: 1 UID: 0 PID: 3556 Comm: udevd Not tainted 6.14.0-rc1-syzkaller-00026-gd009de7d5428 #0
[   60.892244][ T3556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   60.902303][ T3556] ==================================================================
[   60.910905][ T4657] loop2: detected capacity change from 0 to 512
[   60.912985][ T4651] EXT4-fs (loop0): 2 truncates cleaned up
[   60.947401][ T4657] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.411: bg 0: block 393: padding at end of block bitmap is not set
[   60.962738][ T4657] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   60.972088][ T4657] EXT4-fs (loop2): 2 truncates cleaned up
[   61.041241][ T4647] serio: Serial port ptm1