last executing test programs:

2m2.561615059s ago: executing program 2 (id=279):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4040808)

2m2.437418861s ago: executing program 2 (id=281):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0xfffffffc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r3 = openat$cgroup_devices(r2, &(0x7f0000000680)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r3, &(0x7f0000000140)=ANY=[@ANYBLOB='b 75:*\trwr'], 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000b00000001"], 0x50)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10)
r4 = syz_io_uring_setup(0x324d, &(0x7f0000000080)={0x0, 0x0, 0x13580, 0x2, 0x349}, 0x0, &(0x7f0000000240)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x8, 0x2007, @fd_index=0x4, 0x9, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x54, 0x96d7, 0x1, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x1100, 0x5dd9, 0x0, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$kcm(0x2d, 0x2, 0x0)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

2m2.144423736s ago: executing program 2 (id=286):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)

2m1.89421926s ago: executing program 2 (id=291):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = socket$kcm(0x29, 0x5, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x2a10700, &(0x7f0000000380), 0x0, 0x44a, &(0x7f0000000880)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$random(0xffffffffffffff9c, 0x0, 0x404000, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r4=>0x0})
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f00000000c0)={r4, 0x2, 0x6}, 0xfffffffffffffdd9)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r5, &(0x7f00000007c0), &(0x7f0000000280)=""/89}, 0x20)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, 0x0)

2m1.241788981s ago: executing program 2 (id=303):
timer_gettime(0x0, 0x0)
utimes(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={{0x77359400}, {0x77359400}})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
unshare(0x22020400)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
ioctl$EVIOCGBITSW(r1, 0x40095505, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0xa}, 0x18)
r2 = perf_event_open(&(0x7f0000000380)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x140}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r2, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000000)={@mcast2={0xff, 0x5}, 0x200, 0x0, 0x1, 0x3}, 0x20)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc7d7, 0x0, 0x3}, 0x0, 0x0, r2, 0x3)

2m0.869770057s ago: executing program 2 (id=310):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000000a0a01", @ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x2000c801}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
socket$xdp(0x2c, 0x3, 0x0)
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)

2m0.869568377s ago: executing program 32 (id=310):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000000a0a01", @ANYRES32], 0x20}, 0x1, 0x0, 0x0, 0x2000c801}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
socket$xdp(0x2c, 0x3, 0x0)
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)

1m59.911868043s ago: executing program 3 (id=318):
r0 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff, @void, @value}, 0x94)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r1}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_GET_VERSION_NUM(r3, 0x2284, &(0x7f0000000080))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6, 0x0, 0x5}, 0x18)

1m59.398319392s ago: executing program 3 (id=324):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
readv(r2, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/164, 0xa4}], 0x1)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r5}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461700000000800014000000005"], 0xe8}, 0x1, 0x0, 0x0, 0x44060000}, 0x4000)
sendmmsg(r3, &(0x7f0000007fc0), 0x346, 0x0)
setsockopt$inet_int(r3, 0x0, 0x8, &(0x7f0000000040)=0x6aba, 0x4)
recvmmsg(r3, &(0x7f0000000780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/21, 0x15}, 0x1ff}], 0x1, 0x45833af92e4b39fc, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)

1m58.260477491s ago: executing program 3 (id=331):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b00)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4040808)

1m58.210618872s ago: executing program 3 (id=334):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r0 = socket$kcm(0x29, 0x5, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x2a10700, &(0x7f0000000380), 0x0, 0x44a, &(0x7f0000000880)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$random(0xffffffffffffff9c, 0x0, 0x404000, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', <r3=>0x0})
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f00000000c0)={r3, 0x2, 0x6}, 0xfffffffffffffdd9)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r4, &(0x7f00000007c0), &(0x7f0000000280)=""/89}, 0x20)

1m57.557037092s ago: executing program 3 (id=340):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000010000"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r3 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="011f00000000000000000d", @ANYRES32], 0x20}}, 0x40)

1m56.48575505s ago: executing program 3 (id=346):
modify_ldt$write(0x1, &(0x7f0000000040)={0x806, 0xffffffffffffffff}, 0x10)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)={<r1=>0x0, 0x8}, &(0x7f0000000080)=0x8)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r4=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000001c0)=ANY=[@ANYRES32=r4, @ANYBLOB="000000d0c8224d48898a260118c76740cfd3a40000"], 0xd)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000000c0)={r1, 0x3, 0x145, 0x5, 0x9, 0x4f, 0x3a, 0x2, {r4, @in={{0x2, 0x4e24, @empty}}, 0x0, 0x8, 0x5, 0x10000, 0x9}}, &(0x7f0000000180)=0xb0)

1m56.48551534s ago: executing program 33 (id=346):
modify_ldt$write(0x1, &(0x7f0000000040)={0x806, 0xffffffffffffffff}, 0x10)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)={<r1=>0x0, 0x8}, &(0x7f0000000080)=0x8)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r4=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000001c0)=ANY=[@ANYRES32=r4, @ANYBLOB="000000d0c8224d48898a260118c76740cfd3a40000"], 0xd)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000000c0)={r1, 0x3, 0x145, 0x5, 0x9, 0x4f, 0x3a, 0x2, {r4, @in={{0x2, 0x4e24, @empty}}, 0x0, 0x8, 0x5, 0x10000, 0x9}}, &(0x7f0000000180)=0xb0)

1m47.193291915s ago: executing program 0 (id=530):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/notes', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x100)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$selinux_load(r6, &(0x7f0000000000)=ANY=[], 0x2000)
write$selinux_attr(0xffffffffffffffff, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)

1m47.094147297s ago: executing program 0 (id=532):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x51857000)
socket(0x10, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000400396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='kfree\x00', r0, 0x0, 0x8000000000}, 0x18)
r1 = socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x25, 0x4, @val=@netkit={@void, @value}}, 0x1c)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/uevent_seqnum', 0x8080, 0x112)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000980)=ANY=[@ANYRES32, @ANYRES32=r2, @ANYBLOB, @ANYRES32, @ANYBLOB="e4deebc3beba36cb17cc320c32b21f3874ef5aabd2d36f681e4befedb4ff8b867f37072d50a4c9b831b9352d5f614adab4cb88afd185b4d72c98dc69743c3ef4fd6eb6b6e33bc68ac16b0f6703094823393590a12413725f921ed8242f906a985ce76af5ba2dc93d97396e955643b7a3cef68f3adb377702b88b4f6b9520f71e154ecf2754f87609195b247173e2186b96a94911f80d7d79d5bca1fff1b52fe853c88fa25e7cd6a32f2d440fe997d18c412891aa152713032eb343a7f8b25e9a36ef8085453c48da49a2d8181d0a318eba9caca48a000001006b4f081c01220ca50cc59fbaa8a3a3fcb443395b3d67c625d9311dbe6c8b66694e26874ff0db5683f5db9a272d85da58c7401f3ee254150000c9e4c150365cd90432b9ba00"/297, @ANYRES64=0x0], 0x20)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32, @ANYBLOB="0700000000000000000000000000000000000000279641a8bb06ff750332adbc1e3f29d7795d81c17b74d49c50b02b13e136f438eb2b260ae39f6f8d26c90be3b34d16dbbb9cb15b4c2724e52b2e5d83ffa16672d35c2045ac4bffd160", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'macvlan1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, @void, @value}, 0xa0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000480)={0x1ffffffffffffe63, &(0x7f00000000c0)=[{0xa, 0x11, 0x0, 0x6}]})
r5 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, r5)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0xfd, 0x7ffc0001}]})
semctl$IPC_INFO(0x0, 0x1, 0x3, &(0x7f0000000300)=""/130)
ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f0000000080)={0x0, 0x0, 0x4, 0x4, 0xff, 0x9})
ioprio_set$pid(0x3, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000dd2e31c1bfe4d103c57bcfefe065d5e372efe4a42069f7f8517e442a22c1bbd65e60671ca7118ef795840b2f1ec675776718a2dbf4b8a07c316cc413a4b2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x81901)

1m46.90065745s ago: executing program 0 (id=538):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'hsr0\x00'})
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x15, &(0x7f0000000140)={0x0, 0x7530}, 0x10)
connect$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @remote}, 0x10)

1m46.805617412s ago: executing program 0 (id=539):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$MAP_CREATE(0x0, 0x0, 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1600000000000000040000000100000000000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000000000000000000000000000db84cd504f0b12b16bd8788777d18a4984a3178d1bfd74d5a549e3d4c5f1555288cf6fb1e929b2914a5021c45692d3da8b7fab0c48620c6e8c4745690fbea9e0a98d3921f72525ae7ab12da58ece84269b4d446228c0814d4d666432f1fc4bf4325d294e8b3b5f926f559dd95bb695fabbdd236ee11f12708ffeecc2791f5b1db5533be76f0fcae330a9880f20b4f3fa73726a69441f0f5f65b7bb87edb18cd68311d8878ceb2aa5bb79eaaaec144c21cc04c1176b25b6e6ba4801e6764362e7f15c66a3451f", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x2, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xfffc}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x20008040)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd29, 0x2, {0x0, 0x0, 0x0, r5, {0xffff, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x18, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xd, 0xfff3}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}, @TCA_MATCHALL_ACT={0xfffffffffffffdd1}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10060, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1}, 0x38)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0xd, &(0x7f0000000c40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="000038ae42a80000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095c16b6ce6ad9d360aec20593ed834e19d3f180b427b72eb450a5c4e236b512b5507544cb0018c03fd83d63203938015124bcba040932039f275a25c4a69a2555b5b3f1632d73afffbf99f1bbc"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r6, 0x0, 0xc763}, 0x18)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
pread64(r7, &(0x7f0000000740)=""/213, 0xd5, 0x8000000000000001)
r9 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_MAKE_EQUIV(r9, &(0x7f00000008c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8400}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x24, 0x3f7, 0x20, 0x70bd2c, 0x25dfdbfc, {0x5, 0x5, './bus', './bus'}, ["", "", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40400c0}, 0x20000000)
ioctl$USBDEVFS_CONTROL(r8, 0xc0105500, &(0x7f0000000000)={0x20, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
syz_clone3(&(0x7f0000000900)={0x88a0080, 0x0, 0x0, 0x0, {0x1b}, 0x0, 0x0, 0x0, 0x0}, 0x58)

1m46.403660478s ago: executing program 0 (id=550):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x1}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}}, 0x0, 0x5a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20)
sendmmsg$inet(r0, &(0x7f0000002f80)=[{{&(0x7f0000000300)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_ttl={{0x14, 0x0, 0x34, 0x4}}, @ip_retopts={{0x10}}], 0x28}}], 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000002180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="19000000000008000100ac14143c0000000000000000"], 0x24}}, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xa4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000240)=<r2=>0x0, &(0x7f00000002c0)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x6, '\x00', r2, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
r3 = fsmount(0xffffffffffffffff, 0x1, 0x71)
pidfd_send_signal(r3, 0x15, &(0x7f0000000000)={0xe, 0x0, 0x8001}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mlock2(&(0x7f00002a6000/0x1000)=nil, 0x1000, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap$xdp(&(0x7f0000a48000/0x1000)=nil, 0x1000, 0x1000000, 0x8010, r3, 0x100000000)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, @void, @value}, 0x94)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0xc7)

1m46.049735714s ago: executing program 0 (id=555):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000032500000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000000f000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x800000000003}, 0x1100, 0x5dd8, 0x0, 0x3, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
ftruncate(0xffffffffffffffff, 0xae6)

1m46.049643924s ago: executing program 34 (id=555):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000032500000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000000f000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x800000000003}, 0x1100, 0x5dd8, 0x0, 0x3, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
ftruncate(0xffffffffffffffff, 0xae6)

1m23.057950998s ago: executing program 7 (id=1003):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='+}[@\x00')
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b595000000000000000002000000", @ANYRES32=r1, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x8000)

1m23.043441008s ago: executing program 7 (id=1004):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYRES32=r0, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x8000)

1m23.023738338s ago: executing program 7 (id=1006):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x1}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}}, 0x0, 0x5a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20)
sendmmsg$inet(r0, &(0x7f0000002f80)=[{{&(0x7f0000000300)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_ttl={{0x14, 0x0, 0x34, 0x4}}, @ip_retopts={{0x10}}], 0x28}}], 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000002180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="19000000000008000100ac14143c0000000000000000"], 0x24}}, 0x0)
perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xa4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x6, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pidfd_send_signal(0xffffffffffffffff, 0x15, &(0x7f0000000000)={0xe, 0x0, 0x8001}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3, 0x0, 0x318a054d}, 0x18)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0xc7)

1m22.92107985s ago: executing program 7 (id=1008):
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x800000000003}, 0x1100, 0x5dd8, 0x0, 0x3, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
fchmod(r2, 0x0)

1m22.769592642s ago: executing program 7 (id=1012):
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000002300), 0x0, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f00000000c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x0)
time(&(0x7f00000001c0))
socket(0x10, 0x6, 0x6)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000cb02000000086865f52f851fe778000000", @ANYBLOB='\x00'/17, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="5c00000012006b000040017ea608601602f3650440010008000000000002009ee517c356a7b0251e616859adaa133792a97f", 0x32}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r2, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000140)=0x1, 0x4)
recvmmsg(r2, &(0x7f0000002400)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/116, 0x74}], 0x1}, 0x6}], 0x1, 0x100, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r3}, 0x18)
r4 = socket$tipc(0x1e, 0x5, 0x0)
socket(0x29, 0x1, 0x80000001)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(r4, 0x10f, 0x88)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x200000000006, 0x0, 0x2, 0x7ffc0002}]})
r5 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000200)=0x10)
symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x25, &(0x7f0000000000)={0x1, 0x2, 0xfffffffffffffffb})
openat$cgroup_ro(r5, &(0x7f0000000100)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)

1m22.733961003s ago: executing program 7 (id=1014):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000))
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r3, 0x5403, &(0x7f0000000240)={0x0, 0x9, 0xfffffffc, 0x2, 0x4, "000000feffffffe3ffffffffffffff00"})
r4 = dup(r3)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000100)=0xff)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r7, &(0x7f0000000000)={0x27, 0x3, 0x1}, 0x6)
r8 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, 0x0, 0x0)
bind$inet(r8, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x30, 0x1, 0x4, 0xf03, 0x0, 0x0, {0xc, 0x0, 0x8}, [@NFULA_CFG_MODE={0xa, 0x2, {0x2, 0x1}}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x74d8c3e9}]}, 0x30}, 0x1, 0x0, 0x0, 0x5}, 0x4844)
sendmsg$xdp(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)="67d89024", 0x4}], 0x1}, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

1m7.692773904s ago: executing program 35 (id=1014):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000000))
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r3, 0x5403, &(0x7f0000000240)={0x0, 0x9, 0xfffffffc, 0x2, 0x4, "000000feffffffe3ffffffffffffff00"})
r4 = dup(r3)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000100)=0xff)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r7, &(0x7f0000000000)={0x27, 0x3, 0x1}, 0x6)
r8 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, 0x0, 0x0)
bind$inet(r8, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x30, 0x1, 0x4, 0xf03, 0x0, 0x0, {0xc, 0x0, 0x8}, [@NFULA_CFG_MODE={0xa, 0x2, {0x2, 0x1}}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x74d8c3e9}]}, 0x30}, 0x1, 0x0, 0x0, 0x5}, 0x4844)
sendmsg$xdp(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)="67d89024", 0x4}], 0x1}, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

3.167538667s ago: executing program 5 (id=2542):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000040000000000001d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
pipe2$watch_queue(&(0x7f0000008f00), 0x80)

3.085750819s ago: executing program 5 (id=2544):
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x400}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x6}, 0x18)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

3.02542521s ago: executing program 5 (id=2546):
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f00000000c0)='.pending_reads\x00', 0x20000, 0x101)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000280)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4b6}}, './file1\x00'})
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYRES8=0x0, @ANYRES32=r0, @ANYBLOB], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x2ddb, &(0x7f00000004c0)={0x0, 0x0, 0x2, 0x0, 0x3}, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4}, 0x4)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000100)={0x66, 0xfe, 0x4, 0x0, 0x40, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0xe)
shutdown(r5, 0x1)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000000000001823", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
socketpair(0x22, 0x6, 0x2, &(0x7f0000000000))
syz_clone(0x630c1100, 0x0, 0x97, 0x0, 0x0, 0x0)

1.420175847s ago: executing program 1 (id=2578):
creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000000240), 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x1, 0x410, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xa5d4}, 0x4c58, 0xffffffffffffffff, 0x0, 0x1, 0x8, 0x2, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r3, 0x0, 0xf7}, 0x18)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r4, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

1.393346357s ago: executing program 5 (id=2580):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000700), &(0x7f00000000c0), 0xff, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x8}, 0x18)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x41)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000980)='sys_enter\x00', r3}, 0x10)
arch_prctl$ARCH_ENABLE_TAGGED_ADDR(0x4002, 0x3)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_MASTER={0x8, 0xa, r8}, @IFLA_LINK={0x8, 0x5, r8}]}, 0x4c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0)

1.328521098s ago: executing program 1 (id=2582):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001014010027bd7000fedbdf25110003"], 0x30}, 0x1, 0x0, 0x0, 0x24044836}, 0xc094)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, <r2=>0x0}, 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x5, &(0x7f0000000240)=ANY=[@ANYRES64=r0], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, r1, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./bus\x00', 0x410c84, &(0x7f0000001040)={[{@block_validity}, {@i_version}, {@min_batch_time={'min_batch_time', 0x3d, 0x5}}, {@norecovery}, {@abort}]}, 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)
write(0xffffffffffffffff, &(0x7f0000004200)='t', 0x1)
sendfile(0xffffffffffffffff, r5, 0x0, 0x7ffff000)
fallocate(r4, 0x0, 0x0, 0x1001f0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)

1.21766283s ago: executing program 1 (id=2586):
epoll_create1(0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x44, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x4)
r3 = dup2(r2, r2)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1})
ioctl$BLKTRACESETUP(r3, 0x1276, 0x0)

1.161779051s ago: executing program 6 (id=2587):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r1}, 0x10)
io_pgetevents(0x0, 0xb2b, 0x5, &(0x7f0000000300)=[{}, {}, {}, {}, {}], &(0x7f0000000080)={0x0, 0x3938700}, &(0x7f0000000140)={&(0x7f00000000c0)={[0x2]}, 0x8})

1.16141077s ago: executing program 6 (id=2588):
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xc0, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x2, @perf_config_ext={0xf60, 0xffffffff}, 0x1100, 0x5dd8, 0x3a65, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380)='$\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='\x00H\xeb', 0x0, r1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='syzkaller\x00', &(0x7f0000001140)='\xf1\x95\xb3>-\x8c\xd4\r\x01\xfa\xe2{eED\x0e\xaaPV\x11\xff\xb6j\xd4~6\x82^\x9b b', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000580)='\xa3\x04\x00', &(0x7f00000003c0)="c5", 0x1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='kfree\x00', &(0x7f0000000180)='\xfa.-\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000a40)='t`\x16{\xf9\x8eE5\xf7\xbbE\xc94I\xb4\xbap\xc7\x13\x0f\xa8\x8c.\xc8\xe5\xbc\xbeQ#\v$z\x7f:\xe5J\xad\xf1\xdc\x8dE\x90\xf8\x01\x1f\xdd\xa6!\xf0\x1a\x9b\'\x8a\x83Y\x8d\x01\xf8\xda$\x93\xbb|\x00', &(0x7f0000000a80)='U&~=\xd8G\x93\x14\xc9o\xaf\x8b\xd4-\xc5\x12\x8d\xc8\xf1\'\xcf\x92V\xceKg\x8b\xc3\x9e\xd6H\xad0`\xaf\x06\x00xOq\xb6H\x11', 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd608a35d400140600fc010000000000000000000000000001ff02000000000000000000000000000100004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5010885aed0b8a05c7f2c7e8b1a78391294fef5119866e9ec0f5e274c98d0b2fa53386ef103c"], 0x0)
unshare(0x8040600)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000007000000008000000100000000580000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
mq_notify(r4, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3, <r6=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000280)=r5}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r6}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r7}, 0x10)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
dup(r8)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, @void, @value}, 0x94)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x8, 0x80, 0xf, 0x0, 0x0, 0x3, 0x82, 0x0, 0x6000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000080), 0xf}, 0x8080, 0xffffffffffffff7d, 0x0, 0x4, 0x0, 0x20000000, 0x7}, 0x0, 0x1, r0, 0x2)

1.152308051s ago: executing program 5 (id=2589):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./bus\x00', 0x410c84, &(0x7f0000001040)={[{@block_validity}, {@i_version}, {@min_batch_time={'min_batch_time', 0x3d, 0x5}}, {@norecovery}, {@abort}]}, 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c5902, 0x0)
write(r0, 0x0, 0x0)

1.138229861s ago: executing program 4 (id=2591):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r2 = dup3(r1, r0, 0x80000)
recvmmsg(r2, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)

1.109701182s ago: executing program 6 (id=2592):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r0}, 0x18)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000340)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000080], 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000e9ffffffffffffff0000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108)

866.832696ms ago: executing program 6 (id=2593):
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x2, @perf_bp={0x0, 0xa}, 0x1000, 0x5dd8, 0x0, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x6)
symlinkat(&(0x7f0000000400)='./file0/../file0\x00', r1, &(0x7f00000003c0)='./file0\x00')

797.631587ms ago: executing program 6 (id=2594):
creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000000240), 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x1, 0x410, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xa5d4}, 0x4c58, 0xffffffffffffffff, 0x0, 0x1, 0x8, 0x2, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000200035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r4, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

796.852547ms ago: executing program 4 (id=2596):
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='mm_page_free\x00', r0, 0x0, 0xfffffffff7fffffe}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@fwd={0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x3}]}]}}, 0x0, 0x3e, 0x0, 0x2, 0x0, 0x0, @void, @value}, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r3 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}})

789.276137ms ago: executing program 5 (id=2597):
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x490582, 0x40)
getdents(r0, 0x0, 0x0)
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_open_pts(0xffffffffffffffff, 0x60c40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DEL_MFC_PROXY(r1, 0x0, 0xd3, &(0x7f00000004c0)={@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffffffffffffff, "8d0ed9f113d8eded8777c4c0b4ba456aaecda7801b1617bbbd1d11baa7f5c5fb", 0x5, 0x7, 0x1, 0x8}, 0x3c)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x9, 0xff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x14, 0xc8, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0xfffffffffffffffd}, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)

766.662307ms ago: executing program 4 (id=2598):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb703000000e31f008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000c00)='sys_enter\x00', r1}, 0x10)
io_pgetevents(0x0, 0xb2b, 0x5, &(0x7f0000000300)=[{}, {}, {}, {}, {}], &(0x7f0000000080)={0x0, 0x3938700}, &(0x7f0000000140)={&(0x7f00000000c0)={[0x2]}, 0x8})

750.934487ms ago: executing program 1 (id=2599):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b7040000000000008500000001000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_user(r2, &(0x7f0000000080)=ANY=[@ANYBLOB='system_u::bject_r:auth_cache_t r'], 0x27)

705.786959ms ago: executing program 4 (id=2600):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10)
r1 = syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r1, 0x0)

693.665049ms ago: executing program 1 (id=2601):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x1, 0x0)
fchdir(r2)
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f00000000c0)='./bus\x00', 0x20a241b, 0x0, 0x0, 0x0, &(0x7f0000000e40)) (fail_nth: 1)

693.322818ms ago: executing program 6 (id=2602):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000010018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000440)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10, @void, @value}, 0x94)
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000000)='./file0\x00', 0x1008002, &(0x7f00000003c0)=ANY=[], 0x1, 0x2ee, &(0x7f00000006c0)="$eJzs3M9PE1sUwPHTH5S2BMri5b28l7xwoxvdTKC6VhoDibGJBKnxR2IywFSbji2ZaTA1RnTl1vhHuCAs2ZEo/wAbd7px446NiQtZGMd0OkNpGUBKaRG+n4TMYe49nXtnBnLuhGHzzuvHxbyt5fWKhONKQiIiWyLDEhZfyNuG3TgmO72QiwPfPv5/6+69G5lsdmJaqcnMzKW0Umpo5N2TZwmv21q/bAw/2Pya/rLx98a/mz9nHhVsVbBVqVxRupotf67os6ah5gt2UVNqyjR021CFkm1Y9fZyvT1vlhcWqkovzQ8mFyzDtpVeqqqiUVWVsqpYVRV5qBdKStM0NZgUHCS3PD2tZ9pMnuvwYHBMLCujR0Qksaslt9yTAQEAgJ5qrf/DojpZ/6+cW68M3F4d8ur/tVhQ/X/5U/2zmur/uIgE1v/+8QPrf/1w9f/uiuhsOVL9j5NhJLZrV6gR1hqtjJ70fn5dL++vjLoB9T8AAAAAAAAAAAAAAAAAAAAAAH+CLcdJOY6T8rf+V7+IxEXE/z4gNSIiV3swZHTQEa4/ToHGi3vRIRHz1WJuMVffeh3WRcQUQ0YlJT/c+8FTi/03j1TNsLw3l7z8pcVcxG3J5KXg5o9Jqk9a8x1n8np2YkzVNef3SXJnflpS8ldwfjowPyYXzu/I1yQlH+akLKbMu+No5D8fU+razWxLfsLtBwAAAADAaaCpbYHrd03bq72ev72+bn0+EGmsr0cD1+dR+S/a27kDAAAAAHBW2NWnRd00DWufICEH92k/iB7TJ/sz/N0s/28Zjm+m+wT+wZua4t7Ojp+W0CFOyx5BWNrJGqnNRh11Fv5jo736yNR4965g0zD+efP2e+cOcWU1fsBM2w8i+98AfV37BQQAAACgaxpFv79nvLcDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAADgDOrGv0nr9RwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk+JXAAAA//+qDgR1")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r3, &(0x7f0000004200)='t', 0x1)
sendfile(r3, r2, 0x0, 0x3ffff)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)

494.324642ms ago: executing program 4 (id=2603):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x51857000)
socket(0x10, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000400396f7b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='kfree\x00', r0, 0x0, 0x8000000000}, 0x18)
r1 = socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x25, 0x4, @val=@netkit={@void, @value}}, 0x1c)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/uevent_seqnum', 0x8080, 0x112)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000980)=ANY=[@ANYRES32, @ANYRES32=r2, @ANYBLOB="0a0000000100000000000000", @ANYRES32, @ANYBLOB="e4deebc3beba36cb17cc320c32b21f3874ef5aabd2d36f681e4befedb4ff8b867f37072d50a4c9b831b9352d5f614adab4cb88afd185b4d72c98dc69743c3ef4fd6eb6b6e33bc68ac16b0f6703094823393590a12413725f921ed8242f906a985ce76af5ba2dc93d97396e955643b7a3cef68f3adb377702b88b4f6b9520f71e154ecf2754f87609195b247173e2186b96a94911f8", @ANYRES64=0x0], 0x20)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000))
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32, @ANYBLOB="0700000000000000000000000000000000000000279641a8bb06ff750332adbc1e3f29d7795d81c17b74d49c50b02b13e136f438eb2b260ae39f6f8d26c90be3b34d16dbbb9cb15b4c2724e52b2e5d83ffa16672d35c2045ac4bffd160", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'macvlan1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, @void, @value}, 0xa0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000480)={0x1ffffffffffffe63, &(0x7f00000000c0)=[{0xa, 0x11, 0x0, 0x6}]})
r5 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, r5)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0xfd, 0x7ffc0001}]})
semctl$IPC_INFO(0x0, 0x1, 0x3, &(0x7f0000000300)=""/130)
ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f0000000080)={0x0, 0x0, 0x4, 0x4, 0xff, 0x9})
ioprio_set$pid(0x3, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000dd2e31c1bfe4d103c57bcfefe065d5e372efe4a42069f7f8517e442a22c1bbd65e60671ca7118ef795840b2f1ec675776718a2dbf4b8a07c316cc413a4b2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x81901)

425.680383ms ago: executing program 1 (id=2604):
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x490582, 0x40)
getdents(r0, 0x0, 0x0)
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_open_pts(0xffffffffffffffff, 0x60c40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$MRT_DEL_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd3, &(0x7f00000004c0)={@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffffffffffffff, "8d0ed9f113d8eded8777c4c0b4ba456aaecda7801b1617bbbd1d11baa7f5c5fb", 0x5, 0x7, 0x1, 0x8}, 0x3c)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x9, 0xff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x14, 0xc8, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0xfffffffffffffffd}, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10)
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)

214.191357ms ago: executing program 4 (id=2607):
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x490582, 0x40)
getdents(r0, 0x0, 0x0)
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_pts(0xffffffffffffffff, 0x60c40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_DEL_MFC_PROXY(r1, 0x0, 0xd3, &(0x7f00000004c0)={@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffffffffffffff, "8d0ed9f113d8eded8777c4c0b4ba456aaecda7801b1617bbbd1d11baa7f5c5fb", 0x5, 0x7, 0x1, 0x8}, 0x3c)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x9, 0xff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x14, 0xc8, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9, 0x0, 0xfffffffffffffffd}, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)

163.639587ms ago: executing program 8 (id=2610):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_MASTER={0x8}, @IFLA_LINK={0x8}]}, 0x4c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0)

163.218957ms ago: executing program 8 (id=2611):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_MASTER={0x8, 0xa, r2}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x4c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x0)

69.363279ms ago: executing program 8 (id=2612):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_user(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='system_u::bject_r:auth_cache_t r'], 0x27)

38.51275ms ago: executing program 8 (id=2613):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10)
r1 = syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r1, 0x0)

17.50893ms ago: executing program 8 (id=2614):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
epoll_pwait(0xffffffffffffffff, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffff3, 0x0, 0x0)

0s ago: executing program 8 (id=2615):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x6800)
r1 = gettid()
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x4030582a, &(0x7f0000000200))
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_mount_image$ext4(&(0x7f0000001100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000000)={[{@errors_remount}, {@nobh}]}, 0x1, 0x51c, &(0x7f0000001300)="$eJzs3VFrY1kdAPD/vW26nZmuyarIOuC6uAudRSdpt+5uEdH1xX1aUNf3Wtu0lCZNadJ1Whbt4jcQQcEnQfBF8AMIyz74AWRhQF/EB1FRRGf0QVDnSpIbp5MmbXXbptP8fnAm55x7c//n3JKTe2/O3BvA2Ho2Il6NiImIeCEiinl9mqelduGgu979e2+ttFMSWfbGX5JI8rrettrlyYi40X1LTEfEV16L+HpyNG5zb39zuVar7uTlSqu+XWnu7d/eqC+vV9erWwsL8y8vvrL40uJcljumFzd/9NrS8f0s9TI//uLn3vnUN3679Kdb32w367MfiUL09eMsdbte6OyLnvY+2jmPYCMwkfenMOqGAABwKu1j/A9GxCc6x//FmOgczfWZGEXLAAAAgLOSfX4m/pVEZAAAAMCVlUbETCRpOZ8LMBNpOpVfG/hwXE9rjWbrk2uN3a3V9rKIUhTStY1adS6fK1yKQtIuz+dzbHvlF/vKCxHxVER8t3itUy6vNGqrI772AQAAAOPiRt/5/9+LaSd/sgH/TwAAAAC4vEpDCwAAAMBV4ZQfAAAArr7+8/93RtQOAAAA4Fx86fXX2ynrPf969c293c3Gm7dXq83Ncn13pbzS2Nkurzca65179tVP2l6t0dj+dGzt3qm0qs1Wpbm3v1Rv7G61ljYeeQQ2AAAAcIGe+vi7v0oi4uAz1zop8vsAAjzi96NuAHCWJkbdAGBk3MUbxldh1A0ARi45YbnJOwAA8Pib/ejR3/97z/93bQCuNnN9AGD8+P0fxlfBDEAYa2lEfKCbfWLYOkN////FaaNkWcR7xcM1ri8CAMDFmumkJC3n5wEzkablcsSTEWkpCsnaRq06l58f/LJYeKJdnu+8MzlxzjAAAAAAAAAAAAAAAAAAAAAAAAAA0JVlSWQAAADAlRaR/jHp3M0/Yrb4/Ez/9YGp5B/F+ENe+MEb37uz3GrtzLfr/9p5ltdURLS+n9e/OPTxYQAAAMBZSw6GLuqep+ev8xfaKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADGwP17b6300uH6qXOO++cvRERpUPzJmO68TkchIq7/LYnJQ+9LImLiDOIfvB0RTw+Kn8SDLMtKeSsGxb92zvFLnV0zOH4aETfOID6Ms3fb48+rgz5/aTzbeR38+ZvM0/s1fPxL88hPd8a5QePPk0e2Vh8Y4+bdn1aGxn874ubk4PGnN/4mQ+I/d2Rr/8yy7GiMr311f39Y/OyHEbMDv3+SR2JVWvXtSnNv//ZGfXm9ul7dWliYf3nxlcWXFucqaxu1av7vwBjf+djPHhzX/+sD4v/m193x97j+Pz9so33+fffOvQ91s4VB8W89N/D7dzqGxE/7vvvay2fz+uSgmz/smZ+898xx/V8dsv9P+vvfOmX/X/jyt393ylUBgAvQ3NvfXK7VqjvHZKZPsc7jmPn59KVoxv+Yyb7V/ctdlvb8v5n20erDml6vLkHDDmWyC4s1EZeky//NjHRYAgAAzsHDg/5RtwQAAAAAAAAAAAAAAAAAAADG10XcTqw/5sFougoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKz/BAAA///DxuEu")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
timer_create(0x2, &(0x7f00000003c0)={0x0, 0x800033, 0x4, @thr={&(0x7f0000000380)="62400b2785edae3d8bc9d6b2312f6831db997194321a6d60514cdc9fe2b1469525f3457c", &(0x7f0000000580)="f9a981edcfc9b597729ac8a6af04000000000000000c7334b8855f39f78fddc4d066aa856ed92a05d8e106400868c4cc088a2a3e86e86bc20cbf49308568bcba9be741a01b900bd9c59f81da75a9dc9523174e2fa61600000080b6ed22dacd95a9554b26d9"}}, &(0x7f00000004c0))
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a00010024000000000000001c140061"], 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x40090)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x18)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000200)=@generic={&(0x7f00000001c0)='./file0\x00', r6}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001140)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r9}, 0x10)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@ipv6_newroute={0x1c, 0x18, 0x309, 0x0, 0x0, {0xa, 0x0, 0x10, 0x0, 0x0, 0x0, 0xff, 0x7}}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x1000c840)

kernel console output (not intermixed with test programs):

[  128.914821][ T7879]  should_fail_ex+0x261/0x270
[  128.914856][ T7879]  should_fail+0xb/0x10
[  128.914875][ T7879]  should_fail_usercopy+0x1a/0x20
[  128.914899][ T7879]  _copy_from_user+0x1c/0xa0
[  128.915006][ T7879]  __x64_sys_epoll_ctl+0x93/0xf0
[  128.915029][ T7879]  x64_sys_call+0x2789/0x2e10
[  128.915123][ T7879]  do_syscall_64+0xc9/0x1c0
[  128.915153][ T7879]  ? clear_bhb_loop+0x25/0x80
[  128.915219][ T7879]  ? clear_bhb_loop+0x25/0x80
[  128.915242][ T7879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.915282][ T7879] RIP: 0033:0x7f1db5b1d169
[  128.915313][ T7879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.915332][ T7879] RSP: 002b:00007f1db417f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  128.915351][ T7879] RAX: ffffffffffffffda RBX: 00007f1db5d35fa0 RCX: 00007f1db5b1d169
[  128.915363][ T7879] RDX: 0000000000000004 RSI: 0000000000000003 RDI: 0000000000000003
[  128.915375][ T7879] RBP: 00007f1db417f090 R08: 0000000000000000 R09: 0000000000000000
[  128.915387][ T7879] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  128.915399][ T7879] R13: 0000000000000000 R14: 00007f1db5d35fa0 R15: 00007ffd4b51ef08
[  128.915417][ T7879]  </TASK>
[  128.916651][ T7880] loop1: detected capacity change from 0 to 128
[  128.945515][ T7883] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1572'.
[  129.151962][ T7895] netlink: 'syz.5.1575': attribute type 13 has an invalid length.
[  129.176564][ T7895] 8021q: adding VLAN 0 to HW filter on device team0
[  129.190406][ T7895] batman_adv: batadv0: Interface activated: team0
[  129.207033][   T10] kernel write not supported for file /652/attr/exec (pid: 10 comm: kworker/0:1)
[  129.227508][ T7895] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  129.260901][ T7910] loop6: detected capacity change from 0 to 512
[  129.274200][ T7910] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  129.300931][ T7903] IPVS: Unknown mcast interface: virt_wifi0
[  129.320565][ T7919] usb usb1: usbfs: process 7919 (syz.5.1584) did not claim interface 0 before use
[  129.330027][ T7920] loop8: detected capacity change from 0 to 128
[  129.339289][ T7910] EXT4-fs (loop6): 1 truncate cleaned up
[  129.348417][ T7910] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.365584][ T7910] SELinux: syz.6.1582 (7910) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  129.433029][ T7929] loop1: detected capacity change from 0 to 128
[  129.478974][ T4459] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.581678][ T7942] loop6: detected capacity change from 0 to 1024
[  129.620425][ T7925] bond1: entered promiscuous mode
[  129.625916][ T7925] bond1: entered allmulticast mode
[  129.632072][ T7925] 8021q: adding VLAN 0 to HW filter on device bond1
[  129.756639][ T7925] bond1 (unregistering): Released all slaves
[  129.777994][ T7948] netlink: 'syz.1.1594': attribute type 13 has an invalid length.
[  129.818792][ T7952] usb usb1: usbfs: process 7952 (syz.6.1596) did not claim interface 0 before use
[  129.852101][ T7954] netlink: '+}[@': attribute type 1 has an invalid length.
[  129.859406][ T7954] netlink: '+}[@': attribute type 2 has an invalid length.
[  129.868417][ T7948] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  130.101566][ T7970] loop5: detected capacity change from 0 to 1024
[  130.576717][ T7979] SET target dimension over the limit!
[  130.911395][ T7981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7981 comm=syz.4.1607
[  130.938307][ T7983] usb usb1: usbfs: process 7983 (syz.1.1608) did not claim interface 0 before use
[  130.960920][ T7981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7981 comm=syz.4.1607
[  131.035441][ T7981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7981 comm=syz.4.1607
[  131.056584][ T7989] netlink: 'syz.5.1609': attribute type 13 has an invalid length.
[  131.098172][ T7981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7981 comm=syz.4.1607
[  131.123702][ T7989] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  131.158111][ T7993] loop1: detected capacity change from 0 to 512
[  131.166440][ T7981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7981 comm=syz.4.1607
[  131.210344][ T7993] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  131.227386][ T7981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7981 comm=syz.4.1607
[  131.278211][ T7993] ext4 filesystem being mounted at /338/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  131.290206][ T7981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7981 comm=syz.4.1607
[  131.348176][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.366188][ T7981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7981 comm=syz.4.1607
[  131.409695][ T7981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7981 comm=syz.4.1607
[  131.473242][ T7981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=7981 comm=syz.4.1607
[  131.496528][ T8005] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1616'.
[  131.568086][ T1108] kernel write not supported for file /682/attr/exec (pid: 1108 comm: kworker/1:2)
[  131.580385][ T8010] loop5: detected capacity change from 0 to 128
[  131.610976][ T8013] loop6: detected capacity change from 0 to 1024
[  131.923095][ T8027] loop8: detected capacity change from 0 to 512
[  131.961541][ T8027] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  131.993614][ T8027] ext4 filesystem being mounted at /66/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  132.055225][ T6872] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.089609][    T9] kernel write not supported for file /613/attr/exec (pid: 9 comm: kworker/0:0)
[  132.111728][ T8039] netlink: 168 bytes leftover after parsing attributes in process `syz.8.1628'.
[  132.152336][ T8039] loop8: detected capacity change from 0 to 256
[  132.171073][ T8039] FAT-fs (loop8): codepage cp857 not found
[  132.182642][ T8039] 9pnet_fd: Insufficient options for proto=fd
[  132.316936][ T8048] loop1: detected capacity change from 0 to 512
[  132.327900][ T8048] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  132.350901][ T8048] EXT4-fs (loop1): 1 truncate cleaned up
[  132.356950][ T8048] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  132.375285][ T8048] SELinux: syz.1.1632 (8048) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  132.402268][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.439224][ T8056] SELinux: syz.1.1634 (8056) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  132.440214][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881800e6200: rx timeout, send abort
[  132.453010][ T8056] FAULT_INJECTION: forcing a failure.
[  132.453010][ T8056] name failslab, interval 1, probability 0, space 0, times 0
[  132.473686][ T8056] CPU: 0 UID: 0 PID: 8056 Comm: syz.1.1634 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  132.473783][ T8056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  132.473795][ T8056] Call Trace:
[  132.473801][ T8056]  <TASK>
[  132.473808][ T8056]  dump_stack_lvl+0xf6/0x150
[  132.473833][ T8056]  dump_stack+0x15/0x1a
[  132.473856][ T8056]  should_fail_ex+0x261/0x270
[  132.473882][ T8056]  should_failslab+0x8f/0xb0
[  132.473931][ T8056]  __kmalloc_cache_noprof+0x55/0x320
[  132.473950][ T8056]  ? security_get_user_sids+0xc2/0x970
[  132.474013][ T8056]  security_get_user_sids+0xc2/0x970
[  132.474037][ T8056]  ? security_context_to_sid_core+0x377/0x3b0
[  132.474063][ T8056]  ? security_context_to_sid_core+0x37f/0x3b0
[  132.474089][ T8056]  sel_write_user+0x29f/0x430
[  132.474121][ T8056]  selinux_transaction_write+0xba/0x100
[  132.474180][ T8056]  ? __pfx_selinux_transaction_write+0x10/0x10
[  132.474206][ T8056]  vfs_write+0x295/0x950
[  132.474229][ T8056]  ? putname+0xe1/0x100
[  132.474244][ T8056]  ? __fget_files+0x186/0x1c0
[  132.474314][ T8056]  ksys_write+0xeb/0x1b0
[  132.474343][ T8056]  __x64_sys_write+0x42/0x50
[  132.474387][ T8056]  x64_sys_call+0x2a45/0x2e10
[  132.474467][ T8056]  do_syscall_64+0xc9/0x1c0
[  132.474497][ T8056]  ? clear_bhb_loop+0x25/0x80
[  132.474519][ T8056]  ? clear_bhb_loop+0x25/0x80
[  132.474542][ T8056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.474562][ T8056] RIP: 0033:0x7fac3890d169
[  132.474601][ T8056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.474619][ T8056] RSP: 002b:00007fac36f77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  132.474637][ T8056] RAX: ffffffffffffffda RBX: 00007fac38b25fa0 RCX: 00007fac3890d169
[  132.474650][ T8056] RDX: 0000000000000027 RSI: 0000200000000040 RDI: 0000000000000003
[  132.474661][ T8056] RBP: 00007fac36f77090 R08: 0000000000000000 R09: 0000000000000000
[  132.474697][ T8056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.474709][ T8056] R13: 0000000000000000 R14: 00007fac38b25fa0 R15: 00007ffd8973b058
[  132.474729][ T8056]  </TASK>
[  132.743826][ T8064] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1638'.
[  132.940255][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881800e6600: rx timeout, send abort
[  132.961035][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881800e6200: abort rx timeout. Force session deactivation
[  132.988597][   T29] kauditd_printk_skb: 154 callbacks suppressed
[  132.988610][   T29] audit: type=1326 audit(1743896997.078:4874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.8.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  133.020792][ T8070] FAULT_INJECTION: forcing a failure.
[  133.020792][ T8070] name failslab, interval 1, probability 0, space 0, times 0
[  133.024534][ T7886] kernel write not supported for file /618/attr/exec (pid: 7886 comm: kworker/1:5)
[  133.033568][ T8070] CPU: 0 UID: 0 PID: 8070 Comm: syz.8.1639 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  133.033598][ T8070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  133.033611][ T8070] Call Trace:
[  133.033618][ T8070]  <TASK>
[  133.033625][ T8070]  dump_stack_lvl+0xf6/0x150
[  133.033651][ T8070]  dump_stack+0x15/0x1a
[  133.033705][ T8070]  should_fail_ex+0x261/0x270
[  133.033736][ T8070]  should_failslab+0x8f/0xb0
[  133.033770][ T8070]  __kmalloc_cache_noprof+0x55/0x320
[  133.033845][ T8070]  ? audit_log_d_path+0x8e/0x150
[  133.033952][ T8070]  audit_log_d_path+0x8e/0x150
[  133.033976][ T8070]  audit_log_d_path_exe+0x42/0x70
[  133.034065][ T8070]  audit_log_task+0x1f1/0x250
[  133.034088][ T8070]  audit_seccomp+0x68/0x130
[  133.034169][ T8070]  __seccomp_filter+0x694/0x10e0
[  133.034202][ T8070]  ? vfs_write+0x669/0x950
[  133.034232][ T8070]  ? putname+0xe1/0x100
[  133.034316][ T8070]  __secure_computing+0x7e/0x160
[  133.034354][ T8070]  syscall_trace_enter+0xcf/0x1f0
[  133.034385][ T8070]  ? fpregs_assert_state_consistent+0x83/0xa0
[  133.034460][ T8070]  do_syscall_64+0xaa/0x1c0
[  133.034491][ T8070]  ? clear_bhb_loop+0x25/0x80
[  133.034515][ T8070]  ? clear_bhb_loop+0x25/0x80
[  133.034538][ T8070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.034622][ T8070] RIP: 0033:0x7f507cfcd169
[  133.034637][ T8070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.034722][ T8070] RSP: 002b:00007f507b637038 EFLAGS: 00000246 ORIG_RAX: 000000000000004f
[  133.034822][ T8070] RAX: ffffffffffffffda RBX: 00007f507d1e5fa0 RCX: 00007f507cfcd169
[  133.034835][ T8070] RDX: 0000000000000000 RSI: 000000000000005b RDI: 0000200000000680
[  133.034848][ T8070] RBP: 00007f507b637090 R08: 0000000000000000 R09: 0000000000000000
[  133.034861][ T8070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.034873][ T8070] R13: 0000000000000000 R14: 00007f507d1e5fa0 R15: 00007fff1f00a168
[  133.034925][ T8070]  </TASK>
[  133.066846][   T29] audit: type=1326 audit(1743896997.108:4875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.8.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  133.266783][   T29] audit: type=1326 audit(1743896997.108:4876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.8.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f507cfcbad0 code=0x7ffc0000
[  133.290141][   T29] audit: type=1326 audit(1743896997.108:4877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.8.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f507cfcbc1f code=0x7ffc0000
[  133.313441][   T29] audit: type=1326 audit(1743896997.108:4878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.8.1639" exe="<no_memory>" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  133.336195][   T29] audit: type=1326 audit(1743896997.138:4879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.8.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f507cfcbb7c code=0x7ffc0000
[  133.359475][   T29] audit: type=1326 audit(1743896997.138:4880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.8.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f507cfcbc1f code=0x7ffc0000
[  133.382704][   T29] audit: type=1326 audit(1743896997.138:4881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.8.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f507cfcbdca code=0x7ffc0000
[  133.405934][   T29] audit: type=1326 audit(1743896997.138:4882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.8.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  133.448519][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881800e6600: abort rx timeout. Force session deactivation
[  133.491877][   T29] audit: type=1326 audit(1743896997.578:4883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8087 comm="syz.8.1647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  133.555288][ T8093] loop8: detected capacity change from 0 to 512
[  133.561751][ T8093] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  133.567910][ T8099] netlink: 'syz.5.1653': attribute type 13 has an invalid length.
[  133.586450][ T8099] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  133.631605][ T7886] kernel write not supported for file /929/attr/exec (pid: 7886 comm: kworker/1:5)
[  133.647590][ T8104] loop8: detected capacity change from 0 to 512
[  133.678102][ T8104] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  133.701618][ T8104] EXT4-fs (loop8): 1 truncate cleaned up
[  133.709292][ T8104] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  133.743269][ T8104] SELinux: syz.8.1655 (8104) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  133.761582][ T8097] SELinux: syz.6.1651 (8097) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  133.781394][ T6872] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.835014][ T8123] loop4: detected capacity change from 0 to 256
[  133.901544][ T8132] netlink: 'syz.5.1667': attribute type 13 has an invalid length.
[  133.921880][ T8132] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  134.008488][ T8139] netlink: 100 bytes leftover after parsing attributes in process `syz.5.1670'.
[  134.080255][ T8146] netlink: '+}[@': attribute type 1 has an invalid length.
[  134.087516][ T8146] netlink: '+}[@': attribute type 2 has an invalid length.
[  134.189373][ T8155] netlink: 168 bytes leftover after parsing attributes in process `syz.5.1677'.
[  134.215521][ T8155] loop5: detected capacity change from 0 to 256
[  134.229454][ T8155] FAT-fs (loop5): codepage cp857 not found
[  134.488095][ T8166] netlink: 168 bytes leftover after parsing attributes in process `syz.8.1680'.
[  134.490076][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881652a7000: rx timeout, send abort
[  134.538143][ T8166] loop8: detected capacity change from 0 to 256
[  134.598468][ T8166] FAT-fs (loop8): codepage cp857 not found
[  134.631520][ T8166] 9pnet: p9_errstr2errno: server reported unknown error �@��hQI���t
[  134.853257][ T8181] usb usb1: usbfs: process 8181 (syz.6.1685) did not claim interface 0 before use
[  134.932766][    C1] vcan0: j1939_tp_rxtimer: 0xffff888110d7c600: rx timeout, send abort
[  134.990101][    C0] vcan0: j1939_tp_rxtimer: 0xffff888164941800: rx timeout, send abort
[  135.005364][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881652a7000: abort rx timeout. Force session deactivation
[  135.106761][ T8185] netlink: '+}[@': attribute type 1 has an invalid length.
[  135.114178][ T8185] netlink: '+}[@': attribute type 2 has an invalid length.
[  135.182870][ T8187] loop5: detected capacity change from 0 to 1024
[  135.432806][    C1] vcan0: j1939_tp_rxtimer: 0xffff888110d7c800: rx timeout, send abort
[  135.441051][    C1] vcan0: j1939_tp_rxtimer: 0xffff888110d7c600: abort rx timeout. Force session deactivation
[  135.498347][    C0] vcan0: j1939_tp_rxtimer: 0xffff888164941800: abort rx timeout. Force session deactivation
[  135.540530][ T7886] kernel write not supported for file /732/attr/exec (pid: 7886 comm: kworker/1:5)
[  135.641493][ T8208] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1697'.
[  135.651099][ T7886] kernel write not supported for file /194/attr/exec (pid: 7886 comm: kworker/1:5)
[  135.677928][ T8210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  135.691207][ T8210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  135.710721][ T8214] netlink: 148 bytes leftover after parsing attributes in process `syz.8.1700'.
[  135.779161][ T8218] usb usb1: usbfs: process 8218 (syz.8.1701) did not claim interface 0 before use
[  135.941029][    C1] vcan0: j1939_tp_rxtimer: 0xffff888110d7c800: abort rx timeout. Force session deactivation
[  136.087163][ T7886] kernel write not supported for file /945/attr/exec (pid: 7886 comm: kworker/1:5)
[  136.429795][ T8236] netlink: 'syz.6.1706': attribute type 13 has an invalid length.
[  136.533621][ T8236] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  136.586435][ T8240] loop5: detected capacity change from 0 to 128
[  138.046112][   T29] kauditd_printk_skb: 205 callbacks suppressed
[  138.046143][   T29] audit: type=1326 audit(1743897002.138:5089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8253 comm="syz.4.1710" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  138.521902][ T8258] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1711'.
[  138.546471][ T8260] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1713'.
[  138.685985][   T29] audit: type=1326 audit(1743897002.768:5090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8267 comm="syz.5.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  138.709556][   T29] audit: type=1326 audit(1743897002.768:5091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8267 comm="syz.5.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  138.733272][   T29] audit: type=1326 audit(1743897002.768:5092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8267 comm="syz.5.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  138.756744][   T29] audit: type=1326 audit(1743897002.768:5093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8267 comm="syz.5.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  138.780164][   T29] audit: type=1326 audit(1743897002.768:5094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8267 comm="syz.5.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  138.803559][   T29] audit: type=1326 audit(1743897002.768:5095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8267 comm="syz.5.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  138.826957][   T29] audit: type=1326 audit(1743897002.768:5096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8267 comm="syz.5.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  138.850430][   T29] audit: type=1326 audit(1743897002.768:5097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8267 comm="syz.5.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  138.873739][   T29] audit: type=1326 audit(1743897002.768:5098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8267 comm="syz.5.1716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  138.976846][ T1108] kernel write not supported for file /212/attr/exec (pid: 1108 comm: kworker/1:2)
[  138.998870][ T8274] loop6: detected capacity change from 0 to 128
[  139.001753][ T8278] loop4: detected capacity change from 0 to 1024
[  139.104135][ T8289] loop8: detected capacity change from 0 to 2048
[  139.110789][ T8289] EXT4-fs: Ignoring removed i_version option
[  139.127216][ T8294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.137982][ T8294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.147903][ T8289] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.289481][ T8310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.298215][ T8310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.318592][ T7886] kernel write not supported for file /966/attr/exec (pid: 7886 comm: kworker/1:5)
[  139.335629][ T6872] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.376893][ T8318] netlink: 168 bytes leftover after parsing attributes in process `syz.8.1735'.
[  139.396480][ T8318] loop8: detected capacity change from 0 to 256
[  139.412112][ T8318] FAT-fs (loop8): codepage cp857 not found
[  139.422580][ T8318] 9pnet: p9_errstr2errno: server reported unknown error �@��hQI���t
[  139.667153][ T8334] FAULT_INJECTION: forcing a failure.
[  139.667153][ T8334] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.680327][ T8334] CPU: 0 UID: 0 PID: 8334 Comm: syz.4.1741 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  139.680352][ T8334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  139.680366][ T8334] Call Trace:
[  139.680372][ T8334]  <TASK>
[  139.680379][ T8334]  dump_stack_lvl+0xf6/0x150
[  139.680403][ T8334]  dump_stack+0x15/0x1a
[  139.680421][ T8334]  should_fail_ex+0x261/0x270
[  139.680505][ T8334]  should_fail+0xb/0x10
[  139.680576][ T8334]  should_fail_usercopy+0x1a/0x20
[  139.680600][ T8334]  _copy_to_user+0x20/0xa0
[  139.680633][ T8334]  simple_read_from_buffer+0xb2/0x130
[  139.680665][ T8334]  proc_fail_nth_read+0x103/0x140
[  139.680762][ T8334]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  139.680856][ T8334]  vfs_read+0x1b2/0x710
[  139.680878][ T8334]  ? __rcu_read_unlock+0x4e/0x70
[  139.680902][ T8334]  ? __fget_files+0x186/0x1c0
[  139.680994][ T8334]  ksys_read+0xeb/0x1b0
[  139.681018][ T8334]  __x64_sys_read+0x42/0x50
[  139.681085][ T8334]  x64_sys_call+0x2a3b/0x2e10
[  139.681147][ T8334]  do_syscall_64+0xc9/0x1c0
[  139.681176][ T8334]  ? clear_bhb_loop+0x25/0x80
[  139.681199][ T8334]  ? clear_bhb_loop+0x25/0x80
[  139.681221][ T8334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.681241][ T8334] RIP: 0033:0x7fd94ef5bb7c
[  139.681326][ T8334] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  139.681344][ T8334] RSP: 002b:00007fd94d5bf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  139.681382][ T8334] RAX: ffffffffffffffda RBX: 00007fd94f175fa0 RCX: 00007fd94ef5bb7c
[  139.681392][ T8334] RDX: 000000000000000f RSI: 00007fd94d5bf0a0 RDI: 0000000000000004
[  139.681402][ T8334] RBP: 00007fd94d5bf090 R08: 0000000000000000 R09: 0000000000000000
[  139.681412][ T8334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.681493][ T8334] R13: 0000000000000000 R14: 00007fd94f175fa0 R15: 00007ffe0ca4f068
[  139.681511][ T8334]  </TASK>
[  139.877215][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881867e5800: rx timeout, send abort
[  139.919891][ T3379] kernel write not supported for file /984/attr/exec (pid: 3379 comm: kworker/0:4)
[  140.056325][ T8354] netlink: 'syz.5.1749': attribute type 13 has an invalid length.
[  140.076231][ T8354] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  140.119903][ T8361] loop5: detected capacity change from 0 to 256
[  140.226114][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881867e5e00: rx timeout, send abort
[  140.247493][ T8369] FAULT_INJECTION: forcing a failure.
[  140.247493][ T8369] name failslab, interval 1, probability 0, space 0, times 0
[  140.260175][ T8369] CPU: 0 UID: 0 PID: 8369 Comm: syz.4.1755 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  140.260203][ T8369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  140.260270][ T8369] Call Trace:
[  140.260276][ T8369]  <TASK>
[  140.260283][ T8369]  dump_stack_lvl+0xf6/0x150
[  140.260306][ T8369]  dump_stack+0x15/0x1a
[  140.260323][ T8369]  should_fail_ex+0x261/0x270
[  140.260351][ T8369]  should_failslab+0x8f/0xb0
[  140.260420][ T8369]  kmem_cache_alloc_noprof+0x59/0x340
[  140.260444][ T8369]  ? skb_clone+0x154/0x1f0
[  140.260474][ T8369]  skb_clone+0x154/0x1f0
[  140.260569][ T8369]  __netlink_deliver_tap+0x2bd/0x4f0
[  140.260599][ T8369]  netlink_unicast+0x69e/0x6c0
[  140.260623][ T8369]  netlink_sendmsg+0x609/0x720
[  140.260649][ T8369]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.260669][ T8369]  __sock_sendmsg+0x140/0x180
[  140.260744][ T8369]  ____sys_sendmsg+0x350/0x4e0
[  140.260879][ T8369]  __sys_sendmsg+0x1a0/0x240
[  140.260914][ T8369]  __x64_sys_sendmsg+0x46/0x50
[  140.260937][ T8369]  x64_sys_call+0x26f3/0x2e10
[  140.260968][ T8369]  do_syscall_64+0xc9/0x1c0
[  140.260999][ T8369]  ? clear_bhb_loop+0x25/0x80
[  140.261022][ T8369]  ? clear_bhb_loop+0x25/0x80
[  140.261044][ T8369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.261066][ T8369] RIP: 0033:0x7fd94ef5d169
[  140.261089][ T8369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.261104][ T8369] RSP: 002b:00007fd94d5bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.261124][ T8369] RAX: ffffffffffffffda RBX: 00007fd94f175fa0 RCX: 00007fd94ef5d169
[  140.261136][ T8369] RDX: 0000000020050800 RSI: 00002000000000c0 RDI: 0000000000000005
[  140.261149][ T8369] RBP: 00007fd94d5bf090 R08: 0000000000000000 R09: 0000000000000000
[  140.261179][ T8369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.261192][ T8369] R13: 0000000000000000 R14: 00007fd94f175fa0 R15: 00007ffe0ca4f068
[  140.261211][ T8369]  </TASK>
[  140.261262][ T8369] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1755'.
[  140.291044][ T7886] kernel write not supported for file /764/attr/exec (pid: 7886 comm: kworker/1:5)
[  140.302334][ T8369] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1755'.
[  140.370422][ T8376] loop5: detected capacity change from 0 to 512
[  140.385430][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881867e5800: abort rx timeout. Force session deactivation
[  140.422781][ T8376] EXT4-fs: Ignoring removed oldalloc option
[  140.576038][ T8369] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1755'.
[  140.589444][ T8369] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1755'.
[  140.650359][ T8369] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1755'.
[  140.669497][ T8369] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1755'.
[  140.686948][ T8376] EXT4-fs error (device loop5): ext4_xattr_inode_iget:433: comm syz.5.1754: Parent and EA inode have the same ino 15
[  140.701396][ T8376] EXT4-fs (loop5): 1 orphan inode deleted
[  140.708927][ T8376] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.734606][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881867e5e00: abort rx timeout. Force session deactivation
[  140.762553][ T8376] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.212529][ T8403] loop6: detected capacity change from 0 to 256
[  141.387775][ T3913] kernel write not supported for file /1004/attr/exec (pid: 3913 comm: kworker/1:4)
[  141.510549][ T8416] netlink: 'syz.4.1770': attribute type 3 has an invalid length.
[  141.589395][ T8416] loop4: detected capacity change from 0 to 2048
[  141.616397][ T8416] EXT4-fs: Ignoring removed i_version option
[  141.666041][ T8416] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  141.724049][ T8432] loop6: detected capacity change from 0 to 512
[  141.731043][ T8432] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  141.847682][ T3913] kernel write not supported for file /233/attr/exec (pid: 3913 comm: kworker/1:4)
[  142.022450][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.220291][ T8462] usb usb1: usbfs: process 8462 (syz.4.1783) did not claim interface 0 before use
[  142.248684][ T8464] usb usb1: usbfs: process 8464 (syz.6.1789) did not claim interface 0 before use
[  142.320724][ T8455] vlan2: entered allmulticast mode
[  142.408021][ T8478] netlink: 'syz.6.1795': attribute type 3 has an invalid length.
[  142.425437][ T8478] loop6: detected capacity change from 0 to 2048
[  142.432727][ T8478] EXT4-fs: Ignoring removed i_version option
[  142.447288][ T8478] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  142.597561][ T8490] loop5: detected capacity change from 0 to 512
[  142.604461][ T8490] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  142.622591][ T8490] EXT4-fs (loop5): 1 truncate cleaned up
[  142.628896][ T8490] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  142.647007][ T8490] SELinux: syz.5.1798 (8490) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  142.821242][ T4324] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.833020][ T4459] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.069541][ T8495] FAULT_INJECTION: forcing a failure.
[  143.069541][ T8495] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  143.082670][ T8495] CPU: 0 UID: 0 PID: 8495 Comm: syz.1.1801 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  143.082721][ T8495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  143.082734][ T8495] Call Trace:
[  143.082740][ T8495]  <TASK>
[  143.082747][ T8495]  dump_stack_lvl+0xf6/0x150
[  143.082771][ T8495]  dump_stack+0x15/0x1a
[  143.082786][ T8495]  should_fail_ex+0x261/0x270
[  143.082886][ T8495]  should_fail+0xb/0x10
[  143.082905][ T8495]  should_fail_usercopy+0x1a/0x20
[  143.082987][ T8495]  _copy_from_user+0x1c/0xa0
[  143.083019][ T8495]  __sys_bpf+0x16a/0x800
[  143.083046][ T8495]  __x64_sys_bpf+0x43/0x50
[  143.083066][ T8495]  x64_sys_call+0x23da/0x2e10
[  143.083095][ T8495]  do_syscall_64+0xc9/0x1c0
[  143.083179][ T8495]  ? clear_bhb_loop+0x25/0x80
[  143.083201][ T8495]  ? clear_bhb_loop+0x25/0x80
[  143.083223][ T8495]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.083244][ T8495] RIP: 0033:0x7fac3890d169
[  143.083272][ T8495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.083288][ T8495] RSP: 002b:00007fac36f77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  143.083307][ T8495] RAX: ffffffffffffffda RBX: 00007fac38b25fa0 RCX: 00007fac3890d169
[  143.083343][ T8495] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  143.083370][ T8495] RBP: 00007fac36f77090 R08: 0000000000000000 R09: 0000000000000000
[  143.083381][ T8495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.083391][ T8495] R13: 0000000000000000 R14: 00007fac38b25fa0 R15: 00007ffd8973b058
[  143.083406][ T8495]  </TASK>
[  143.482299][   T29] kauditd_printk_skb: 74 callbacks suppressed
[  143.482321][   T29] audit: type=1326 audit(1743897007.568:5173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8502 comm="syz.1.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fac38904127 code=0x7ffc0000
[  143.547535][   T29] audit: type=1326 audit(1743897007.598:5174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8502 comm="syz.1.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fac388a9359 code=0x7ffc0000
[  143.570944][   T29] audit: type=1326 audit(1743897007.598:5175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8502 comm="syz.1.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac3890d169 code=0x7ffc0000
[  143.594434][   T29] audit: type=1326 audit(1743897007.598:5176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8502 comm="syz.1.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fac38904127 code=0x7ffc0000
[  143.617880][   T29] audit: type=1326 audit(1743897007.598:5177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8502 comm="syz.1.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fac388a9359 code=0x7ffc0000
[  143.641295][   T29] audit: type=1326 audit(1743897007.598:5178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8502 comm="syz.1.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fac38904127 code=0x7ffc0000
[  143.664625][   T29] audit: type=1326 audit(1743897007.598:5179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8502 comm="syz.1.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fac388a9359 code=0x7ffc0000
[  143.687942][   T29] audit: type=1326 audit(1743897007.598:5180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8502 comm="syz.1.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fac38904127 code=0x7ffc0000
[  143.711326][   T29] audit: type=1326 audit(1743897007.598:5181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8502 comm="syz.1.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fac388a9359 code=0x7ffc0000
[  143.734615][   T29] audit: type=1326 audit(1743897007.598:5182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8502 comm="syz.1.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fac38904127 code=0x7ffc0000
[  143.799416][ T8508] loop5: detected capacity change from 0 to 128
[  143.824707][ T8515] usb usb1: usbfs: process 8515 (syz.6.1800) did not claim interface 0 before use
[  143.881557][ T8517] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.897258][ T8519] 9pnet_fd: Insufficient options for proto=fd
[  143.907289][ T8517] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.200878][ T8542] loop6: detected capacity change from 0 to 128
[  144.279265][ T8546] usb usb1: usbfs: process 8546 (syz.6.1821) did not claim interface 0 before use
[  144.305520][ T8548] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1822'.
[  144.456187][ T8552] loop6: detected capacity change from 0 to 1024
[  144.485089][ T8554] usb usb1: usbfs: process 8554 (syz.5.1825) did not claim interface 0 before use
[  144.499814][ T8554] 9pnet_fd: Insufficient options for proto=fd
[  144.810865][ T8574] SELinux: syz.1.1834 (8574) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  144.849150][ T8579] selinux_netlink_send: 25 callbacks suppressed
[  144.849162][ T8579] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=8579 comm=syz.4.1837
[  144.867855][ T8579] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8579 comm=syz.4.1837
[  145.214247][ T8592] vhci_hcd: default hub control req: 0000 v0000 i0000 l0
[  145.231206][ T8595] SELinux: syz.8.1841 (8595) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  145.591090][ T8610] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=12307 sclass=netlink_xfrm_socket pid=8610 comm=syz.6.1846
[  145.657408][ T8614] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  145.710524][ T8614] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  147.055099][ T8639] SELinux: syz.5.1854 (8639) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  147.118402][ T8641] loop4: detected capacity change from 0 to 512
[  147.145864][ T8641] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  147.462442][ T8662] usb usb1: usbfs: process 8662 (syz.5.1864) did not claim interface 0 before use
[  147.562892][ T8669] SELinux: syz.1.1867 (8669) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  147.651822][ T8673] usb usb1: usbfs: process 8673 (syz.5.1869) did not claim interface 0 before use
[  147.918955][ T8691] loop5: detected capacity change from 0 to 512
[  147.928793][ T8691] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  147.937884][ T8691] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  147.961434][ T8691] EXT4-fs (loop5): warning: checktime reached, running e2fsck is recommended
[  147.979837][ T8691] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  147.991111][ T8702] usb usb1: usbfs: process 8702 (syz.4.1881) did not claim interface 0 before use
[  147.999360][ T8691] System zones: 0-2, 18-18, 34-34
[  148.009047][ T8691] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1132: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  148.025084][ T8705] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  148.034167][ T8705] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  148.040400][ T8691] EXT4-fs (loop5): 1 truncate cleaned up
[  148.066391][ T8691] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  148.725367][ T8729] loop1: detected capacity change from 0 to 256
[  149.010839][ T8735] loop1: detected capacity change from 0 to 128
[  149.265501][ T4324] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.401599][ T8748] loop6: detected capacity change from 0 to 512
[  149.415676][   T29] kauditd_printk_skb: 309 callbacks suppressed
[  149.415687][   T29] audit: type=1326 audit(1743897013.508:5492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.8.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  149.455836][ T8748] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  149.533683][   T29] audit: type=1326 audit(1743897013.538:5493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.8.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  149.557225][   T29] audit: type=1326 audit(1743897013.538:5494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.8.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  149.580652][   T29] audit: type=1326 audit(1743897013.538:5495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.8.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  149.604003][   T29] audit: type=1326 audit(1743897013.538:5496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.8.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  149.627497][   T29] audit: type=1326 audit(1743897013.538:5497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.8.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  149.651001][   T29] audit: type=1326 audit(1743897013.538:5498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.8.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  149.674436][   T29] audit: type=1326 audit(1743897013.538:5499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.8.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  149.698051][   T29] audit: type=1326 audit(1743897013.538:5500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.8.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  149.721493][   T29] audit: type=1326 audit(1743897013.538:5501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.8.1890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  150.003920][ T8762] usb usb1: usbfs: process 8762 (syz.5.1894) did not claim interface 0 before use
[  150.301591][ T8785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  150.337327][ T8787] loop5: detected capacity change from 0 to 512
[  150.358777][ T8785] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.381034][ T8787] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  150.944947][ T8795] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=8795 comm=syz.1.1913
[  151.207472][ T8808] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1918'.
[  151.500218][ T8827] netlink: 'syz.1.1926': attribute type 13 has an invalid length.
[  151.583413][ T8827] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  151.663051][ T8836] usb usb1: usbfs: process 8836 (syz.8.1930) did not claim interface 0 before use
[  151.848640][ T8857] loop4: detected capacity change from 0 to 512
[  151.871811][ T8859] netlink: 'syz.6.1937': attribute type 3 has an invalid length.
[  151.898226][ T8864] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1939'.
[  151.899636][ T8857] EXT4-fs error (device loop4): ext4_orphan_get:1416: comm syz.4.1936: bad orphan inode 15
[  151.931671][ T8859] loop6: detected capacity change from 0 to 2048
[  151.962893][ T8859] EXT4-fs: Ignoring removed i_version option
[  151.969061][ T8857] ext4_test_bit(bit=14, block=18) = 1
[  151.974655][ T8857] is_bad_inode(inode)=0
[  151.978847][ T8857] NEXT_ORPHAN(inode)=1023
[  151.983247][ T8857] max_ino=32
[  151.986482][ T8857] i_nlink=0
[  151.992100][ T8857] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2962: inode #15: comm syz.4.1936: corrupted xattr block 19: invalid header
[  152.009745][ T8859] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.010028][ T8857] EXT4-fs warning (device loop4): ext4_evict_inode:279: xattr delete (err -117)
[  152.033462][ T8857] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none.
[  152.050044][ T8857] ext4 filesystem being mounted at /428/�q�Y�3aK supports timestamps until 2038-01-19 (0x7fffffff)
[  152.101698][ T8876] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1944'.
[  152.136730][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0009-000000000000.
[  152.219449][ T8890] SELinux: syz.4.1946 (8890) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  152.345936][ T4459] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.361888][ T8901] loop4: detected capacity change from 0 to 128
[  152.737220][ T8917] netlink: 168 bytes leftover after parsing attributes in process `syz.8.1960'.
[  152.754840][ T8919] loop1: detected capacity change from 0 to 512
[  152.782257][ T8919] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  152.877630][ T8923] netlink: 'syz.4.1962': attribute type 3 has an invalid length.
[  152.998614][ T8923] loop4: detected capacity change from 0 to 2048
[  153.022637][ T8925] SELinux: syz.1.1963 (8925) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  153.050701][ T8923] EXT4-fs: Ignoring removed i_version option
[  153.086556][ T8923] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.098616][    C1] vcan0: j1939_tp_rxtimer: 0xffff888187206400: rx timeout, send abort
[  153.189749][ T8934] loop6: detected capacity change from 0 to 1024
[  153.307056][ T8938] loop1: detected capacity change from 0 to 128
[  153.461536][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.598089][    C1] vcan0: j1939_tp_rxtimer: 0xffff888187206600: rx timeout, send abort
[  153.606374][    C1] vcan0: j1939_tp_rxtimer: 0xffff888187206400: abort rx timeout. Force session deactivation
[  153.636506][ T8950] atomic_op ffff8881765d3d28 conn xmit_atomic 0000000000000000
[  153.653995][ T8950] netlink: 'syz.4.1971': attribute type 13 has an invalid length.
[  153.672698][ T8958] netlink: 168 bytes leftover after parsing attributes in process `syz.8.1974'.
[  153.724089][ T8962] SELinux: syz.6.1976 (8962) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  153.787742][ T8967] loop5: detected capacity change from 0 to 4096
[  153.805891][ T8967] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  153.891445][ T8989] loop5: detected capacity change from 0 to 128
[  153.919650][ T8995] SELinux: syz.4.1990 (8995) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  153.999655][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881867b1200: rx timeout, send abort
[  154.034356][ T9003] FAULT_INJECTION: forcing a failure.
[  154.034356][ T9003] name failslab, interval 1, probability 0, space 0, times 0
[  154.047168][ T9003] CPU: 1 UID: 0 PID: 9003 Comm: syz.6.1993 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  154.047288][ T9003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  154.047366][ T9003] Call Trace:
[  154.047372][ T9003]  <TASK>
[  154.047379][ T9003]  dump_stack_lvl+0xf6/0x150
[  154.047403][ T9003]  dump_stack+0x15/0x1a
[  154.047417][ T9003]  should_fail_ex+0x261/0x270
[  154.047498][ T9003]  should_failslab+0x8f/0xb0
[  154.047530][ T9003]  kmem_cache_alloc_node_noprof+0x5c/0x340
[  154.047583][ T9003]  ? dup_task_struct+0x6e/0x6e0
[  154.047606][ T9003]  dup_task_struct+0x6e/0x6e0
[  154.047628][ T9003]  ? kstrtoull+0x115/0x140
[  154.047648][ T9003]  copy_process+0x39e/0x1f60
[  154.047670][ T9003]  ? __rcu_read_unlock+0x4e/0x70
[  154.047794][ T9003]  kernel_clone+0x168/0x5d0
[  154.047827][ T9003]  __x64_sys_clone+0xe9/0x120
[  154.047893][ T9003]  x64_sys_call+0x2dc9/0x2e10
[  154.047913][ T9003]  do_syscall_64+0xc9/0x1c0
[  154.047949][ T9003]  ? clear_bhb_loop+0x25/0x80
[  154.047973][ T9003]  ? clear_bhb_loop+0x25/0x80
[  154.048049][ T9003]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.048066][ T9003] RIP: 0033:0x7f1db5b1d169
[  154.048080][ T9003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.048099][ T9003] RSP: 002b:00007f1db417efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  154.048117][ T9003] RAX: ffffffffffffffda RBX: 00007f1db5d35fa0 RCX: 00007f1db5b1d169
[  154.048130][ T9003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  154.048142][ T9003] RBP: 00007f1db417f090 R08: 0000000000000000 R09: 0000000000000000
[  154.048153][ T9003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.048166][ T9003] R13: 0000000000000000 R14: 00007f1db5d35fa0 R15: 00007ffd4b51ef08
[  154.048180][ T9003]  </TASK>
[  154.238123][    C1] vcan0: j1939_tp_rxtimer: 0xffff888187206600: abort rx timeout. Force session deactivation
[  154.423671][   T29] kauditd_printk_skb: 107 callbacks suppressed
[  154.423686][   T29] audit: type=1326 audit(1743897018.478:5609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8998 comm="syz.4.1992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  154.453335][   T29] audit: type=1326 audit(1743897018.478:5610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8998 comm="syz.4.1992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  154.476835][   T29] audit: type=1326 audit(1743897018.478:5611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8998 comm="syz.4.1992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  154.499654][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881867b1600: rx timeout, send abort
[  154.500265][   T29] audit: type=1326 audit(1743897018.478:5612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8998 comm="syz.4.1992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  154.513564][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881867b1200: abort rx timeout. Force session deactivation
[  154.531596][   T29] audit: type=1326 audit(1743897018.478:5613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8998 comm="syz.4.1992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  154.565055][   T29] audit: type=1326 audit(1743897018.478:5614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8998 comm="syz.4.1992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  154.588342][   T29] audit: type=1326 audit(1743897018.478:5615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8998 comm="syz.4.1992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  154.611734][   T29] audit: type=1326 audit(1743897018.488:5616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8998 comm="syz.4.1992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  154.635209][   T29] audit: type=1326 audit(1743897018.488:5617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8998 comm="syz.4.1992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  154.658640][   T29] audit: type=1326 audit(1743897018.488:5618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8998 comm="syz.4.1992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd94ef5d169 code=0x7ffc0000
[  154.928738][ T9021] SELinux: syz.8.2001 (9021) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  154.943594][ T9022] loop6: detected capacity change from 0 to 128
[  154.969339][ T9017] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=9017 comm=syz.4.2000
[  154.990135][ T9019] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1995'.
[  155.008262][    C1] vcan0: j1939_tp_rxtimer: 0xffff8881867b1600: abort rx timeout. Force session deactivation
[  155.116611][ T9033] netlink: 'syz.4.2004': attribute type 3 has an invalid length.
[  155.130212][ T9032] netlink: 'syz.6.2005': attribute type 1 has an invalid length.
[  155.172169][ T9033] loop4: detected capacity change from 0 to 2048
[  155.194758][ T9033] EXT4-fs: Ignoring removed i_version option
[  155.236070][ T9035] xt_CT: No such helper "pptp"
[  155.249940][ T9033] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.581732][ T9051] loop8: detected capacity change from 0 to 2364
[  155.666528][ T9058] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  155.675401][ T9058] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.995549][ T9066] SELinux: syz.5.2015 (9066) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  156.046460][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.229216][ T9074] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2020'.
[  156.282049][ T9076] netlink: 'syz.5.2021': attribute type 3 has an invalid length.
[  156.319677][ T9076] loop5: detected capacity change from 0 to 2048
[  156.353742][ T9076] EXT4-fs: Ignoring removed i_version option
[  156.373366][ T9081] loop8: detected capacity change from 0 to 128
[  156.380891][ T9076] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  156.540702][ T9090] loop1: detected capacity change from 0 to 128
[  156.557634][ T9092] netlink: '+}[@': attribute type 1 has an invalid length.
[  156.564941][ T9092] netlink: '+}[@': attribute type 2 has an invalid length.
[  156.572243][ T9092] netlink: 20 bytes leftover after parsing attributes in process `+}[@'.
[  156.671956][ T4324] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.784787][ T9104] SELinux: syz.4.2030 (9104) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  156.818496][ T9109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  156.832840][ T9109] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  156.847459][ T9113] netlink: 168 bytes leftover after parsing attributes in process `syz.8.2033'.
[  156.878215][ T9113] loop8: detected capacity change from 0 to 256
[  156.904497][ T9113] FAT-fs (loop8): codepage cp857 not found
[  156.920295][ T9113] 9pnet: p9_errstr2errno: server reported unknown error �@��hQI���t
[  156.932058][ T9121] netlink: 'syz.5.2036': attribute type 13 has an invalid length.
[  156.946317][ T9121] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  157.009458][ T9126] netlink: 'syz.8.2038': attribute type 3 has an invalid length.
[  157.025456][ T9126] loop8: detected capacity change from 0 to 2048
[  157.032105][ T9126] EXT4-fs: Ignoring removed i_version option
[  157.113963][ T9126] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.163758][ T9139] loop5: detected capacity change from 0 to 512
[  157.170311][ T9139] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  157.180835][ T9141] FAULT_INJECTION: forcing a failure.
[  157.180835][ T9141] name failslab, interval 1, probability 0, space 0, times 0
[  157.193554][ T9141] CPU: 0 UID: 0 PID: 9141 Comm: syz.6.2044 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  157.193584][ T9141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  157.193596][ T9141] Call Trace:
[  157.193602][ T9141]  <TASK>
[  157.193608][ T9141]  dump_stack_lvl+0xf6/0x150
[  157.193647][ T9141]  dump_stack+0x15/0x1a
[  157.193663][ T9141]  should_fail_ex+0x261/0x270
[  157.193689][ T9141]  should_failslab+0x8f/0xb0
[  157.193720][ T9141]  __kmalloc_noprof+0xad/0x410
[  157.193803][ T9141]  ? sel_write_relabel+0x190/0x350
[  157.193831][ T9141]  sel_write_relabel+0x190/0x350
[  157.193888][ T9141]  selinux_transaction_write+0xba/0x100
[  157.193916][ T9141]  ? __pfx_selinux_transaction_write+0x10/0x10
[  157.194006][ T9141]  vfs_write+0x295/0x950
[  157.194033][ T9141]  ? putname+0xe1/0x100
[  157.194052][ T9141]  ? __fget_files+0x186/0x1c0
[  157.194072][ T9141]  ksys_write+0xeb/0x1b0
[  157.194111][ T9141]  __x64_sys_write+0x42/0x50
[  157.194139][ T9141]  x64_sys_call+0x2a45/0x2e10
[  157.194161][ T9141]  do_syscall_64+0xc9/0x1c0
[  157.194229][ T9141]  ? clear_bhb_loop+0x25/0x80
[  157.194344][ T9141]  ? clear_bhb_loop+0x25/0x80
[  157.194365][ T9141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.194446][ T9141] RIP: 0033:0x7f1db5b1d169
[  157.194461][ T9141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.194479][ T9141] RSP: 002b:00007f1db417f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  157.194496][ T9141] RAX: ffffffffffffffda RBX: 00007f1db5d35fa0 RCX: 00007f1db5b1d169
[  157.194583][ T9141] RDX: 0000000000000041 RSI: 0000200000002a00 RDI: 0000000000000003
[  157.194594][ T9141] RBP: 00007f1db417f090 R08: 0000000000000000 R09: 0000000000000000
[  157.194606][ T9141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.194617][ T9141] R13: 0000000000000000 R14: 00007f1db5d35fa0 R15: 00007ffd4b51ef08
[  157.194635][ T9141]  </TASK>
[  157.454069][ T9150] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2048'.
[  157.464219][ T9151] loop5: detected capacity change from 0 to 128
[  157.481084][ T6872] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.576623][ T9167] SELinux: syz.6.2056 (9167) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  157.618206][ T9169] loop8: detected capacity change from 0 to 128
[  157.743368][ T9179] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2061'.
[  157.771930][ T9182] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.793750][ T9182] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  157.888188][ T9198] FAULT_INJECTION: forcing a failure.
[  157.888188][ T9198] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  157.901330][ T9198] CPU: 0 UID: 0 PID: 9198 Comm: syz.6.2068 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  157.901411][ T9198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  157.901422][ T9198] Call Trace:
[  157.901427][ T9198]  <TASK>
[  157.901432][ T9198]  dump_stack_lvl+0xf6/0x150
[  157.901454][ T9198]  dump_stack+0x15/0x1a
[  157.901480][ T9198]  should_fail_ex+0x261/0x270
[  157.901528][ T9198]  should_fail+0xb/0x10
[  157.901552][ T9198]  should_fail_usercopy+0x1a/0x20
[  157.901578][ T9198]  _copy_to_user+0x20/0xa0
[  157.901607][ T9198]  simple_read_from_buffer+0xb2/0x130
[  157.901708][ T9198]  proc_fail_nth_read+0x103/0x140
[  157.901805][ T9198]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  157.901833][ T9198]  vfs_read+0x1b2/0x710
[  157.901921][ T9198]  ? __rcu_read_unlock+0x4e/0x70
[  157.901950][ T9198]  ? __fget_files+0x186/0x1c0
[  157.901972][ T9198]  ksys_read+0xeb/0x1b0
[  157.901995][ T9198]  __x64_sys_read+0x42/0x50
[  157.902129][ T9198]  x64_sys_call+0x2a3b/0x2e10
[  157.902213][ T9198]  do_syscall_64+0xc9/0x1c0
[  157.902243][ T9198]  ? clear_bhb_loop+0x25/0x80
[  157.902287][ T9198]  ? clear_bhb_loop+0x25/0x80
[  157.902311][ T9198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.902333][ T9198] RIP: 0033:0x7f1db5b1bb7c
[  157.902429][ T9198] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  157.902444][ T9198] RSP: 002b:00007f1db417f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  157.902461][ T9198] RAX: ffffffffffffffda RBX: 00007f1db5d35fa0 RCX: 00007f1db5b1bb7c
[  157.902474][ T9198] RDX: 000000000000000f RSI: 00007f1db417f0a0 RDI: 0000000000000005
[  157.902507][ T9198] RBP: 00007f1db417f090 R08: 0000000000000000 R09: 0000000000000000
[  157.902519][ T9198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.902530][ T9198] R13: 0000000000000000 R14: 00007f1db5d35fa0 R15: 00007ffd4b51ef08
[  157.902546][ T9198]  </TASK>
[  158.133768][ T9204] loop8: detected capacity change from 0 to 512
[  158.162284][ T9204] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  158.175847][ T9204] EXT4-fs (loop8): orphan cleanup on readonly fs
[  158.192631][ T9204] EXT4-fs warning (device loop8): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  158.211734][ T9204] EXT4-fs (loop8): Cannot turn on quotas: error -22
[  158.218686][ T9204] EXT4-fs error (device loop8): ext4_ext_check_inode:524: inode #13: comm syz.8.2071: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  158.223084][ T9210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.237096][ T9204] EXT4-fs error (device loop8): ext4_orphan_get:1395: comm syz.8.2071: couldn't read orphan inode 13 (err -117)
[  158.259447][ T9204] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  158.272402][ T9204] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.281550][ T9210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.455212][ T9233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.468287][ T9233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.548422][ T9244] loop4: detected capacity change from 0 to 512
[  158.556994][ T9244] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  158.565100][ T9244] EXT4-fs (loop4): orphan cleanup on readonly fs
[  158.571401][ T9247] loop8: detected capacity change from 0 to 512
[  158.572237][ T9244] EXT4-fs warning (device loop4): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  158.578781][ T9247] EXT4-fs: Ignoring removed oldalloc option
[  158.595284][ T9244] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  158.601540][ T9247] EXT4-fs error (device loop8): ext4_xattr_inode_iget:433: comm syz.8.2090: Parent and EA inode have the same ino 15
[  158.609137][ T9244] EXT4-fs error (device loop4): ext4_ext_check_inode:524: inode #13: comm syz.4.2089: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  158.618556][ T9247] EXT4-fs (loop8): 1 orphan inode deleted
[  158.638255][ T9244] EXT4-fs error (device loop4): ext4_orphan_get:1395: comm syz.4.2089: couldn't read orphan inode 13 (err -117)
[  158.642150][ T9247] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.657894][ T9244] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  158.678814][ T9244] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.688676][ T9247] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.724626][ T9251] loop4: detected capacity change from 0 to 128
[  158.864454][ T9271] loop8: detected capacity change from 0 to 128
[  158.988192][ T9280] loop8: detected capacity change from 0 to 512
[  158.997034][ T9280] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  159.008575][ T9280] EXT4-fs (loop8): orphan cleanup on readonly fs
[  159.015615][ T9280] EXT4-fs warning (device loop8): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  159.032015][ T9280] EXT4-fs (loop8): Cannot turn on quotas: error -22
[  159.038939][ T9280] EXT4-fs error (device loop8): ext4_ext_check_inode:524: inode #13: comm syz.8.2104: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  159.071740][ T9286] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2106'.
[  159.073628][ T9280] EXT4-fs error (device loop8): ext4_orphan_get:1395: comm syz.8.2104: couldn't read orphan inode 13 (err -117)
[  159.122325][ T9288] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2107'.
[  159.134103][ T9288] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 536
[  159.143222][ T9280] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  159.164270][ T9291] SELinux: syz.6.2108 (9291) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  159.180412][ T9280] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.189563][ T9291] FAULT_INJECTION: forcing a failure.
[  159.189563][ T9291] name failslab, interval 1, probability 0, space 0, times 0
[  159.202258][ T9291] CPU: 0 UID: 0 PID: 9291 Comm: syz.6.2108 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  159.202282][ T9291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  159.202296][ T9291] Call Trace:
[  159.202302][ T9291]  <TASK>
[  159.202360][ T9291]  dump_stack_lvl+0xf6/0x150
[  159.202402][ T9291]  dump_stack+0x15/0x1a
[  159.202418][ T9291]  should_fail_ex+0x261/0x270
[  159.202447][ T9291]  should_failslab+0x8f/0xb0
[  159.202480][ T9291]  __kmalloc_cache_noprof+0x55/0x320
[  159.202584][ T9291]  ? security_get_user_sids+0xc2/0x970
[  159.202606][ T9291]  security_get_user_sids+0xc2/0x970
[  159.202626][ T9291]  ? security_context_to_sid_core+0x377/0x3b0
[  159.202665][ T9291]  ? security_context_to_sid_core+0x37f/0x3b0
[  159.202728][ T9291]  sel_write_user+0x29f/0x430
[  159.202823][ T9291]  selinux_transaction_write+0xba/0x100
[  159.202849][ T9291]  ? __pfx_selinux_transaction_write+0x10/0x10
[  159.202953][ T9291]  vfs_write+0x295/0x950
[  159.202987][ T9291]  ? putname+0xe1/0x100
[  159.203009][ T9291]  ? __fget_files+0x186/0x1c0
[  159.203032][ T9291]  ksys_write+0xeb/0x1b0
[  159.203102][ T9291]  __x64_sys_write+0x42/0x50
[  159.203132][ T9291]  x64_sys_call+0x2a45/0x2e10
[  159.203155][ T9291]  do_syscall_64+0xc9/0x1c0
[  159.203203][ T9291]  ? clear_bhb_loop+0x25/0x80
[  159.203221][ T9291]  ? clear_bhb_loop+0x25/0x80
[  159.203244][ T9291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.203305][ T9291] RIP: 0033:0x7f1db5b1d169
[  159.203322][ T9291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.203339][ T9291] RSP: 002b:00007f1db417f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  159.203356][ T9291] RAX: ffffffffffffffda RBX: 00007f1db5d35fa0 RCX: 00007f1db5b1d169
[  159.203367][ T9291] RDX: 0000000000000027 RSI: 0000200000000040 RDI: 0000000000000003
[  159.203377][ T9291] RBP: 00007f1db417f090 R08: 0000000000000000 R09: 0000000000000000
[  159.203388][ T9291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.203401][ T9291] R13: 0000000000000000 R14: 00007f1db5d35fa0 R15: 00007ffd4b51ef08
[  159.203421][ T9291]  </TASK>
[  159.700904][ T9324] loop4: detected capacity change from 0 to 128
[  159.709227][ T9320] netlink: 'syz.1.2120': attribute type 27 has an invalid length.
[  159.733345][ T9330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.742061][ T9330] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  159.813489][   T29] kauditd_printk_skb: 155 callbacks suppressed
[  159.819711][   T29] audit: type=1326 audit(1743897023.898:5774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.5.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  159.845844][   T29] audit: type=1326 audit(1743897023.928:5775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.5.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=265 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  159.869287][   T29] audit: type=1326 audit(1743897023.928:5776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.5.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  159.892684][   T29] audit: type=1326 audit(1743897023.928:5777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.5.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  159.916201][   T29] audit: type=1326 audit(1743897023.938:5778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.5.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  159.939743][   T29] audit: type=1326 audit(1743897023.938:5779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.5.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  159.939928][ T9343] loop4: detected capacity change from 0 to 2048
[  159.963119][   T29] audit: type=1326 audit(1743897023.938:5780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.5.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  159.966618][   T29] audit: type=1326 audit(1743897023.938:5781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.5.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc2bfedbc1f code=0x7ffc0000
[  160.016136][   T29] audit: type=1326 audit(1743897023.938:5782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.5.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  160.039610][   T29] audit: type=1326 audit(1743897023.938:5783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9329 comm="syz.5.2125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2bfedd169 code=0x7ffc0000
[  160.063449][ T9343] EXT4-fs: Ignoring removed i_version option
[  160.076996][ T9343] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.207510][ T9320] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.215671][ T9320] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.238695][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.277627][ T9320] 0�X���: left allmulticast mode
[  160.418505][ T9320] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  160.441653][ T9320] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  160.506640][ T9320] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  160.515710][ T9320] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  160.524615][ T9320] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  160.533470][ T9320] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  160.547754][ T9320] ip6gre1: left allmulticast mode
[  160.558699][ T9320] vlan2: left allmulticast mode
[  160.668103][ T9368] usb usb1: usbfs: process 9368 (syz.8.2139) did not claim interface 0 before use
[  160.701848][ T9371] netlink: 'syz.1.2140': attribute type 13 has an invalid length.
[  160.727135][ T9371] 8021q: adding VLAN 0 to HW filter on device bond0
[  160.735968][ T9371] 8021q: adding VLAN 0 to HW filter on device team0
[  160.747502][ T9371] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  160.788491][ T9375] netlink: 'syz.1.2142': attribute type 3 has an invalid length.
[  160.803394][ T9375] loop1: detected capacity change from 0 to 2048
[  160.810231][ T9375] EXT4-fs: Ignoring removed i_version option
[  160.835636][ T9375] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.856080][ T9379] loop8: detected capacity change from 0 to 128
[  160.862647][ T9379] EXT4-fs: Ignoring removed nobh option
[  160.868933][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.880131][ T9379] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  160.892671][ T9379] ext4 filesystem being mounted at /165/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  160.895866][ T9382] SELinux:  Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped).
[  160.915933][ T6872] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  160.933627][ T9384] loop8: detected capacity change from 0 to 256
[  160.941074][ T9384] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  161.122275][ T9398] loop5: detected capacity change from 0 to 512
[  161.141775][ T9398] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  161.150334][ T9398] EXT4-fs (loop5): orphan cleanup on readonly fs
[  161.157074][ T9398] EXT4-fs warning (device loop5): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  161.187883][ T9398] EXT4-fs (loop5): Cannot turn on quotas: error -22
[  161.195978][ T9398] EXT4-fs error (device loop5): ext4_ext_check_inode:524: inode #13: comm syz.5.2151: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  161.216233][ T9398] EXT4-fs error (device loop5): ext4_orphan_get:1395: comm syz.5.2151: couldn't read orphan inode 13 (err -117)
[  161.232523][ T9398] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  161.245542][ T9398] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.278936][ T9415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  161.287744][ T9415] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  161.297864][ T9409] netlink: 'syz.4.2156': attribute type 21 has an invalid length.
[  161.306477][ T9409] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2156'.
[  161.408527][ T9430] SELinux:  Context system_u:object_r:framebuf_device_t:s0 is not valid (left unmapped).
[  161.558597][ T9445] loop6: detected capacity change from 0 to 512
[  161.566410][ T9445] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  161.574679][ T9445] EXT4-fs (loop6): orphan cleanup on readonly fs
[  161.581436][ T9445] EXT4-fs warning (device loop6): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  161.596492][ T9445] EXT4-fs (loop6): Cannot turn on quotas: error -22
[  161.603293][ T9445] EXT4-fs error (device loop6): ext4_ext_check_inode:524: inode #13: comm syz.6.2170: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  161.622371][ T9445] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.2170: couldn't read orphan inode 13 (err -117)
[  161.636282][ T9452] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2173'.
[  161.637909][ T9445] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  161.658146][ T9445] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.687018][ T9454] loop6: detected capacity change from 0 to 128
[  161.833751][ T9468] loop1: detected capacity change from 0 to 128
[  161.847875][ T9468] syz.1.2180: attempt to access beyond end of device
[  161.847875][ T9468] loop1: rw=2049, sector=145, nr_sectors = 8 limit=128
[  161.870757][ T9468] syz.1.2180: attempt to access beyond end of device
[  161.870757][ T9468] loop1: rw=2049, sector=161, nr_sectors = 8 limit=128
[  161.886648][ T9468] syz.1.2180: attempt to access beyond end of device
[  161.886648][ T9468] loop1: rw=2049, sector=177, nr_sectors = 8 limit=128
[  161.900385][ T9468] syz.1.2180: attempt to access beyond end of device
[  161.900385][ T9468] loop1: rw=2049, sector=193, nr_sectors = 16 limit=128
[  161.918228][ T9468] syz.1.2180: attempt to access beyond end of device
[  161.918228][ T9468] loop1: rw=2049, sector=217, nr_sectors = 8 limit=128
[  161.931829][ T9468] syz.1.2180: attempt to access beyond end of device
[  161.931829][ T9468] loop1: rw=2049, sector=233, nr_sectors = 8 limit=128
[  161.946216][ T9468] syz.1.2180: attempt to access beyond end of device
[  161.946216][ T9468] loop1: rw=2049, sector=249, nr_sectors = 8 limit=128
[  161.959983][ T9468] syz.1.2180: attempt to access beyond end of device
[  161.959983][ T9468] loop1: rw=2049, sector=265, nr_sectors = 8 limit=128
[  161.976531][ T9468] syz.1.2180: attempt to access beyond end of device
[  161.976531][ T9468] loop1: rw=2049, sector=281, nr_sectors = 8 limit=128
[  161.990127][ T9468] syz.1.2180: attempt to access beyond end of device
[  161.990127][ T9468] loop1: rw=2049, sector=297, nr_sectors = 8 limit=128
[  162.004317][ T9482] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2186'.
[  162.277640][ T9507] netlink: 168 bytes leftover after parsing attributes in process `syz.8.2198'.
[  162.305176][ T9507] loop8: detected capacity change from 0 to 256
[  162.339075][ T9507] FAT-fs (loop8): codepage cp857 not found
[  162.377174][ T9507] 9pnet: p9_errstr2errno: server reported unknown error �@��hQI���t
[  162.678195][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881659bde00: rx timeout, send abort
[  162.986549][ T9521] netlink: 'syz.6.2203': attribute type 3 has an invalid length.
[  163.032955][ T9521] loop6: detected capacity change from 0 to 2048
[  163.055353][ T9521] EXT4-fs: Ignoring removed i_version option
[  163.079341][ T9521] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.178191][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881659bda00: rx timeout, send abort
[  163.186576][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881659bde00: abort rx timeout. Force session deactivation
[  163.240377][ T9530] loop8: detected capacity change from 0 to 2048
[  163.263919][ T4459] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.273052][ T9530] EXT4-fs: Ignoring removed i_version option
[  163.292894][ T9532] loop6: detected capacity change from 0 to 128
[  163.314670][ T9530] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.497478][ T6872] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.545922][ T9544] netlink: 'syz.8.2209': attribute type 13 has an invalid length.
[  163.583837][ T9544] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  163.686508][    C0] vcan0: j1939_tp_rxtimer: 0xffff8881659bda00: abort rx timeout. Force session deactivation
[  163.700308][ T9564] loop8: detected capacity change from 0 to 128
[  163.811635][ T9570] SELinux:  Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped).
[  163.830016][ T9576] netlink: 'syz.4.2224': attribute type 3 has an invalid length.
[  163.846175][ T9576] loop4: detected capacity change from 0 to 2048
[  163.852970][ T9576] EXT4-fs: Ignoring removed i_version option
[  163.875852][ T9576] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.907226][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.008991][ T9598] loop6: detected capacity change from 0 to 1024
[  164.035946][ T9598] EXT4-fs: test_dummy_encryption option not supported
[  164.066016][ T9601] loop4: detected capacity change from 0 to 2048
[  164.118232][ T9601] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  164.147503][ T9603] loop8: detected capacity change from 0 to 2048
[  164.190709][ T9603] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  164.219160][ T9603] FAULT_INJECTION: forcing a failure.
[  164.219160][ T9603] name failslab, interval 1, probability 0, space 0, times 0
[  164.231836][ T9603] CPU: 1 UID: 0 PID: 9603 Comm: syz.8.2235 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  164.231865][ T9603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  164.231942][ T9603] Call Trace:
[  164.231948][ T9603]  <TASK>
[  164.231956][ T9603]  dump_stack_lvl+0xf6/0x150
[  164.231982][ T9603]  dump_stack+0x15/0x1a
[  164.231999][ T9603]  should_fail_ex+0x261/0x270
[  164.232097][ T9603]  should_failslab+0x8f/0xb0
[  164.232130][ T9603]  __kmalloc_cache_noprof+0x55/0x320
[  164.232153][ T9603]  ? __iomap_dio_rw+0x14a/0x12a0
[  164.232211][ T9603]  __iomap_dio_rw+0x14a/0x12a0
[  164.232236][ T9603]  ? __rcu_read_unlock+0x4e/0x70
[  164.232263][ T9603]  ? ext4_xattr_security_get+0x32/0x40
[  164.232286][ T9603]  ? __pfx_ext4_xattr_security_get+0x10/0x10
[  164.232333][ T9603]  ? __vfs_getxattr+0x29f/0x2b0
[  164.232379][ T9603]  ? ext4_journal_check_start+0x122/0x1b0
[  164.232404][ T9603]  iomap_dio_rw+0x40/0x90
[  164.232437][ T9603]  ext4_file_write_iter+0xba9/0xf80
[  164.232511][ T9603]  do_iter_readv_writev+0x40d/0x4b0
[  164.232545][ T9603]  vfs_writev+0x2da/0x880
[  164.232561][ T9603]  ? get_pid_task+0x94/0xd0
[  164.232643][ T9603]  __se_sys_pwritev2+0x103/0x1d0
[  164.232671][ T9603]  __x64_sys_pwritev2+0x78/0x90
[  164.232771][ T9603]  x64_sys_call+0x1c86/0x2e10
[  164.232794][ T9603]  do_syscall_64+0xc9/0x1c0
[  164.232824][ T9603]  ? clear_bhb_loop+0x25/0x80
[  164.232846][ T9603]  ? clear_bhb_loop+0x25/0x80
[  164.232868][ T9603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.232893][ T9603] RIP: 0033:0x7f507cfcd169
[  164.232908][ T9603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.232954][ T9603] RSP: 002b:00007f507b637038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  164.232971][ T9603] RAX: ffffffffffffffda RBX: 00007f507d1e5fa0 RCX: 00007f507cfcd169
[  164.232982][ T9603] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000007
[  164.232995][ T9603] RBP: 00007f507b637090 R08: 0000000000000000 R09: 0000000000000000
[  164.233006][ T9603] R10: 0000000000001400 R11: 0000000000000246 R12: 0000000000000001
[  164.233016][ T9603] R13: 0000000000000000 R14: 00007f507d1e5fa0 R15: 00007fff1f00a168
[  164.233031][ T9603]  </TASK>
[  164.471901][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.484606][ T6872] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.522030][ T9619] loop4: detected capacity change from 0 to 2048
[  164.531350][ T9623] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2239'.
[  164.545826][ T9624] loop6: detected capacity change from 0 to 512
[  164.555407][ T9619] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  164.583117][ T9624] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  164.594640][ T9624] EXT4-fs (loop6): orphan cleanup on readonly fs
[  164.601379][ T9624] EXT4-fs warning (device loop6): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  164.616347][ T9624] EXT4-fs (loop6): Cannot turn on quotas: error -22
[  164.623219][ T9624] EXT4-fs error (device loop6): ext4_ext_check_inode:524: inode #13: comm syz.6.2242: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  164.625570][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.652456][ T9624] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.2242: couldn't read orphan inode 13 (err -117)
[  164.666925][ T9624] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  164.694048][ T4459] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.782935][ T9648] loop6: detected capacity change from 0 to 1024
[  164.790124][ T9648] EXT4-fs: Ignoring removed nobh option
[  164.795725][ T9648] EXT4-fs: Ignoring removed bh option
[  164.818228][ T9648] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  164.827371][ T9661] loop8: detected capacity change from 0 to 128
[  164.846162][ T9663] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2255'.
[  164.901566][ T9648] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4115: comm syz.6.2250: Allocating blocks 385-513 which overlap fs metadata
[  164.919032][ T9648] EXT4-fs (loop6): pa ffff888106540770: logic 16, phys. 129, len 24
[  164.927093][ T9648] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5366: group 0, free 0, pa_free 8
[  164.940196][ T9648] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28
[  164.952523][ T9648] EXT4-fs (loop6): This should not happen!! Data will be lost
[  164.952523][ T9648] 
[  164.962160][ T9648] EXT4-fs (loop6): Total free blocks count 0
[  164.968187][ T9648] EXT4-fs (loop6): Free/Dirty block details
[  164.974100][ T9648] EXT4-fs (loop6): free_blocks=128
[  164.979199][ T9648] EXT4-fs (loop6): dirty_blocks=0
[  164.984219][ T9648] EXT4-fs (loop6): Block reservation details
[  164.990195][ T9648] EXT4-fs (loop6): i_reserved_data_blocks=0
[  164.997834][ T9665] netlink: 14 bytes leftover after parsing attributes in process `syz.6.2250'.
[  165.064994][   T29] kauditd_printk_skb: 283 callbacks suppressed
[  165.065011][   T29] audit: type=1400 audit(1743897029.158:6067): avc:  denied  { bind } for  pid=9673 comm="syz.5.2259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  165.129386][ T9675] loop5: detected capacity change from 0 to 8192
[  165.179284][   T29] audit: type=1326 audit(1743897029.268:6068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9681 comm="syz.8.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  165.202715][   T29] audit: type=1326 audit(1743897029.268:6069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9681 comm="syz.8.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  165.226664][   T29] audit: type=1326 audit(1743897029.298:6070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9681 comm="syz.8.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  165.250213][   T29] audit: type=1326 audit(1743897029.298:6071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9681 comm="syz.8.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  165.250231][ T9686] netlink: 'syz.5.2265': attribute type 3 has an invalid length.
[  165.281325][   T29] audit: type=1326 audit(1743897029.298:6072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9681 comm="syz.8.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  165.282496][ T9686] loop5: detected capacity change from 0 to 2048
[  165.304811][   T29] audit: type=1326 audit(1743897029.298:6073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9681 comm="syz.8.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  165.305278][   T29] audit: type=1326 audit(1743897029.398:6074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9681 comm="syz.8.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  165.358015][   T29] audit: type=1326 audit(1743897029.398:6075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9681 comm="syz.8.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  165.360349][ T9686] EXT4-fs: Ignoring removed i_version option
[  165.388330][   T29] audit: type=1326 audit(1743897029.478:6076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9681 comm="syz.8.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  165.412688][ T9689] netlink: 'syz.4.2266': attribute type 3 has an invalid length.
[  165.445243][ T9689] loop4: detected capacity change from 0 to 2048
[  165.452612][ T9689] EXT4-fs: Ignoring removed i_version option
[  165.453256][ T9686] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.475305][ T9689] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.652778][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.674753][ T4324] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.858513][ T9732] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2282'.
[  165.878383][ T9739] netlink: 'syz.6.2283': attribute type 3 has an invalid length.
[  165.895203][ T9739] loop6: detected capacity change from 0 to 2048
[  165.901714][ T9739] EXT4-fs: Ignoring removed i_version option
[  165.902800][ T9741] 9pnet: Could not find request transport: f
[  166.197681][ T9739] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.538714][ T9754] loop8: detected capacity change from 0 to 512
[  166.740555][ T9754] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  166.769315][ T9754] EXT4-fs (loop8): orphan cleanup on readonly fs
[  166.785442][ T9759] loop1: detected capacity change from 0 to 512
[  166.792524][ T4459] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.812166][ T9754] EXT4-fs warning (device loop8): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  166.831182][ T9759] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  166.849926][ T9759] EXT4-fs (loop1): orphan cleanup on readonly fs
[  166.860116][ T9754] EXT4-fs (loop8): Cannot turn on quotas: error -22
[  166.880667][ T9759] EXT4-fs warning (device loop1): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  166.903842][ T9754] EXT4-fs error (device loop8): ext4_ext_check_inode:524: inode #13: comm syz.8.2287: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  166.924164][ T9762] loop6: detected capacity change from 0 to 512
[  166.941232][ T9759] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  166.951212][ T9762] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  166.963094][ T9759] EXT4-fs error (device loop1): ext4_ext_check_inode:524: inode #13: comm syz.1.2289: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  166.990244][ T9754] EXT4-fs error (device loop8): ext4_orphan_get:1395: comm syz.8.2287: couldn't read orphan inode 13 (err -117)
[  167.017332][ T9762] EXT4-fs (loop6): 1 truncate cleaned up
[  167.028041][ T9759] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm syz.1.2289: couldn't read orphan inode 13 (err -117)
[  167.041168][ T9754] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  167.057366][ T9762] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.070534][ T9759] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  167.091229][ T9762] FAULT_INJECTION: forcing a failure.
[  167.091229][ T9762] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  167.104305][ T9762] CPU: 0 UID: 0 PID: 9762 Comm: syz.6.2290 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  167.104391][ T9762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  167.104442][ T9762] Call Trace:
[  167.104448][ T9762]  <TASK>
[  167.104455][ T9762]  dump_stack_lvl+0xf6/0x150
[  167.104502][ T9762]  dump_stack+0x15/0x1a
[  167.104517][ T9762]  should_fail_ex+0x261/0x270
[  167.104545][ T9762]  should_fail+0xb/0x10
[  167.104570][ T9762]  should_fail_usercopy+0x1a/0x20
[  167.104653][ T9762]  strncpy_from_user+0x25/0x230
[  167.104715][ T9762]  ? getname_flags+0x81/0x3b0
[  167.104751][ T9762]  getname_flags+0xb0/0x3b0
[  167.104772][ T9762]  path_setxattrat+0x240/0x320
[  167.104814][ T9762]  __x64_sys_lsetxattr+0x71/0x90
[  167.104834][ T9762]  x64_sys_call+0x2014/0x2e10
[  167.104856][ T9762]  do_syscall_64+0xc9/0x1c0
[  167.104908][ T9762]  ? clear_bhb_loop+0x25/0x80
[  167.104926][ T9762]  ? clear_bhb_loop+0x25/0x80
[  167.104943][ T9762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.104962][ T9762] RIP: 0033:0x7f1db5b1d169
[  167.105039][ T9762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.105058][ T9762] RSP: 002b:00007f1db417f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  167.105076][ T9762] RAX: ffffffffffffffda RBX: 00007f1db5d35fa0 RCX: 00007f1db5b1d169
[  167.105088][ T9762] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000200000000100
[  167.105100][ T9762] RBP: 00007f1db417f090 R08: 0000000000000000 R09: 0000000000000000
[  167.105112][ T9762] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000001
[  167.105130][ T9762] R13: 0000000000000000 R14: 00007f1db5d35fa0 R15: 00007ffd4b51ef08
[  167.105202][ T9762]  </TASK>
[  167.106273][ T6872] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.306342][ T4459] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.319055][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.421565][ T9786] loop6: detected capacity change from 0 to 128
[  167.785700][ T9836] loop1: detected capacity change from 0 to 512
[  167.793331][ T9836] EXT4-fs: Ignoring removed nobh option
[  167.806043][ T9836] EXT4-fs (loop1): blocks per group (95) and clusters per group (32768) inconsistent
[  167.813851][ T9839] loop5: detected capacity change from 0 to 128
[  168.315616][ T9847] IPv6: Can't replace route, no match found
[  169.225797][ T9895] netlink: 'syz.4.2345': attribute type 13 has an invalid length.
[  169.307246][ T9895] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  169.479517][ T9919] netlink: 60 bytes leftover after parsing attributes in process `+}[@'.
[  169.518525][ T9926] SELinux: syz.5.2359 (9926) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  169.585259][ T9938] netlink: 'syz.1.2363': attribute type 13 has an invalid length.
[  169.612916][ T9938] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  169.749751][ T9950] netlink: 'syz.1.2369': attribute type 21 has an invalid length.
[  169.783350][ T9950] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2369'.
[  169.922670][ T9970] FAULT_INJECTION: forcing a failure.
[  169.922670][ T9970] name failslab, interval 1, probability 0, space 0, times 0
[  169.935404][ T9970] CPU: 1 UID: 0 PID: 9970 Comm: syz.4.2378 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  169.935479][ T9970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  169.935492][ T9970] Call Trace:
[  169.935499][ T9970]  <TASK>
[  169.935506][ T9970]  dump_stack_lvl+0xf6/0x150
[  169.935530][ T9970]  dump_stack+0x15/0x1a
[  169.935548][ T9970]  should_fail_ex+0x261/0x270
[  169.935575][ T9970]  should_failslab+0x8f/0xb0
[  169.935620][ T9970]  kmem_cache_alloc_noprof+0x59/0x340
[  169.935644][ T9970]  ? security_file_alloc+0x32/0x100
[  169.935665][ T9970]  security_file_alloc+0x32/0x100
[  169.935743][ T9970]  init_file+0x5e/0x1e0
[  169.935763][ T9970]  alloc_empty_file+0x8e/0x200
[  169.935785][ T9970]  alloc_file_pseudo+0xcb/0x160
[  169.935811][ T9970]  __shmem_file_setup+0x1bb/0x1f0
[  169.935844][ T9970]  shmem_file_setup+0x3b/0x50
[  169.935909][ T9970]  __se_sys_memfd_create+0x2e1/0x5a0
[  169.935943][ T9970]  __x64_sys_memfd_create+0x31/0x40
[  169.936088][ T9970]  x64_sys_call+0x1163/0x2e10
[  169.936116][ T9970]  do_syscall_64+0xc9/0x1c0
[  169.936230][ T9970]  ? clear_bhb_loop+0x25/0x80
[  169.936254][ T9970]  ? clear_bhb_loop+0x25/0x80
[  169.936278][ T9970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.936299][ T9970] RIP: 0033:0x7fd94ef5d169
[  169.936314][ T9970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.936331][ T9970] RSP: 002b:00007fd94d5bee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  169.936399][ T9970] RAX: ffffffffffffffda RBX: 00000000000004e1 RCX: 00007fd94ef5d169
[  169.936411][ T9970] RDX: 00007fd94d5beef0 RSI: 0000000000000000 RDI: 00007fd94efdec3c
[  169.936422][ T9970] RBP: 0000200000001400 R08: 00007fd94d5bebb7 R09: 00007fd94d5bee40
[  169.936434][ T9970] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000100
[  169.936446][ T9970] R13: 00007fd94d5beef0 R14: 00007fd94d5beeb0 R15: 0000200000000080
[  169.936466][ T9970]  </TASK>
[  170.142130][ T9972] netlink: 'syz.1.2377': attribute type 21 has an invalid length.
[  170.150244][ T9972] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2377'.
[  170.175185][   T29] kauditd_printk_skb: 195 callbacks suppressed
[  170.175198][   T29] audit: type=1326 audit(1743897034.268:6272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.8.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  170.205036][   T29] audit: type=1326 audit(1743897034.268:6273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.8.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  170.228482][   T29] audit: type=1326 audit(1743897034.268:6274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.8.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  170.251815][   T29] audit: type=1326 audit(1743897034.268:6275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.8.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  170.275231][   T29] audit: type=1326 audit(1743897034.268:6276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.8.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  170.298610][   T29] audit: type=1326 audit(1743897034.268:6277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.8.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  170.299920][ T9980] netlink: 'syz.5.2382': attribute type 13 has an invalid length.
[  170.322061][   T29] audit: type=1326 audit(1743897034.268:6278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.8.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  170.322097][   T29] audit: type=1326 audit(1743897034.268:6279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.8.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  170.396396][   T29] audit: type=1326 audit(1743897034.348:6280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.8.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  170.419955][   T29] audit: type=1326 audit(1743897034.348:6281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9933 comm="syz.8.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  170.454133][ T9980] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  170.481433][ T9988] loop1: detected capacity change from 0 to 128
[  170.584040][T10004] SELinux: syz.5.2393 (10004) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  170.614673][T10010] netlink: 'syz.4.2395': attribute type 3 has an invalid length.
[  170.631112][T10010] loop4: detected capacity change from 0 to 2048
[  170.637860][T10010] EXT4-fs: Ignoring removed i_version option
[  170.658506][T10010] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  170.724067][T10024] loop1: detected capacity change from 0 to 128
[  170.732340][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.922801][T10058] loop8: detected capacity change from 0 to 512
[  170.934112][T10058] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  170.966877][T10069] loop5: detected capacity change from 0 to 512
[  170.973757][T10058] EXT4-fs (loop8): orphan cleanup on readonly fs
[  170.980478][T10058] EXT4-fs warning (device loop8): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  170.997933][T10069] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  171.006653][T10058] EXT4-fs (loop8): Cannot turn on quotas: error -22
[  171.016085][T10058] EXT4-fs error (device loop8): ext4_ext_check_inode:524: inode #13: comm syz.8.2414: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  171.034241][T10069] EXT4-fs (loop5): orphan cleanup on readonly fs
[  171.043445][T10069] EXT4-fs warning (device loop5): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  171.060580][T10058] EXT4-fs error (device loop8): ext4_orphan_get:1395: comm syz.8.2414: couldn't read orphan inode 13 (err -117)
[  171.070467][T10069] EXT4-fs (loop5): Cannot turn on quotas: error -22
[  171.075265][T10058] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  171.079371][T10069] EXT4-fs error (device loop5): ext4_ext_check_inode:524: inode #13: comm syz.5.2419: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  171.095295][T10058] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.112085][T10069] EXT4-fs error (device loop5): ext4_orphan_get:1395: comm syz.5.2419: couldn't read orphan inode 13 (err -117)
[  171.131048][T10069] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  171.144979][T10069] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.155231][T10074] loop1: detected capacity change from 0 to 128
[  171.298370][T10101] SELinux: syz.1.2431 (10101) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  171.344953][T10107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  171.353409][T10107] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  171.386588][T10113] loop4: detected capacity change from 0 to 128
[  171.473855][T10126] SELinux: syz.4.2442 (10126) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  171.619168][T10153] loop4: detected capacity change from 0 to 128
[  171.737549][T10165] loop6: detected capacity change from 0 to 512
[  171.744940][T10165] EXT4-fs (loop6): VFS: Can't find ext4 filesystem
[  171.746092][T10163] FAULT_INJECTION: forcing a failure.
[  171.746092][T10163] name failslab, interval 1, probability 0, space 0, times 0
[  171.764180][T10163] CPU: 0 UID: 0 PID: 10163 Comm: syz.4.2456 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  171.764229][T10163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  171.764241][T10163] Call Trace:
[  171.764248][T10163]  <TASK>
[  171.764255][T10163]  dump_stack_lvl+0xf6/0x150
[  171.764279][T10163]  dump_stack+0x15/0x1a
[  171.764297][T10163]  should_fail_ex+0x261/0x270
[  171.764342][T10163]  should_failslab+0x8f/0xb0
[  171.764388][T10163]  __kmalloc_noprof+0xad/0x410
[  171.764405][T10163]  ? iter_file_splice_write+0xf9/0x980
[  171.764518][T10163]  iter_file_splice_write+0xf9/0x980
[  171.764622][T10163]  ? copy_splice_read+0x5a1/0x5d0
[  171.764645][T10163]  ? copy_splice_read+0x5a1/0x5d0
[  171.764666][T10163]  ? __traceiter_kfree+0x2b/0x50
[  171.764686][T10163]  ? copy_splice_read+0x5a1/0x5d0
[  171.764796][T10163]  ? copy_splice_read+0x5a1/0x5d0
[  171.764827][T10163]  ? __pfx_iter_file_splice_write+0x10/0x10
[  171.764897][T10163]  direct_splice_actor+0x160/0x2c0
[  171.764963][T10163]  splice_direct_to_actor+0x305/0x680
[  171.764988][T10163]  ? __pfx_direct_splice_actor+0x10/0x10
[  171.765040][T10163]  do_splice_direct+0xd9/0x150
[  171.765068][T10163]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  171.765104][T10163]  do_sendfile+0x40a/0x690
[  171.765124][T10163]  __x64_sys_sendfile64+0x113/0x160
[  171.765146][T10163]  x64_sys_call+0xfc3/0x2e10
[  171.765164][T10163]  do_syscall_64+0xc9/0x1c0
[  171.765192][T10163]  ? clear_bhb_loop+0x25/0x80
[  171.765214][T10163]  ? clear_bhb_loop+0x25/0x80
[  171.765312][T10163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.765329][T10163] RIP: 0033:0x7fd94ef5d169
[  171.765341][T10163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.765356][T10163] RSP: 002b:00007fd94d5bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  171.765374][T10163] RAX: ffffffffffffffda RBX: 00007fd94f175fa0 RCX: 00007fd94ef5d169
[  171.765387][T10163] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[  171.765400][T10163] RBP: 00007fd94d5bf090 R08: 0000000000000000 R09: 0000000000000000
[  171.765442][T10163] R10: 0000020000023896 R11: 0000000000000246 R12: 0000000000000001
[  171.765455][T10163] R13: 0000000000000000 R14: 00007fd94f175fa0 R15: 00007ffe0ca4f068
[  171.765474][T10163]  </TASK>
[  172.028499][T10172] netlink: 'syz.1.2459': attribute type 3 has an invalid length.
[  172.057514][T10172] loop1: detected capacity change from 0 to 2048
[  172.064276][T10172] EXT4-fs: Ignoring removed i_version option
[  172.096105][T10172] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.167002][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.208028][T10197] netlink: 'syz.1.2470': attribute type 3 has an invalid length.
[  172.226068][T10197] loop1: detected capacity change from 0 to 2048
[  172.232724][T10197] EXT4-fs: Ignoring removed i_version option
[  172.246596][T10197] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.282403][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.338246][T10212] loop1: detected capacity change from 0 to 1024
[  172.508761][T10239] netlink: 'syz.8.2487': attribute type 3 has an invalid length.
[  172.525120][T10239] loop8: detected capacity change from 0 to 2048
[  172.532066][T10239] EXT4-fs: Ignoring removed i_version option
[  172.557058][T10239] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.591472][ T6872] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.600720][T10247] loop5: detected capacity change from 0 to 512
[  172.619734][T10247] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  172.629784][T10247] EXT4-fs (loop5): orphan cleanup on readonly fs
[  172.640148][T10247] EXT4-fs warning (device loop5): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  172.659938][T10247] EXT4-fs (loop5): Cannot turn on quotas: error -22
[  172.668644][T10247] EXT4-fs error (device loop5): ext4_ext_check_inode:524: inode #13: comm syz.5.2489: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  172.688191][T10247] EXT4-fs error (device loop5): ext4_orphan_get:1395: comm syz.5.2489: couldn't read orphan inode 13 (err -117)
[  172.702738][T10247] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  172.728662][T10247] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.787965][T10266] netlink: 'syz.1.2497': attribute type 3 has an invalid length.
[  172.805119][T10266] loop1: detected capacity change from 0 to 2048
[  172.811733][T10266] EXT4-fs: Ignoring removed i_version option
[  172.836379][T10266] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.867249][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.913694][T10280] loop1: detected capacity change from 0 to 2048
[  172.922639][T10280] EXT4-fs: Ignoring removed i_version option
[  172.941455][T10280] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.972895][T10289] IPv6: Can't replace route, no match found
[  172.980422][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.008870][T10291] loop4: detected capacity change from 0 to 512
[  173.037690][T10291] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002]
[  173.048334][T10291] EXT4-fs (loop4): orphan cleanup on readonly fs
[  173.055592][T10291] EXT4-fs warning (device loop4): ext4_enable_quotas:7170: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  173.082885][T10291] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  173.139183][T10291] EXT4-fs error (device loop4): ext4_ext_check_inode:524: inode #13: comm syz.4.2506: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  173.196737][T10291] EXT4-fs error (device loop4): ext4_orphan_get:1395: comm syz.4.2506: couldn't read orphan inode 13 (err -117)
[  173.244389][T10291] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  173.278213][T10291] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.295711][T10311] loop1: detected capacity change from 0 to 2048
[  173.312445][T10311] EXT4-fs: Ignoring removed i_version option
[  173.347266][T10311] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.401456][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.447602][T10327] IPv6: Can't replace route, no match found
[  173.541987][T10334] loop1: detected capacity change from 0 to 128
[  173.639238][T10332] bridge0: port 3(vlan3) entered blocking state
[  173.645708][T10332] bridge0: port 3(vlan3) entered disabled state
[  173.658146][T10332] vlan3: entered allmulticast mode
[  173.663336][T10332] bridge0: entered allmulticast mode
[  173.681471][T10332] vlan3: left allmulticast mode
[  173.686414][T10332] bridge0: left allmulticast mode
[  173.765184][T10347] loop1: detected capacity change from 0 to 2048
[  173.772503][T10347] EXT4-fs: Ignoring removed i_version option
[  173.832455][T10347] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.976406][T10367] loop8: detected capacity change from 0 to 512
[  173.994086][T10367] EXT4-fs: Ignoring removed nobh option
[  174.000340][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.012684][T10367] EXT4-fs (loop8): blocks per group (95) and clusters per group (32768) inconsistent
[  174.095713][T10378] loop4: detected capacity change from 0 to 2048
[  174.108644][T10378] EXT4-fs: Ignoring removed i_version option
[  174.122182][T10383] SELinux: syz.1.2543 (10383) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  174.195648][T10367] IPv6: Can't replace route, no match found
[  174.291065][T10405] validate_nla: 2 callbacks suppressed
[  174.291080][T10405] netlink: 'syz.6.2550': attribute type 3 has an invalid length.
[  174.349737][T10405] loop6: detected capacity change from 0 to 2048
[  174.356777][T10405] EXT4-fs: Ignoring removed i_version option
[  174.385014][T10412] netlink: 'syz.1.2548': attribute type 21 has an invalid length.
[  174.393596][T10412] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2548'.
[  174.615843][T10423] loop8: detected capacity change from 0 to 2048
[  174.683663][T10423] EXT4-fs: Ignoring removed mblk_io_submit option
[  174.768485][T10426] netlink: 'syz.1.2555': attribute type 13 has an invalid length.
[  175.237184][T10452] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2566'.
[  175.300016][T10452] loop4: detected capacity change from 0 to 256
[  175.317848][T10458] netlink: 'syz.8.2569': attribute type 3 has an invalid length.
[  175.338138][T10460] netlink: 'syz.6.2570': attribute type 13 has an invalid length.
[  175.365704][T10452] FAT-fs (loop4): codepage cp857 not found
[  175.376154][T10458] loop8: detected capacity change from 0 to 2048
[  175.399925][T10452] 9pnet: p9_errstr2errno: server reported unknown error �@��hQI���t
[  175.418707][T10458] EXT4-fs: Ignoring removed i_version option
[  175.438085][T10464] FAULT_INJECTION: forcing a failure.
[  175.438085][T10464] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.451193][T10464] CPU: 0 UID: 0 PID: 10464 Comm: syz.6.2571 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  175.451222][T10464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  175.451234][T10464] Call Trace:
[  175.451240][T10464]  <TASK>
[  175.451247][T10464]  dump_stack_lvl+0xf6/0x150
[  175.451271][T10464]  dump_stack+0x15/0x1a
[  175.451287][T10464]  should_fail_ex+0x261/0x270
[  175.451355][T10464]  should_fail+0xb/0x10
[  175.451412][T10464]  should_fail_usercopy+0x1a/0x20
[  175.451437][T10464]  _copy_from_user+0x1c/0xa0
[  175.451470][T10464]  copy_msghdr_from_user+0x54/0x2b0
[  175.451669][T10464]  ? __fget_files+0x186/0x1c0
[  175.451746][T10464]  __sys_sendmsg+0x141/0x240
[  175.451804][T10464]  __x64_sys_sendmsg+0x46/0x50
[  175.451831][T10464]  x64_sys_call+0x26f3/0x2e10
[  175.451849][T10464]  do_syscall_64+0xc9/0x1c0
[  175.451872][T10464]  ? clear_bhb_loop+0x25/0x80
[  175.451947][T10464]  ? clear_bhb_loop+0x25/0x80
[  175.451969][T10464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.452048][T10464] RIP: 0033:0x7f1db5b1d169
[  175.452059][T10464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  175.452074][T10464] RSP: 002b:00007f1db417f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  175.452089][T10464] RAX: ffffffffffffffda RBX: 00007f1db5d35fa0 RCX: 00007f1db5b1d169
[  175.452100][T10464] RDX: 00000000040000c0 RSI: 0000200000000080 RDI: 0000000000000005
[  175.452110][T10464] RBP: 00007f1db417f090 R08: 0000000000000000 R09: 0000000000000000
[  175.452120][T10464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.452130][T10464] R13: 0000000000000000 R14: 00007f1db5d35fa0 R15: 00007ffd4b51ef08
[  175.452146][T10464]  </TASK>
[  175.736040][T10469] loop6: detected capacity change from 0 to 2048
[  175.767605][T10469] EXT4-fs: Ignoring removed i_version option
[  175.929665][T10494] netlink: 'syz.1.2582': attribute type 3 has an invalid length.
[  175.942522][T10489] bridge0: port 3(vlan3) entered blocking state
[  175.948981][T10489] bridge0: port 3(vlan3) entered disabled state
[  175.955372][T10494] loop1: detected capacity change from 0 to 2048
[  175.962347][T10494] EXT4-fs: Ignoring removed i_version option
[  175.972410][T10489] vlan3: entered allmulticast mode
[  175.977650][T10495] loop4: detected capacity change from 0 to 128
[  175.977615][T10489] bridge0: entered allmulticast mode
[  175.990061][T10489] vlan3: left allmulticast mode
[  175.995051][T10489] bridge0: left allmulticast mode
[  176.103405][   T29] kauditd_printk_skb: 113 callbacks suppressed
[  176.103419][   T29] audit: type=1326 audit(1743897040.188:6395): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10513 comm="syz.8.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  176.138377][   T29] audit: type=1326 audit(1743897040.228:6396): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10513 comm="syz.8.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  176.162297][   T29] audit: type=1326 audit(1743897040.228:6397): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10513 comm="syz.8.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  176.186257][   T29] audit: type=1326 audit(1743897040.228:6398): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10513 comm="syz.8.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  176.210216][   T29] audit: type=1326 audit(1743897040.228:6399): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10513 comm="syz.8.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  176.234112][   T29] audit: type=1326 audit(1743897040.228:6400): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10513 comm="syz.8.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  176.258059][   T29] audit: type=1326 audit(1743897040.228:6401): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10513 comm="syz.8.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  176.262785][T10512] loop5: detected capacity change from 0 to 2048
[  176.281886][   T29] audit: type=1326 audit(1743897040.228:6402): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10513 comm="syz.8.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  176.288931][T10520] 9pnet_fd: Insufficient options for proto=fd
[  176.312083][   T29] audit: type=1326 audit(1743897040.228:6403): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10513 comm="syz.8.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  176.342179][   T29] audit: type=1326 audit(1743897040.228:6404): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10513 comm="syz.8.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f507cfcd169 code=0x7ffc0000
[  176.366794][T10512] EXT4-fs: Ignoring removed i_version option
[  176.439974][T10530] netlink: 'syz.8.2595': attribute type 3 has an invalid length.
[  176.466722][T10530] loop8: detected capacity change from 0 to 2048
[  176.473371][T10530] EXT4-fs: Ignoring removed i_version option
[  176.504024][T10544] netlink: 'syz.6.2594': attribute type 21 has an invalid length.
[  176.504088][T10542] SELinux: syz.1.2599 (10542) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  176.511854][T10544] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2594'.
[  176.560116][T10549] FAULT_INJECTION: forcing a failure.
[  176.560116][T10549] name failslab, interval 1, probability 0, space 0, times 0
[  176.572767][T10549] CPU: 1 UID: 0 PID: 10549 Comm: syz.1.2601 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  176.572841][T10549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  176.572851][T10549] Call Trace:
[  176.572856][T10549]  <TASK>
[  176.572862][T10549]  dump_stack_lvl+0xf6/0x150
[  176.572882][T10549]  dump_stack+0x15/0x1a
[  176.572895][T10549]  should_fail_ex+0x261/0x270
[  176.572919][T10549]  should_failslab+0x8f/0xb0
[  176.573010][T10549]  kmem_cache_alloc_noprof+0x59/0x340
[  176.573028][T10549]  ? getname_flags+0x81/0x3b0
[  176.573064][T10549]  getname_flags+0x81/0x3b0
[  176.573081][T10549]  __x64_sys_mkdirat+0x41/0x60
[  176.573164][T10549]  x64_sys_call+0x2ce3/0x2e10
[  176.573183][T10549]  do_syscall_64+0xc9/0x1c0
[  176.573207][T10549]  ? clear_bhb_loop+0x25/0x80
[  176.573225][T10549]  ? clear_bhb_loop+0x25/0x80
[  176.573243][T10549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.573320][T10549] RIP: 0033:0x7fac3890b9d7
[  176.573332][T10549] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.573347][T10549] RSP: 002b:00007fac36f76e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  176.573362][T10549] RAX: ffffffffffffffda RBX: 00007fac36f76ef0 RCX: 00007fac3890b9d7
[  176.573372][T10549] RDX: 00000000000001ff RSI: 00002000000000c0 RDI: 00000000ffffff9c
[  176.573406][T10549] RBP: 0000200000000240 R08: 0000200000000e40 R09: 0000000000000000
[  176.573416][T10549] R10: 0000200000000240 R11: 0000000000000246 R12: 00002000000000c0
[  176.573426][T10549] R13: 00007fac36f76eb0 R14: 0000000000000000 R15: 0000000000000000
[  176.573441][T10549]  </TASK>
[  176.745886][T10552] loop6: detected capacity change from 0 to 128
[  177.096254][T10574] bridge0: port 3(vlan2) entered blocking state
[  177.102568][T10574] bridge0: port 3(vlan2) entered disabled state
[  177.110422][T10574] vlan2: entered allmulticast mode
[  177.115636][T10574] bridge0: entered allmulticast mode
[  177.121647][T10574] vlan2: left allmulticast mode
[  177.126622][T10574] bridge0: left allmulticast mode
[  177.184158][T10577] SELinux: syz.8.2612 (10577) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  177.258024][T10584] loop8: detected capacity change from 0 to 512
[  177.264730][T10584] EXT4-fs: Ignoring removed nobh option
[  177.270799][T10584] EXT4-fs (loop8): blocks per group (95) and clusters per group (32768) inconsistent
[  177.280658][T10584] ==================================================================
[  177.288748][T10584] BUG: KCSAN: data-race in __find_get_block / has_bh_in_lru
[  177.296072][T10584] 
[  177.298411][T10584] read-write to 0xffff888237d26b30 of 8 bytes by task 10552 on cpu 1:
[  177.306579][T10584]  __find_get_block+0x430/0x8a0
[  177.311465][T10584]  bdev_getblk+0x30/0x3b0
[  177.315799][T10584]  __bread_gfp+0x52/0x280
[  177.320138][T10584]  __fat_write_inode+0x159/0x580
[  177.325091][T10584]  fat_write_inode+0xbd/0xd0
[  177.329685][T10584]  __writeback_single_inode+0x340/0x850
[  177.335230][T10584]  writeback_single_inode+0x16c/0x3f0
[  177.340609][T10584]  sync_inode_metadata+0x60/0x90
[  177.345549][T10584]  __generic_file_fsync+0xed/0x140
[  177.350853][T10584]  fat_file_fsync+0x46/0x100
[  177.355449][T10584]  vfs_fsync_range+0x116/0x130
[  177.360234][T10584]  generic_file_write_iter+0x1cc/0x310
[  177.365690][T10584]  iter_file_splice_write+0x5f2/0x980
[  177.371066][T10584]  direct_splice_actor+0x160/0x2c0
[  177.376189][T10584]  splice_direct_to_actor+0x305/0x680
[  177.381571][T10584]  do_splice_direct+0xd9/0x150
[  177.386340][T10584]  do_sendfile+0x40a/0x690
[  177.390758][T10584]  __x64_sys_sendfile64+0x113/0x160
[  177.395955][T10584]  x64_sys_call+0xfc3/0x2e10
[  177.400574][T10584]  do_syscall_64+0xc9/0x1c0
[  177.405083][T10584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.410996][T10584] 
[  177.413322][T10584] read to 0xffff888237d26b30 of 8 bytes by task 10584 on cpu 0:
[  177.420943][T10584]  has_bh_in_lru+0x35/0x1f0
[  177.425459][T10584]  __lru_add_drain_all+0x23f/0x3f0
[  177.430581][T10584]  lru_add_drain_all+0x10/0x20
[  177.435350][T10584]  invalidate_bdev+0x47/0x70
[  177.439946][T10584]  ext4_fill_super+0x1551/0x3580
[  177.444886][T10584]  get_tree_bdev_flags+0x2b4/0x330
[  177.450019][T10584]  get_tree_bdev+0x1f/0x30
[  177.454451][T10584]  ext4_get_tree+0x1c/0x30
[  177.458859][T10584]  vfs_get_tree+0x56/0x1e0
[  177.463276][T10584]  do_new_mount+0x246/0x6b0
[  177.467781][T10584]  path_mount+0x49b/0xb30
[  177.472111][T10584]  __se_sys_mount+0x28f/0x2e0
[  177.476799][T10584]  __x64_sys_mount+0x67/0x80
[  177.481400][T10584]  x64_sys_call+0xd11/0x2e10
[  177.486007][T10584]  do_syscall_64+0xc9/0x1c0
[  177.490521][T10584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.496412][T10584] 
[  177.498731][T10584] value changed: 0x0000000000000000 -> 0xffff888106620e38
[  177.505828][T10584] 
[  177.508142][T10584] Reported by Kernel Concurrency Sanitizer on:
[  177.514284][T10584] CPU: 0 UID: 0 PID: 10584 Comm: syz.8.2615 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(voluntary) 
[  177.526431][T10584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  177.536492][T10584] ==================================================================
[  177.680785][T10584] IPv6: Can't replace route, no match found