last executing test programs:

3.307102289s ago: executing program 2 (id=3443):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f000001000000120000"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x12e010, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
lseek(r4, 0x9, 0x0)
pipe(&(0x7f00000001c0)={<r5=>0xffffffffffffffff})
read(r5, &(0x7f0000032440)=""/102364, 0x18fdc)

2.89621796s ago: executing program 4 (id=3450):
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x10, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file2\x00', &(0x7f0000000280)='./file2\x00', 0xffffffffffffffff, 0x400})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x65, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000440))
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6e}}, {@user_xattr}, {@lazytime}, {@quota}]}, 0x3, 0x441, &(0x7f0000000440)="$eJzs3MtvG0UYAPBv10lLXyRUpdAHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QXWQaBRBQKgcUSXuiCMSfwEHBBcEnJC4wh1VqlAuLZyM1vYmjmuncepkC/79pI1ndseZ+bw79sxOnAD61kj2I4nYHRG/R8RQPbu6wEj94ebSwtTfSwtTSVSrb/6V1MrdWFqYyovmz9uVZwYi0k+TONSm3srl+fOT5fLMpUZ+bO7Ce2OVy/PPnrsweXbm7MzFiVOnThwff/7kxHM9iTOL68bBD2cPH3j17auvT52++s7P3yR5/C1x9MjIWgefqFZ7XF2x9jSlk4ECG0JXSvVuGoO1/j8UpVg5eUPxyieFNg7YVNVqtbo/4rsOhxerwP9YEkW3AChG/kGfzX/zbetGH8W7/mJ9ApTFfbOx1Y8MRNooM9gyv+2lkYg4vfjPl9kWm3MfAgBgle+z8c8z7cZ/aexvKndvYw1lOCLui4i9EXEyIvZFxP0RtbIPRMSDXdbfukhy6/gnvdb+mdu7rKm9bPz3QmNta/X4Lx/9xXCpkdtTi38wOXOuPHOs8ZocjcHtWX58jTp+ePm3zzsdax7/ZVtWf/a4sjqUXhtoCXV6cm7yjoJucv3jiIMD7eJPllcCkog4EBEHN1jHuae+PtzpWKf41/WLe7DOVP0q4sn6+V+Mlvhzydrrk2P3RHnm2Fh+Vdzql1+vvNGp/juKvwey87+z7fW/HP9w0rxeW+m+jit/fNZxTnP7+Ntf/9uSt1bt+2Bybu7SeMS25LV6o5v3T7SUm1gpn8V/9Ej7/r83Vl6JQxGRXcQPRcTDEfFIo+2PRsRjEXFkjfh/eunxdzce/+bK4p/u6vyvJLZF6572idL5H79dVelwN/Fn5/9ELXW0sWc973/radfGrmYAAAD470kjYnck6ehyOk1HR+t/w78vdqbl2crc02dm3784Xf+OwHAMpvmdrqGm+6HjjWl9np9oyR9v3Df+orSjlh+dmi1PFx089LldHfp/5s9S0a0DNp3va0H/0v+hf+n/0L/0f+hfbfr/jiLaAWy9dp//HxXQDmDrtfR/y37QR8z/oX/p/9C/9H/oS5UdcfsvyUsUncj/GcPd0p7K5flI74pmSGxSouA3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB75NwAA//9wCOUr")
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7e9, &(0x7f00000017c0)="$eJzs3c1rHG8dAPDvbF42SauJIGh7CggaKN2YGlsFDxEPIlgo6Nk2bLahZpMt2U1pQqDpQfAiqHgQ9NKzL/UgePXlqv+EeJAW0TRYT7oys7t53d0kbXa3/fXzgck8M/PMPPPN88yzz+4MuwF8sKbTP7mIKxHxwyRisrk+iYiRLDUcsdDI93p3u5hOSdTr3/pnkuX57aWDYyXN+aXmwqcj4o/fi7iWO17qeHNeLq03U7O11Yez1c2t6w9WF5dLy6W1m3Pz8zduffHWzZN7val//2Xr8ssfff1zv14Yjk89/8GfkliIy81te7vbxbc8/AnTMd38n4yk/8IjvnbRhQ1YMugT4I2kl+ZQ4yqPKzEZQ1mqg7e9AAGAd8KTiKgDAB+Y5LTX/yFDBAD4aGl9DrC3u11sTYP9RKK//vHViBhrxN+6v9nYMty8ZzeW3Qed2EuO3BlJImLqAsqfjoif/+47v0yn6NF9SIB2dp425nu7+WP9f5L2f6OnHyHfccvnu+1Wb+w3fWy1/g/65/fp+OdLJ8d/V/cf6BnL/h4b/4zl21y7b+L06z/3osOuZ+ibTpeO/75y6Nm2g/Hf/kNrU0PNpY9lY76R5P6Dcint2z4eETMxkk+X57Ks7Z+Cmnn131edyj88/vvXj7/7i7T8dH6QI/diOB/1xnN5/8vG60uLtcWLiD2L/2nE1eF28Sf749/kSP0v7Ed6p+NRj1bNN778/Z91ypnGn8bbmk7G31v1ZxGfbVv/B3WZdH0+cTZrDrOtRtHGb/7204lO5R/Ufz6bp+W33gv0Q1r/E93jn0pT1c2tlcVyubRePX8Zf342+YdO2w63//bxZ+3/iLT9jybfztKtlvZ4sVZbn4sYTb55cv2Ng31by638afwzn2l//bdv/42+IH1PeG9/qbvhl6O/ah6qbfyZnU7x91Ya/9K56r9Lot7c59im569XhjqVf7b6n89SM801Z+n/TjnTt2jNAAAAAAAAAAAAAAAAAAAAAAAAAHB+uYi4HEmusJ/O5QqFxm94fzImcuVKtXbtfmVjbSmy38qeipFc66suJw99H+pc8/vwW8s3ji1/ISI+ERE/yY9ny4Vipbw06OABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOnS0d//f5LOCoXGtr/nB312AEDPjA36BACAvvP6DwAfnvO9/o/37DwAgP459/v/etKbEwEA+ubMr//3enseAED/uP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAj925fTud6v/Z3S6my0uPNjdWKo+uL5WqK4XVjWKhWFl/WFiuVJbLpUKxstrxQDuNWblSeTgfaxuPZ2ulam22url1d7WysVa7+2B1cbl0tzTSt8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Oyqm1sri+VyaV2iS2K8NN45TxIRAz/D0xJpXV/kAYff0ZB3/jqSteuumWPqvWn8o13yJBdZ1vjxNYd7ifFBdE0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA74X/BwAA///YTBJy")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)

2.509428218s ago: executing program 0 (id=3456):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400000022001a5398597c0141000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_MCE_KILL(0x21, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000040340000000000000800000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000f40), 0xc000, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18)
syz_clone(0x64087000, 0x0, 0xffffff59, 0x0, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0000001000370400007c00fdffff01738aff60", @ANYRES32=r7, @ANYBLOB="4b390500000000001c0012800b00010069703667726500000c00028008000100", @ANYRES32=r7, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x48800}, 0x24000010)
sendmmsg$inet(r5, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @empty, @multicast1}}}], 0x20}}], 0x1, 0x8008005)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000940)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xbf, 0x0, &(0x7f00000004c0)="ddb29b14130eb16da4161418712f8af601aa2775bc8e1d08f7e3a659f51db118da2c7b9f538bbf0ee267037d9a5a70ad9bc7a8063ab494900b252f67ef8e24398270a3ff46b4c14f06726700daeae54d2ad982fa1accd791ddfe4d95d46ab3fa7cd014248ec2b95bf0899778c7b9d20610ef03c12b665452fd0ae4a300018a985c3345d57c7ecf9a03269ac3ccd5b99723375595ecbbc3b54972ebfbfe6c418eef145540a19bc574b3e2dc86862f8044ae4b3047f0d04d7663e5342ea48a46", 0x0}, 0x50)
r8 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
pwritev2(r8, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x9c00, 0x0, 0x3)

2.428558496s ago: executing program 4 (id=3457):
r0 = socket(0x2, 0xa, 0x300)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) (async)
connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$pppoe(0x18, 0x1, 0x0) (async)
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, 0x0, 0x0) (async)
connect$pppoe(r3, 0x0, 0x0)
ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, 0x0) (async)
ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_pid(r4, &(0x7f00000004c0), 0x12)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000005, 0x12, r4, 0x0)
connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x1, @broadcast, 'ipvlan0\x00'}}, 0x1e)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f00000001c0)=[{0x30, 0x5, 0x53, 0xfffff034}, {0x6, 0x4a, 0x6, 0x6}]}, 0x10)
syz_mount_image$msdos(&(0x7f00000008c0), &(0x7f0000001200)='./file0\x00', 0x4000, &(0x7f00000000c0)=ANY=[@ANYBLOB="646973636172642c646f74732c646f74732c6e6f646f74732c636865636b3d7374726963742c646f74732c0080fcdc5c3dd34a5bee25f099008bade73ed878442a18112f260a6de8f9de23ca03128aff6e01"], 0x1, 0x11c1, &(0x7f0000001240)="$eJzs209LdFUcB/CfPtpj86TZP0s3HWpTm0u6aNVGQiEcKNQJNAiuONYw08wwdxYz0kJo16rXES3bBdEb8F20kyBq46qJHNMUIw30Bn0+m/nB95y5v8OFC+dyz8k7X33WPCiyg7wfkxMTMdWdjnSaIsVkPIqxo3jzi/Vfv9za2d1YrVbXNlNaX91efjulNPfq9x99/s1rP/SffPjt3HeP43j+45OfV348XjhePPlt+9NGkRpFanf6KU97nU4/32vV036jaGYpfdCq50U9NdpFvXclP2h1ut1hytv7s5Vur14UKW8PU7M+TP1O6veGKf8kb7RTlmVpthJcNxqNRrcdW/v69Gz0aDQdT53NfDoq8SSeidmYi2djPp6L5+OFeDFeioV4OV6JxTv9PwAAAAAAAAAAAAAAAAAAAHAbzv8DAAAAAAAAAAAAAAAAAABA+Zz/BwAAAAAAAAAAAAAAAAAAgPI5/w8AAAAAAAAAAAAAAAAAAADl29rZ3VitVtc2U5qJ+OloUBvUxr/jfP296tpb6cz85axfBoPao4t8eZynq/njqJznKzfmM/HG6+P8j+zd96vX8qXYv//lAwAAwP9Cli7cuL/Psr/Lx9Vf3g9c279PxdLUTVecua+l8C8Uw8Nm3mrVe8Vw+s/isLRi4ryrkttQKO6rmPxvtPHPRckPJh7E5U0vuxMAAAAAAAAAAADu4iE+Jyx7jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOztwLAAAAAAgzN86jY4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCqAAAA//9fwpXh")
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000000)={0x0, 0x9}, 0x8)
lgetxattr(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trusted. }'], 0x0, 0x0) (async)
lgetxattr(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trusted. }'], 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6}, 0x4)
syz_usb_disconnect(0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r7=>0xffffffffffffffff})
fcntl$setsig(r7, 0xa, 0x200012) (async)
fcntl$setsig(r7, 0xa, 0x200012)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8f7ffffb702000008000000b703000000000000a5000000eeffffff95"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_enter\x00', r8}, 0x10)
syz_emit_ethernet(0x36, &(0x7f00000004c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @local, @void, {@mpls_uc={0x8847, {[], @ipv6=@generic={0xe, 0x6, "ccd370", 0x0, 0x2f, 0x3915de4cd3646a6d, @loopback, @empty}}}}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r10, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x4) (async)
sendmsg$nl_route_sched(r9, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r10, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0x1e, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xfffffffa}, {}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @call={0x85, 0x0, 0x0, 0x3d}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xbbdd0e93dadf14ca}}}, &(0x7f0000000140)='GPL\x00', 0x8000, 0x6, &(0x7f0000000300)=""/6, 0x40f00, 0x48, '\x00', r10, @fallback=0x37, r5, 0x8, &(0x7f0000000380)={0x2, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0xd, 0x9, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000440)=[{0x3, 0x5, 0x10, 0x9}, {0x5, 0x5, 0x1, 0x1}, {0x4, 0x2, 0xe, 0x5}], 0x10, 0x12}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0x1e, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xfffffffa}, {}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @call={0x85, 0x0, 0x0, 0x3d}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xbbdd0e93dadf14ca}}}, &(0x7f0000000140)='GPL\x00', 0x8000, 0x6, &(0x7f0000000300)=""/6, 0x40f00, 0x48, '\x00', r10, @fallback=0x37, r5, 0x8, &(0x7f0000000380)={0x2, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0xd, 0x9, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000440)=[{0x3, 0x5, 0x10, 0x9}, {0x5, 0x5, 0x1, 0x1}, {0x4, 0x2, 0xe, 0x5}], 0x10, 0x12}, 0x94)

2.425529957s ago: executing program 2 (id=3458):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x2, 0x2, 0x0, 0x2}}, 0x26)
close_range(r2, 0xffffffffffffffff, 0x0)

2.39234647s ago: executing program 2 (id=3459):
gettid()
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup/syz0\x00', 0x200002, 0x0)
openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
pipe2(0x0, 0x80c80)
rt_sigprocmask(0x3, 0x0, &(0x7f0000000240), 0xfea4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x2c)
syz_open_dev$tty1(0xc, 0x4, 0x1)

2.29676712s ago: executing program 0 (id=3460):
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f0000000580), 0x1, 0x4e8, &(0x7f00000005c0)="$eJzs3U9oVNsZAPDvTv5YY2LSUrHVFgItVrGdmESjQilmVRAtbS100T8Sk5iISSaYCagUahCLFCpddGFx1Y1ddBO6K9IiFB681Vu4eG8hCm/1njyfPHkuXOVxJ3d0jGPyYmLuY/z94DL3nEnmfHc+7p1zhnPPBPDW6o6IIxHRFBHFiOjM6gvZFpcWt/TvTvXPj6dbEgsLJx4lkUTE0f758eprJdnjluwFvpU+XInY2/xyuzMXLp4dmpgYPZeVe8qT0z0zFy7+6Mzk0Njo2OjUwMGDhw8dGDhweP2OdfP26ze//fdjd669M/fdbVuGJ9N427Pnao9jvXRHd/aetERH7RNJxKn1bixnX8s7AFbtk8LOW3nHAABsvELW92+u9P87oykWO+v37/72cWf8sS3v+AAAAIC1W1hoyh4BAACAxpUY+wMAAECDq84DONo/P17dNmruwYOfblRLvMrDwYjoWsx/9f7uxWean93T2/KG7u/9w9OI7uh48tFPvvH/dIs3dB82X03zH+YdAXlq3Z93BORpxy/yjoA8vXc17wi4NBcRt4/U6f8na+7ztS8pJ0vKxwfT/t9fZmrr9P/eHr88kXcE5OlnA3lHQJ5uPMo7Am4PRsS+et//FSrr91Vtjoi26tp+6+RQe/r5/+/7tXUvf/4XHqxjkyzxcDDixzVrO56qyX+mqykrdVS+KmxJTp+ZGN0XEVsjYne0bErLvcu00Ttw46/16r/zJM3/P5Pq93/plrZf/S4wi+NB86YX/29kqDy01uNm0cO5iB3N9fL/vP+fZLl+Xf8tXftzvfqBPZV1RXctn3/epIV/ROyqe/4/H60ly67P2lO5HPRULwp1/OuDz67Uq//+79P8n90j//lJz/+25fNfuf4/W693ZvVtXP7fzSf16p/eSvP/t0uvc/1vTX5VCbA1qzs/VC6f641oTY69XN+3+pgbVfX9qL5faf53f6/+53+1/5dk60J3RcTXX6PNuXvTd+rVXy+k+b/xO+d/ftL8j6xw/icvnP+r35l//4c/qNf2zqtp/rt+vfL5v78SzO6sRv9vZV82QXnHCQAAAAAAAMD6KFTu00kKxWf7hUKxuDjP95vRVpgozZT3ni7NTo0s3s/TFS2F6lSvzpr5oL3Z/JBquW9JuT+bO3K1c3OlXBwuTYzkffAAAADQ4Noj7v3m8n+2b3nF+D91tzPvKAEAAIC1SMf/HffaKst5fW6cDwAAAA0pHf8//tOn74bxPwAAADSs2vE/AAAA0Nh+fvx4ui1Uf/dvqjR25uz49OG+fcXJ2eHicOncdHGsVBqrrNg3ufLrTZRK0719MXu+pzw6U+6ZuXDx5GRpdqp8svK7sSdHWzbgmICVFbd+vC3vGAAAgI2zlt/1t2PHTqPu5H1lAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLb4IAAD//wws/WY=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x20060400)
syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0xffffffffffffffa0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x7f}, 0x94)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
ioctl$TUNSETSTEERINGEBPF(r4, 0x800454e0, &(0x7f0000000000)=r1)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000004c0)=@bpf_tracing={0x1a, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000005000000000000000900000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008510000083000000bf090000000000005509010000000000950000000000000018000000999800000000000004000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000f1ffffff8500000006000000b7080000000000007b8af8ff00000000b7080000faffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800005a0200007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000085000000c3000000bf91000000000000b7020000"], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x1a, r4, 0x8, &(0x7f0000000280)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0xf, 0x8, 0x100}, 0x10, 0x747c, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r0, r0, r0, r0, r0, r0, r0, r5], 0x0, 0x10, 0x1}, 0x94)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a1)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, 0x0, 0x40000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="080086"], 0xfdef)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)

1.986044271s ago: executing program 0 (id=3461):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x800000000006}, 0x18)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/shm\x00', 0x0, 0x0)
ppoll(&(0x7f00000001c0)=[{r2, 0x1132}], 0x1, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
socket$netlink(0x10, 0x3, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4804}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newchain={0x24, 0x64, 0x400, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xa, 0xfff3}, {0xfff2, 0x7}, {0xfff2}}}, 0x24}}, 0x80000)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c000000100001042abd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="9180030000000000280012800b00010065727370616e0000180002800400120006000f007f000000060010004e200000140003006e"], 0x5c}, 0x1, 0x0, 0x0, 0x24048c00}, 0x10)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.904684859s ago: executing program 0 (id=3463):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0xfffffffffffffcab, 0x3f)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r1, @ANYRESDEC=r0], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}}, 0x24}}, 0x4000800)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=@gettclass={0x24, 0x2a, 0x1, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xfff2, 0xffff}, {0x7}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r8, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880)
sendmmsg$inet6(r8, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000400)=[{&(0x7f00000008c0)="fe609418", 0x4}], 0x1}}], 0x1, 0x0)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r4, 0x917f, &(0x7f0000000700)=""/17)
r10 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000bc0)="0100000200373a4541062101a59ea940d2cb0b36b8f5020000a00000050000000000eb000000a5e5be21c44e328e68f3922af831e4e51bfb30f7788fd57e51bc464355bd646d037ccc16ddb08a7b3a697aedb66ddd793acf37119e61f502d8bbb016f701890700000068d945af468c1c9090c76906b94e0f27761c75e58c82da54d010078660684a4106855beaf5e813ed18aa4acabb5bee7f082d24a16b01fc91471eba59152e716af8776ab90ac48bcbee6570df22513808ecab7a9680aa613a56aa11bfa73af4c4e94b5cfc855f0e910186d7e68ac24f8b125140ac5f7f4819168ce1c25550c6773b41011999d8d9827757d96c5e8aa4617cc54c5e67060a92661f84e698d1fe3cee10a85882cbecb29f2a22535ac50e64d95ecbab66f54373b94475e05b79a0a61bc2ae1e", 0x12d, r10)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r11 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x111900, 0x0)
sendmsg$GTP_CMD_GETPDP(r11, 0x0, 0x24044000)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=r5, @ANYRES32, @ANYBLOB="000000000400"/28], 0x50)

1.877037802s ago: executing program 1 (id=3465):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r0, 0x0, 0x9}, 0x18)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(0xffffffffffffffff, 0x2401, 0xfffffffffffffff8)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000340)='cpu\t&0\t&\t')
r2 = socket(0x10, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000480)=@gcm_256={{0x303}, "000200", "e123c5876ff425b1ebe250a8486be34705f4f827ae60ecb65e528248d5552bff", "7e25837b", "15d0db2c77179e1a"}, 0x38)
close_range(r2, r3, 0x0)

1.843598985s ago: executing program 1 (id=3466):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x15, 0x8, &(0x7f0000000400)=ANY=[@ANYRESHEX=r2, @ANYRES32=r0], &(0x7f0000000780)='GPL\x00', 0x60, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r3}, 0x18)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)=@newtaction={0x5c, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x48, 0x1, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1, 0x0, 0x4, 0x0, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, &(0x7f0000000000)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1}}, {{}, {0x0, 0x0, 0x1, 0x1}}], 0x10)
setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, 0x0, 0x0)

1.780458162s ago: executing program 1 (id=3467):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000009400000094000000050000000500000000000002010000000900000000000010040000000f0000000000000202000000060000000000000e0500000001000000100000000700000604000000100000000900000005000000040000000e000000000000800a000000050000000a000000020000000c0000000200000010000000050000000000020000000000000c03000000002e2e6100"/177], &(0x7f0000000640)=""/4096, 0xb1, 0x1000, 0x0, 0xffffffff}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000480)={r3, 0x20, &(0x7f0000000100)={&(0x7f0000000300)=""/234, 0xea, <r4=>0x0, &(0x7f0000000400)=""/110, 0x6e}}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xf, &(0x7f00000000c0)=ANY=[], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x26, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r6, 0x84, 0x17, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a85}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x10)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0xf0)
pwritev2(r9, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)
write$binfmt_script(r8, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

1.734809316s ago: executing program 3 (id=3469):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e22, @multicast2}, 0x2, 0x0, 0x1}}, 0x2e)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x2, 0x2, 0x0, 0x2}}, 0x26)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.676391302s ago: executing program 3 (id=3470):
r0 = syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000540)='./file0\x00', 0x42000, &(0x7f0000000580)=ANY=[@ANYBLOB="ce92636850727365743d0200000006000000322c67699282b188a9d9696cd2dc398aa3defce7db88b5574b2bf84a88068174fd9468a513e74a15110d54b7a820d6d9555fb12e826d7c794c81ff5b91a9bb74", @ANYRESHEX=0x0, @ANYRESHEX=r1, @ANYRES16=r0, @ANYRESHEX=r0], 0x1, 0x543, &(0x7f0000000c00)="$eJzs3V9P21YfwPGfKehB6fP0efRsqipE21O6SVSiqeO0qaJeec5JOK1jR7ZTwVWFClSooZ1KJw1upt50m7S9iN7uRewl7Hpvotr9Jo3JdkIDBEL/QBD6fqLNh/iXc37HTfyTIbYFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI5dVsu2SJb4L2gjqYV4vC5iHre/3d2LXY4/eNd+OKWOl/Mjkpl/KnLn3+LvJi+r8Zmc5/mpbJdDEpW+cv/u/eZ+NjvdcfktCJ2NjcerrU6ay8GHUiI9LQgYlD03QbWpk4VNVKxb41X49V3fg6XvzuN91UXqTdJIzUrHdDlarVstLFxbAdNGqur3tP3r3p2HZF3S+2tBvFYXDrfjH25o3vm6CRxaSr05i76RvxgUlUot2mUqtrnZXysCTToNJRgpxhQY7tOKWS45Qqd6p37tr2+L4n7D1kX8To37QYrePYjQMfZKxb/8UXI4G0ZUHUwIcnNYkklOYB67t69f/LW/rQcfvrf6/KX3q3ekqy+n8l/+nKQfX/gFxO7rEhm7IlT2VJOtKRFXlx/GOO9bbRqOeePhqiJRAjsYRipClu9ozqPqOkKhWpiC2PZF7qEouSuhjxRUssixJLIjp7R3kSiRZXEgklEiWz4skNUVKSqlSlLEq0FGVRQmlLIA2piSv+f7Ssylq23cuH5LgTVDpKkHNIEPUf+4z3Po5H9cn23cDH2u7VfwAAAAAAcGZZ2W/f0+P/CbmcterG1/ao0wIAAAAAAJ9Q9pf/6XQxkbYui8XxPwAAAAAAZ42VnWNniUhBruat3plQ/BIAAAAAAIAzIvv7/5V0UUhbV8Xi+B8AAAAAgLPmh6HX2I9b/7J+/UOiaMJ61Vr4wlp30zh3/Vz+unN7e0zqU+f/2s6MZ31Vxrtdenra+ncetHMRzLfdxeqwPKz3ScC60H317gTkJ7mWx1xbzpfLvTX5KIW68XXRC/17JXHdC2OJXki+ebb2rWTT/zFoXrBkda2zUnz8vLOc5fIq7eXVevcCivuuo3hILi+z6y1k51wMnPFEdiJGd9xCPq7dP//uhYDH3mPM1zKTx8wU8mVh9/wn0zFLxYNm382itGvmf773zF/L9Tzm+uz1fDEgC2dYFk5/Fh+0LY6QRXlYFuWPzAIARmX14Cr0d17Et/fW3Q/Yy51MdX8ts3nM7FS2Yx2fGrBHt4ft0e2PrOu/7LsHUrpmp5++GpuO+/OeqvomDXtz4Lix71jpJjz3cv1rubixuXVzbX3pycqTlWeOU67Yt237jiMT2TS6C2oPAGCAQffY6dXc/Ph/6F14rNtDjqr/v/OVgqI8lufSkWWZy842yL5xMLDXQt/XEOaGHLUW+u7wMjfkqK7Qd6OXo8eWj/lfAQCAkzUzpA4fpf7PDTnu3l3LBx0dD67lAADgeOjorVVIvreiyLQelarVkpvMaxWF3gMVmVpDKxMkOvLm3aChVSsKk9AL/bTx0NR0rOJ2qxVGiaqHkWqFsVnI7vyu4sU40U0V66YbJMaLW752Y628MEhcL1E1E3uq1f7KN/G8jrIXxy3tmbrx3MSEgYrD9rjoolKx1n2BpqaDxNRN2gxUKzJNN1pUD0O/3dSqpmMvMq0kzDvsjWWCehg1s26Lo97YAACcEhubW0+XOp2VF8fYGPUcAQDAblRpAAAAAAAAAAAAAAAAAAAAAABOv5M4/+9UNmTymHrePiUTPIbGhJyKNEbRqP03/7yclnxO4AMC4Iz7JwAA//94jV8i")
prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98,\xc8\x18E/\x8c\x1a\xe3\xbd')
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
chdir(&(0x7f0000000240)='./file0\x00')
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r6, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="4000000120000000000800010005000000080015736a0000000800030002000000020000000300005e41"], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x40070)
r10 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'lo\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r11, {0x0, 0xfff3}, {0xffff, 0x6}, {0x0, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40055}, 0x4000004)
ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x2)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r13=>r1, {0xffffffff, 0x8000}}, './file0/file0\x00'})
sendmsg$IPCTNL_MSG_EXP_DELETE(r13, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000000202010100000000000000000a0000060000004200000000"], 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x44)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000015c0)='svc_process\x00', r12, 0x0, 0x1}, 0x18)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='\x00')

1.244381545s ago: executing program 3 (id=3471):
add_key(&(0x7f0000002680)='asymmetric\x00', &(0x7f00000026c0)={'syz', 0x0}, &(0x7f0000002700)="74a5421b3b032c8ff37d9063513c55086590461331e391b95847e6a3cf26e33e251ea169cd0726ba34a04179b4451b3f99f359f62edb0c94a02ee362adb176e3c8a77299e13f2338cdc035e2d00c1129815b6bfa172b9eeb75b52f47cd763b018d8faacc757fbce24e1cd379f14b2f7a47ce0be06d9b000620a03a572b9c61f5fa3b77d3c803a89860408c7bb53818b5350b6da0d4b5f690a77da86788ae1b0127977712b4f45f189fb2ba4fd5e423c179a879e4e0c3472064e0ce9cf04052f7fd9dc22c9af9544c5b498b0f033d0b112ed0f70f4d1257d6e2fe5633eb68f7ad2d", 0xe1, 0xfffffffffffffffb)

1.036807966s ago: executing program 4 (id=3472):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x190da)

1.018591018s ago: executing program 0 (id=3473):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000002d0000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x112)
getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8)
bind$vsock_stream(r0, &(0x7f0000000940), 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@tail_call={{}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000080)={[{@i_version}, {@nogrpid}, {@bh}]}, 0x1, 0x51d, &(0x7f0000000200)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AhSauyNZXnXa3nXpTaRcM9ckajECY78AZx74s4FwY1LOSDxwwLVSBwGzezY2di79uaHvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiI9yNipjyelFu8093y8z7bfbC4t/tgMYkse++fSVGeH4uen8ldK19zKiJ+8J2IHydH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5627b9YeozVTx5a+0pwoU1/+9A873/hpXq3p8khvO56lbtMrB3FylyPie6cRbAQule2ZGHVFeCJpRLwYEa8W1/9MXCp+mwDARZZlM5HN9OYBgIsuLebAkrRazgVMR5pWq905vJfiatpotTu37rc215a6c2XXo5LeX2nU75RzhdejkuT5uSL9MF87lL8bES9ExC8mrxT56mKrsTTKGx8AGGPXDo3//5nsjv8AwAV3/MdmAICLyPgPAOPH+A8A48f4DwDjpzv+X3ncH8uy7GenUR0A4Ax4/geA8WP8B4Cx8v133823bK/8/uulD7Y2V1sf3F6qt1erzc3F6mJrY7263GotF9/Z0zzp9Rqt1vrcG7H54fVvrrc7s+2t7XvN1uZa517xvd736pXirJ0zaBkAMMgLr3zy5yQfkd++UmzRs5ZDZaQ1A05bOuoKACNzadQVAEbGal8wvh4+4z/2hwBMD8AF0WeJ3kdM9fsDoSzLstOrEnDKbn7B/D+Mq575f58ChjFz0vx/sTawNwnhQjL/D+Mry5Jh1/yPYU8EAM63Y+b4r5/lfQgwOgPe/3+x3P+2fHPgR0uHz/j4NGsFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59v++r/Vcpnf6UjTajXiuWIBoEpyf6VRvxMRz0fEnyYrk3l+bsR1BgCeVvq3pFz/6+bM69OPFL187SA5ERE/+dV7v/xwodPZ+GPERPKvyf3jnY/L47UTg02dRgsAgOPtj9PFvudB/rPdB4v721nW5+/f7t4V5HH3didi7yD+5bhc7KeiEhFX/52U+a6kZ+7iaex8FBGf79f+JKaLOZDuLcvh+Hns5840fvpI/LRcoDkt/y0+9wzqAuPmk7z/eaff9ZfGjWLf//qfKnqop1f2f/lLLe4VfeDD+Pv936UB/d+NYWO88fvvdlNXjpZ9FPHFyxH7sfd6+p/9+MmA+K8PGf8vX3r51UFl2a8jbkb/+L2xZjvN9dn21vbtlebCcn25vlarzc/N33nr7pu12WKOenbwaPCPt289P6gsb//VAfGnTmj/V4ds/2/+9/4Pv3JM/K+/1i9+Gi8dEz8fE782ZPyFq78b+Nydx1862v5kmN//rSHjf/rX7SPLhgMAo9Pe2l5daDTqGxIS5z+R/5c9B9Xom/jWWcWaiP5FP3+te00fKsqyJ4o1qMd4FrNuwHlwcNFHxH9HXRkAAAAAAAAAAAAAAKCvs/iLpVG3EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIvr/wEAAP//Rb3T2A==")
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x107b42, 0x32)
ftruncate(r4, 0x6000000)
copy_file_range(r4, 0x0, r4, &(0x7f00000004c0)=0x102, 0x9, 0xb01)

929.625857ms ago: executing program 2 (id=3474):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000004000000e27f00000100000012000000", @ANYRES32, @ANYBLOB="00ff7f0000000000070000000000000000010000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x12e010, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0)
lseek(r4, 0x9, 0x0)
pipe(&(0x7f00000001c0)={<r5=>0xffffffffffffffff})
read(r5, &(0x7f0000032440)=""/102364, 0x18fdc)

929.327077ms ago: executing program 3 (id=3475):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000500)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x800000000006}, 0x18)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/shm\x00', 0x0, 0x0)
ppoll(&(0x7f00000001c0)=[{r2, 0x1132}], 0x1, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
socket$netlink(0x10, 0x3, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4804}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newchain={0x24, 0x64, 0x400, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xa, 0xfff3}, {0xfff2, 0x7}, {0xfff2}}}, 0x24}}, 0x80000)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c000000100001042abd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="9180030000000000280012800b00010065727370616e0000180002800400120006000f007f000000060010004e200000140003006e"], 0x5c}, 0x1, 0x0, 0x0, 0x24048c00}, 0x10)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

840.300116ms ago: executing program 1 (id=3476):
r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r0, &(0x7f00000008c0)=[{&(0x7f0000000240)='4', 0x1}, {&(0x7f00000000c0)="86", 0x1}, {&(0x7f0000000700)}, {&(0x7f0000000740)="4fabadc24f41f0d9fb567ac71a9f6626f74adf17a4ac51bf07f09551cbf64bafc6b3a1dbc9c05a8f15b42156327d99322fc4e18435943245b9c87de3a5747d624854adb0a339f84e45353b74632330", 0x4f}, {&(0x7f0000000bc0)="2ae0ebfdd94cb7510ff784bbc32eb045a96e66200bf6aecda10212a2a8e10a5f3cec35fc8439d30aa4d41d4062253d758f5d8d4ff1f199b33efb9195d857d2266148cd31b7490a952db8f1212fc319ca766381e16581dbbcf247df1c63f0da61e6ae788ff7cc77cd0b4e3de79dc718779c2b17521d62e30dc283a64744308d02f23a35552d10936543f20055f9c337f138a72a46c15d106cf33fe61fc27a4443f3ec8fc6478912a7ee59e985c35ad82b456431fb2503348f7391e781528b735dad781a1bc4e5f0ecbdcd09f226c27aafbb8fced6cd9e724d1793484690f22a5812b8abfc", 0xe4}], 0x5)

834.895636ms ago: executing program 4 (id=3477):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)

768.637043ms ago: executing program 0 (id=3478):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
r4 = gettid()
ptrace$setopts(0x4206, r4, 0xfffffffffffffcab, 0x3f)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r1, @ANYRESDEC=r0], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}}, 0x24}}, 0x4000800)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=@gettclass={0x24, 0x2a, 0x1, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xfff2, 0xffff}, {0x7}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r6}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r8, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880)
sendmmsg$inet6(r8, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000400)=[{&(0x7f00000008c0)="fe609418", 0x4}], 0x1}}], 0x1, 0x0)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r4, 0x917f, &(0x7f0000000700)=""/17)
r10 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000bc0)="0100000200373a4541062101a59ea940d2cb0b36b8f5020000a00000050000000000eb000000a5e5be21c44e328e68f3922af831e4e51bfb30f7788fd57e51bc464355bd646d037ccc16ddb08a7b3a697aedb66ddd793acf37119e61f502d8bbb016f701890700000068d945af468c1c9090c76906b94e0f27761c75e58c82da54d010078660684a4106855beaf5e813ed18aa4acabb5bee7f082d24a16b01fc91471eba59152e716af8776ab90ac48bcbee6570df22513808ecab7a9680aa613a56aa11bfa73af4c4e94b5cfc855f0e910186d7e68ac24f8b125140ac5f7f4819168ce1c25550c6773b41011999d8d9827757d96c5e8aa4617cc54c5e67060a92661f84e698d1fe3cee10a85882cbecb29f2a22535ac50e64d95ecbab66f54373b94475e05b79a0a61bc2ae1e", 0x12d, r10)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r11 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x111900, 0x0)
sendmsg$GTP_CMD_GETPDP(r11, 0x0, 0x24044000)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="13000000010100400000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=r5, @ANYRES32, @ANYBLOB="000000000400"/28], 0x50)

768.334283ms ago: executing program 1 (id=3479):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)

743.242705ms ago: executing program 4 (id=3480):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e22, @multicast2}, 0x2, 0x0, 0x1}}, 0x2e)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x26}}, 0x2, 0x2, 0x0, 0x2}}, 0x26)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

713.562319ms ago: executing program 1 (id=3481):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x11, 0x10, &(0x7f00000012c0)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='neigh_update\x00', r1, 0x0, 0xfffffffe}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000400000009000000170004f3ae04000000000000803051036c1d2cc620b49ee1017de53d805b1d2282c76f2608254938f174e14ec5315883db2f777b903b0537ecd06cda2dac2a2a054d1cbd8c33362b7c7a90f27f0400bdd6e3b29ba00ce9b3d705a9090738852e4723f74cdc11a435f3f7e4e869f87e381bc42c0168738efe9d5d4f7eaa", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d0000000600000004000000ffffff0f01000000", @ANYRES32=r2], 0x50)
keyctl$instantiate(0xc, 0x0, 0xfffffffffffffffd, 0x2a, 0x0)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$instantiate(0xc, r3, 0x0, 0x0, 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000800)={[], [{@smackfstransmute={'smackfstransmute', 0x3d, 'string\x00'}}, {@appraise}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@measure}, {@dont_appraise}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@smackfshat={'smackfshat', 0x3d, ',#}/[/'}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x42, 0x61)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x4)
write(r5, &(0x7f0000004200)='t', 0x1)
sendfile(r5, r4, 0x0, 0x3ffff)
sendfile(r5, r4, 0x0, 0x7ffff000)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x3, 0x20000000000002a5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7, 0x0, 0x7}, 0x18)
bind$tipc(0xffffffffffffffff, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x3}}, 0x10)
socket$tipc(0x1e, 0x5, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0xce56fe61a68fc369, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x198, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0x0, 0x41}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x2, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360)
r10 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r10, 0xc0105512, &(0x7f0000000200))

712.501769ms ago: executing program 3 (id=3482):
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000380), r0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000140)=0x3)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000400)=0x7)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
lsetxattr$trusted_overlay_origin(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500), &(0x7f0000000b00), 0x2, 0x2)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="19000000040000000800000005"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r7, r5, 0x25, 0x4, @void}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x12, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000fdffffde18000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r8 = io_uring_setup(0xef8, &(0x7f0000000640)={0x0, 0x2ddae, 0x1, 0x3, 0x23a})
sendmsg$IEEE802154_LLSEC_LIST_DEV(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000084}, 0x40800)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x44, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{0x1}, &(0x7f0000000580), &(0x7f0000000780)=r1}, 0x20)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="100100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000020000000100"/28], 0x50)

665.238143ms ago: executing program 4 (id=3483):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000800)={0x78, 0x2, 0x6, 0x801, 0x0, 0x0, {0x2, 0x0, 0xfffd}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0xb1}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xf}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x78}}, 0x80)
write$binfmt_misc(r0, &(0x7f0000000240), 0xfffffecc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70300001c000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000500)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, 0x1, 0x1, [{{0xa, 0x0, 0x0, @empty}}]}, 0x110)

504.47276ms ago: executing program 3 (id=3484):
gettid()
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup/syz0\x00', 0x200002, 0x0)
openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
pipe2(0x0, 0x80c80)
rt_sigprocmask(0x3, 0x0, &(0x7f0000000240), 0xfea4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x2c)
syz_open_dev$tty1(0xc, 0x4, 0x1)

84.441582ms ago: executing program 2 (id=3485):
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x50, &(0x7f0000000000)={&(0x7f00000084c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020025642532000000000900010073797a30000000000800054000000002"], 0x40c4}}, 0x0)
creat(&(0x7f0000000480)='./file0\x00', 0x41) (async)
creat(&(0x7f0000000480)='./file0\x00', 0x41)
lgetxattr(&(0x7f0000000180)='./file0\x00', &(0x7f0000000300)=@known='security.apparmor\x00', &(0x7f0000000380)=""/30, 0x1e)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="742044070d35759d6c99c7902ba02d061ec8e944ce624c260c5348d99ebbf7c6bae3979e4c847f125342e3cfb8d4e4ce8850ed9baabc62151b3c1bd06a30d66b1080fc43095338fe16d3eb59f2a883aac7b3b1b545e50f61bacab199802ff67d79a4bf5e9a560478ab6857a03ac9272bfe57cdf9414e9bda8ee5b6aaab9f807c3f8b78ae110ed2187ec7abba6c2e1f569c85292c14f99b2d7044143f51eeb16c1ef7702ae5117dc276ba31cb5aa26b4e28209e525cc279a39f58d7829697f5b2e55b7f22e00e4b2a46168ed514c531b6b6cc9b7a08a90d7a7bd78a", @ANYBLOB="6ce13f70a11c526e33389316b0ce3497e3124bb70551e0508dc6af41e5454ea633ed241701149370a44cb34f8f933b3188eec55a57e833c1c27524dc795c60971caf4a414b5f9c7cbb5929df9ce2f6fef47809338996ce60d92224d6fb73f44ea602b129b3b5014fc7a50a8a19"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
r5 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
pread64(r5, 0x0, 0x0, 0x7)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
io_setup(0x5, &(0x7f0000000300)) (async)
io_setup(0x5, &(0x7f0000000300)=<r7=>0x0)
r8 = eventfd2(0x0, 0x0)
io_submit(r7, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x1, r8}])
io_getevents(r7, 0x2, 0x2, &(0x7f0000000080)=[{}, {}], 0x0)
ppoll(&(0x7f0000000180)=[{r8, 0x81}, {r6, 0x110}], 0x2, 0x0, 0x0, 0x0)
shutdown(r6, 0x0) (async)
shutdown(r6, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4, 0x0, 0x7}, 0x54)
socket$nl_route(0x10, 0x3, 0x0) (async)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newtaction={0xa4, 0x31, 0x1, 0xfffffffd, 0x25dfdbfb, {0x0, 0x0, 0x11}, [{0x90, 0x1, [@m_police={0x8c, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x60, 0x6, "8fb8272e7579a235a665a53942f56fdd327655acc3eb5aebbca56744b0d327852b2c22e288eadd72ab2b8fc9b004c318a725acb4a5189d73fe8bf86b5f46f935bf7a12560b416dcb0d0000341a00"/92}, {0xc, 0x3, {0x7ffffffe}}, {0xc, 0x8, {0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20048044}, 0x1) (async)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newtaction={0xa4, 0x31, 0x1, 0xfffffffd, 0x25dfdbfb, {0x0, 0x0, 0x11}, [{0x90, 0x1, [@m_police={0x8c, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x60, 0x6, "8fb8272e7579a235a665a53942f56fdd327655acc3eb5aebbca56744b0d327852b2c22e288eadd72ab2b8fc9b004c318a725acb4a5189d73fe8bf86b5f46f935bf7a12560b416dcb0d0000341a00"/92}, {0xc, 0x3, {0x7ffffffe}}, {0xc, 0x8, {0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20048044}, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20900, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000300), r11)
sendmsg$IEEE802154_LIST_PHY(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, r12, 0x1, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x12}, 0x4000000)
acct(&(0x7f0000000040)='./file0\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r13=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r13, @ANYBLOB="2c736d61636b66736465663d7266646e6f2c0058d69ffb98455fdb66d0453a39d9b1b046e82b779a53ef1d1fd98a7fa088027252029564f714ef54032f9f92e64bb420ebff768b7973617d5b03b7ae117ef6d37804a55555f1ff0a487432eb2da80dace4eab49c2246e6648ed4e908a3cf1dbf9768d9ed9a8b32cf6a72ccca1b9f785c10d124949d50429b6edca55f0be926f5dcd30632cf7a64709ac158709deae636a42cb38dff8670"]) (async)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r13, @ANYBLOB="2c736d61636b66736465663d7266646e6f2c0058d69ffb98455fdb66d0453a39d9b1b046e82b779a53ef1d1fd98a7fa088027252029564f714ef54032f9f92e64bb420ebff768b7973617d5b03b7ae117ef6d37804a55555f1ff0a487432eb2da80dace4eab49c2246e6648ed4e908a3cf1dbf9768d9ed9a8b32cf6a72ccca1b9f785c10d124949d50429b6edca55f0be926f5dcd30632cf7a64709ac158709deae636a42cb38dff8670"])

0s ago: executing program 2 (id=3486):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
close_range(r0, r2, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x11e)
renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x4, 0x66, 0x0, 0x0, 0x132, 0x3})

kernel console output (not intermixed with test programs):

864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f719362f6c9 code=0x7ffc0000
[  199.781754][T11515] loop3: detected capacity change from 0 to 512
[  199.803146][   T29] audit: type=1326 audit(1763270593.925:30760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11506 comm="syz.1.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f719362f6c9 code=0x7ffc0000
[  199.803182][   T29] audit: type=1326 audit(1763270593.925:30761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11506 comm="syz.1.2864" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f719362f6c9 code=0x7ffc0000
[  199.893412][T11515] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  199.942550][T11526] SELinux:  policydb magic number 0x848 does not match expected magic number 0xf97cff8c
[  199.963801][T11526] SELinux: failed to load policy
[  199.974971][   T23] lo speed is unknown, defaulting to 1000
[  199.975173][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.980791][   T23] syz2: Port: 1 Link DOWN
[  199.990186][T11532] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  199.998607][ T3522] lo speed is unknown, defaulting to 1000
[  200.009579][ T3522] syz2: Port: 1 Link ACTIVE
[  200.035720][T11534] __nla_validate_parse: 22 callbacks suppressed
[  200.035736][T11534] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2874'.
[  200.047989][T11538] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2875'.
[  200.062088][T11538] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2875'.
[  200.071484][T11534] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2874'.
[  200.080528][T11534] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2874'.
[  200.092488][T11534] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2874'.
[  200.124697][T11534] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2874'.
[  200.133926][T11534] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2874'.
[  200.143308][T11534] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2874'.
[  200.168214][T11552] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  200.176985][T11534] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2874'.
[  200.217989][T11561] lo speed is unknown, defaulting to 1000
[  200.246988][T11567] loop3: detected capacity change from 0 to 1024
[  200.261410][T11567] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  200.273701][T11567] ext4 filesystem being mounted at /585/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  200.286860][T11567] random: crng reseeded on system resumption
[  200.390941][T11573] sg_write: data in/out 28/42 bytes for SCSI command 0x0-- guessing data in;
[  200.390941][T11573]    program syz.0.2884 not setting count and/or reply_len properly
[  200.448205][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  200.473896][T11579] loop3: detected capacity change from 0 to 164
[  200.481944][T11579] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  200.492045][T11579] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  200.501256][T11579] Symlink component flag not implemented
[  200.506916][T11579] Symlink component flag not implemented
[  200.513161][T11579] Symlink component flag not implemented (7)
[  200.519233][T11579] Symlink component flag not implemented (116)
[  200.528780][T11579] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  200.537568][T11579] rock: directory entry would overflow storage
[  200.543844][T11579] rock: sig=0x4f50, size=4, remaining=3
[  200.549655][T11579] iso9660: Corrupted directory entry in block 4 of inode 1792
[  200.612489][T11595] lo speed is unknown, defaulting to 1000
[  200.754607][T11604] loop2: detected capacity change from 0 to 512
[  200.776393][T11604] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.2898: Failed to acquire dquot type 0
[  200.788067][T11604] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.2898: Failed to acquire dquot type 0
[  200.800598][T11604] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.2898: Failed to acquire dquot type 0
[  200.816137][T11604] EXT4-fs (loop2): 1 orphan inode deleted
[  200.822461][T11604] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.835144][T11604] ext4 filesystem being mounted at /555/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  200.898264][T11619] loop0: detected capacity change from 0 to 512
[  200.909251][T11619] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.921852][T11619] ext4 filesystem being mounted at /584/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  200.932246][T11607] lo speed is unknown, defaulting to 1000
[  200.951560][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.972912][ T3320] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.001148][T11629] loop0: detected capacity change from 0 to 164
[  201.013426][T11629] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  201.018453][T11607] chnl_net:caif_netlink_parms(): no params data found
[  201.022599][T11629] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  201.036855][T11629] Symlink component flag not implemented
[  201.042527][T11629] Symlink component flag not implemented
[  201.048319][T11629] Symlink component flag not implemented (7)
[  201.054333][T11629] Symlink component flag not implemented (116)
[  201.061757][ T1409] bridge_slave_0: left allmulticast mode
[  201.067508][ T1409] bridge_slave_0: left promiscuous mode
[  201.073523][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.082272][T11629] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  201.092065][T11629] rock: directory entry would overflow storage
[  201.098468][T11629] rock: sig=0x4f50, size=4, remaining=3
[  201.104114][T11629] iso9660: Corrupted directory entry in block 4 of inode 1792
[  201.150614][T11641] loop0: detected capacity change from 0 to 4096
[  201.159428][T11641] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  201.479636][T11644] loop0: detected capacity change from 0 to 1024
[  201.489106][T11646] loop3: detected capacity change from 0 to 512
[  201.510215][T11644] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  201.597730][T11646] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  201.691284][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.729041][ T1409] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  201.738447][ T1409] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  201.747668][ T1409] bond0 (unregistering): Released all slaves
[  201.756293][ T1409] bond1 (unregistering): Released all slaves
[  201.787162][ T1409] hsr_slave_0: left promiscuous mode
[  201.797731][ T1409] hsr_slave_1: left promiscuous mode
[  201.803516][ T1409] batman_adv: batadv0: Removing interface: batadv_slave_0
[  201.811282][ T1409] batman_adv: batadv0: Removing interface: batadv_slave_1
[  201.885913][ T1409] team0 (unregistering): Port device team_slave_1 removed
[  201.907114][ T1409] team0 (unregistering): Port device team_slave_0 removed
[  201.960773][T11655] lo speed is unknown, defaulting to 1000
[  201.979542][T11665] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=11665 comm=syz.3.2908
[  201.995270][ T3320] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.003176][T11656] lo speed is unknown, defaulting to 1000
[  202.018474][T11607] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.025638][T11607] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.032856][T11607] bridge_slave_0: entered allmulticast mode
[  202.039365][T11607] bridge_slave_0: entered promiscuous mode
[  202.052953][T11607] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.060041][T11607] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.067510][T11607] bridge_slave_1: entered allmulticast mode
[  202.074113][T11607] bridge_slave_1: entered promiscuous mode
[  202.111758][T11672] loop2: detected capacity change from 0 to 2048
[  202.130876][T11607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  202.140154][T11669] lo speed is unknown, defaulting to 1000
[  202.141541][T11607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  202.168204][T11672] Alternate GPT is invalid, using primary GPT.
[  202.174573][T11672]  loop2: p2 p3 p7
[  202.202958][T11607] team0: Port device team_slave_0 added
[  202.224206][T11607] team0: Port device team_slave_1 added
[  202.230002][T11675] validate_nla: 2 callbacks suppressed
[  202.230013][T11675] netlink: 'syz.4.2915': attribute type 29 has an invalid length.
[  202.254143][T11675] loop4: detected capacity change from 0 to 512
[  202.261506][T11675] EXT4-fs error (device loop4): ext4_get_journal_inode:5808: comm syz.4.2915: inode #1792: comm syz.4.2915: iget: illegal inode #
[  202.278180][T11675] EXT4-fs (loop4): Remounting filesystem read-only
[  202.284739][T11675] EXT4-fs (loop4): no journal found
[  202.289304][T11676] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=11676 comm=syz.0.2913
[  202.289960][T11675] EXT4-fs (loop4): can't get journal size
[  202.309481][T11675] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  202.319980][T11675] EXT4-fs (loop4): Errors on filesystem, clearing orphan list.
[  202.321810][T11607] batman_adv: batadv0: Adding interface: batadv_slave_0
[  202.334625][T11607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  202.335232][T11675] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.360557][T11607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  202.361153][T11607] batman_adv: batadv0: Adding interface: batadv_slave_1
[  202.390705][T11607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  202.416626][T11607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  202.423339][T11675] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.446212][T11672] bond1: (slave veth1): Device is not bonding slave
[  202.452878][T11672] bond1: option active_slave: invalid value (veth1)
[  202.470554][T11672] bond1 (unregistering): Released all slaves
[  202.576790][T11607] hsr_slave_0: entered promiscuous mode
[  202.597558][T11607] hsr_slave_1: entered promiscuous mode
[  202.604688][T11607] debugfs: 'hsr0' already exists in 'hsr'
[  202.610442][T11607] Cannot create hsr debugfs directory
[  203.107451][T11697] loop0: detected capacity change from 0 to 164
[  203.116864][T11697] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  203.139926][T11699] lo speed is unknown, defaulting to 1000
[  203.147341][T11697] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  203.183929][T11697] Symlink component flag not implemented
[  203.189700][T11697] Symlink component flag not implemented
[  203.208437][T11697] Symlink component flag not implemented (7)
[  203.214535][T11697] Symlink component flag not implemented (116)
[  203.236442][T11697] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  203.247478][T11703] lo speed is unknown, defaulting to 1000
[  203.260406][T11697] rock: directory entry would overflow storage
[  203.266786][T11697] rock: sig=0x4f50, size=4, remaining=3
[  203.272618][T11697] iso9660: Corrupted directory entry in block 4 of inode 1792
[  203.390290][T11709] netlink: 'syz.3.2926': attribute type 4 has an invalid length.
[  203.407982][T11709] netlink: 'syz.3.2926': attribute type 4 has an invalid length.
[  203.509394][T11607] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  203.534628][T11607] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  203.547464][T11607] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  203.564562][T11721] ip6gre1: entered promiscuous mode
[  203.584358][T11607] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  203.611873][T11718] lo speed is unknown, defaulting to 1000
[  203.632847][T11721] loop4: detected capacity change from 0 to 2048
[  203.637143][T11738] loop2: detected capacity change from 0 to 512
[  203.656049][T11736] loop3: detected capacity change from 0 to 1024
[  203.665643][T11736] ext4: Unknown parameter 'smackfstransmute'
[  203.673114][T11721] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.679840][T11749] netlink: 'syz.0.2938': attribute type 4 has an invalid length.
[  203.686078][T11738] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.712555][T11749] netlink: 'syz.0.2938': attribute type 4 has an invalid length.
[  203.726210][ T3522] lo speed is unknown, defaulting to 1000
[  203.732916][ T3522] syz2: Port: 1 Link DOWN
[  203.754173][ T3367] lo speed is unknown, defaulting to 1000
[  203.759967][ T3367] syz2: Port: 1 Link ACTIVE
[  203.778544][T11736] xt_CT: You must specify a L4 protocol and not use inversions on it
[  203.791918][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.841965][T11607] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.895506][T11607] 8021q: adding VLAN 0 to HW filter on device team0
[  203.917028][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.924131][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.933391][T11764] lo speed is unknown, defaulting to 1000
[  203.954590][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.961721][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.997739][T11768] sg_write: data in/out 28/42 bytes for SCSI command 0x0-- guessing data in;
[  203.997739][T11768]    program syz.2.2945 not setting count and/or reply_len properly
[  204.009319][T11607] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  204.024808][T11607] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  204.122006][T11766] lo speed is unknown, defaulting to 1000
[  204.196502][T11607] 8021q: adding VLAN 0 to HW filter on device batadv0
[  204.219400][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.314262][   T29] kauditd_printk_skb: 522 callbacks suppressed
[  204.314277][   T29] audit: type=1326 audit(1763270598.849:31278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11765 comm="syz.3.2944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad3dabf6c9 code=0x7ffc0000
[  204.344418][   T29] audit: type=1326 audit(1763270598.849:31279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11765 comm="syz.3.2944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad3dabf6c9 code=0x7ffc0000
[  204.375058][T11797] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=11797 comm=syz.3.2944
[  204.404102][   T29] audit: type=1326 audit(1763270598.933:31280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11765 comm="syz.3.2944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fad3dabf6c9 code=0x7ffc0000
[  204.427812][   T29] audit: type=1326 audit(1763270598.933:31281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11765 comm="syz.3.2944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad3dabf6c9 code=0x7ffc0000
[  204.451646][   T29] audit: type=1326 audit(1763270598.933:31282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11765 comm="syz.3.2944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad3dabf6c9 code=0x7ffc0000
[  204.465530][T11803] sg_write: data in/out 28/42 bytes for SCSI command 0x0-- guessing data in;
[  204.465530][T11803]    program syz.4.2955 not setting count and/or reply_len properly
[  204.479640][   T29] audit: type=1326 audit(1763270598.965:31283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11765 comm="syz.3.2944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad3dabf6c9 code=0x7ffc0000
[  204.497224][T11607] veth0_vlan: entered promiscuous mode
[  204.515635][   T29] audit: type=1326 audit(1763270598.965:31284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11765 comm="syz.3.2944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad3dabf6c9 code=0x7ffc0000
[  204.544647][   T29] audit: type=1326 audit(1763270598.965:31285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11765 comm="syz.3.2944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad3dabf6c9 code=0x7ffc0000
[  204.568518][   T29] audit: type=1326 audit(1763270598.965:31286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11765 comm="syz.3.2944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fad3dabf6c9 code=0x7ffc0000
[  204.610804][T11607] veth1_vlan: entered promiscuous mode
[  204.625280][   T29] audit: type=1326 audit(1763270599.091:31287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11765 comm="syz.3.2944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad3dabf6c9 code=0x7ffc0000
[  204.662394][T11810] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  204.718828][T11607] veth0_macvtap: entered promiscuous mode
[  204.727620][T11607] veth1_macvtap: entered promiscuous mode
[  204.740089][T11607] batman_adv: batadv0: Interface activated: batadv_slave_0
[  204.749890][T11607] batman_adv: batadv0: Interface activated: batadv_slave_1
[  204.760370][T11815] loop0: detected capacity change from 0 to 1024
[  204.776712][T11815] EXT4-fs: inline encryption not supported
[  204.794907][T11815] EXT4-fs: Ignoring removed orlov option
[  204.799905][  T176] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  204.810598][T11815] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  204.830428][T11816] lo speed is unknown, defaulting to 1000
[  204.842314][  T176] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  204.865875][  T176] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  204.879894][T11823] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2
[  204.892867][  T176] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  204.906160][T11815] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.929523][T11829] loop3: detected capacity change from 0 to 512
[  204.939500][T11829] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  204.961324][T11831] __nla_validate_parse: 10 callbacks suppressed
[  204.961339][T11831] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2964'.
[  204.980927][ T3320] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.983613][T11831] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2964'.
[  205.000455][T11829] EXT4-fs (loop3): 1 truncate cleaned up
[  205.007413][T11829] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.038192][T11831] loop4: detected capacity change from 0 to 512
[  205.053210][T11831] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.2964: EA inode hash validation failed
[  205.066398][T11835] xt_hashlimit: max too large, truncated to 1048576
[  205.069530][T11831] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #15: comm syz.4.2964: corrupted inode contents
[  205.102707][T11831] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #15: comm syz.4.2964: mark_inode_dirty error
[  205.154167][T11831] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #15: comm syz.4.2964: corrupted inode contents
[  205.166790][T11831] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2996: inode #15: comm syz.4.2964: mark_inode_dirty error
[  205.188702][T11831] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2999: inode #15: comm syz.4.2964: mark inode dirty (error -117)
[  205.203019][T11831] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117)
[  205.212539][T11831] EXT4-fs (loop4): 1 orphan inode deleted
[  205.233507][T11831] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  205.286077][T11830] delete_channel: no stack
[  205.301546][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.403163][ T3318] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  205.414996][ T3318] CPU: 0 UID: 0 PID: 3318 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  205.415023][ T3318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  205.415086][ T3318] Call Trace:
[  205.415093][ T3318]  <TASK>
[  205.415100][ T3318]  __dump_stack+0x1d/0x30
[  205.415121][ T3318]  dump_stack_lvl+0xe8/0x140
[  205.415190][ T3318]  dump_stack+0x15/0x1b
[  205.415206][ T3318]  dump_header+0x81/0x220
[  205.415223][ T3318]  oom_kill_process+0x342/0x400
[  205.415252][ T3318]  out_of_memory+0x979/0xb80
[  205.415299][ T3318]  try_charge_memcg+0x610/0xa10
[  205.415328][ T3318]  charge_memcg+0x51/0xc0
[  205.415427][ T3318]  __mem_cgroup_charge+0x28/0xb0
[  205.415448][ T3318]  filemap_add_folio+0x111/0x360
[  205.415499][ T3318]  __filemap_get_folio+0x31e/0x650
[  205.415604][ T3318]  filemap_fault+0x447/0xb60
[  205.415637][ T3318]  __do_fault+0xbc/0x200
[  205.415733][ T3318]  handle_mm_fault+0xf78/0x2be0
[  205.415754][ T3318]  ? vma_start_read+0x141/0x1f0
[  205.415784][ T3318]  do_user_addr_fault+0x630/0x1080
[  205.415805][ T3318]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  205.415909][ T3318]  exc_page_fault+0x62/0xa0
[  205.415937][ T3318]  asm_exc_page_fault+0x26/0x30
[  205.415957][ T3318] RIP: 0033:0x7fad3d995f34
[  205.415972][ T3318] Code: 85 ed 09 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 98 00 00 00 48 8b 05 68 f8 ea 00 48 69 8c 24 90 00 00 00 e8 03 00 00 <8b> 78 08 48 8b 44 24 18 48 c1 ea 12 4c 8b 0d 79 f7 ea 00 48 01 d1
[  205.415991][ T3318] RSP: 002b:00007ffde42040b0 EFLAGS: 00010202
[  205.416009][ T3318] RAX: 0000001b33a24000 RBX: 00000000000005e3 RCX: 0000000000034008
[  205.416075][ T3318] RDX: 0000000008258a81 RSI: 00007ffde4204140 RDI: 0000000000000001
[  205.416086][ T3318] RBP: 00007ffde42040ec R08: 000000001f13b52c R09: 7fffffffffffffff
[  205.416098][ T3318] R10: 3fffffffffffffff R11: 0000000000000202 R12: 0000000000001388
[  205.416109][ T3318] R13: 00000000000927c0 R14: 0000000000034109 R15: 00007ffde4204140
[  205.416127][ T3318]  </TASK>
[  205.416145][ T3318] memory: usage 307200kB, limit 307200kB, failcnt 564
[  205.604670][T11852] SELinux:  Context system_u:object_r:systemd_passwd_agent_exec_t:s0 is not valid (left unmapped).
[  205.607454][ T3318] memory+swap: usage 252692kB, limit 9007199254740988kB, failcnt 0
[  205.633103][ T3318] kmem: usage 242604kB, limit 9007199254740988kB, failcnt 0
[  205.633121][ T3318] Memory cgroup stats for /syz3:
[  205.633991][ T3318] cache 4096
[  205.649277][ T3318] rss 28672
[  205.652518][ T3318] shmem 0
[  205.655479][ T3318] mapped_file 0
[  205.658954][ T3318] dirty 0
[  205.661974][ T3318] writeback 0
[  205.665245][ T3318] workingset_refault_anon 30731
[  205.670497][ T3318] workingset_refault_file 0
[  205.674988][ T3318] swap 626688
[  205.678263][ T3318] swapcached 36864
[  205.682115][ T3318] pgpgin 491202
[  205.685558][ T3318] pgpgout 491191
[  205.689094][ T3318] pgfault 527767
[  205.692808][ T3318] pgmajfault 3916
[  205.696446][ T3318] inactive_anon 0
[  205.700209][ T3318] active_anon 40960
[  205.700219][ T3318] inactive_file 0
[  205.700227][ T3318] active_file 4096
[  205.700234][ T3318] unevictable 0
[  205.700242][ T3318] hierarchical_memory_limit 314572800
[  205.700251][ T3318] hierarchical_memsw_limit 9223372036854771712
[  205.700281][ T3318] total_cache 4096
[  205.700289][ T3318] total_rss 28672
[  205.700296][ T3318] total_shmem 0
[  205.700304][ T3318] total_mapped_file 0
[  205.700312][ T3318] total_dirty 0
[  205.700319][ T3318] total_writeback 0
[  205.700327][ T3318] total_workingset_refault_anon 30731
[  205.700335][ T3318] total_workingset_refault_file 0
[  205.700342][ T3318] total_swap 626688
[  205.700348][ T3318] total_swapcached 36864
[  205.700355][ T3318] total_pgpgin 491202
[  205.700364][ T3318] total_pgpgout 491191
[  205.700370][ T3318] total_pgfault 527767
[  205.700377][ T3318] total_pgmajfault 3916
[  205.700383][ T3318] total_inactive_anon 0
[  205.700390][ T3318] total_active_anon 40960
[  205.700397][ T3318] total_inactive_file 0
[  205.700405][ T3318] total_active_file 4096
[  205.700414][ T3318] total_unevictable 0
[  205.700422][ T3318] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.2965,pid=11828,uid=0
[  205.700581][ T3318] Memory cgroup out of memory: Killed process 11828 (syz.3.2965) total-vm:93956kB, anon-rss:1136kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  205.755115][T11854] lo speed is unknown, defaulting to 1000
[  205.863450][   T58] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.871353][ T3318] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.899682][   T58] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.977771][T11880] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2977'.
[  205.987339][T11875] loop4: detected capacity change from 0 to 164
[  205.997429][T11854] chnl_net:caif_netlink_parms(): no params data found
[  206.004923][T11875] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  206.014686][T11875] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  206.024971][T11875] Symlink component flag not implemented
[  206.030643][T11875] Symlink component flag not implemented
[  206.039755][   T58] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.042329][T11875] Symlink component flag not implemented (7)
[  206.055707][T11875] Symlink component flag not implemented (116)
[  206.067699][T11875] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  206.077243][T11875] rock: directory entry would overflow storage
[  206.083492][T11875] rock: sig=0x4f50, size=4, remaining=3
[  206.089082][T11875] iso9660: Corrupted directory entry in block 4 of inode 1792
[  206.104731][T11854] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.112039][T11854] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.120294][T11854] bridge_slave_0: entered allmulticast mode
[  206.127070][T11854] bridge_slave_0: entered promiscuous mode
[  206.134849][   T58] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.162004][T11854] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.164926][T11892] loop4: detected capacity change from 0 to 512
[  206.169252][T11854] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.176286][T11892] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  206.194425][T11892] EXT4-fs (loop4): 1 truncate cleaned up
[  206.194640][T11854] bridge_slave_1: entered allmulticast mode
[  206.208100][T11854] bridge_slave_1: entered promiscuous mode
[  206.208935][T11892] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.242881][T11854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.261468][   T58] bridge_slave_0: left allmulticast mode
[  206.267152][   T58] bridge_slave_0: left promiscuous mode
[  206.272970][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.282523][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.311128][T11900] loop4: detected capacity change from 0 to 512
[  206.319648][T11900] EXT4-fs error (device loop4): ext4_get_journal_inode:5808: comm syz.4.2982: inode #1792: comm syz.4.2982: iget: illegal inode #
[  206.333485][T11900] EXT4-fs (loop4): Remounting filesystem read-only
[  206.334038][T11901] netlink: 'syz.1.2981': attribute type 4 has an invalid length.
[  206.340153][T11900] EXT4-fs (loop4): no journal found
[  206.353056][T11900] EXT4-fs (loop4): can't get journal size
[  206.360921][T11900] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  206.366800][   T58] dvmrp1 (unregistering): left allmulticast mode
[  206.370563][T11900] EXT4-fs (loop4): Errors on filesystem, clearing orphan list.
[  206.385288][T11900] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.398321][T11903] netlink: 'syz.1.2981': attribute type 4 has an invalid length.
[  206.398410][T11900] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.440930][T11905] sg_write: data in/out 28/42 bytes for SCSI command 0x0-- guessing data in;
[  206.440930][T11905]    program syz.4.2983 not setting count and/or reply_len properly
[  206.520624][T11913] loop4: detected capacity change from 0 to 512
[  206.538437][T11913] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  206.579030][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.625285][T11923] loop4: detected capacity change from 0 to 164
[  206.632473][T11923] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  206.641134][T11923] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  206.651518][T11923] Symlink component flag not implemented
[  206.657204][T11923] Symlink component flag not implemented
[  206.662959][T11923] Symlink component flag not implemented (7)
[  206.669000][T11923] Symlink component flag not implemented (116)
[  206.677647][T11923] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  206.686400][T11923] rock: directory entry would overflow storage
[  206.692669][T11923] rock: sig=0x4f50, size=4, remaining=3
[  206.698238][T11923] iso9660: Corrupted directory entry in block 4 of inode 1792
[  206.786121][T11931] sg_write: data in/out 28/42 bytes for SCSI command 0x0-- guessing data in;
[  206.786121][T11931]    program syz.2.2993 not setting count and/or reply_len properly
[  206.990203][T11944] loop4: detected capacity change from 0 to 512
[  207.007822][T11948] loop3: detected capacity change from 0 to 2048
[  207.016422][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  207.026675][   T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  207.027183][T11944] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  207.048340][   T58] bond0 (unregistering): Released all slaves
[  207.057521][T11854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  207.062619][T11948] Alternate GPT is invalid, using primary GPT.
[  207.073023][T11948]  loop3: p2 p3 p7
[  207.106164][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.133007][   T58] tipc: Left network mode
[  207.134288][T11854] team0: Port device team_slave_0 added
[  207.151886][T11854] team0: Port device team_slave_1 added
[  207.158041][T11940] lo speed is unknown, defaulting to 1000
[  207.169086][   T58] hsr_slave_0: left promiscuous mode
[  207.176718][   T58] hsr_slave_1: left promiscuous mode
[  207.183186][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  207.183201][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  207.191252][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  207.191269][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  207.194101][   T58] veth1_macvtap: left promiscuous mode
[  207.194130][   T58] veth0_macvtap: left promiscuous mode
[  207.194173][   T58] veth1_vlan: left promiscuous mode
[  207.194190][   T58] veth0_vlan: left promiscuous mode
[  207.196780][T11958] sg_write: data in/out 28/42 bytes for SCSI command 0x0-- guessing data in;
[  207.196780][T11958]    program syz.4.3003 not setting count and/or reply_len properly
[  207.326038][T11973] loop4: detected capacity change from 0 to 1024
[  207.334502][   T58] team0 (unregistering): Port device team_slave_1 removed
[  207.351683][T11973] EXT4-fs: inline encryption not supported
[  207.370100][T11973] EXT4-fs: Ignoring removed orlov option
[  207.378663][T11973] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  207.406092][T11967] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2
[  207.406223][T11854] batman_adv: batadv0: Adding interface: batadv_slave_0
[  207.421999][T11854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  207.448129][T11854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  207.462834][   T36] lo speed is unknown, defaulting to 1000
[  207.467455][T11854] batman_adv: batadv0: Adding interface: batadv_slave_1
[  207.468591][   T36] infiniband syz2: ib_query_port failed (-19)
[  207.475565][T11854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  207.509798][T11854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  207.534841][T11973] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  207.569412][T11854] hsr_slave_0: entered promiscuous mode
[  207.580907][T11854] hsr_slave_1: entered promiscuous mode
[  207.595509][T11854] debugfs: 'hsr0' already exists in 'hsr'
[  207.601285][T11854] Cannot create hsr debugfs directory
[  207.639651][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.760652][T11997] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3015'.
[  207.786402][T12001] loop4: detected capacity change from 0 to 512
[  207.796836][T12000] sg_write: data in/out 28/42 bytes for SCSI command 0x0-- guessing data in;
[  207.796836][T12000]    program syz.3.3016 not setting count and/or reply_len properly
[  207.798003][T12003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3018'.
[  207.816094][T12001] EXT4-fs error (device loop4): ext4_get_journal_inode:5808: comm syz.4.3017: inode #1792: comm syz.4.3017: iget: illegal inode #
[  207.850691][T12001] EXT4-fs (loop4): Remounting filesystem read-only
[  207.856141][T12003] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3018'.
[  207.857252][T12001] EXT4-fs (loop4): no journal found
[  207.857263][T12001] EXT4-fs (loop4): can't get journal size
[  207.891243][T12007] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  207.900679][T12005] loop3: detected capacity change from 0 to 164
[  207.907431][T12001] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  207.917868][T12005] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  207.928395][T12005] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  207.936906][T12005] Symlink component flag not implemented
[  207.945808][T12005] Symlink component flag not implemented
[  207.961845][T12001] EXT4-fs (loop4): Errors on filesystem, clearing orphan list.
[  207.969221][T12005] Symlink component flag not implemented (7)
[  207.976239][T12005] Symlink component flag not implemented (116)
[  207.992185][T12001] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  208.018760][T12005] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  208.026887][T12001] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.051196][T12005] rock: directory entry would overflow storage
[  208.057500][T12005] rock: sig=0x4f50, size=4, remaining=3
[  208.063549][T12005] iso9660: Corrupted directory entry in block 4 of inode 1792
[  208.133583][T11854] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  208.141778][T12017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.156000][T12017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.171041][T11854] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  208.181383][T11854] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  208.204887][T11854] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  208.292834][T11854] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.305966][T11854] 8021q: adding VLAN 0 to HW filter on device team0
[  208.316621][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.323880][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.336726][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.343942][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.363982][T11854] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  208.374710][T11854] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  208.389105][T12035] loop2: detected capacity change from 0 to 512
[  208.406223][T12035] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  208.469967][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.507264][T11854] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.627218][T11854] veth0_vlan: entered promiscuous mode
[  208.644139][T11854] veth1_vlan: entered promiscuous mode
[  208.658473][T11854] veth0_macvtap: entered promiscuous mode
[  208.666078][T11854] veth1_macvtap: entered promiscuous mode
[  208.676652][T11854] batman_adv: batadv0: Interface activated: batadv_slave_0
[  208.685627][T11854] batman_adv: batadv0: Interface activated: batadv_slave_1
[  208.701083][   T52] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  208.711347][   T52] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  208.721945][   T52] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  208.734055][   T52] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  208.868888][T12058] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2
[  209.197351][   T29] kauditd_printk_skb: 645 callbacks suppressed
[  209.197365][   T29] audit: type=1400 audit(1763270603.973:31933): avc:  denied  { create } for  pid=12087 comm="syz.0.3040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  209.241478][   T29] audit: type=1400 audit(1763270603.973:31934): avc:  denied  { bind } for  pid=12087 comm="syz.0.3040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  209.260957][   T29] audit: type=1400 audit(1763270603.973:31935): avc:  denied  { write } for  pid=12087 comm="syz.0.3040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  209.332161][T12095] loop4: detected capacity change from 0 to 4096
[  209.349356][T12095] ext4: Bad value for 'barrier'
[  209.526819][T12104] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  209.584546][T12072] chnl_net:caif_netlink_parms(): no params data found
[  209.662789][T12072] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.669926][T12072] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.683541][   T29] audit: type=1400 audit(1763270604.487:31936): avc:  denied  { read } for  pid=12120 comm="syz.0.3049" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  209.696612][T12072] bridge_slave_0: entered allmulticast mode
[  209.707197][   T29] audit: type=1400 audit(1763270604.487:31937): avc:  denied  { open } for  pid=12120 comm="syz.0.3049" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  209.736297][T12072] bridge_slave_0: entered promiscuous mode
[  209.744138][T12126] loop0: detected capacity change from 0 to 512
[  209.746342][   T29] audit: type=1326 audit(1763270604.487:31938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12122 comm="syz.4.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5ef24f6c9 code=0x7ffc0000
[  209.774365][   T29] audit: type=1326 audit(1763270604.487:31939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12122 comm="syz.4.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5ef24f6c9 code=0x7ffc0000
[  209.774394][   T29] audit: type=1326 audit(1763270604.519:31940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12122 comm="syz.4.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5ef24f6c9 code=0x7ffc0000
[  209.774475][   T29] audit: type=1326 audit(1763270604.519:31941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12122 comm="syz.4.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5ef24f6c9 code=0x7ffc0000
[  209.774503][   T29] audit: type=1326 audit(1763270604.519:31942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12122 comm="syz.4.3050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5ef24f6c9 code=0x7ffc0000
[  209.800586][T12072] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.800624][T12072] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.800727][T12072] bridge_slave_1: entered allmulticast mode
[  209.801115][T12072] bridge_slave_1: entered promiscuous mode
[  209.816852][T12072] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  209.818553][T12072] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  209.826136][T12126] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.955328][T12126] ext4 filesystem being mounted at /7/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  209.983192][T12136] loop4: detected capacity change from 0 to 512
[  209.990950][T12072] team0: Port device team_slave_0 added
[  210.010617][T12072] team0: Port device team_slave_1 added
[  210.019050][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.036676][T12136] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  210.091183][T12072] batman_adv: batadv0: Adding interface: batadv_slave_0
[  210.098330][T12072] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  210.126775][T12072] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  210.208645][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.275113][T12072] batman_adv: batadv0: Adding interface: batadv_slave_1
[  210.282493][T12072] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  210.308715][T12072] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  210.346988][T12144] netlink: 'syz.4.3055': attribute type 4 has an invalid length.
[  210.388366][T12144] netlink: 'syz.4.3055': attribute type 4 has an invalid length.
[  210.390120][T12072] hsr_slave_0: entered promiscuous mode
[  210.415947][T12072] hsr_slave_1: entered promiscuous mode
[  210.424667][T12072] debugfs: 'hsr0' already exists in 'hsr'
[  210.431035][T12072] Cannot create hsr debugfs directory
[  210.442239][T12148] netlink: 'syz.2.3056': attribute type 4 has an invalid length.
[  210.454038][T12150] sg_write: data in/out 28/42 bytes for SCSI command 0x0-- guessing data in;
[  210.454038][T12150]    program syz.0.3057 not setting count and/or reply_len properly
[  210.493698][   T58] bridge_slave_0: left allmulticast mode
[  210.499611][   T58] bridge_slave_0: left promiscuous mode
[  210.505280][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.681146][T12168] 9pnet: Could not find request transport: t
[  210.748937][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  210.767626][   T58] bond0 (unregistering): (slave .€): Releasing backup interface
[  210.778900][   T58] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  210.788665][   T58] bond0 (unregistering): Released all slaves
[  210.798249][   T58] bond1 (unregistering): (slave wireguard0): Releasing backup interface
[  210.807613][   T58] wireguard0: left promiscuous mode
[  210.813271][   T58] bond1 (unregistering): Released all slaves
[  210.855333][T12161] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  210.860337][T12174] xt_CT: You must specify a L4 protocol and not use inversions on it
[  210.878263][   T58] tipc: Disabling bearer <udp:£>
[  210.883466][   T58] tipc: Left network mode
[  210.974006][   T58] team0 (unregistering): Port device team_slave_1 removed
[  210.985658][T12183] netlink: 'syz.2.3067': attribute type 4 has an invalid length.
[  211.033651][T12185] netlink: 'syz.2.3067': attribute type 4 has an invalid length.
[  211.091782][T12187] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3070'.
[  211.129653][T12187] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3070'.
[  211.233151][T12197] loop2: detected capacity change from 0 to 512
[  211.245219][T12197] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.245845][T12199] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  211.278101][T12197] ext4 filesystem being mounted at /592/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  211.341397][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.361384][T12204] loop0: detected capacity change from 0 to 512
[  211.367397][T12206] loop2: detected capacity change from 0 to 2048
[  211.385312][T12204] EXT4-fs error (device loop0): ext4_get_journal_inode:5808: comm syz.0.3077: inode #1792: comm syz.0.3077: iget: illegal inode #
[  211.403341][T12072] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  211.421458][T12072] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  211.443956][T12072] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  211.444466][T12204] EXT4-fs (loop0): Remounting filesystem read-only
[  211.457343][T12204] EXT4-fs (loop0): no journal found
[  211.457357][T12204] EXT4-fs (loop0): can't get journal size
[  211.467703][T12072] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  211.480223][T12204] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  211.532908][T12204] EXT4-fs (loop0): Errors on filesystem, clearing orphan list.
[  211.533285][T12204] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.533722][T12204] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.638476][T12072] 8021q: adding VLAN 0 to HW filter on device bond0
[  211.657950][T12072] 8021q: adding VLAN 0 to HW filter on device team0
[  211.660348][  T176] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.660450][  T176] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.674807][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.674840][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.780434][T12072] 8021q: adding VLAN 0 to HW filter on device batadv0
[  211.802701][T12235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3085'.
[  211.803053][T12235] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3085'.
[  211.911506][T12072] veth0_vlan: entered promiscuous mode
[  211.920791][T12072] veth1_vlan: entered promiscuous mode
[  211.944603][T12072] veth0_macvtap: entered promiscuous mode
[  211.967725][T12072] veth1_macvtap: entered promiscuous mode
[  211.972894][T12072] batman_adv: batadv0: Interface activated: batadv_slave_0
[  212.004022][T12072] batman_adv: batadv0: Interface activated: batadv_slave_1
[  212.033665][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  212.033706][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  212.033756][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  212.033784][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  212.123166][T12249] loop3: detected capacity change from 0 to 1024
[  212.123783][T12249] EXT4-fs: inline encryption not supported
[  212.134562][T12250] netlink: 'syz.1.3087': attribute type 4 has an invalid length.
[  212.136461][T12249] EXT4-fs: Ignoring removed orlov option
[  212.148993][T12250] netlink: 'syz.1.3087': attribute type 4 has an invalid length.
[  212.151920][T12249] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  212.197643][T12249] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  212.234883][T12072] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.246168][T12257] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3090'.
[  212.311146][T12259] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3091'.
[  212.316176][T12259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3091'.
[  212.316200][T12259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3091'.
[  212.316237][T12259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3091'.
[  212.317980][T12263] loop0: detected capacity change from 0 to 512
[  212.340257][T12259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3091'.
[  212.341311][T12263] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  212.487258][T12275] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  212.514392][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.864940][T12279] chnl_net:caif_netlink_parms(): no params data found
[  212.924013][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.974022][T12279] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.981440][T12279] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.016360][T12279] bridge_slave_0: entered allmulticast mode
[  213.036288][T12279] bridge_slave_0: entered promiscuous mode
[  213.063419][T12304] loop3: detected capacity change from 0 to 1024
[  213.070402][T12304] EXT4-fs: inline encryption not supported
[  213.089267][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.115314][T12304] EXT4-fs: Ignoring removed orlov option
[  213.131398][T12304] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  213.136812][T12312] netlink: 'syz.1.3101': attribute type 4 has an invalid length.
[  213.160264][T12279] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.167612][T12279] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.167628][T12306] netlink: 'syz.1.3101': attribute type 4 has an invalid length.
[  213.263237][T12279] bridge_slave_1: entered allmulticast mode
[  213.281973][T12279] bridge_slave_1: entered promiscuous mode
[  213.310367][T12279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  213.322936][T12279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  213.359646][T12279] team0: Port device team_slave_0 added
[  213.367995][T12279] team0: Port device team_slave_1 added
[  213.399752][T12279] batman_adv: batadv0: Adding interface: batadv_slave_0
[  213.406944][T12279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  213.433431][T12279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  213.461385][T12304] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  213.483410][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.496459][T12279] batman_adv: batadv0: Adding interface: batadv_slave_1
[  213.503654][T12279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  213.529949][T12279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  213.560634][T12072] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.603654][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.731764][T12334] loop2: detected capacity change from 0 to 512
[  213.756521][T12336] netlink: '+}[@': attribute type 10 has an invalid length.
[  213.843424][   T12] bridge_slave_0: left allmulticast mode
[  213.849171][   T12] bridge_slave_0: left promiscuous mode
[  213.854912][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.893116][T12334] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.930990][T12334] ext4 filesystem being mounted at /600/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  214.100419][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.172352][   T29] kauditd_printk_skb: 411 callbacks suppressed
[  214.172424][   T29] audit: type=1400 audit(1763270609.191:32354): avc:  denied  { getopt } for  pid=12324 comm="syz.0.3105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  214.352412][   T29] audit: type=1326 audit(1763270609.380:32355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  214.377557][   T29] audit: type=1326 audit(1763270609.380:32356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  214.402364][   T29] audit: type=1326 audit(1763270609.390:32357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  214.426648][   T29] audit: type=1326 audit(1763270609.390:32358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  214.450654][   T29] audit: type=1326 audit(1763270609.390:32359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  214.475248][   T29] audit: type=1326 audit(1763270609.390:32360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  214.479330][T12351] loop0: detected capacity change from 0 to 164
[  214.499363][   T29] audit: type=1326 audit(1763270609.390:32361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  214.499394][   T29] audit: type=1326 audit(1763270609.390:32362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  214.499418][   T29] audit: type=1326 audit(1763270609.390:32363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12347 comm="syz.0.3112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  214.595891][T12351] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  214.605506][T12351] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  214.613905][T12351] Symlink component flag not implemented
[  214.619567][T12351] Symlink component flag not implemented
[  214.625653][T12351] Symlink component flag not implemented (7)
[  214.631864][T12351] Symlink component flag not implemented (116)
[  214.656348][T12350] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  214.656900][T12353] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[  214.665341][T12350] rock: directory entry would overflow storage
[  214.679075][T12350] rock: sig=0x4f50, size=4, remaining=3
[  214.684732][T12350] iso9660: Corrupted directory entry in block 4 of inode 1792
[  214.740086][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  214.755770][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  214.767099][   T12] bond0 (unregistering): Released all slaves
[  214.778076][T12279] hsr_slave_0: entered promiscuous mode
[  214.784337][T12279] hsr_slave_1: entered promiscuous mode
[  214.794989][T12279] debugfs: 'hsr0' already exists in 'hsr'
[  214.800823][T12279] Cannot create hsr debugfs directory
[  214.807438][T12336] batman_adv: batadv0: Adding interface: veth1_vlan
[  214.814057][T12336] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  214.839821][T12336] batman_adv: batadv0: Interface activated: veth1_vlan
[  214.868255][   T12] hsr_slave_0: left promiscuous mode
[  214.875135][   T12] hsr_slave_1: left promiscuous mode
[  214.883992][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  214.891580][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  214.899246][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  214.906772][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  214.914405][   T12] batman_adv: batadv0: Interface deactivated: veth0_vlan
[  214.921495][   T12] batman_adv: batadv0: Removing interface: veth0_vlan
[  214.933217][   T12] veth1_macvtap: left promiscuous mode
[  214.938820][   T12] veth0_macvtap: left promiscuous mode
[  214.944682][   T12] veth1_vlan: left promiscuous mode
[  214.951785][   T12] veth0_vlan: left promiscuous mode
[  215.297437][T12390] loop0: detected capacity change from 0 to 512
[  215.386575][T12390] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.411912][T12390] ext4 filesystem being mounted at /31/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  215.430044][T12395] sg_write: data in/out 28/42 bytes for SCSI command 0x0-- guessing data in;
[  215.430044][T12395]    program syz.2.3121 not setting count and/or reply_len properly
[  215.475057][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.522834][T12401] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  215.571872][T12279] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  215.585173][T12279] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  215.592110][T12409] loop0: detected capacity change from 0 to 512
[  215.599219][T12409] EXT4-fs error (device loop0): ext4_get_journal_inode:5808: comm syz.0.3127: inode #1792: comm syz.0.3127: iget: illegal inode #
[  215.600267][T12279] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  215.622316][T12409] EXT4-fs (loop0): Remounting filesystem read-only
[  215.628942][T12409] EXT4-fs (loop0): no journal found
[  215.634299][T12409] EXT4-fs (loop0): can't get journal size
[  215.651723][T12410] validate_nla: 2 callbacks suppressed
[  215.657317][T12410] netlink: 'syz.2.3128': attribute type 4 has an invalid length.
[  215.666109][T12409] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  215.675995][T12409] EXT4-fs (loop0): Errors on filesystem, clearing orphan list.
[  215.684086][T12279] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  215.691355][T12409] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.750337][T12409] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.764869][T12414] netlink: 'syz.2.3128': attribute type 4 has an invalid length.
[  215.862142][T12432] loop2: detected capacity change from 0 to 512
[  215.900246][T12279] 8021q: adding VLAN 0 to HW filter on device bond0
[  215.913089][T12279] 8021q: adding VLAN 0 to HW filter on device team0
[  215.922299][  T176] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.929404][  T176] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.948736][T12279] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  215.959125][T12279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  215.972686][  T176] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.979877][  T176] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.991710][T12432] ext4 filesystem being mounted at /609/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  216.053663][T12279] 8021q: adding VLAN 0 to HW filter on device batadv0
[  216.147944][T12445] __nla_validate_parse: 11 callbacks suppressed
[  216.147960][T12445] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3136'.
[  216.289500][T12458] ip6gre2: entered promiscuous mode
[  216.312540][T12463] netlink: 'syz.3.3140': attribute type 4 has an invalid length.
[  216.330959][T12463] netlink: 'syz.3.3140': attribute type 4 has an invalid length.
[  216.350579][T12454] loop2: detected capacity change from 0 to 2048
[  216.381763][T12279] veth0_vlan: entered promiscuous mode
[  216.404077][T12479] loop3: detected capacity change from 0 to 512
[  216.424386][T12279] veth1_vlan: entered promiscuous mode
[  216.445265][T12279] veth0_macvtap: entered promiscuous mode
[  216.458004][T12485] FAULT_INJECTION: forcing a failure.
[  216.458004][T12485] name failslab, interval 1, probability 0, space 0, times 0
[  216.463938][T12279] veth1_macvtap: entered promiscuous mode
[  216.471119][T12485] CPU: 0 UID: 0 PID: 12485 Comm: syz.0.3149 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  216.471148][T12485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  216.471217][T12485] Call Trace:
[  216.471223][T12485]  <TASK>
[  216.471230][T12485]  __dump_stack+0x1d/0x30
[  216.471254][T12485]  dump_stack_lvl+0xe8/0x140
[  216.471275][T12485]  dump_stack+0x15/0x1b
[  216.471347][T12485]  should_fail_ex+0x265/0x280
[  216.471424][T12485]  should_failslab+0x8c/0xb0
[  216.471451][T12485]  kmem_cache_alloc_noprof+0x50/0x480
[  216.471479][T12485]  ? dst_alloc+0xbd/0x100
[  216.471594][T12485]  dst_alloc+0xbd/0x100
[  216.471623][T12485]  ip_route_output_key_hash_rcu+0xf29/0x1380
[  216.471718][T12485]  ip_route_output_flow+0x65/0x110
[  216.471751][T12485]  udp_sendmsg+0x11b0/0x13c0
[  216.471778][T12485]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  216.471806][T12485]  ? avc_has_perm+0xf7/0x180
[  216.471830][T12485]  ? __pfx_udp_sendmsg+0x10/0x10
[  216.471899][T12485]  inet_sendmsg+0xac/0xd0
[  216.471922][T12485]  __sock_sendmsg+0x102/0x180
[  216.471947][T12485]  ____sys_sendmsg+0x345/0x4e0
[  216.471968][T12485]  ___sys_sendmsg+0x17b/0x1d0
[  216.472007][T12485]  __sys_sendmmsg+0x178/0x300
[  216.472059][T12485]  __x64_sys_sendmmsg+0x57/0x70
[  216.472132][T12485]  x64_sys_call+0x1c4a/0x3000
[  216.472153][T12485]  do_syscall_64+0xd2/0x200
[  216.472174][T12485]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  216.472201][T12485]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  216.472255][T12485]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.472278][T12485] RIP: 0033:0x7fd1d218f6c9
[  216.472293][T12485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.472314][T12485] RSP: 002b:00007fd1d0bf7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  216.472332][T12485] RAX: ffffffffffffffda RBX: 00007fd1d23e5fa0 RCX: 00007fd1d218f6c9
[  216.472344][T12485] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003
[  216.472357][T12485] RBP: 00007fd1d0bf7090 R08: 0000000000000000 R09: 0000000000000000
[  216.472369][T12485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.472382][T12485] R13: 00007fd1d23e6038 R14: 00007fd1d23e5fa0 R15: 00007ffca5d7c178
[  216.472400][T12485]  </TASK>
[  216.719467][T12479] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  216.755281][T12279] batman_adv: batadv0: Interface activated: batadv_slave_0
[  216.767078][T12279] batman_adv: batadv0: Interface activated: batadv_slave_1
[  216.780579][   T52] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  216.794396][   T52] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  216.811059][   T52] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  216.848562][   T52] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  216.885493][T12509] netlink: 'syz.1.3159': attribute type 4 has an invalid length.
[  216.911910][T12509] netlink: 'syz.1.3159': attribute type 4 has an invalid length.
[  216.942308][T12517] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  217.017203][T12524] tipc: Started in network mode
[  217.022169][T12524] tipc: Node identity aac33a13dbc6, cluster identity 4711
[  217.029698][T12524] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  217.075020][T12536] loop4: detected capacity change from 0 to 512
[  217.086723][T12537] loop3: detected capacity change from 0 to 1024
[  217.099345][T12524] syzkaller0: entered promiscuous mode
[  217.100500][T12537] EXT4-fs: Ignoring removed i_version option
[  217.104963][T12524] syzkaller0: entered allmulticast mode
[  217.111116][T12537] EXT4-fs: Ignoring removed nomblk_io_submit option
[  217.125207][T12535] ip6gre1: entered promiscuous mode
[  217.150430][T12524] tipc: Resetting bearer <eth:syzkaller0>
[  217.158932][T12523] tipc: Resetting bearer <eth:syzkaller0>
[  217.169838][T12523] tipc: Disabling bearer <eth:syzkaller0>
[  217.173710][T12540] loop0: detected capacity change from 0 to 2048
[  217.176075][T12536] ext4 filesystem being mounted at /3/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  217.347790][T12528] chnl_net:caif_netlink_parms(): no params data found
[  217.368168][T12577] netlink: 'syz.1.3176': attribute type 4 has an invalid length.
[  217.410942][T12577] netlink: 'syz.1.3176': attribute type 4 has an invalid length.
[  217.470236][T12580] netlink: 'syz.0.3177': attribute type 6 has an invalid length.
[  217.479850][T12528] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.488111][T12528] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.496657][T12528] bridge_slave_0: entered allmulticast mode
[  217.504236][T12528] bridge_slave_0: entered promiscuous mode
[  217.531694][T12528] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.538984][T12528] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.548588][T12594] loop3: detected capacity change from 0 to 2048
[  217.549818][T12528] bridge_slave_1: entered allmulticast mode
[  217.561755][T12528] bridge_slave_1: entered promiscuous mode
[  217.596394][T12596] loop4: detected capacity change from 0 to 2048
[  217.665204][T12528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  217.751379][T12528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  217.767798][T12618] loop0: detected capacity change from 0 to 164
[  217.775304][   T58] bridge_slave_0: left allmulticast mode
[  217.781304][   T58] bridge_slave_0: left promiscuous mode
[  217.787356][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.795543][T12618] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  217.805203][T12618] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  217.823997][T12618] Symlink component flag not implemented
[  217.830093][T12618] Symlink component flag not implemented
[  217.840329][T12618] Symlink component flag not implemented (7)
[  217.846524][T12618] Symlink component flag not implemented (116)
[  217.859968][T12618] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  217.869652][T12618] rock: directory entry would overflow storage
[  217.876039][T12618] rock: sig=0x4f50, size=4, remaining=3
[  217.881751][T12618] iso9660: Corrupted directory entry in block 4 of inode 1792
[  217.996052][T12629] netlink: 'syz.1.3193': attribute type 4 has an invalid length.
[  218.012467][T12631] loop0: detected capacity change from 0 to 128
[  218.282666][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  218.292011][   T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  218.301221][   T58] bond0 (unregistering): Released all slaves
[  218.317130][T12640] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3199'.
[  218.341207][ T1409] bio_check_eod: 13 callbacks suppressed
[  218.341253][ T1409] kworker/u8:7: attempt to access beyond end of device
[  218.341253][ T1409] loop0: rw=1, sector=145, nr_sectors = 8 limit=128
[  218.361549][ T1409] kworker/u8:7: attempt to access beyond end of device
[  218.361549][ T1409] loop0: rw=1, sector=161, nr_sectors = 8 limit=128
[  218.364273][T12528] team0: Port device team_slave_0 added
[  218.374961][ T1409] kworker/u8:7: attempt to access beyond end of device
[  218.374961][ T1409] loop0: rw=1, sector=177, nr_sectors = 8 limit=128
[  218.383585][T12528] team0: Port device team_slave_1 added
[  218.407199][ T1409] kworker/u8:7: attempt to access beyond end of device
[  218.407199][ T1409] loop0: rw=1, sector=193, nr_sectors = 8 limit=128
[  218.421892][ T1409] kworker/u8:7: attempt to access beyond end of device
[  218.421892][ T1409] loop0: rw=1, sector=209, nr_sectors = 8 limit=128
[  218.436384][ T1409] kworker/u8:7: attempt to access beyond end of device
[  218.436384][ T1409] loop0: rw=1, sector=225, nr_sectors = 8 limit=128
[  218.450286][ T1409] kworker/u8:7: attempt to access beyond end of device
[  218.450286][ T1409] loop0: rw=1, sector=241, nr_sectors = 8 limit=128
[  218.469177][ T1409] kworker/u8:7: attempt to access beyond end of device
[  218.469177][ T1409] loop0: rw=1, sector=257, nr_sectors = 8 limit=128
[  218.485004][T12528] batman_adv: batadv0: Adding interface: batadv_slave_0
[  218.492009][T12528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  218.518003][T12528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.529368][ T1409] kworker/u8:7: attempt to access beyond end of device
[  218.529368][ T1409] loop0: rw=1, sector=273, nr_sectors = 8 limit=128
[  218.551392][ T1409] kworker/u8:7: attempt to access beyond end of device
[  218.551392][ T1409] loop0: rw=1, sector=289, nr_sectors = 8 limit=128
[  218.566099][T12528] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.573082][T12528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  218.599283][T12528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  218.621006][   T58] hsr_slave_0: left promiscuous mode
[  218.626702][T12661] loop0: detected capacity change from 0 to 512
[  218.632992][   T58] hsr_slave_1: left promiscuous mode
[  218.638926][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  218.647518][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  218.657131][T12661] ext4 filesystem being mounted at /53/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  218.704912][   T58] team0 (unregistering): Port device team_slave_1 removed
[  218.740673][T12658] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2
[  218.753915][T12664] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.764554][T12664] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address
[  218.783781][T12664] bond0: (slave ip6tnl0): Error -95 calling set_mac_address
[  218.817396][T12528] hsr_slave_0: entered promiscuous mode
[  218.824894][T12528] hsr_slave_1: entered promiscuous mode
[  218.930210][T12682] loop3: detected capacity change from 0 to 512
[  218.941524][T12679] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  218.950478][   T29] kauditd_printk_skb: 475 callbacks suppressed
[  218.950492][   T29] audit: type=1326 audit(1763270614.189:32839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12681 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5922cf6c9 code=0x7ffc0000
[  218.980448][   T29] audit: type=1326 audit(1763270614.189:32840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12681 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd5922cf6c9 code=0x7ffc0000
[  219.004110][   T29] audit: type=1326 audit(1763270614.189:32841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12681 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5922cf6c9 code=0x7ffc0000
[  219.027682][   T29] audit: type=1326 audit(1763270614.189:32842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12681 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5922cf6c9 code=0x7ffc0000
[  219.051336][   T29] audit: type=1326 audit(1763270614.189:32843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12681 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd5922cf6c9 code=0x7ffc0000
[  219.074904][   T29] audit: type=1326 audit(1763270614.189:32844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12681 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5922cf6c9 code=0x7ffc0000
[  219.098590][   T29] audit: type=1326 audit(1763270614.189:32845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12681 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5922cf6c9 code=0x7ffc0000
[  219.122292][   T29] audit: type=1326 audit(1763270614.189:32846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12681 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd5922cf6c9 code=0x7ffc0000
[  219.145854][   T29] audit: type=1326 audit(1763270614.189:32847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12681 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd5922cf6c9 code=0x7ffc0000
[  219.169547][   T29] audit: type=1326 audit(1763270614.189:32848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12681 comm="syz.3.3213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd5922cf6c9 code=0x7ffc0000
[  219.207113][T12682] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  219.305606][T12699] loop3: detected capacity change from 0 to 512
[  219.312691][T12699] EXT4-fs error (device loop3): ext4_get_journal_inode:5808: comm syz.3.3220: inode #1792: comm syz.3.3220: iget: illegal inode #
[  219.326391][T12699] EXT4-fs (loop3): Remounting filesystem read-only
[  219.333045][T12699] EXT4-fs (loop3): no journal found
[  219.338342][T12699] EXT4-fs (loop3): can't get journal size
[  219.344580][T12699] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  219.354294][T12699] EXT4-fs (loop3): Errors on filesystem, clearing orphan list.
[  219.369647][   T58] IPVS: stop unused estimator thread 0...
[  219.409413][T12709] loop3: detected capacity change from 0 to 512
[  219.423791][T12709] EXT4-fs: Ignoring removed bh option
[  219.439691][T12709] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  219.448853][T12709] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  219.468147][T12709] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  219.478111][T12709] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  219.542312][T12718] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  219.551122][T12718] ref_ctr increment failed for inode: 0x135 offset: 0x4 ref_ctr_offset: 0x2 of mm: 0xffff88810005bf40
[  219.568866][T12720] loop3: detected capacity change from 0 to 512
[  219.582812][T12528] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  219.591795][T12720] ext4 filesystem being mounted at /35/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  219.592244][T12528] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  219.612732][T12528] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  219.621941][T12528] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  219.630186][T12725] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3229'.
[  219.656581][T12722] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3229'.
[  219.670210][T12731] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2
[  219.702427][T12528] 8021q: adding VLAN 0 to HW filter on device bond0
[  219.720518][T12528] 8021q: adding VLAN 0 to HW filter on device team0
[  219.735753][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.742898][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.761211][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.768304][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.779033][T12739] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  219.787898][T12739] ref_ctr increment failed for inode: 0x140 offset: 0x4 ref_ctr_offset: 0x2 of mm: 0xffff88810005ed40
[  219.929810][T12528] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.846345][T12528] veth0_vlan: entered promiscuous mode
[  220.855782][T12766] validate_nla: 5 callbacks suppressed
[  220.855864][T12766] netlink: 'syz.4.3238': attribute type 4 has an invalid length.
[  221.021320][T12528] veth1_vlan: entered promiscuous mode
[  221.103800][T12768] netlink: 'syz.4.3238': attribute type 4 has an invalid length.
[  221.116026][T12770] loop3: detected capacity change from 0 to 512
[  221.119627][T12528] veth0_macvtap: entered promiscuous mode
[  221.140741][T12770] ext4 filesystem being mounted at /40/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  221.151883][T12528] veth1_macvtap: entered promiscuous mode
[  221.164548][T12528] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.174222][T12528] batman_adv: batadv0: Interface activated: batadv_slave_1
[  221.227727][ T1409] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.236896][ T1409] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.270157][ T1409] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.273800][T12779] loop0: detected capacity change from 0 to 512
[  221.287060][ T1409] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.347473][T12779] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  221.353966][T12783] x_tables: duplicate underflow at hook 2
[  221.415721][T12783] ------------[ cut here ]------------
[  221.421223][T12783] verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0x0, 0x0] s64=[0x0, 0x0] u32=[0x80632f4, 0x0] s32=[0x0, 0x0] var_off=(0x0, 0x0)
[  221.437914][T12783] WARNING: CPU: 1 PID: 12783 at kernel/bpf/verifier.c:2721 reg_bounds_sanity_check+0x673/0x680
[  221.448512][T12783] Modules linked in:
[  221.452461][T12783] CPU: 1 UID: 0 PID: 12783 Comm: syz.4.3242 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  221.462301][T12783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  221.468443][T12801] loop3: detected capacity change from 0 to 512
[  221.472401][T12783] RIP: 0010:reg_bounds_sanity_check+0x673/0x680
[  221.479839][T12801] EXT4-fs error (device loop3): ext4_get_journal_inode:5808: comm syz.3.3249: inode #1792: comm syz.3.3249: iget: illegal inode #
[  221.484972][T12783] Code: 7c 24 18 41 ff 74 24 20 55 41 56 4d 89 ee 53 48 8b 5c 24 30 ff 74 24 40 ff 74 24 50 ff 74 24 30 e8 e2 f6 ba ff 48 83 c4 38 90 <0f> 0b 90 90 e9 02 fb ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90
[  221.498682][T12801] EXT4-fs (loop3): Remounting filesystem read-only
[  221.518318][T12783] RSP: 0018:ffffc900018c7408 EFLAGS: 00010282
[  221.524947][T12801] EXT4-fs (loop3): no journal found
[  221.531088][T12783] RAX: 1f79e3b37fa5ea00 RBX: ffff88811a7ee2e0 RCX: 0000000000080000
[  221.536102][T12801] EXT4-fs (loop3): can't get journal size
[  221.544096][T12783] RDX: ffffc9001267d000 RSI: 000000000000bedd RDI: 000000000000bede
[  221.557886][T12783] RBP: 0000000000000000 R08: 0001c900018c7257 R09: 0000000000000000
[  221.565901][T12783] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff88811a7ee2a0
[  221.574072][T12783] R13: ffff88810df18000 R14: ffff88810df18000 R15: ffff88811a7ee2d8
[  221.582471][T12783] FS:  00007f6f4dbbf6c0(0000) GS:ffff8882aef11000(0000) knlGS:0000000000000000
[  221.591629][T12783] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  221.597981][T12806] SELinux: ebitmap: truncated map
[  221.598243][T12783] CR2: 00002000000054c0 CR3: 000000013ad06000 CR4: 00000000003506f0
[  221.604794][T12806] SELinux: failed to load policy
[  221.611272][T12783] Call Trace:
[  221.619569][T12783]  <TASK>
[  221.622514][T12783]  reg_set_min_max+0x1c1/0x260
[  221.627361][T12783]  check_cond_jmp_op+0x1370/0x19e0
[  221.632513][T12783]  do_check+0x3363/0x8460
[  221.636900][T12783]  do_check_common+0xc5e/0x12b0
[  221.641766][T12783]  bpf_check+0xaaae/0xd9d0
[  221.646277][T12783]  ? __alloc_frozen_pages_noprof+0x188/0x360
[  221.652477][T12783]  ? __vmap_pages_range_noflush+0xbc4/0xcf0
[  221.658465][T12783]  ? css_rstat_updated+0xb7/0x240
[  221.660420][T12812] loop2: detected capacity change from 0 to 512
[  221.663626][T12783]  ? pcpu_block_update+0x24e/0x3b0
[  221.674977][T12783]  ? pcpu_block_refresh_hint+0x157/0x170
[  221.675611][T12814] netlink: 'syz.1.3252': attribute type 4 has an invalid length.
[  221.680747][T12783]  ? pcpu_block_update_hint_alloc+0x63d/0x660
[  221.680780][T12783]  ? css_rstat_updated+0xb7/0x240
[  221.680801][T12783]  ? __rcu_read_unlock+0x4f/0x70
[  221.680825][T12783]  ? pcpu_memcg_post_alloc_hook+0xf1/0x150
[  221.696436][T12814] netlink: 'syz.1.3252': attribute type 4 has an invalid length.
[  221.699701][T12783]  ? bpf_prog_alloc+0x5b/0x150
[  221.699783][T12783]  ? pcpu_alloc_noprof+0xd29/0x1250
[  221.699803][T12783]  ? should_fail_ex+0x30/0x280
[  221.733681][T12783]  ? should_failslab+0x8c/0xb0
[  221.738801][T12783]  ? __kmalloc_noprof+0x2a2/0x570
[  221.744000][T12783]  ? security_bpf_prog_load+0x60/0x140
[  221.749543][T12783]  ? selinux_bpf_prog_load+0xad/0xd0
[  221.754862][T12783]  ? security_bpf_prog_load+0x9e/0x140
[  221.760609][T12783]  bpf_prog_load+0xf6e/0x1100
[  221.765407][T12783]  ? security_bpf+0x2b/0x90
[  221.769382][T12801] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  221.769947][T12783]  __sys_bpf+0x469/0x7c0
[  221.783508][T12783]  __x64_sys_bpf+0x41/0x50
[  221.783958][T12801] EXT4-fs (loop3): Errors on filesystem, clearing orphan list.
[  221.787964][T12783]  x64_sys_call+0x2aee/0x3000
[  221.800172][T12783]  do_syscall_64+0xd2/0x200
[  221.801747][T12812] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  221.804727][T12783]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  221.804760][T12783]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  221.826669][T12783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.832563][T12783] RIP: 0033:0x7f6f4f15f6c9
[  221.833638][T12812] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #2: comm syz.2.3251: corrupted inode contents
[  221.837130][T12783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  221.849143][T12812] EXT4-fs error (device loop2): ext4_dirty_inode:6517: inode #2: comm syz.2.3251: mark_inode_dirty error
[  221.868646][T12783] RSP: 002b:00007f6f4dbbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  221.880146][T12812] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #2: comm syz.2.3251: corrupted inode contents
[  221.888503][T12783] RAX: ffffffffffffffda RBX: 00007f6f4f3b5fa0 RCX: 00007f6f4f15f6c9
[  221.902477][T12812] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.3251: mark_inode_dirty error
[  221.908207][T12783] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  221.908223][T12783] RBP: 00007f6f4f1e1f91 R08: 0000000000000000 R09: 0000000000000000
[  221.935334][T12783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  221.943372][T12783] R13: 00007f6f4f3b6038 R14: 00007f6f4f3b5fa0 R15: 00007ffc77a7a718
[  221.945950][T12812] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  221.951401][T12783]  </TASK>
[  221.951412][T12783] ---[ end trace 0000000000000000 ]---
[  221.991124][T12823] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3255'.
[  222.144163][T12844] netlink: 'syz.3.3264': attribute type 4 has an invalid length.
[  222.154764][T12844] netlink: 'syz.3.3264': attribute type 4 has an invalid length.
[  222.182750][T12846] netlink: 'syz.3.3265': attribute type 4 has an invalid length.
[  222.246320][T12850] loop4: detected capacity change from 0 to 512
[  222.257756][T12850] EXT4-fs: test_dummy_encryption option not supported
[  222.268854][T12852] loop3: detected capacity change from 0 to 512
[  222.398979][T12857] loop0: detected capacity change from 0 to 164
[  222.406954][T12857] Unable to read rock-ridge attributes
[  222.427002][T12852] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  222.476190][T12857] Unable to read rock-ridge attributes
[  222.525832][T12857] iso9660: Corrupted directory entry in block 4 of inode 1792
[  222.671566][T12867] loop4: detected capacity change from 0 to 164
[  222.696581][T12867] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  222.734210][T12867] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  222.769886][T12867] Symlink component flag not implemented
[  222.775923][T12867] Symlink component flag not implemented
[  222.781878][T12867] Symlink component flag not implemented (7)
[  222.787926][T12867] Symlink component flag not implemented (116)
[  222.798327][T12867] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  222.809482][T12867] rock: directory entry would overflow storage
[  222.815744][T12867] rock: sig=0x4f50, size=4, remaining=3
[  222.821455][T12867] iso9660: Corrupted directory entry in block 4 of inode 1792
[  222.831207][T12873] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125
[  222.838840][T12873] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125
[  222.847234][T12873] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125
[  222.856189][T12873] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125
[  222.863861][T12873] vhci_hcd: invalid port number 17
[  222.869011][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  222.876366][T12873] vhci_hcd: invalid port number 17
[  222.881512][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  222.888614][T12873] vhci_hcd: invalid port number 17
[  222.893927][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  222.901074][T12873] vhci_hcd: invalid port number 17
[  222.906230][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  222.913509][T12873] vhci_hcd: invalid port number 17
[  222.918632][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  222.926053][T12873] vhci_hcd: invalid port number 17
[  222.931323][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  222.938547][T12873] vhci_hcd: invalid port number 17
[  222.943773][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  222.951486][T12873] vhci_hcd: invalid port number 17
[  222.956602][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  222.972460][T12873] vhci_hcd: invalid port number 17
[  222.977654][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  222.987172][T12873] vhci_hcd: invalid port number 17
[  222.992298][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.000791][T12873] vhci_hcd: invalid port number 17
[  223.006016][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.014790][T12873] vhci_hcd: invalid port number 17
[  223.020030][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.027285][T12873] vhci_hcd: invalid port number 17
[  223.032436][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.039860][T12873] vhci_hcd: invalid port number 17
[  223.045006][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.052277][T12873] vhci_hcd: invalid port number 17
[  223.057511][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.137183][T12873] vhci_hcd: invalid port number 17
[  223.142408][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.166979][T12873] vhci_hcd: invalid port number 17
[  223.172306][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.182815][T12890] FAULT_INJECTION: forcing a failure.
[  223.182815][T12890] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  223.189441][T12873] vhci_hcd: invalid port number 17
[  223.195953][T12890] CPU: 1 UID: 0 PID: 12890 Comm: syz.0.3280 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  223.195986][T12890] Tainted: [W]=WARN
[  223.195993][T12890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  223.196032][T12890] Call Trace:
[  223.196039][T12890]  <TASK>
[  223.196048][T12890]  __dump_stack+0x1d/0x30
[  223.196071][T12890]  dump_stack_lvl+0xe8/0x140
[  223.196092][T12890]  dump_stack+0x15/0x1b
[  223.196109][T12890]  should_fail_ex+0x265/0x280
[  223.196150][T12890]  should_fail+0xb/0x20
[  223.196180][T12890]  should_fail_usercopy+0x1a/0x20
[  223.196255][T12890]  _copy_from_user+0x1c/0xb0
[  223.196283][T12890]  __se_sys_rt_sigtimedwait+0x83/0x200
[  223.196314][T12890]  __x64_sys_rt_sigtimedwait+0x55/0x70
[  223.196391][T12890]  x64_sys_call+0x275d/0x3000
[  223.196413][T12890]  do_syscall_64+0xd2/0x200
[  223.196433][T12890]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  223.196592][T12890]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  223.196637][T12890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.196658][T12890] RIP: 0033:0x7fd1d218f6c9
[  223.196674][T12890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.196692][T12890] RSP: 002b:00007fd1d0bd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000080
[  223.196710][T12890] RAX: ffffffffffffffda RBX: 00007fd1d23e6090 RCX: 00007fd1d218f6c9
[  223.196722][T12890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  223.196809][T12890] RBP: 00007fd1d0bd6090 R08: 0000000000000000 R09: 0000000000000000
[  223.196821][T12890] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  223.196833][T12890] R13: 00007fd1d23e6128 R14: 00007fd1d23e6090 R15: 00007ffca5d7c178
[  223.196852][T12890]  </TASK>
[  223.207178][T12883] block device autoloading is deprecated and will be removed.
[  223.213088][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.483087][T12873] vhci_hcd: invalid port number 17
[  223.488388][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.496053][T12873] vhci_hcd: invalid port number 17
[  223.501229][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.508532][T12873] vhci_hcd: invalid port number 17
[  223.513692][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.521022][T12873] vhci_hcd: invalid port number 17
[  223.526329][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.558479][T12873] vhci_hcd: invalid port number 17
[  223.563636][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.563774][T12880] loop2: detected capacity change from 0 to 32768
[  223.570860][T12873] vhci_hcd: invalid port number 17
[  223.577972][T12894] sg_write: data in/out 28/14 bytes for SCSI command 0x0-- guessing data in;
[  223.577972][T12894]    program syz.3.3281 not setting count and/or reply_len properly
[  223.582259][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.611239][T12873] vhci_hcd: invalid port number 17
[  223.616406][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.623580][T12873] vhci_hcd: invalid port number 17
[  223.628725][T12873] vhci_hcd: default hub control req: 2800 v0000 i0011 l0
[  223.671763][T12880]  loop2: p1 p2 p3 < > p4 < p5 p6 >
[  223.677132][T12880] loop2: p1 start 460800 is beyond EOD, truncated
[  223.683689][T12880] loop2: p2 size 83886080 extends beyond EOD, truncated
[  223.717498][T12880] loop2: p5 start 460800 is beyond EOD, truncated
[  223.724073][T12880] loop2: p6 size 83886080 extends beyond EOD, truncated
[  223.750163][T12903] loop3: detected capacity change from 0 to 164
[  223.769239][T12903] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  223.788344][T12906] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3287'.
[  223.796129][T12903] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  223.808187][T12903] Symlink component flag not implemented
[  223.814043][T12903] Symlink component flag not implemented
[  223.820296][T12903] Symlink component flag not implemented (7)
[  223.826313][T12903] Symlink component flag not implemented (116)
[  223.874005][T12903] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  223.900621][T12903] rock: directory entry would overflow storage
[  223.906804][T12903] rock: sig=0x4f50, size=4, remaining=3
[  223.912404][T12903] iso9660: Corrupted directory entry in block 4 of inode 1792
[  223.916539][   T29] kauditd_printk_skb: 477 callbacks suppressed
[  223.916552][   T29] audit: type=1400 audit(1763270619.428:33326): avc:  denied  { read } for  pid=12910 comm="syz.2.3288" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  223.980590][T12914] loop2: detected capacity change from 0 to 512
[  223.987862][   T29] audit: type=1326 audit(1763270619.480:33327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.2.3289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b539ff6c9 code=0x7ffc0000
[  224.011777][   T29] audit: type=1326 audit(1763270619.480:33328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.2.3289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b539ff6c9 code=0x7ffc0000
[  224.035550][   T29] audit: type=1326 audit(1763270619.480:33329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.2.3289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b539ff6c9 code=0x7ffc0000
[  224.059356][   T29] audit: type=1326 audit(1763270619.480:33330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.2.3289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b539ff6c9 code=0x7ffc0000
[  224.082971][   T29] audit: type=1326 audit(1763270619.480:33331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.2.3289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b539ff6c9 code=0x7ffc0000
[  224.106768][   T29] audit: type=1326 audit(1763270619.480:33332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.2.3289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b539ff6c9 code=0x7ffc0000
[  224.130422][   T29] audit: type=1326 audit(1763270619.491:33333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.2.3289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b539ff6c9 code=0x7ffc0000
[  224.154135][   T29] audit: type=1326 audit(1763270619.491:33334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.2.3289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b539ff6c9 code=0x7ffc0000
[  224.178589][   T29] audit: type=1326 audit(1763270619.491:33335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12913 comm="syz.2.3289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b539ff6c9 code=0x7ffc0000
[  224.212749][T12914] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.354139][T12924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3293'.
[  224.619044][T12942] loop4: detected capacity change from 0 to 512
[  224.646553][T12942] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  224.701247][T12950] netlink: 'syz.4.3303': attribute type 4 has an invalid length.
[  224.718450][T12950] netlink: 'syz.4.3303': attribute type 4 has an invalid length.
[  225.884061][T13014] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3330'.
[  225.973254][T13021] ip6gre1: entered promiscuous mode
[  226.118777][T13030] loop4: detected capacity change from 0 to 512
[  226.130301][T13030] EXT4-fs mount: 40 callbacks suppressed
[  226.130353][T13030] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  226.181530][T12279] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.211298][T13035] FAULT_INJECTION: forcing a failure.
[  226.211298][T13035] name failslab, interval 1, probability 0, space 0, times 0
[  226.224284][T13035] CPU: 1 UID: 0 PID: 13035 Comm: syz.4.3337 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  226.224365][T13035] Tainted: [W]=WARN
[  226.224371][T13035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  226.224382][T13035] Call Trace:
[  226.224387][T13035]  <TASK>
[  226.224394][T13035]  __dump_stack+0x1d/0x30
[  226.224418][T13035]  dump_stack_lvl+0xe8/0x140
[  226.224494][T13035]  dump_stack+0x15/0x1b
[  226.224513][T13035]  should_fail_ex+0x265/0x280
[  226.224544][T13035]  should_failslab+0x8c/0xb0
[  226.224617][T13035]  kmem_cache_alloc_node_noprof+0x57/0x4a0
[  226.224648][T13035]  ? __alloc_skb+0x101/0x320
[  226.224675][T13035]  __alloc_skb+0x101/0x320
[  226.224770][T13035]  netlink_alloc_large_skb+0xbf/0xf0
[  226.224915][T13035]  netlink_sendmsg+0x3cf/0x6b0
[  226.224973][T13035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  226.225002][T13035]  __sock_sendmsg+0x145/0x180
[  226.225107][T13035]  ____sys_sendmsg+0x31e/0x4e0
[  226.225129][T13035]  ___sys_sendmsg+0x17b/0x1d0
[  226.225166][T13035]  __x64_sys_sendmsg+0xd4/0x160
[  226.225190][T13035]  x64_sys_call+0x191e/0x3000
[  226.225210][T13035]  do_syscall_64+0xd2/0x200
[  226.225283][T13035]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[  226.225309][T13035]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[  226.225386][T13035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.225409][T13035] RIP: 0033:0x7f6f4f15f6c9
[  226.225474][T13035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.225492][T13035] RSP: 002b:00007f6f4dbbf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  226.225513][T13035] RAX: ffffffffffffffda RBX: 00007f6f4f3b5fa0 RCX: 00007f6f4f15f6c9
[  226.225526][T13035] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000008
[  226.225538][T13035] RBP: 00007f6f4dbbf090 R08: 0000000000000000 R09: 0000000000000000
[  226.225551][T13035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  226.225565][T13035] R13: 00007f6f4f3b6038 R14: 00007f6f4f3b5fa0 R15: 00007ffc77a7a718
[  226.225606][T13035]  </TASK>
[  226.561097][T13042] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2
[  226.672842][T13051] loop4: detected capacity change from 0 to 128
[  226.678892][T13051] bio_check_eod: 95 callbacks suppressed
[  226.678907][T13051] syz.4.3339: attempt to access beyond end of device
[  226.678907][T13051] loop4: rw=2049, sector=145, nr_sectors = 89 limit=128
[  226.707463][T13050] loop2: detected capacity change from 0 to 164
[  226.708433][T13050] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  226.709570][T13050] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  226.709724][T13050] Symlink component flag not implemented
[  226.709730][T13050] Symlink component flag not implemented
[  226.709814][T13050] Symlink component flag not implemented (7)
[  226.709824][T13050] Symlink component flag not implemented (116)
[  226.719587][T13050] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  226.720056][T13050] rock: directory entry would overflow storage
[  226.720065][T13050] rock: sig=0x4f50, size=4, remaining=3
[  226.720080][T13050] iso9660: Corrupted directory entry in block 4 of inode 1792
[  226.759918][T13043] syz.4.3339: attempt to access beyond end of device
[  226.759918][T13043] loop4: rw=2049, sector=241, nr_sectors = 800 limit=128
[  227.454474][T13082] loop0: detected capacity change from 0 to 512
[  227.475482][T13079] loop2: detected capacity change from 0 to 2048
[  227.476927][T13082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  227.495546][T13082] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  227.512707][T13079] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  227.581595][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.595270][T13090] ip6gre2: entered promiscuous mode
[  227.622692][T13093] loop0: detected capacity change from 0 to 512
[  227.653048][T13093] EXT4-fs: Ignoring removed mblk_io_submit option
[  227.670201][T13093] EXT4-fs: Ignoring removed nomblk_io_submit option
[  227.689914][T13093] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  227.698860][T13093] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  227.736883][T13093] EXT4-fs warning (device loop0): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  227.770184][T13093] EXT4-fs (loop0): mount failed
[  227.846818][T12528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.905208][T13103] loop2: detected capacity change from 0 to 512
[  227.918477][T13103] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.3362: inode has both inline data and extents flags
[  227.945524][T13103] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.3362: couldn't read orphan inode 15 (err -117)
[  227.958007][T13103] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.001254][T12528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.210921][T13112] loop3: detected capacity change from 0 to 128
[  228.261244][T13112] syz.3.3364: attempt to access beyond end of device
[  228.261244][T13112] loop3: rw=2049, sector=145, nr_sectors = 89 limit=128
[  228.333135][T13108] syz.3.3364: attempt to access beyond end of device
[  228.333135][T13108] loop3: rw=2049, sector=241, nr_sectors = 800 limit=128
[  228.380102][T13121] loop2: detected capacity change from 0 to 512
[  228.408432][T13123] loop0: detected capacity change from 0 to 512
[  228.425823][T13121] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.449155][T13123] EXT4-fs error (device loop0): ext4_get_journal_inode:5808: comm syz.0.3369: inode #1792: comm syz.0.3369: iget: illegal inode #
[  228.510050][T13123] EXT4-fs (loop0): Remounting filesystem read-only
[  228.516618][T13123] EXT4-fs (loop0): no journal found
[  228.521924][T13123] EXT4-fs (loop0): can't get journal size
[  228.538273][T13123] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  228.571504][T12528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.573222][T13123] EXT4-fs (loop0): Errors on filesystem, clearing orphan list.
[  228.589258][T13123] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.603205][T13123] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.685372][   T29] kauditd_printk_skb: 521 callbacks suppressed
[  228.685386][   T29] audit: type=1400 audit(1763270624.436:33856): avc:  denied  { setopt } for  pid=13137 comm="syz.1.3374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  228.692109][T13136] loop2: detected capacity change from 0 to 512
[  228.712527][   T29] audit: type=1400 audit(1763270624.436:33857): avc:  denied  { read } for  pid=13137 comm="syz.1.3374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  228.739915][T13134] loop0: detected capacity change from 0 to 164
[  228.747437][T13134] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  228.750291][   T29] audit: type=1400 audit(1763270624.467:33858): avc:  denied  { read } for  pid=13133 comm="syz.0.3372" name="usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  228.768134][T13134] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  228.779834][   T29] audit: type=1400 audit(1763270624.467:33859): avc:  denied  { open } for  pid=13133 comm="syz.0.3372" path="/dev/usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  228.796305][T13136] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.3373: inode has both inline data and extents flags
[  228.825453][   T29] audit: type=1400 audit(1763270624.509:33860): avc:  denied  { mount } for  pid=13133 comm="syz.0.3372" name="/" dev="loop0" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[  228.844982][T13134] Symlink component flag not implemented
[  228.855170][T13134] Symlink component flag not implemented
[  228.865403][T13134] Symlink component flag not implemented (7)
[  228.871679][T13134] Symlink component flag not implemented (116)
[  228.878241][T13136] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.3373: couldn't read orphan inode 15 (err -117)
[  228.905507][   T29] audit: type=1400 audit(1763270624.667:33861): avc:  denied  { module_request } for  pid=13138 comm="syz.4.3375" kmod="netdev-syzkaller1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  228.944743][   T29] audit: type=1400 audit(1763270624.709:33862): avc:  denied  { sys_module } for  pid=13138 comm="syz.4.3375" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  228.957199][T13136] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.981187][T13134] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  228.988336][   T29] audit: type=1400 audit(1763270624.709:33863): avc:  denied  { read write } for  pid=13138 comm="syz.4.3375" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  228.990226][T13134] rock: directory entry would overflow storage
[  229.014238][   T29] audit: type=1400 audit(1763270624.709:33864): avc:  denied  { open } for  pid=13138 comm="syz.4.3375" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  229.020516][T13134] rock: sig=0x4f50, size=4, remaining=3
[  229.051133][T13134] iso9660: Corrupted directory entry in block 4 of inode 1792
[  229.118258][T12528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.146656][   T29] audit: type=1326 audit(1763270624.919:33865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13153 comm="syz.2.3377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b539ff6c9 code=0x7ffc0000
[  229.204151][T13147] ip6gre1: entered promiscuous mode
[  229.314470][T13162] netlink: 'syz.4.3379': attribute type 4 has an invalid length.
[  229.315229][T13161] loop0: detected capacity change from 0 to 512
[  229.345130][T13162] netlink: 'syz.4.3379': attribute type 4 has an invalid length.
[  229.444822][T13171] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3384'.
[  229.587310][T13171] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3384'.
[  229.663514][T13179] loop2: detected capacity change from 0 to 128
[  229.807498][T13179] syz.2.3386: attempt to access beyond end of device
[  229.807498][T13179] loop2: rw=2049, sector=145, nr_sectors = 89 limit=128
[  229.878703][T13176] syz.2.3386: attempt to access beyond end of device
[  229.878703][T13176] loop2: rw=2049, sector=241, nr_sectors = 800 limit=128
[  229.984203][T13192] loop0: detected capacity change from 0 to 512
[  230.000020][T13194] netlink: 'syz.3.3394': attribute type 4 has an invalid length.
[  230.012162][T13194] netlink: 'syz.3.3394': attribute type 4 has an invalid length.
[  230.024323][T13192] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.037229][T13192] ext4 filesystem being mounted at /81/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  230.060815][T13203] netlink: 'syz.1.3397': attribute type 4 has an invalid length.
[  230.074003][T13203] netlink: 'syz.1.3397': attribute type 4 has an invalid length.
[  230.133535][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.176271][T13211] loop0: detected capacity change from 0 to 164
[  230.196354][T13211] iso9660: Unknown parameter '18446744073709551615ÿÿ01777777777777777777777'
[  230.319665][T13221] ip6gre3: entered promiscuous mode
[  230.330961][T13211] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3399'.
[  230.444601][T13235] netlink: 'syz.0.3405': attribute type 4 has an invalid length.
[  230.468392][T13235] netlink: 'syz.0.3405': attribute type 4 has an invalid length.
[  230.628503][T13243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3406'.
[  230.637559][T13243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3406'.
[  230.800283][T13256] loop2: detected capacity change from 0 to 512
[  230.816430][T13256] EXT4-fs error (device loop2): ext4_get_journal_inode:5808: comm syz.2.3410: inode #1792: comm syz.2.3410: iget: illegal inode #
[  230.830716][T13256] EXT4-fs (loop2): Remounting filesystem read-only
[  230.835280][T13260] loop0: detected capacity change from 0 to 164
[  230.837271][T13256] EXT4-fs (loop2): no journal found
[  230.848935][T13256] EXT4-fs (loop2): can't get journal size
[  230.856807][T13256] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  230.867356][T13260] ISOFS: unable to read i-node block
[  230.886519][T13260] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  230.888577][T13256] EXT4-fs (loop2): Errors on filesystem, clearing orphan list.
[  230.909758][T13256] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.924951][T13256] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.954089][T13266] loop3: detected capacity change from 0 to 512
[  230.974330][T13266] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  230.996336][T13266] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  231.053044][T12072] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.083757][T13283] syzkaller1: entered promiscuous mode
[  231.089393][T13283] syzkaller1: entered allmulticast mode
[  231.182628][T13289] ip6gre1: entered promiscuous mode
[  231.213154][T13289] loop2: detected capacity change from 0 to 2048
[  231.250756][T13289] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  231.305389][T12528] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.376631][T13308] loop2: detected capacity change from 0 to 512
[  231.376859][T13310] bond0: (slave bond_slave_1): Releasing backup interface
[  231.383817][T13308] EXT4-fs error (device loop2): ext4_get_journal_inode:5808: comm syz.2.3426: inode #1792: comm syz.2.3426: iget: illegal inode #
[  231.404792][T13308] EXT4-fs (loop2): Remounting filesystem read-only
[  231.411423][T13308] EXT4-fs (loop2): no journal found
[  231.417091][T13308] EXT4-fs (loop2): can't get journal size
[  231.419677][T13310] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3430'.
[  231.432343][T13308] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  231.442690][T13308] EXT4-fs (loop2): Errors on filesystem, clearing orphan list.
[  231.451623][T13308] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.465698][T13308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.520179][T13320] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3433'.
[  231.545762][T13322] loop0: detected capacity change from 0 to 512
[  231.571479][T13322] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.3434: inode has both inline data and extents flags
[  231.586272][T13322] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.3434: couldn't read orphan inode 15 (err -117)
[  231.658124][T13322] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  231.683366][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.719747][T13332] loop0: detected capacity change from 0 to 512
[  231.740177][T13332] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  231.882191][T13342] ip6gre4: entered promiscuous mode
[  232.026769][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.463519][T13353] loop3: detected capacity change from 0 to 512
[  232.471002][T13353] EXT4-fs error (device loop3): ext4_get_journal_inode:5808: comm syz.3.3444: inode #1792: comm syz.3.3444: iget: illegal inode #
[  232.497906][T13357] loop0: detected capacity change from 0 to 512
[  232.506494][T13353] EXT4-fs (loop3): Remounting filesystem read-only
[  232.513296][T13353] EXT4-fs (loop3): no journal found
[  232.518611][T13353] EXT4-fs (loop3): can't get journal size
[  232.550158][T13353] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  232.560023][T13353] EXT4-fs (loop3): Errors on filesystem, clearing orphan list.
[  232.569885][T13357] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.583412][T13353] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.600252][T13353] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.617266][T13364] loop4: detected capacity change from 0 to 512
[  232.624127][T13357] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  232.682536][T13364] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  232.736428][T13364] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  232.763938][T13373] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3449'.
[  232.808333][T12279] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.825146][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.898344][T13377] netlink: 'syz.1.3453': attribute type 19 has an invalid length.
[  232.906372][T13377] netlink: 172 bytes leftover after parsing attributes in process `syz.1.3453'.
[  233.135095][T13382] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3454'.
[  233.159039][T13386] loop4: detected capacity change from 0 to 512
[  233.166367][T13386] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  233.178898][T13386] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 214 vs 220 free clusters
[  233.194529][T13386] EXT4-fs (loop4): 1 truncate cleaned up
[  233.201381][T13386] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.279254][T12279] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.333498][T13390] ip6gre2: entered promiscuous mode
[  233.357546][T13390] loop0: detected capacity change from 0 to 2048
[  233.364324][T13396] loop4: detected capacity change from 0 to 8192
[  233.379362][T13390] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.407125][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.427898][T13404] loop0: detected capacity change from 0 to 512
[  233.445766][T13404] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  233.469143][   T29] kauditd_printk_skb: 732 callbacks suppressed
[  233.469160][   T29] audit: type=1326 audit(1763270629.454:34592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13403 comm="syz.0.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  233.500104][   T29] audit: type=1326 audit(1763270629.454:34593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13403 comm="syz.0.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  233.523786][   T29] audit: type=1326 audit(1763270629.454:34594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13403 comm="syz.0.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  233.547590][   T29] audit: type=1326 audit(1763270629.454:34595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13403 comm="syz.0.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  233.572089][   T29] audit: type=1326 audit(1763270629.454:34596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13403 comm="syz.0.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  233.595851][   T29] audit: type=1326 audit(1763270629.454:34597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13403 comm="syz.0.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  233.619525][   T29] audit: type=1326 audit(1763270629.454:34598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13403 comm="syz.0.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  233.643184][   T29] audit: type=1326 audit(1763270629.454:34599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13403 comm="syz.0.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  233.666881][   T29] audit: type=1326 audit(1763270629.454:34600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13403 comm="syz.0.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  233.690694][   T29] audit: type=1326 audit(1763270629.454:34601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13403 comm="syz.0.3460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd1d218f6c9 code=0x7ffc0000
[  233.718317][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.742146][T13410] loop0: detected capacity change from 0 to 512
[  233.759745][T13410] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.772394][T13410] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  233.799536][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.991017][T13435] loop3: detected capacity change from 0 to 164
[  234.718033][T13441] loop0: detected capacity change from 0 to 512
[  234.725015][T13441] EXT4-fs: Ignoring removed i_version option
[  234.731341][T13441] EXT4-fs: Ignoring removed bh option
[  234.761624][T13443] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  234.772135][T13443] SELinux: failed to load policy
[  234.836916][T13447] loop3: detected capacity change from 0 to 512
[  234.868901][T13441] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.884693][T13447] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.897673][T13441] ext4 filesystem being mounted at /103/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  234.901448][T13447] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  234.923056][T13454] __nla_validate_parse: 1 callbacks suppressed
[  234.923073][T13454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3477'.
[  234.939720][T11854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.946917][T13458] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3479'.
[  234.981134][T13462] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3478'.
[  234.991335][T12072] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.146554][T13472] xt_CT: You must specify a L4 protocol and not use inversions on it
[  235.729781][T13464] ==================================================================
[  235.737994][T13464] BUG: KCSAN: data-race in atime_needs_update / inode_update_timestamps
[  235.746353][T13464] 
[  235.748683][T13464] write to 0xffff88811b4ca6bc of 4 bytes by task 13470 on cpu 0:
[  235.757527][T13464]  inode_update_timestamps+0x147/0x270
[  235.763351][T13464]  file_update_time+0x20e/0x2b0
[  235.768227][T13464]  shmem_file_write_iter+0x9c/0xf0
[  235.773333][T13464]  iter_file_splice_write+0x666/0xa60
[  235.778810][T13464]  direct_splice_actor+0x156/0x2a0
[  235.783928][T13464]  splice_direct_to_actor+0x312/0x680
[  235.789306][T13464]  do_splice_direct+0xda/0x150
[  235.794069][T13464]  do_sendfile+0x380/0x650
[  235.798503][T13464]  __x64_sys_sendfile64+0x105/0x150
[  235.803712][T13464]  x64_sys_call+0x2bb4/0x3000
[  235.808382][T13464]  do_syscall_64+0xd2/0x200
[  235.813076][T13464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.819009][T13464] 
[  235.821940][T13464] read to 0xffff88811b4ca6bc of 4 bytes by task 13464 on cpu 1:
[  235.829740][T13464]  atime_needs_update+0x2a8/0x3e0
[  235.834860][T13464]  touch_atime+0x4a/0x340
[  235.839187][T13464]  shmem_file_splice_read+0x5b1/0x600
[  235.844557][T13464]  splice_direct_to_actor+0x26f/0x680
[  235.849917][T13464]  do_splice_direct+0xda/0x150
[  235.854679][T13464]  do_sendfile+0x380/0x650
[  235.859359][T13464]  __x64_sys_sendfile64+0x105/0x150
[  235.864763][T13464]  x64_sys_call+0x2bb4/0x3000
[  235.869546][T13464]  do_syscall_64+0xd2/0x200
[  235.874056][T13464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.880123][T13464] 
[  235.882444][T13464] value changed: 0x3155c9c7 -> 0x31f5fe20
[  235.888146][T13464] 
[  235.890457][T13464] Reported by Kernel Concurrency Sanitizer on:
[  235.896591][T13464] CPU: 1 UID: 0 PID: 13464 Comm: syz.1.3481 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  235.907971][T13464] Tainted: [W]=WARN
[  235.911856][T13464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  235.922346][T13464] ==================================================================