last executing test programs:

7.257881476s ago: executing program 1 (id=3675):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
sendmmsg(r0, &(0x7f00000005c0), 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}, 0x3c1}], 0x1, 0x42, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r3, &(0x7f0000000140)='2', 0x1, 0x8080c61)
ioctl$KDGKBSENT(r3, 0x4b48, &(0x7f0000000080)={0x0, "914a43e4734c552bb58f85ed57aa44e4ce30a0c8fba2da870eedfa188d599c0297f6115ce15a7fc28527fa7c3c94e61c70a5ed796003272a111000be215b1a59686b6b91304fb3149dc39205f01877a69c889c5601971bd80715d341066c6f77e667c272d2dafcb7c9843b4093c89a21331d3de38b23a251b22938efc92e976e5966786712612f3d932214d22a763e83061579f2adb2cef64f4f0f787ab3e438b52d3f27b8eaeb92d70209edac86ff62004c9102c9d8d06373faa5d89c93b5d56c710ccf51e753d1e60dcc6a1de8e1759494d6ed82d636b9a4b4ad43d918d4bdd09cefd09ebb960a668e6bdcdde72c201383e19a396b79f530c54bbf664134b5c2cca45a7d8992bdb2c87e0f1bb1de1977bce6bc782ed96df16528de89a4510b80cb0824af732edba5c5607f774a1148d9862e012b68027e40192105801f2e9952d83d3083a2b03a60cc7ef9c24368a7f213384fd6ed054cf411dd2d0d44bb99bc2a32569b7b93753db5aee8c7fe2a31593c10c861d4e33b1ecd30879a96640f6a978d76bbd0ed58b32d8d4b5b82915d014a5321cabfc97795fbc29dc1a3b3c8a06979b802fe43469eaa19ad8e6d52e0575fbfe30383a7931443b23de53f4701439a10ce5030e074a75b65536c197f9c4b66fef15e878afd170a063f3e96d141fc119235e4897db09bc01d892498ebdc9129b2f995ce135672aa5eae96823294"})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700))
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8df4a2effffffb703000008000000185083460680607b1f817d9bb70400000000000085"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000003c0)='kfree\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r7, @ANYBLOB="8b33000000000000000015"], 0xb8}}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000000)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16, @ANYBLOB="050428bd7000fcdbdf250100000008000100", @ANYRESOCT, @ANYBLOB="4400028040000100240001006d6f646500000000000000f7ffffffffffffff0000000000000000000000000005000300050000000e000400"], 0x60}, 0x1, 0x0, 0x0, 0x24000405}, 0x20054884)
r8 = syz_genetlink_get_family_id$fou(&(0x7f0000000440), r6)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000009c0))
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r9, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef289a630182700008"], 0xffdd)
sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r8, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@FOU_ATTR_PORT={0x6, 0x1, 0x4e20}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4004000)
r11 = syz_open_dev$ptys(0xc, 0x3, 0x1)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000600)={r12, 0x0, 0x0}, 0x20)
ioctl$PIO_CMAP(r11, 0x4b71, &(0x7f0000000300)={0x5, 0x1, 0x2, 0x4, 0xe000000, 0xffffffffffff0000})

7.107659185s ago: executing program 1 (id=3680):
r0 = shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000)
shmdt(r0)

7.074516405s ago: executing program 1 (id=3682):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
unshare(0x2040400)
r2 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
unshare(0x2000400)
close(r2)

7.073866786s ago: executing program 1 (id=3683):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
syz_emit_ethernet(0xca, &(0x7f0000000380)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000bc0000000000019078ac1e0001ac1414bb0c00907800000000480000000000000000880000ac1e0001ac1414aa0703dd000dee0dd9de36ed4bcc5b4e23440c00030000000000000000890f0000000000ffffffffffffffff444cfe0164010101000000017f00000100000000e000000200000000ac1e0101000000007f000001000000000000000000e61334fe908e28a8903d61000000ac1e000100000000ffffffff00000000ffffffff00000000441400000000000200000000000000ab0000000000"], 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="4401000000080104000000000000000005007a3000000000060002408864000005000300060000000600024004000000090001007300000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000004)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x3)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0x1276, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
write$tun(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000a00ffffffffffffaaaaaaaaaaaa08004500002b0064000000069078ac141403ac1e01014e200000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000010907800001c0006"], 0x3d)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x303}, "000000009b993e68", "75df9868592b9fd3ccfffffffffffff7", ')\x00\x000', "00000011000a00"}, 0x28)
r3 = epoll_create1(0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x1000410, &(0x7f0000000040)={[{@barrier_val={'barrier', 0x3d, 0x7}}, {@i_version}]}, 0x4, 0x504, &(0x7f0000019940)="$eJzs3c9vG1kdAPDvOHGTZt1NF/YACNiyLBRU6vzobrRaDnQvILRaCbFCQuLQDYk3imLXUZwsTcghPXJHohIn+BO4cUDqiQM3bnDjUg5IBSJQg8Rh0IyniZvEdWiTeGt/PtJ45r1x/H3PznvP8xznBTC0rkTETkRciIgPI2KyyE+KLW62t+x+j3a3F/Z2txeSSNMP/pHk57O86PiZzEvFY45HxPe/E/Hj5Gjc1ubWyny9Xlsr0lPrjdWp1ubW9eVSkTM7NzM3/faNt2ZPra6vNX7z8NvL7/3gd7/9woM/7nz9p1mxKj+7lJ/rrMdpale9HJWOvNGIeO8sgvXJaPH7w4sna22fiojX8/Y/GSP5qwkADLI0nYx0sjMNAAy67Pq/EkmpWswFVKJUqlbbc3ivxkSp3mytX5tsbtxejHwO63KUSx8t12vTxVzh5SgnWXomPz5Izx5K34iIVyLi52MX83R1oVlf7OcbHwAYYi8dGv//PdYe/wGAATfe7wIAAOfO+A8Aw8f4DwDD5/8Y/307EAAGhOt/ABg+xn8AGD49x/+751MOAOBcfO/997Mt3Sv+//Xix5sb36x8fH2x1lqpNjYWqgvNtdXqUrO5VK9VF9K01+PVm83VmTf3k63NrVuN5sbt9VvLjfml2q1a+YzrAwD09spr9/+cRMTOOxfzLTrWcjBWw2ArPZE6ZqEeYGCN9LsAQN/4Pg8MrxNc45sGgAHX68q/658I3bP4K7yorn7W/D8Mq1K/CwD0zbPN/3/r1MsBnD/z/zC80jSx5j8ADBlz/MCzfP7/wyg+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAhVcm3pFTN1wLfyW5L1WrEpYi4HOXko+V6bToiXo6IP42Vx7L0TL8LDQA8p9LfkmL9r6uTb1QOn72Q/Gcs30fET375wS/uzK+vr81k+f/cz1+/V+TPXuhHBQCATjePZrXH6WLfcSH/aHd74fF2nkV8+G57cdEs7l6xtc+Mxmi+H49yREz8KynSbdn7lZFTiL9zNyI+c1D/Ox0RKvkcSHvl08Pxs9iXziD+wfOfRJqm6UH80hPxS3nZsn05fy4+fQplgWFz/912P5m1u4u721kTK9pfKa7k++Pb/3jeQz2/x/3f3pH+r7Tf/40ciZ/kbf7KfvrpJXn45u+/eyQznWyfuxvxudHj4if78ZMu/e8bJ6zjXz7/xde7nUt/FXE1jo/f1si72an1xupUa3Pr+nJjfqm2VLs9Ozs3Mzf99o23ZqfyOer27R+Oi/H3d6693C1+Vv+JLvHHe9T/Kyes/6//++GPvvSU+F/78vGv/6tPiZ+NiV89Yfz5iZvHLd+9H3+xS/17vf7XThj/wV+3Fk94VwDgHLQ2t1bm6/XaWo+D7L1mr/s4eDEPYifinIN+YzziE1F3B90O+t0zAWftoNH3uyQAAAAAAAAAAAAAAEA3rc2tlbE4268T9buOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADK7/BQAA//+TAtDE")
r5 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
write$binfmt_register(r5, &(0x7f0000000000)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x7, 0x3a, 'M', 0x3a, 'M', 0x3a, './file2', 0x3a, [0x50, 0x46]}, 0x2b)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
close(r4)
socket$rds(0x15, 0x5, 0x0)
setsockopt$sock_int(r4, 0x1, 0x2e, &(0x7f0000000040)=0x8001, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000080)={0xa002a008})
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000280)={<r7=>0xffffffffffffffff}, 0x2, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r6, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000240), 0x2, {0xa, 0x4e20, 0xfffffe01, @private1={0xfc, 0x1, '\x00', 0x1}, 0x6}, r7}}, 0x38)
socket$netlink(0x10, 0x3, 0x8000000004)

6.763375204s ago: executing program 1 (id=3689):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
unlink(0x0)

6.384050703s ago: executing program 1 (id=3697):
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000040)={{}, {0x0, 0x8}, 0x0, 0x6})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fc0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0xfffffffffffffcc8, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000000000000085"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

6.383468793s ago: executing program 32 (id=3697):
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000040)={{}, {0x0, 0x8}, 0x0, 0x6})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fc0f00000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0xfffffffffffffcc8, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000000000000085"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.357275078s ago: executing program 5 (id=3784):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
syz_emit_ethernet(0xca, &(0x7f0000000380)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000bc0000000000019078ac1e0001ac1414bb0c00907800000000480000000000000000880000ac1e0001ac1414aa0703dd000dee0dd9de36ed4bcc5b4e23440c00030000000000000000890f0000000000ffffffffffffffff444cfe0164010101000000017f00000100000000e000000200000000ac1e0101000000007f000001000000000000000000e61334fe908e28a8903d61000000ac1e000100000000ffffffff00000000ffffffff00000000441400000000000200000000000000ab0000000000"], 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="4401000000080104000000000000000005007a3000000000060002408864000005000300060000000600024004000000090001007300000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000004)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x3)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0x1276, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
write$tun(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000a00ffffffffffffaaaaaaaaaaaa08004500002b0064000000069078ac141403ac1e01014e200000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000010907800001c0006"], 0x3d)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x303}, "000000009b993e68", "75df9868592b9fd3ccfffffffffffff7", ')\x00\x000', "00000011000a00"}, 0x28)
epoll_create1(0x0)
socket$unix(0x1, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x1000410, &(0x7f0000000040)={[{@barrier_val={'barrier', 0x3d, 0x7}}, {@i_version}]}, 0x4, 0x504, &(0x7f0000019940)="$eJzs3c9vG1kdAPDvOHGTZt1NF/YACNiyLBRU6vzobrRaDnQvILRaCbFCQuLQDYk3imLXUZwsTcghPXJHohIn+BO4cUDqiQM3bnDjUg5IBSJQg8Rh0IyniZvEdWiTeGt/PtJ45r1x/H3PznvP8xznBTC0rkTETkRciIgPI2KyyE+KLW62t+x+j3a3F/Z2txeSSNMP/pHk57O86PiZzEvFY45HxPe/E/Hj5Gjc1ubWyny9Xlsr0lPrjdWp1ubW9eVSkTM7NzM3/faNt2ZPra6vNX7z8NvL7/3gd7/9woM/7nz9p1mxKj+7lJ/rrMdpale9HJWOvNGIeO8sgvXJaPH7w4sna22fiojX8/Y/GSP5qwkADLI0nYx0sjMNAAy67Pq/EkmpWswFVKJUqlbbc3ivxkSp3mytX5tsbtxejHwO63KUSx8t12vTxVzh5SgnWXomPz5Izx5K34iIVyLi52MX83R1oVlf7OcbHwAYYi8dGv//PdYe/wGAATfe7wIAAOfO+A8Aw8f4DwDD5/8Y/307EAAGhOt/ABg+xn8AGD49x/+751MOAOBcfO/997Mt3Sv+//Xix5sb36x8fH2x1lqpNjYWqgvNtdXqUrO5VK9VF9K01+PVm83VmTf3k63NrVuN5sbt9VvLjfml2q1a+YzrAwD09spr9/+cRMTOOxfzLTrWcjBWw2ArPZE6ZqEeYGCN9LsAQN/4Pg8MrxNc45sGgAHX68q/658I3bP4K7yorn7W/D8Mq1K/CwD0zbPN/3/r1MsBnD/z/zC80jSx5j8ADBlz/MCzfP7/wyg+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAhVcm3pFTN1wLfyW5L1WrEpYi4HOXko+V6bToiXo6IP42Vx7L0TL8LDQA8p9LfkmL9r6uTb1QOn72Q/Gcs30fET375wS/uzK+vr81k+f/cz1+/V+TPXuhHBQCATjePZrXH6WLfcSH/aHd74fF2nkV8+G57cdEs7l6xtc+Mxmi+H49yREz8KynSbdn7lZFTiL9zNyI+c1D/Ox0RKvkcSHvl08Pxs9iXziD+wfOfRJqm6UH80hPxS3nZsn05fy4+fQplgWFz/912P5m1u4u721kTK9pfKa7k++Pb/3jeQz2/x/3f3pH+r7Tf/40ciZ/kbf7KfvrpJXn45u+/eyQznWyfuxvxudHj4if78ZMu/e8bJ6zjXz7/xde7nUt/FXE1jo/f1si72an1xupUa3Pr+nJjfqm2VLs9Ozs3Mzf99o23ZqfyOer27R+Oi/H3d6693C1+Vv+JLvHHe9T/Kyes/6//++GPvvSU+F/78vGv/6tPiZ+NiV89Yfz5iZvHLd+9H3+xS/17vf7XThj/wV+3Fk94VwDgHLQ2t1bm6/XaWo+D7L1mr/s4eDEPYifinIN+YzziE1F3B90O+t0zAWftoNH3uyQAAAAAAAAAAAAAAEA3rc2tlbE4268T9buOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADK7/BQAA//+TAtDE")
openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)

2.015401977s ago: executing program 5 (id=3793):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x6f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

1.611843965s ago: executing program 5 (id=3798):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_emit_ethernet(0x4e, &(0x7f0000000200)={@local, @random="1d41cb7c88e3", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

1.591162195s ago: executing program 5 (id=3800):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@restrict, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x3}]}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}]}}, &(0x7f0000001b80)=""/4090, 0x46, 0xffa, 0xa, 0x0, 0x0, @void, @value}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f00000004c0)={0x4, &(0x7f0000000380)=[{0x9, 0x1, 0x2, 0xfffffff6}, {0x8, 0x7, 0x5, 0xfffffffa}, {0x5, 0x9c, 0x4, 0x854}, {0x400, 0x5, 0x5, 0x8}]})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r1 = perf_event_open$cgroup(&(0x7f0000000440)={0x5, 0x80, 0x8, 0x2, 0x0, 0x0, 0x0, 0xa7b, 0x0, 0x4, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0xc32c, 0x4, @perf_bp={&(0x7f0000000300), 0x5}, 0x10008, 0x7, 0x8000, 0x4, 0x10001, 0x0, 0x8, 0x0, 0x1ff, 0x0, 0x3}, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x3c, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x1000, 0x3, 0xfffe, 0x0, 0x0, 0xfffffffa, 0x8000, 0x0, 0x1}, 0x0, 0xffffffffffffffff, r1, 0x2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="250000000000000000000100000000000000014100000018001700000000000000007564703a73"], 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @remote}}, 0x5, 0x0, 0x0, 0x2}, 0x9c)
r3 = syz_io_uring_setup(0x466c, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000001340)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r3, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

1.423928385s ago: executing program 5 (id=3801):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x2a}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
chroot(&(0x7f00000004c0)='./file0\x00')
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x47, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x2, @perf_config_ext={0x100, 0x2ee}, 0x15800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x986, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000008000000010000000300009302000000030000000100000000050000007b35005f5f5f61305f000000000000000000000000000000000d8a9df59fe7fd514507594ed7a528e6ed74a753562c6ad0c2913815146a24142b805d47850f2f937677b6d79d6d513ec1dc079795e5cd39af6db5cb98033a3aa96e3b"], &(0x7f0000000680)=""/95, 0x50, 0x5f, 0x1, 0xfffffff1, 0x0, @void, @value}, 0x28)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000340)=<r3=>0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x8, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@privport}, {@privport}, {@fscache}], [{@uid_eq={'uid', 0x3d, r3}}, {@dont_hash}, {@appraise}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@permit_directio}]}})
r4 = dup(r1)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x62000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100000, 0x0, 0x0, 0x6, 0x3, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000300)=0x49b9, 0x4)
sendmmsg$inet6(r5, &(0x7f0000002c80)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x3}, 0x1c, 0x0}}], 0x1, 0x4008080)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_TP_METER(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)={0x30, r7, 0x3196aee33d918dfd, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8}]}, 0x30}}, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x3ff}}, 0xfffffe28)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dc4a)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./bus\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x786, &(0x7f0000001900)="$eJzs3d1rW+UfAPDvSdt16/b7tYLgy40FQQtjrZ11U1CYeCGCg4Feu4U0K7NpM5p0rKWgQwRvBBUvBL3ZlRe+zDtvfbnV/8ILcUzthhMvpHLSky1dky7t2qTazwdO8zznpPk+35y3JzkPJwHsWcPpn1zEQxHxXhIxmM3viYi+Wqk34sTq824uLxXSKYmVlVd+SyKJiBvLS4X6ayXZ48Gs8mBEfPd2xOHc+riVhcXpfKlUnMvqY9WZ82OVhcUj52byU8Wp4uyx8YmJo8efOn5s+3L948fFQ1fff/HxL0/89dYDV979PokTcShb1pjHlj23tjocw9l70pe+hWu8cM/Bdpek2w1gS3LZvt4b6TFgMHpqJQDgv+yNiFgBAPaYxPkfAPaY+vcAN5aXCvWpu99IdNa15yNi/2r+9eubq0t6s2t2+2vXQQduJGuujCQRMbQN8Ycj4pOvX/s8nWK7rkMCtOHNSxFxZmh4/fE/WTdmYbOe2GDZvuxx+I75aXxXoKEzvkn7P0836//lbvV/okn/p7/JvrsVzfb/NTMObEOQDVz7NOLZhrFtNxvyzwz1ZLX/1fp8fcnZc6Viemz7f0SMRF9/Wh/fIMbI9b+vt1rW2P/7/YPXP0vjp4+3n5H7pbd/7f9M5qv5e8m50bVLEQ/3Nss/ubX+kxb931NtxnjpmXc+brUszT/Ntz6tzz+y0Uk7Y+VyxGNN1//tEW3JhuMTx2qbw1h9o2jiq58+GmgVv3H9p1Mav/5ZoBPS9T+wcf5DSeN4zcrmY/xwefDbVsvunn/z7X9f8mqtXO9HXMxXq3PjEfuSl9fPP3r7fy/mH8lKq89P8x95tPn+v9H2n34mPNNm/r1Xf/1i6/nvrDT/yU2t/80Xrtyc7mkVv731P1ErjWRz2jn+tdvAe3nvAAAAAAAAAAAAAAAAAAAAAAAAAKBduYg4FElu9FY5lxsdXf0N7/tjIFcqV6qHz5bnZyej9lvZQ9GXq9/qcrDhfqjj2f3w6/Wjd9SfjIj7IuLD/gNJ/T6Kk13OHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqDrb4/f/Uz/3dbh0AsGP2d7sBAEDHOf8DwN7j/A8Ae0975/+eHW8HANA5Pv8DwN7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAOO3XyZDqt/Lm8VEjrkxcW5qfLF45MFivTozPzhdFCee786FS5PFUqjhbKM3d7vVK5fH4iZucvjlWLlepYZWHx9Ex5frZ6+txMfqp4utjXkawAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYHMqC4vT+VKpOKewhcLK7mhG9ws92ea0W9rT0UKyO5qxzYUuH5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/iX+CQAA//+wsCFl")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB='\x00'/12, @ANYRES32=0x0, @ANYRES32], 0x48)

1.423095625s ago: executing program 4 (id=3802):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x8}, 0x18)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000300), 0x111, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x111}}, 0x20)
close_range(r2, 0xffffffffffffffff, 0x0)

1.383056645s ago: executing program 4 (id=3803):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0)
rt_sigprocmask(0x300, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)

1.347187195s ago: executing program 4 (id=3805):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x18)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x68}, 0x1, 0x0, 0x0, 0xffffffff}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

1.184899184s ago: executing program 0 (id=3808):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r1)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x50, r2, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @local}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, 0x50}}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000014c0)=[{{&(0x7f0000000500)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x3}, [@bcast, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null]}, 0x80, &(0x7f0000000c40)=[{&(0x7f0000000680)="0d39773e61e527f34abfa23365ce4e2c07981f6b4430e1cfc4603d0e3f08ee89fc14bad90072afd2d7a0c959fb586319da6f5aec87ad43d15cf4df19c65aeb971ceac00daf3fbeb27956d0f0627009a9185cd77b7f9e3de78a0b5291a0b96cfec399d13b10aeb1d23f0d17016411f6ffb6dede1f4da5", 0x76}, {&(0x7f0000001580)="ed91b7dd8990b9c791dd7f53d5d2400423e3f7cb9c7c2b1e263f5401a4e8117129be97da814084ac4b5c9781c6045e63500d17563c55356edea3f1ce4afd0b52632a3db9393a0da4130b501e912f2970f3e7118903c71064dd16db3e3d61499855c21a7203a6f970b4ad300e1e2567a04a5a095733dfabbb9473924770ab2fece6a97e11c0e38869dc7d821de325cff6c087700ecd4d03e677268529b671e0683676feb016edf3eeef291e87189d3f94bb53d2d57d188c8a", 0xb8}, {&(0x7f0000000a00)="45adb9cdb4af809483cc08badf7a29c09ca364836f55ab4da5c1afb0f70c7d31b143f3b67fd8d57639ac0546721d7d2007d5d19b88be29bd76a009388a9fb2fc172a57f8c12e1095fc605f5d52cb3e1405c8a25982460d8ef845a79a7e03af7dd47ce3e13725ec39b4dac015519ff572b0557cef8e9214ee88aa872d0a7820e45b342a08e5a712272dc8a4463a600bbfb4da05180a505714792d21159eb9e55373c1fd4143e1de3a456c9457af82b1572c978dad70d072630d1e78e70bb263c1b2ab50cb55b57bf3125e7abf", 0xcc}, {0x0}, {&(0x7f0000000580)="1346176e8e076b4e7ef0", 0xa}, {&(0x7f0000000b00)="b16aa1c79e7742a35534bc86306d27fa382fb1237c907e37bde96f4adf16d9363d75210b3a4487d90ddf9188c151e9a495fcc5cd68c5642a064c4479b26ec6fd2e998a880bee5f7a39cdadb7c6c24899fe4e615fd3e9e4dcc4843f105fbd922f5d3708154fa9bd84d971281a7410ee3c07fae024b5a7f5a94bc7dcb331930d066a15fca9773823c85a25187f59658e52be059b08359d0ae7e9a67b3938284601016426d9aad6c297b27eeed6", 0xac}, {&(0x7f0000000700)}, {&(0x7f0000000900)="73ec20bc50327bc8fc08b010daef2839515098a2e5def1b578cd11bf602894b1dd191f0cd8f61a59b4f66d546a26cc0954f9ae04959895d4d00270c2a3b049ae350d7e4ffbae03f6f6ef49224ae18ac5c5239e9a56b02d33eb79d8cb5bea06c7992692a5d798811a26642d842208e7d404132a017a45a466ec55f90db50c273927515f8d8496d7e8527360870979043791ec1deff86c7bac9d534d", 0x9b}, {&(0x7f0000000c00)="8af99ad4aecf49aa9e78b47d48d0fd3774d797ccae16e79d92d726a7dffa593e6fd5e5", 0x23}], 0x9}}, {{&(0x7f0000001300)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-aes-ce\x00'}, 0x80, &(0x7f0000001480), 0x0, &(0x7f0000003200)=[{0x30, 0x10e, 0x3, "e6991895edbeddea4e9528a37a80ce8d597517c5faea482a818089f96f8a"}, {0x778, 0x109, 0x9, "22f72e2f44dedf9e6e78db380a5a9bbcc590733cd217dd416f179e5c95c8efb9593e096d131a85dc717d0188f40af77f4edd2113b3a36d89216f28c25d4e922103833d8b5a701f0789bc914753e32385a01243a9b5649ee8b0ff2d47123285ff8d7d89ddd60375490d3baa3438576680c58c29f30852dcaca1fd4ee613d7bf75dab80a5e9a02fb98ccf7395e1cecb47444122ae6d807b2c396a925b25008ccc2503987f2b314da330ea2281184172600dc2a617970ffb35528eca8bcaace3e080eacef8f670c42982a52e660789b19c4f94889d8433021cc0c1f09ee1c8acc65f69ca18ed2d67ad3d948d971d16593a423b562f0515f560082ce38d49767404180bd002ab35447751273daf95739100a891f3f7252d8689a5ea64e7be23c467de889094856881d911e0570b4ee510c240b20f9f954cb12e3192e167a09b28da74e1a8f695763bf943102261dc9ef632953f6c2366e9e4339b28d83eb7a61a729ef7e8cd5bc58a2a55f65bd99d043991aac489fea334213b22fa6533f22f63550cf5ab5cc6e88206a05161414e1fd20eaf75a4104cd2525d284a15b9a642a2dadf1a524c139059ba9298ff45a5262edc36a0d79a8f43376c58d52626f8726959a2732488ced1f5fd8ad3c44b3b29f418d5a3db6d76bffd53ac0524ed9714b4ba0c6433944de12bb4776ce9b3c5508cb05d505b003d3af50aaa945f1b44faf85f2eb58a6c0bd49ee9b6ef1de41d72d8c35acae34b431534357ffe7496d771ec1c98e0152e2a6781b71cacf2b758a77c73c019e6e2a757743b314466da820ea042a31b2beba15c75a2fa4955211ab89115fc220a7df4b3459697a18d917639fe88620812507144e3db1b28dc58d45151d6cba63bb5eed999a11bdfdc15262bffdf258b6b6b304b81f8430302e48491a76832ef06e6870db1241da2ed97262731f236d35e69b75ed2cae8f16e8ae7d87afcec0354fda26d7ee4ca857d6068dd7627b40f3eb50ac697c830037879bc7eda65a27512650decacb01d6fb23578b72151c45659c51da6798a231f9b06bc626c090b2f12a114c91d552f09c81ec4522ca1c3e5cf76318ade25f4dd15776cb76b0611d4dd217c0709f178716ad881016369ae29c3d9bc074eb6ea9e647c10890e3ba1118d99513c7452791d3be48ff57ddbdd8a32c4101f04b1dfbedb83f0eb38f28e093a30f196cc7ddfedd69ea78ebcb911dc24b5a3393aa6cdc5412315173a972a560f377df7de99c570108a8ca8b9305f6c4ab11e70b2bb9162eb1b0a46ee4091252af0a7f179c38b246ab38fad7c1c49ebd59c5cb306f4443004ca361c69d7319306b543ab826de3c1201630f24b19e4d4c0a0b32c87d4db166f0a74a26f10fc4e0de1e93c01bac2a5476aa91fc3e75b4dc1d95d9fe34d118eb100455ac5c0d76876a6976ff3a1d448d941595f3d3b236d7b36316e73affe1e4f6d34f32e53529b805eb978e7270b1b041de9c6111d89465d9c0371f494c53cbca5f2852a390d89973a99b96afacc0f8c0b80d5430aafe4a5cb7a8ce0fbbf62d0f1351cb5cb2c289a6fff0519af462eda208ee93a67b8187546159070835cedc1e40170421774052777dae76eaa95326c28a50123c3873f7429aeffbeeb36c8376931f92c795a365ef20892bbe3fff84d7d19ba99915bcd10cc5d2da4740cd055756c10b3783e5459ca5fa2599e95d1d18af424a4cbdf53f3780a37869d96c02a047782d916c0108abf7a4cdd93b4b73b9536648194ac57a93e3d7b3444bdc599cc0c4077f6c6523458e71ec400ffff15d727875cfca425d22df56a3aec9332c3b129d44c294e785b1d93a0533e357b8eb83abb1ad25281509b154131272a7394b08cb43bb3829bab6b78a02212048772355d13d6ee8f674ea4e113439e0a6716386dfcee4e39c285ba8497e21ff57781955351be79b0ebaedbeacd3b0e8c6b9636e7e9ff5c4c8539f14d1f81e8f4c7c652f564d9f03147eee38f199e5948f9be7ca1b34cd4d504d8d5562352380872acc76ebfc50a038d0a6f010d448ba2db8c3e5852ad17aa85fe025319ab7461d36efd0418c9d554630a0cf39a491763e6f4f6922ecbcf11ee9b617fd8c14c1da74aa6bd30b338730ad1a9202d086ef69fd235ec14b522c9c758513fa73ebf7928791969886cc1d2abfe811bee030830f4c94bf3815e8e9faaeb15d977d82eadc358f4b374fe30fe0f290e4a1b853e44a485f36aa9dc0710506339d7270bf3dc61ee3dd040ab97015475090b6bfd4390b587c79012e4be56f60de604d4b527d6d3a87f87ab2801bba4f8b7290837d02e44e4b68871a51115413a5844d1f436298089800cf8f778a29a113d6341b45725b16dc8d81f9de789d87288acea045a58c5054f51f4cdfcb98ac05352471f01aae973e1d4148ae1329dfcf9742abc9aba7d0c0b2792ca65301fdc03a2d39d086233c7707d46204dea7bdad4e46234de59c00f99f7c5e2430e96083a612ec4080455108c9fd9ba0d7ec1fcda3bec10f867440cfbe075a600ffda93a57ed42b3b9fceade53a2cf0ab163c665e33758ca8da127fbd70985d2dd28322e55d50157eeec7d7d0879c9bbe5188bea35b17af39e57049bc67fc3e886ec99ea0a50b6bc9c9662dfa7e584771f935ad5c17cf6ced42b69caf4eed1f88e4292403504fc1586"}, {0x10, 0x108, 0xa7}], 0x7b8}}], 0x2, 0x0)
sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)={0x5c, r2, 0x100, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_FD={0x8, 0x17, @udp6=r3}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0x3}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x3}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x9b}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @remote}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @remote}]}, 0x5c}}, 0x20000800)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=@base={0xa, 0x2, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$cgroup_pid(r5, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={0x0, 0x27c}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r9}}, 0x24}}, 0x0)

1.177193474s ago: executing program 4 (id=3810):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6aab, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000080), 0x5, 0x0)
read$msr(r4, &(0x7f0000000180)=""/174, 0xae)
sendmsg$nl_route_sched(r2, 0x0, 0x800)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r5, 0x0, 0x0, 0x24000080, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
readv(r6, &(0x7f0000000040)=[{&(0x7f0000000000)=""/59, 0x3b}], 0x1)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
sendto$inet6(r6, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

1.104913163s ago: executing program 0 (id=3812):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000000000000000000000400000000000000", @ANYRES32=0x1, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000000200000004000000040000d0bad048881b241421113cb670"], 0x50)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000240)={'syztnl2\x00', <r1=>0x0, 0x2f, 0x81, 0xc9, 0xd3d, 0x9, @private2, @mcast2, 0x700, 0x10, 0x6, 0x5}})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000002c0)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff}, './file0\x00'})
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000380)={0xffffffffffffffff}, 0x4)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="020000000400000003000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{0x1, <r5=>0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)='%pK    \x00'}, 0x20)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000500)={0xffffffffffffffff, 0x5, 0x8}, 0xc)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r8}, 0x10)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448d4, &(0x7f0000000080)={0x0, 0x200, "00fa00"})
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a03000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000180003801400010076657468305f746f5f6873720000000008000240000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f6873720000000014000100636169663000000000000000000000001400000011000100"], 0xfc}, 0x1, 0x0, 0x0, 0x804}, 0x40000)
r11 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000580)=@o_path={&(0x7f0000000540)='./file0\x00'}, 0x18)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x3e, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000200000000000000", @ANYRES32, @ANYBLOB="ff7f00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000000050000000100000200"/28], 0x50)
r14 = syz_open_procfs(0x0, &(0x7f0000000240)='pagemap\x00')
r15 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_tables_names\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="74c201caa42f59f17d5364b46b936f", @ANYRESHEX=r15, @ANYBLOB=',wfdno=', @ANYRESHEX=r14, @ANYBLOB=',\x00'])
pipe2(&(0x7f0000001cc0)={<r16=>0xffffffffffffffff, <r17=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r16, @ANYBLOB="1954284e0c0000", @ANYRESHEX=r17, @ANYBLOB="2c756e616d653dd0aedec1aa20ffd81d1bf89329217cb058a396eda2ab40a26d93dd083c0074dcab6cab21ae16c4cdf97bdc355f3b41d27b654301345cb3c4cec37953322d01beaa7257964fd30fe2d72f171da72e389f382dea3c8d91906aead5d5aeccc097ef1092ea987c2b00000000000000002c00"])
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0x1d, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000001000000000009000900000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000185700000d00000000000000000000001839000001000000000000000000000018340000040000000000000000000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ff0700008500000006000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xda38df8df6abe52a, '\x00', r1, @sk_skb=0x26, r2, 0x8, &(0x7f0000000300)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000340)={0x4, 0x6, 0x101, 0x9}, 0x10, 0x0, r3, 0x4, &(0x7f0000000640)=[r4, r5, r6, r9, r11, r12, r13, r15], &(0x7f0000000680)=[{0x4, 0x4, 0xd, 0x6}, {0x4, 0x2, 0xd, 0x5}, {0x5, 0x3, 0xb, 0x2}, {0x5, 0x5, 0x1, 0xc}], 0x10, 0x4, @value=r16}, 0x94)
r18 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r18, &(0x7f0000000480)={0x0, 0xffffffffffffffa7, 0xfa00, {0x1, &(0x7f0000000440), 0x13f, 0xa}}, 0x20)

1.041634564s ago: executing program 0 (id=3813):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x8}, 0x18)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000300), 0x111, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x111}}, 0x20)
close_range(r2, 0xffffffffffffffff, 0x0)

1.032137703s ago: executing program 4 (id=3814):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000040000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x100000000}, 0x18)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
flock(r1, 0x5)
r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r2, 0x1)
flock(r2, 0x2)
dup3(r2, r1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x3b, 0x1, 0x0, 0x0, 0x0, 0x89, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x2, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsetxattr$security_selinux(r3, &(0x7f0000000080), &(0x7f0000000140)='system_u:object_r:dhcp_state_t:s0\x00', 0x22, 0x400000000000000)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f0000000040)='kfree\x00', r5}, 0x18)
socket$inet6(0xa, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
clock_adjtime(0x0, &(0x7f00000001c0)={0x8b8d, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7})
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000001240)='./file0\x00', 0x0, &(0x7f0000002480)=ANY=[], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g")

987.381223ms ago: executing program 0 (id=3815):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
unlink(0x0)

817.924602ms ago: executing program 0 (id=3816):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x18)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x68}, 0x1, 0x0, 0x0, 0xffffffff}, 0x0)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000100000000000000ff3377a60761cf7b409b11a4e67f00009500000000000000146285b58c8217e4ba6e28adce6bbaf88c4eec6eb089e97eaec4f9269139c7f9d1c8d0f3034c58649a3c1f55473bd3562b803ee91bd8c2b56155b67c675f72d9391768ad2b76d815937cca4c6f7f2b9cb2c34eb3c1b9950db34c837125175159126c76776c024b449fd5dc6c99b239ee150e3fe08c5fbc"], &(0x7f0000000080)='syzkaller\x00', 0x1000, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback=0x38, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x3, 0x10, 0x2}, 0x10, 0xffffffffffffffff, r7, 0x5, 0x0, &(0x7f00000002c0)=[{0x1, 0x5, 0xa, 0x7}, {0x1, 0x2, 0x9}, {0x3, 0x1, 0x3, 0x3}, {0x1, 0x1, 0x2, 0x4}, {0x0, 0x5, 0x10, 0x469f2bbd714703bd}], 0x10, 0x10001, @void, @value}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
syz_io_uring_setup(0x39, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500}, &(0x7f0000000240), &(0x7f0000001880))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setresuid(0x0, 0xee00, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)

677.548392ms ago: executing program 0 (id=3818):
ioperm(0x0, 0x444, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$evdev(0xffffffffffffffff, &(0x7f0000000000), 0x100000008)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$evdev(&(0x7f00000001c0), 0x7f, 0x0)
syz_io_uring_setup(0x728e, &(0x7f00000003c0)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0xe3d08660d3cd4684})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB, @ANYRESOCT, @ANYRES8], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f88)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffd}]})
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fremovexattr(r5, &(0x7f0000002480)=@known='trusted.overlay.upper\x00')
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
msgget$private(0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(0x0, 0xd, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x0)

476.741731ms ago: executing program 5 (id=3823):
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x4800)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x2}]}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x34000811)
splice(r0, 0x0, r1, 0x0, 0x4ffe6, 0x0)

402.530231ms ago: executing program 4 (id=3826):
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x4800)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000b00)=ANY=[@ANYRES8], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x2}]}, 0x10)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x34000811)
splice(r0, 0x0, r1, 0x0, 0x4ffe6, 0x0)

360.603891ms ago: executing program 3 (id=3828):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1)

331.655661ms ago: executing program 3 (id=3829):
socket$inet6(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x800000000003}, 0x100000, 0x5dd8, 0x3, 0x0, 0x0, 0x8, 0xfffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000002100)={0x1, 'wg1\x00', 0x40001}, 0x18)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000580)={0x1, 'dummy0\x00'}, 0x18)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={0x0, &(0x7f00000004c0)=""/2, 0x0, 0x2, 0x1, 0x8, 0x0, @void, @value}, 0x28)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r3}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00'})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
sendto(0xffffffffffffffff, &(0x7f0000000080)="60775515d5935c852766c6d6d6b53b11c9d02609443102784d2a53403f3b3661c8a365cf00958804c03bab50d4bd17fbf469cb74", 0x34, 0x0, 0x0, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'netdevsim0\x00'})

301.51232ms ago: executing program 2 (id=3830):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={0x0, 0xffffffffffffffff, 0x0, 0x7}, 0xffffffffffffff17)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00'}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0aefffffff00"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48)
close(r2)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$inet(r7, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804)

279.69023ms ago: executing program 2 (id=3831):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
socket$kcm(0x10, 0x2, 0x4)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x220c)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0)
r9 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r9, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x5a}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000000)

262.44421ms ago: executing program 2 (id=3832):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x18)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x68}, 0x1, 0x0, 0x0, 0xffffffff}, 0x0)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200)=0xffffffffffffffff, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000100000000000000ff3377a60761cf7b409b11a4e67f00009500000000000000146285b58c8217e4ba6e28adce6bbaf88c4eec6eb089e97eaec4f9269139c7f9d1c8d0f3034c58649a3c1f55473bd3562b803ee91bd8c2b56155b67c675f72d9391768ad2b76d815937cca4c6f7f2b9cb2c34eb3c1b9950db34c837125175159126c76776c024b449fd5dc6c99b239ee150e3fe08c5fbc"], &(0x7f0000000080)='syzkaller\x00', 0x1000, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, @fallback=0x38, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x3, 0x10, 0x2}, 0x10, 0xffffffffffffffff, r7, 0x5, 0x0, &(0x7f00000002c0)=[{0x1, 0x5, 0xa, 0x7}, {0x1, 0x2, 0x9}, {0x3, 0x1, 0x3, 0x3}, {0x1, 0x1, 0x2, 0x4}, {0x0, 0x5, 0x10, 0x469f2bbd714703bd}], 0x10, 0x10001, @void, @value}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
syz_io_uring_setup(0x39, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500}, &(0x7f0000000240), &(0x7f0000001880))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setresuid(0x0, 0xee00, 0x0)
move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

251.97273ms ago: executing program 3 (id=3833):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
syz_emit_ethernet(0xca, &(0x7f0000000380)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000bc0000000000019078ac1e0001ac1414bb0c00907800000000480000000000000000880000ac1e0001ac1414aa0703dd000dee0dd9de36ed4bcc5b4e23440c00030000000000000000890f0000000000ffffffffffffffff444cfe0164010101000000017f00000100000000e000000200000000ac1e0101000000007f000001000000000000000000e61334fe908e28a8903d61000000ac1e000100000000ffffffff00000000ffffffff00000000441400000000000200000000000000ab0000000000"], 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="4401000000080104000000000000000005007a3000000000060002408864000005000300060000000600024004000000090001007300000000000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000004)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x3)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0x1276, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
write$tun(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000a00ffffffffffffaaaaaaaaaaaa08004500002b0064000000069078ac141403ac1e01014e200000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000010907800001c0006"], 0x3d)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x303}, "000000009b993e68", "75df9868592b9fd3ccfffffffffffff7", ')\x00\x000', "00000011000a00"}, 0x28)
r3 = epoll_create1(0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x1000410, &(0x7f0000000040)={[{@barrier_val={'barrier', 0x3d, 0x7}}, {@i_version}]}, 0x4, 0x504, &(0x7f0000019940)="$eJzs3c9vG1kdAPDvOHGTZt1NF/YACNiyLBRU6vzobrRaDnQvILRaCbFCQuLQDYk3imLXUZwsTcghPXJHohIn+BO4cUDqiQM3bnDjUg5IBSJQg8Rh0IyniZvEdWiTeGt/PtJ45r1x/H3PznvP8xznBTC0rkTETkRciIgPI2KyyE+KLW62t+x+j3a3F/Z2txeSSNMP/pHk57O86PiZzEvFY45HxPe/E/Hj5Gjc1ubWyny9Xlsr0lPrjdWp1ubW9eVSkTM7NzM3/faNt2ZPra6vNX7z8NvL7/3gd7/9woM/7nz9p1mxKj+7lJ/rrMdpale9HJWOvNGIeO8sgvXJaPH7w4sna22fiojX8/Y/GSP5qwkADLI0nYx0sjMNAAy67Pq/EkmpWswFVKJUqlbbc3ivxkSp3mytX5tsbtxejHwO63KUSx8t12vTxVzh5SgnWXomPz5Izx5K34iIVyLi52MX83R1oVlf7OcbHwAYYi8dGv//PdYe/wGAATfe7wIAAOfO+A8Aw8f4DwDD5/8Y/307EAAGhOt/ABg+xn8AGD49x/+751MOAOBcfO/997Mt3Sv+//Xix5sb36x8fH2x1lqpNjYWqgvNtdXqUrO5VK9VF9K01+PVm83VmTf3k63NrVuN5sbt9VvLjfml2q1a+YzrAwD09spr9/+cRMTOOxfzLTrWcjBWw2ArPZE6ZqEeYGCN9LsAQN/4Pg8MrxNc45sGgAHX68q/658I3bP4K7yorn7W/D8Mq1K/CwD0zbPN/3/r1MsBnD/z/zC80jSx5j8ADBlz/MCzfP7/wyg+/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAhVcm3pFTN1wLfyW5L1WrEpYi4HOXko+V6bToiXo6IP42Vx7L0TL8LDQA8p9LfkmL9r6uTb1QOn72Q/Gcs30fET375wS/uzK+vr81k+f/cz1+/V+TPXuhHBQCATjePZrXH6WLfcSH/aHd74fF2nkV8+G57cdEs7l6xtc+Mxmi+H49yREz8KynSbdn7lZFTiL9zNyI+c1D/Ox0RKvkcSHvl08Pxs9iXziD+wfOfRJqm6UH80hPxS3nZsn05fy4+fQplgWFz/912P5m1u4u721kTK9pfKa7k++Pb/3jeQz2/x/3f3pH+r7Tf/40ciZ/kbf7KfvrpJXn45u+/eyQznWyfuxvxudHj4if78ZMu/e8bJ6zjXz7/xde7nUt/FXE1jo/f1si72an1xupUa3Pr+nJjfqm2VLs9Ozs3Mzf99o23ZqfyOer27R+Oi/H3d6693C1+Vv+JLvHHe9T/Kyes/6//++GPvvSU+F/78vGv/6tPiZ+NiV89Yfz5iZvHLd+9H3+xS/17vf7XThj/wV+3Fk94VwDgHLQ2t1bm6/XaWo+D7L1mr/s4eDEPYifinIN+YzziE1F3B90O+t0zAWftoNH3uyQAAAAAAAAAAAAAAEA3rc2tlbE4268T9buOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADK7/BQAA//+TAtDE")
r5 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
write$binfmt_register(r5, &(0x7f0000000000)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x7, 0x3a, 'M', 0x3a, 'M', 0x3a, './file2', 0x3a, [0x50, 0x46]}, 0x2b)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
close(r4)
socket$rds(0x15, 0x5, 0x0)
setsockopt$sock_int(r4, 0x1, 0x2e, &(0x7f0000000040)=0x8001, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000080)={0xa002a008})
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000280)={<r7=>0xffffffffffffffff}, 0x2, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r6, &(0x7f0000000340)={0x10, 0x30, 0xfa00, {&(0x7f0000000240), 0x2, {0xa, 0x4e20, 0xfffffe01, @private1={0xfc, 0x1, '\x00', 0x1}, 0x6}, r7}}, 0x38)

242.166601ms ago: executing program 2 (id=3834):
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x5, 0x60004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x1016c5, 0x10000, 0x0, 0x6, 0x10001, 0x0, 0x81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
bpf$LINK_DETACH(0x22, &(0x7f00000001c0)=r1, 0x4)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000000f1ff007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10)
syz_emit_ethernet(0x82, &(0x7f0000000100)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x61, 0x0, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x2f, 0x9, @dev={0xac, 0x14, 0x14, 0x10}, @remote, {[@timestamp_addr={0x44, 0x44, 0x0, 0x1, 0x0, [{@rand_addr=0x86dd}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}}, {@rand_addr, 0x4f}, {@multicast2}, {@loopback}, {@local, 0x4}, {@multicast1}]}]}}}}}}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="090200f5ff001d00000001"], 0x14}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000007"], 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r7}, &(0x7f0000000800), &(0x7f0000000840)=r8}, 0x20)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xbb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r10}, 0x10)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r11}, 0x10)
listen(r9, 0x3)
r12 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r12, &(0x7f0000000140)={'#! ', './file0'}, 0xb)
close(r12)
r13 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002a00)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r13, 0x0, 0x8000000000000000}, 0x18)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)

191.39444ms ago: executing program 2 (id=3835):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0'}, 0xb)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000580)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x200000000200}, 0x18)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f00004f1000/0x1000)=nil, 0x1000, 0xb635773f07ebbeec, 0x30, 0xffffffffffffffff, 0x36bc4000)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r3, &(0x7f00000000c0), 0x0)
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000000))
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
close(r0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)

169.15256ms ago: executing program 2 (id=3836):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200000000000085000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x0, 0x0, &(0x7f0000000680)='syzkaller\x00', 0xb4, 0xd5, &(0x7f00000006c0)=""/213, 0x41000, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000a40)=@o_path={&(0x7f0000000a00)='./file0\x00', 0x0, 0x0, r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x6, 0x20, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x530}, {}, {}, [@generic={0xf, 0x0, 0x7, 0xe, 0x3}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x358}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @alu={0x7, 0x0, 0xffffffffffffffff, 0xa, 0x6, 0xfffffffffffffffe}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8001}, @btf_id={0x18, 0x4, 0x3, 0x0, 0x4}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xffffffff}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x10000, 0x59, &(0x7f0000000580)=""/89, 0x41000, 0xd6f4a8726d2875c7, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x10, 0xfff, @void, @value}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000003c0)=ANY=[], 0xff2e)
syz_open_pts(r6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010003b1500"/18, @ANYRES32=r7, @ANYBLOB="0000000000000000280012800a000100767863616e000000180002801400010000000000", @ANYRES32=r1], 0x48}}, 0x0)

48.06769ms ago: executing program 3 (id=3837):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_emit_ethernet(0x4e, &(0x7f0000000200)={@local, @random="1d41cb7c88e3", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0)

18.35017ms ago: executing program 3 (id=3838):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r1}, 0xf)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07006706000020000000170200000ee60000bf050000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad35010000000000840400000000000014000000000000009500000000000000db13d5d8b741f2cdaabc83df03395287fd51a700ea6553f304000000815dcf00c3eebc52267b042d196bde7c382d21ff79a8583a7482c5994747e19325b1ee980cbd800d845dacbcf5ad8cdbc7abf9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

0s ago: executing program 3 (id=3839):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = dup(r0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=ANY=[@ANYBLOB="16000000000000000400000005000000000000008be4268d27c1e13e55957f7ad607d80876dd182f63cb622cd0be95278aee98bf34fdd40b64ccd8275cdcb3a13fca1889fbd940d434f5413389df9a736f60c291cf3aee49cf495b8864ddac3044e739fbfef75ade034e2ad294720b63596bf61943b75256f2100bf65f66b3ec6282543ff34c744892532a5ca65058b5382f2c44a6f3cb74356623eaede9b02fb61a626aaf2d2585f10403764eff9abba7471cdf48144d791fb1f4b8a98a4047961345f07e5df6d2f3f4461bf8197ab19925fc2588a414cc767ac04029961c5a310cdf2d1878b2b732a88128982e428c8e5d372839728b42b4db7d840b7fad9b4262acce88cc719a02d1ef5af9603f17226975886a140a813f", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = accept4(r2, &(0x7f0000000300)=@caif, &(0x7f0000000380)=0x80, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10)
sendmsg$key(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020900000700000000000000000000000500", @ANYRES32], 0x38}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'veth0_virt_wifi\x00'})
r7 = openat$sysfs(0xffffff9c, &(0x7f0000000200)='/sys/kernel/notes', 0x0, 0x82)
preadv(r7, &(0x7f0000000400)=[{&(0x7f0000000700)=""/4096, 0x1000}], 0x1, 0x2, 0x0)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f00000005c0), r1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10, 0x0, 0x2}, 0x18)
mount_setattr(0xffffffffffffff9c, 0x0, 0x8100, 0x0, 0x0)
pipe2$9p(0x0, 0x80)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f0000000200)={[{@user_xattr}, {@dioread_lock}, {@errors_remount}, {@nogrpid}, {@nodioread_nolock}, {@jqfmt_vfsold}, {@jqfmt_vfsv1}, {@data_err_abort}, {@auto_da_alloc}]}, 0x1, 0x505, &(0x7f0000000b00)="$eJzs3c9vG1kdAPCvJ7+cNN1klz0AArYsCwVVdRJ3N1rtAZYTQmglxB5B6obEjaLYcRQ7SxN6SP8HJCpxgiN/AOeeuHNBcONSDkj8iEBNJQ5GM56kbmI3KUnjrv35SKOZ92Yy3/eSzHv1N7VfAEPrWkTsRcR4RHwSETN5fSHf4sP2ll73eP/e8sH+veVCtFof/7OQnU/rouNrUlfyexYj4kffi/hp4WTcxs7u+lK1WtnKy3PN2uZcY2f35lptabWyWtkolxcXFuffv/Ve+cL6+lZtPD/68qM/7H3r52mzpvOazn5cpHbXx47iRP49/8HLCNYHIxExmv/+5K72sz28mCQi3oiIt7PnfyZGsp8mADDIWq2ZaM10lgGAQZdkObBCUspzAdORJKVSO4f3Zkwl1XqjeeNOfXtjpZ0rm42x5M5atTKf5wpnY6yQlhey46fl8rHyrYh4PSJ+MTGZlUvL9epKP//hAwBD7Mqx+f8/E+35HwAYcMV+NwAAuHTmfwAYPuZ/ABg+5n8AGD7mfwAYPuZ/ABg+5n8AGCo//OijdGsd5J9/vfLpzvZ6/dObK5XGeqm2vVxarm9tllbr9dXsM3tqp92vWq9vLrwb23dnv73ZaM41dnZv1+rbG83b2ed6366MXUqvAIDnef2th38uRMTeB5PZFh1rOZirYbAl/W4A0Dcj/W4A0DdW+4LhdY7X+NIDMCC6LNH7jGJETB6vbLVarZfXJOAlu/6FE/n/o5SgCR4GW0f+3/8ChiEj/w/Dq2f+/8SLfWDQtFqFs675H2e9EAB4tcnxAz3+/v9Gvv9t/seBn6wcv+LB8QrvKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGB4HK7/W8pX7piOJCmVIq5GxGyMFe6sVSvzEfFaRPxpYmwiLS/0uc0AwHklfyvk639dn3ln+vjZ8cKTiWwfET/71ce/vLvUbG79Ma3/11F980FeX+5H+wGA0xzO09m+44X84/17y4fbZbbn79+NiGI7/sH+eBwcxR+N0WxfjLGImPp3IS+3FTpyF+exdz8iPt+t/4WYznIg7ZVPj8dPY1+91PjJM/GT7Fx7n34vPncBbYFh8zAdfz7s9vwlcS3bd3/+i9kIdX75+JfeavkgGwOfxj8c/0Z6jH/Xzhrj3d9/v300efLc/YgvjkYcxj7oGH8O4xd6xH/n5O26+suXvvJ2r3OtX0dcj+7xO2PNNWubc42d3ZtrtaXVymplo1xeXFicf//We+W5LEc913s2+McHN17rdS7t/1SP+MVT+v/1s3U/fvPfT3781efE/+bXusVP4s3nxE/nxG+cMf7S1O+Kvc6l8Vd69P+0n/+NM8Z/9NfdE8uGAwD909jZXV+qVitbn9GD3eSVaIaDyzlIf2X7FP1K/sT0vOY7l9We8Xihr2q1/q9YvUaMi8i6Aa+Co4c+Ip70uzEAAAAAAAAAAAAAAEBXl/GOpX73EQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMH1vwAAAP//E4POvQ==")
sendmsg$DEVLINK_CMD_PORT_SET(r7, &(0x7f0000000840)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000600)={&(0x7f0000001880)=ANY=[@ANYRES8=r10, @ANYRES16=r8, @ANYRESHEX=r8], 0x180}}, 0x885)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000540)={0x1, &(0x7f0000000500)=[{0x449, 0xe, 0x6, 0x8}]}, 0x10)
setsockopt$inet_tcp_int(r4, 0x6, 0x24, &(0x7f0000000640)=0xfffffffa, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='snd_soc_dapm_path\x00', r1, 0x0, 0x9}, 0x18)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r3, &(0x7f00000000c0)="3861a209207311fd83cee6344ef72125a6e59d141c4c6e5de21dde0aac8e5f4288b705e9b19ce8f5ad82c1ed1a5aac437e70ad020b9c6ac084968da53199bc143c98374be7b02178afdd10415bede8d9a49ecf5b2cb21f8fa54768c9af04366e7707ae65c3f12a37ba944a71b98c64af362fcf22ffec9f4dd95207d483c3fba30a1f703489b9cc89d96d4aeb8fb2fd2a349a6f3893dc345e2323a889a4f2f83de03d8c930a1fb44acf7fae6f4e25e3dfbb706ba77636b7b4769b5d4eb54f684930f558548487ff", &(0x7f00000001c0)=""/233, 0x4}, 0x20)

kernel console output (not intermixed with test programs):

face not active
[  124.851767][T11348] random: crng reseeded on system resumption
[  124.860185][T11264] hsr_slave_0: entered promiscuous mode
[  124.911901][T11264] hsr_slave_1: entered promiscuous mode
[  124.918312][T11264] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  124.926590][T11264] Cannot create hsr debugfs directory
[  125.283440][T11408] xt_hashlimit: max too large, truncated to 1048576
[  125.334635][T11264] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  125.350613][T11264] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  125.367159][T11264] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  125.381144][T11264] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  125.423447][   T29] kauditd_printk_skb: 929 callbacks suppressed
[  125.423537][   T29] audit: type=1326 audit(1736307708.734:26944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11401 comm="syz.1.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdcff75cce7 code=0x7ffc0000
[  125.448089][T11264] 8021q: adding VLAN 0 to HW filter on device bond0
[  125.461050][   T29] audit: type=1326 audit(1736307708.774:26945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11401 comm="syz.1.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdcff701f29 code=0x7ffc0000
[  125.484340][T11264] 8021q: adding VLAN 0 to HW filter on device team0
[  125.484652][   T29] audit: type=1326 audit(1736307708.774:26946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11401 comm="syz.1.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdcff75cce7 code=0x7ffc0000
[  125.514720][   T29] audit: type=1326 audit(1736307708.774:26947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11401 comm="syz.1.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdcff701f29 code=0x7ffc0000
[  125.538465][   T29] audit: type=1326 audit(1736307708.774:26948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11401 comm="syz.1.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcff765d29 code=0x7ffc0000
[  125.555882][T11264] 8021q: adding VLAN 0 to HW filter on device batadv0
[  125.570787][T11435] syz.2.2980[11435] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  125.570967][T11435] syz.2.2980[11435] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  125.578656][   T29] audit: type=1326 audit(1736307708.884:26949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11401 comm="syz.1.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdcff75cce7 code=0x7ffc0000
[  125.588826][T11098] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.593843][   T29] audit: type=1326 audit(1736307708.884:26950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11401 comm="syz.1.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdcff701f29 code=0x7ffc0000
[  125.617234][T11098] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.618365][T11435] syz.2.2980[11435] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  125.624425][   T29] audit: type=1326 audit(1736307708.884:26951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11401 comm="syz.1.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcff765d29 code=0x7ffc0000
[  125.655516][T11098] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.666936][   T29] audit: type=1326 audit(1736307708.894:26952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11401 comm="syz.1.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdcff75cce7 code=0x7ffc0000
[  125.690026][T11098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.727915][   T29] audit: type=1326 audit(1736307708.894:26953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11401 comm="syz.1.2974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdcff701f29 code=0x7ffc0000
[  125.835431][T11264] veth0_vlan: entered promiscuous mode
[  125.843165][T11264] veth1_vlan: entered promiscuous mode
[  125.873358][T11264] veth0_macvtap: entered promiscuous mode
[  125.882244][T11264] veth1_macvtap: entered promiscuous mode
[  125.891576][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.902118][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.911956][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  125.922546][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.933253][T11264] batman_adv: batadv0: Interface activated: batadv_slave_0
[  125.941665][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.952504][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.962403][T11264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  125.972994][T11264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.983398][T11264] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.991730][T11264] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.000864][T11264] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.009748][T11264] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.018535][T11264] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  126.053018][T11469] loop2: detected capacity change from 0 to 512
[  126.101368][T11486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  126.110121][T11486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  126.121349][T11485] .: renamed from bond0 (while UP)
[  126.157556][T11469] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.171799][T11469] ext4 filesystem being mounted at /27/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  126.185830][T11485] hub 9-0:1.0: USB hub found
[  126.234302][T11485] hub 9-0:1.0: 8 ports detected
[  126.312520][T10761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.466121][ T3390] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.519286][T11501] chnl_net:caif_netlink_parms(): no params data found
[  126.539209][ T3390] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.636355][T11501] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.643513][T11501] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.680651][T11501] bridge_slave_0: entered allmulticast mode
[  126.688521][T11501] bridge_slave_0: entered promiscuous mode
[  126.698336][ T3390] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.698868][T11563] syz.3.3001[11563] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  126.710185][T11501] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.727721][T11563] syz.3.3001[11563] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  126.728870][T11563] syz.3.3001[11563] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  126.728972][T11501] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.772794][T11501] bridge_slave_1: entered allmulticast mode
[  126.780661][T11501] bridge_slave_1: entered promiscuous mode
[  126.790115][ T3390] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.794791][T11554] loop2: detected capacity change from 0 to 8192
[  126.920029][T11501] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.930588][T11501] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.958902][T11574] FAULT_INJECTION: forcing a failure.
[  126.958902][T11574] name failslab, interval 1, probability 0, space 0, times 0
[  126.971582][T11574] CPU: 1 UID: 0 PID: 11574 Comm: syz.4.3005 Not tainted 6.13.0-rc6-syzkaller-00038-g09a0fa92e5b4 #0
[  126.982427][T11574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  126.992578][T11574] Call Trace:
[  126.995938][T11574]  <TASK>
[  126.998953][T11574]  dump_stack_lvl+0xf2/0x150
[  127.003595][T11574]  dump_stack+0x15/0x1a
[  127.007872][T11574]  should_fail_ex+0x223/0x230
[  127.012559][T11574]  should_failslab+0x8f/0xb0
[  127.017189][T11574]  __kmalloc_node_noprof+0xad/0x410
[  127.022472][T11574]  ? __kvmalloc_node_noprof+0x72/0x170
[  127.027974][T11574]  __kvmalloc_node_noprof+0x72/0x170
[  127.033301][T11574]  io_sqe_buffers_register+0xc6/0x4e0
[  127.038689][T11574]  ? __rcu_read_unlock+0x4e/0x70
[  127.043782][T11574]  ? __fget_files+0x17c/0x1c0
[  127.048495][T11574]  __se_sys_io_uring_register+0xa6b/0x2200
[  127.054324][T11574]  ? get_pid_task+0x8e/0xc0
[  127.058835][T11574]  ? proc_fail_nth_write+0x12a/0x150
[  127.064184][T11574]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  127.069832][T11574]  ? vfs_write+0x596/0x920
[  127.074299][T11574]  ? putname+0xcf/0xf0
[  127.078374][T11574]  ? __fget_files+0x17c/0x1c0
[  127.083086][T11574]  ? fput+0x1c4/0x200
[  127.087130][T11574]  ? ksys_write+0x176/0x1b0
[  127.091651][T11574]  __x64_sys_io_uring_register+0x55/0x70
[  127.097338][T11574]  x64_sys_call+0x2c52/0x2dc0
[  127.102090][T11574]  do_syscall_64+0xc9/0x1c0
[  127.106599][T11574]  ? clear_bhb_loop+0x55/0xb0
[  127.111365][T11574]  ? clear_bhb_loop+0x55/0xb0
[  127.116050][T11574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.122057][T11574] RIP: 0033:0x7f673aaa5d29
[  127.126477][T11574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.146191][T11574] RSP: 002b:00007f6739117038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  127.154669][T11574] RAX: ffffffffffffffda RBX: 00007f673ac95fa0 RCX: 00007f673aaa5d29
[  127.162633][T11574] RDX: 0000000020010300 RSI: 0000000000000000 RDI: 0000000000000003
[  127.170593][T11574] RBP: 00007f6739117090 R08: 0000000000000000 R09: 0000000000000000
[  127.178609][T11574] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  127.186562][T11574] R13: 0000000000000000 R14: 00007f673ac95fa0 R15: 00007ffc7021fcc8
[  127.194859][T11574]  </TASK>
[  127.203679][T11501] team0: Port device team_slave_0 added
[  127.213297][T11599] loop2: detected capacity change from 0 to 512
[  127.220329][T11599] EXT4-fs: Ignoring removed oldalloc option
[  127.228531][T11599] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  127.250069][T11599] EXT4-fs (loop2): 1 truncate cleaned up
[  127.274833][T11599] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  127.306114][ T3390] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  127.318846][ T3390] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  127.328856][ T3390] bond0 (unregistering): Released all slaves
[  127.337981][T11501] team0: Port device team_slave_1 added
[  127.391016][ T3390] tipc: Left network mode
[  127.391655][T11501] batman_adv: batadv0: Adding interface: batadv_slave_0
[  127.402503][T11501] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.428554][T11501] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  127.443237][T11501] batman_adv: batadv0: Adding interface: batadv_slave_1
[  127.450311][T11501] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.476215][T11501] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  127.487649][ T3390] IPVS: stopping master sync thread 10591 ...
[  127.578984][T11501] hsr_slave_0: entered promiscuous mode
[  127.607163][T11501] hsr_slave_1: entered promiscuous mode
[  127.609751][T11634] syz.0.3012[11634] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  127.626264][T11501] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  127.685191][T11501] Cannot create hsr debugfs directory
[  127.695197][ T3390] hsr_slave_0: left promiscuous mode
[  127.700858][ T3390] hsr_slave_1: left promiscuous mode
[  127.718959][ T3390] veth1_macvtap: left promiscuous mode
[  127.724582][ T3390] veth0_macvtap: left promiscuous mode
[  127.792932][ T3390] team0 (unregistering): Port device team_slave_1 removed
[  127.802430][ T3390] team0 (unregistering): Port device team_slave_0 removed
[  127.858188][T11659] loop4: detected capacity change from 0 to 512
[  127.892109][T11659] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  127.902144][T11662] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  127.908685][T11662] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  127.916286][T11662] vhci_hcd vhci_hcd.0: Device attached
[  127.930434][T11659] EXT4-fs (loop4): too many log groups per flexible block group
[  127.932181][T11663] usbip_core: unknown command
[  127.938197][T11659] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  127.942844][T11663] vhci_hcd: unknown pdu 0
[  127.954124][T11663] usbip_core: unknown command
[  127.964308][T11659] EXT4-fs (loop4): mount failed
[  127.974297][   T40] vhci_hcd: stop threads
[  127.978586][   T40] vhci_hcd: release socket
[  127.983005][   T40] vhci_hcd: disconnect device
[  128.002384][T10761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.064027][T11658] loop0: detected capacity change from 0 to 8192
[  128.188841][T11690] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  128.198738][T11689] IPVS: stopping master sync thread 11690 ...
[  128.209056][T11692] loop0: detected capacity change from 0 to 512
[  128.250449][T11692] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  128.277383][T11692] ext4 filesystem being mounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  128.310396][T11501] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  128.321439][T11501] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  128.330126][T11264] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.330631][T11501] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  128.371060][T11501] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  128.387591][T11709] random: crng reseeded on system resumption
[  128.430141][T11501] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.440530][T11501] 8021q: adding VLAN 0 to HW filter on device team0
[  128.457564][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.464699][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.481079][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.488261][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.568195][T11731] loop2: detected capacity change from 0 to 512
[  128.573699][T11501] 8021q: adding VLAN 0 to HW filter on device batadv0
[  128.589526][T11733] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  128.600032][T11729] IPVS: stopping master sync thread 11733 ...
[  128.617875][T11709] loop0: detected capacity change from 0 to 512
[  128.639597][T11731] EXT4-fs (loop2): orphan cleanup on readonly fs
[  128.649818][T11731] EXT4-fs warning (device loop2): ext4_enable_quotas:7156: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  128.721399][T11751] IPVS: stopping master sync thread 11755 ...
[  128.724262][T11755] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  128.744245][T11731] EXT4-fs (loop2): Cannot turn on quotas: error -22
[  128.746509][T11709] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  128.761539][T11731] EXT4-fs error (device loop2): ext4_ext_check_inode:524: inode #13: comm syz.2.3039: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  128.763694][T11709] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  128.802601][T11501] veth0_vlan: entered promiscuous mode
[  128.810624][T11501] veth1_vlan: entered promiscuous mode
[  128.822105][T11501] veth0_macvtap: entered promiscuous mode
[  128.829292][T11501] veth1_macvtap: entered promiscuous mode
[  128.839364][T11501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.849838][T11501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.859732][T11501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.870199][T11501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.880055][T11501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.890566][T11501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.894919][T11731] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.3039: couldn't read orphan inode 13 (err -117)
[  128.901572][T11501] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.940495][T11501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.942850][T11731] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  128.951032][T11501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.973426][T11501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.983894][T11501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.993816][T11501] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  129.004353][T11501] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  129.015600][T11501] batman_adv: batadv0: Interface activated: batadv_slave_1
[  129.023808][T11501] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  129.032606][T11501] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  129.041453][T11501] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  129.050268][T11501] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.096488][T11786] 9pnet_fd: Insufficient options for proto=fd
[  129.141906][T11791] __nla_validate_parse: 31 callbacks suppressed
[  129.141920][T11791] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3047'.
[  129.161228][T10761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.195719][T11791] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3047'.
[  129.237238][T11805] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3051'.
[  129.239730][T11264] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.260693][T11806] bpf_get_probe_write_proto: 2 callbacks suppressed
[  129.260707][T11806] syz.3.3047[11806] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  129.267345][T11805] bridge_slave_1: left allmulticast mode
[  129.267367][T11805] bridge_slave_1: left promiscuous mode
[  129.267465][T11805] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.299503][T11806] syz.3.3047[11806] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  129.299562][T11806] syz.3.3047[11806] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  129.325758][T11805] bridge_slave_0: left allmulticast mode
[  129.342842][T11805] bridge_slave_0: left promiscuous mode
[  129.348754][T11805] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.437415][T11825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  129.445982][T11825] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  129.459967][T11823] bond0: entered promiscuous mode
[  129.465606][T11823] bond0: entered allmulticast mode
[  129.477397][T11823] 8021q: adding VLAN 0 to HW filter on device bond0
[  129.493336][T11823] bond0 (unregistering): Released all slaves
[  129.606446][T11835] FAULT_INJECTION: forcing a failure.
[  129.606446][T11835] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  129.619565][T11835] CPU: 0 UID: 0 PID: 11835 Comm: syz.0.3059 Not tainted 6.13.0-rc6-syzkaller-00038-g09a0fa92e5b4 #0
[  129.630327][T11835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  129.640406][T11835] Call Trace:
[  129.643754][T11835]  <TASK>
[  129.646713][T11835]  dump_stack_lvl+0xf2/0x150
[  129.651326][T11835]  dump_stack+0x15/0x1a
[  129.655496][T11835]  should_fail_ex+0x223/0x230
[  129.660258][T11835]  should_fail+0xb/0x10
[  129.664478][T11835]  should_fail_usercopy+0x1a/0x20
[  129.669597][T11835]  _copy_to_user+0x20/0xa0
[  129.674013][T11835]  simple_read_from_buffer+0xa0/0x110
[  129.679400][T11835]  proc_fail_nth_read+0xf9/0x140
[  129.684408][T11835]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  129.690039][T11835]  vfs_read+0x1a2/0x700
[  129.694222][T11835]  ? sock_common_setsockopt+0x64/0x80
[  129.699697][T11835]  ksys_read+0xe8/0x1b0
[  129.703855][T11835]  __x64_sys_read+0x42/0x50
[  129.708437][T11835]  x64_sys_call+0x2874/0x2dc0
[  129.713162][T11835]  do_syscall_64+0xc9/0x1c0
[  129.717666][T11835]  ? clear_bhb_loop+0x55/0xb0
[  129.722492][T11835]  ? clear_bhb_loop+0x55/0xb0
[  129.727250][T11835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.733165][T11835] RIP: 0033:0x7fd783b1473c
[  129.737628][T11835] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  129.757322][T11835] RSP: 002b:00007fd782187030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  129.765745][T11835] RAX: ffffffffffffffda RBX: 00007fd783d05fa0 RCX: 00007fd783b1473c
[  129.773730][T11835] RDX: 000000000000000f RSI: 00007fd7821870a0 RDI: 0000000000000004
[  129.781759][T11835] RBP: 00007fd782187090 R08: 0000000000000000 R09: 0000000000000000
[  129.789734][T11835] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001
[  129.797821][T11835] R13: 0000000000000000 R14: 00007fd783d05fa0 R15: 00007ffc4e85cd28
[  129.805816][T11835]  </TASK>
[  129.820450][T11837] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125
[  129.876712][T11843] loop4: detected capacity change from 0 to 512
[  129.888815][T11843] EXT4-fs (loop4): orphan cleanup on readonly fs
[  129.902358][T11843] EXT4-fs warning (device loop4): ext4_enable_quotas:7156: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
[  129.917708][T11843] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  129.925548][T11843] EXT4-fs error (device loop4): ext4_ext_check_inode:524: inode #13: comm syz.4.3063: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  129.943805][T11843] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.3063: couldn't read orphan inode 13 (err -117)
[  129.957391][T11843] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  129.978990][T11851] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3066'.
[  130.004154][T11851] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  130.011734][T11851] batman_adv: batadv0: Removing interface: batadv_slave_0
[  130.034093][T11020] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.050278][T11851] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  130.058324][T11851] batman_adv: batadv0: Removing interface: batadv_slave_1
[  130.066898][T11858] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3070'.
[  130.075936][T11858] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3070'.
[  130.086007][T11858] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3070'.
[  130.091054][T11860] 9pnet_fd: Insufficient options for proto=fd
[  130.109312][T11858] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3070'.
[  130.118426][T11858] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3070'.
[  130.136771][T11858] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3070'.
[  130.136990][T11862] syz.3.3070[11862] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  130.146637][T11862] syz.3.3070[11862] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  130.169947][T11862] syz.3.3070[11862] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  130.261478][T11878] syz.3.3077[11878] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  130.276592][T11878] syz.3.3077[11878] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  130.288405][T11878] syz.3.3077[11878] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  130.332135][T11886] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  130.352389][T11886] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  130.361146][T11886] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  130.369993][T11886] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  130.381366][T11886] vxlan0: entered promiscuous mode
[  130.406259][T11889] loop4: detected capacity change from 0 to 1024
[  130.416423][T11889] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended
[  130.425873][T11889] EXT4-fs warning (device loop4): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  130.441669][T11889] EXT4-fs (loop4): mount failed
[  130.828282][   T29] kauditd_printk_skb: 1000 callbacks suppressed
[  130.828296][   T29] audit: type=1326 audit(1736307714.139:27954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11894 comm="syz.0.3083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  130.866414][   T29] audit: type=1326 audit(1736307714.149:27955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11888 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  130.890096][   T29] audit: type=1326 audit(1736307714.149:27956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11888 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  130.914103][   T29] audit: type=1326 audit(1736307714.149:27957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11888 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  130.919062][T11895] loop0: detected capacity change from 0 to 512
[  130.937847][   T29] audit: type=1326 audit(1736307714.149:27958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11888 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  130.967635][   T29] audit: type=1326 audit(1736307714.149:27959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11888 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  130.977317][T11889] SELinux:  Context system_u:object_r:hald_log_t:s0 is not valid (left unmapped).
[  130.991352][   T29] audit: type=1326 audit(1736307714.149:27960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11888 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  131.024306][   T29] audit: type=1326 audit(1736307714.179:27961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11888 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  131.043018][T11895] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  131.047966][   T29] audit: type=1326 audit(1736307714.179:27962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11888 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  131.062361][T11895] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  131.083999][   T29] audit: type=1326 audit(1736307714.179:27963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11894 comm="syz.0.3083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  131.165444][T11264] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.229696][T11907] loop0: detected capacity change from 0 to 512
[  131.259294][T11914] pim6reg: entered allmulticast mode
[  131.268253][T11914] pim6reg: left allmulticast mode
[  131.306153][T11907] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  131.318826][T11907] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  131.345456][T11264] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.476097][T11958] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  131.482652][T11958] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  131.490095][T11958] vhci_hcd vhci_hcd.0: Device attached
[  131.506218][T11959] usbip_core: unknown command
[  131.510937][T11959] vhci_hcd: unknown pdu 0
[  131.515317][T11959] usbip_core: unknown command
[  131.520676][T11927] vhci_hcd: stop threads
[  131.524955][T11927] vhci_hcd: release socket
[  131.529369][T11927] vhci_hcd: disconnect device
[  131.645985][T11956] loop2: detected capacity change from 0 to 8192
[  131.650170][T11967] loop0: detected capacity change from 0 to 512
[  131.680845][T11967] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  131.693575][T11967] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  131.715021][T11264] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.749549][T11971] 9pnet_fd: Insufficient options for proto=fd
[  131.783687][T11975] pim6reg: entered allmulticast mode
[  131.795371][T11975] pim6reg: left allmulticast mode
[  131.895245][T11985] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  131.901771][T11985] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  131.909306][T11985] vhci_hcd vhci_hcd.0: Device attached
[  131.917671][T11986] usbip_core: unknown command
[  131.922384][T11986] vhci_hcd: unknown pdu 0
[  131.926769][T11986] usbip_core: unknown command
[  131.931705][T11920] vhci_hcd: stop threads
[  131.935976][T11920] vhci_hcd: release socket
[  131.940387][T11920] vhci_hcd: disconnect device
[  132.019140][T11994] 9pnet_fd: Insufficient options for proto=fd
[  132.159364][T11988] loop2: detected capacity change from 0 to 8192
[  132.207697][T12009] pim6reg: entered allmulticast mode
[  132.230888][T12009] pim6reg: left allmulticast mode
[  132.276264][T12013] 9pnet_fd: Insufficient options for proto=fd
[  132.298957][T12016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  132.313635][T12016] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  132.424347][T12000] loop4: detected capacity change from 0 to 8192
[  132.483319][T12031] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  132.498496][T12031] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  132.677147][T12048] pim6reg: entered allmulticast mode
[  132.683993][T12048] pim6reg: left allmulticast mode
[  132.708046][T12050] syz.4.3140[12050] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  132.826080][T12062] 9pnet_fd: Insufficient options for proto=fd
[  133.280051][T12093] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  133.280136][T12092] IPVS: stopping master sync thread 12093 ...
[  133.291471][T12090] 9pnet_fd: Insufficient options for proto=fd
[  133.417159][T12103] pim6reg: entered allmulticast mode
[  133.438492][T12103] pim6reg: left allmulticast mode
[  133.472444][T12094] loop1: detected capacity change from 0 to 8192
[  133.503565][T12109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.516886][T12109] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.615930][T12117] random: crng reseeded on system resumption
[  133.663899][T12120] 9pnet_fd: Insufficient options for proto=fd
[  133.685078][T12123] IPVS: stopping master sync thread 12127 ...
[  133.692080][T12127] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  133.782724][T12125] loop3: detected capacity change from 0 to 512
[  133.796939][T12125] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  133.798642][T12117] loop4: detected capacity change from 0 to 512
[  133.809756][T12125] ext4 filesystem being mounted at /576/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  133.854364][T12117] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  133.867289][T12117] ext4 filesystem being mounted at /57/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  133.868550][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.892107][T12142] netlink: 'syz.0.3175': attribute type 3 has an invalid length.
[  133.987024][T12161] loop1: detected capacity change from 0 to 128
[  134.008501][T12165] loop3: detected capacity change from 0 to 512
[  134.010910][T12161] FAT-fs (loop1): bogus number of reserved sectors
[  134.021385][T12161] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  134.030769][T12161] FAT-fs (loop1): Can't find a valid FAT filesystem
[  134.047681][T12165] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.068360][T12165] ext4 filesystem being mounted at /579/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  134.087097][T12179] loop0: detected capacity change from 0 to 512
[  134.107743][T12179] ext4: Unknown parameter 'pim6reg'
[  134.134469][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.158420][T12205] 9pnet_fd: Insufficient options for proto=fd
[  134.211743][T12217] netlink: 'syz.1.3190': attribute type 3 has an invalid length.
[  134.219695][T12217] __nla_validate_parse: 21 callbacks suppressed
[  134.219708][T12217] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3190'.
[  134.235055][T12217] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3190'.
[  134.326214][T12238] loop3: detected capacity change from 0 to 512
[  134.346927][T12238] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.369455][T12238] ext4 filesystem being mounted at /583/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  134.392281][ T3306] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.477923][T11020] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.485760][T12265] FAULT_INJECTION: forcing a failure.
[  134.485760][T12265] name failslab, interval 1, probability 0, space 0, times 0
[  134.499606][T12265] CPU: 0 UID: 0 PID: 12265 Comm: syz.2.3204 Not tainted 6.13.0-rc6-syzkaller-00038-g09a0fa92e5b4 #0
[  134.510386][T12265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  134.520478][T12265] Call Trace:
[  134.523778][T12265]  <TASK>
[  134.526717][T12265]  dump_stack_lvl+0xf2/0x150
[  134.531385][T12265]  dump_stack+0x15/0x1a
[  134.535590][T12265]  should_fail_ex+0x223/0x230
[  134.540330][T12265]  should_failslab+0x8f/0xb0
[  134.544926][T12265]  kmem_cache_alloc_node_noprof+0x59/0x320
[  134.550739][T12265]  ? __alloc_skb+0x10b/0x310
[  134.555324][T12265]  __alloc_skb+0x10b/0x310
[  134.559743][T12265]  netlink_alloc_large_skb+0xad/0xe0
[  134.565032][T12265]  netlink_sendmsg+0x3b4/0x6e0
[  134.569879][T12265]  ? __pfx_netlink_sendmsg+0x10/0x10
[  134.575172][T12265]  __sock_sendmsg+0x140/0x180
[  134.579875][T12265]  ____sys_sendmsg+0x312/0x410
[  134.584647][T12265]  __sys_sendmsg+0x19d/0x230
[  134.589310][T12265]  __x64_sys_sendmsg+0x46/0x50
[  134.594129][T12265]  x64_sys_call+0x2734/0x2dc0
[  134.598799][T12265]  do_syscall_64+0xc9/0x1c0
[  134.603311][T12265]  ? clear_bhb_loop+0x55/0xb0
[  134.608045][T12265]  ? clear_bhb_loop+0x55/0xb0
[  134.612775][T12265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.618677][T12265] RIP: 0033:0x7f45ba965d29
[  134.623119][T12265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  134.642719][T12265] RSP: 002b:00007f45b8fd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  134.651178][T12265] RAX: ffffffffffffffda RBX: 00007f45bab55fa0 RCX: 00007f45ba965d29
[  134.659218][T12265] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[  134.667210][T12265] RBP: 00007f45b8fd7090 R08: 0000000000000000 R09: 0000000000000000
[  134.675222][T12265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.683268][T12265] R13: 0000000000000000 R14: 00007f45bab55fa0 R15: 00007ffc0b74b068
[  134.691242][T12265]  </TASK>
[  134.754543][T12276] IPVS: stopping master sync thread 12285 ...
[  134.757357][T12285] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  134.820184][T12292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3210'.
[  134.850811][T12295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3209'.
[  134.862337][T12292] hsr_slave_1 (unregistering): left promiscuous mode
[  134.889671][T12295] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  134.897405][T12295] batman_adv: batadv0: Removing interface: batadv_slave_0
[  134.912878][T12295] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  134.920393][T12295] batman_adv: batadv0: Removing interface: batadv_slave_1
[  134.939400][T12305] loop2: detected capacity change from 0 to 512
[  134.975895][T12305] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.989754][T12305] ext4 filesystem being mounted at /69/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  135.011019][T10761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.090814][T12333] random: crng reseeded on system resumption
[  135.248425][T12326] loop3: detected capacity change from 0 to 8192
[  135.294113][T12333] loop2: detected capacity change from 0 to 512
[  135.321052][T12333] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  135.347506][T12333] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  135.407179][T10761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.431934][T12358] FAULT_INJECTION: forcing a failure.
[  135.431934][T12358] name failslab, interval 1, probability 0, space 0, times 0
[  135.432743][T12355] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3221'.
[  135.444613][T12358] CPU: 1 UID: 0 PID: 12358 Comm: syz.3.3223 Not tainted 6.13.0-rc6-syzkaller-00038-g09a0fa92e5b4 #0
[  135.464200][T12358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  135.474328][T12358] Call Trace:
[  135.477686][T12358]  <TASK>
[  135.480612][T12358]  dump_stack_lvl+0xf2/0x150
[  135.485216][T12358]  dump_stack+0x15/0x1a
[  135.489377][T12358]  should_fail_ex+0x223/0x230
[  135.494053][T12358]  should_failslab+0x8f/0xb0
[  135.498655][T12358]  kmem_cache_alloc_node_noprof+0x59/0x320
[  135.504524][T12358]  ? __alloc_skb+0x10b/0x310
[  135.509125][T12358]  __alloc_skb+0x10b/0x310
[  135.513543][T12358]  netlink_alloc_large_skb+0xad/0xe0
[  135.518918][T12358]  netlink_sendmsg+0x3b4/0x6e0
[  135.523707][T12358]  ? __pfx_netlink_sendmsg+0x10/0x10
[  135.529192][T12358]  __sock_sendmsg+0x140/0x180
[  135.533903][T12358]  ____sys_sendmsg+0x312/0x410
[  135.538742][T12358]  __sys_sendmsg+0x19d/0x230
[  135.543419][T12358]  __x64_sys_sendmsg+0x46/0x50
[  135.548191][T12358]  x64_sys_call+0x2734/0x2dc0
[  135.552943][T12358]  do_syscall_64+0xc9/0x1c0
[  135.557484][T12358]  ? clear_bhb_loop+0x55/0xb0
[  135.562176][T12358]  ? clear_bhb_loop+0x55/0xb0
[  135.566967][T12358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.572919][T12358] RIP: 0033:0x7f0f9f545d29
[  135.577432][T12358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.597045][T12358] RSP: 002b:00007f0f9dbb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  135.605459][T12358] RAX: ffffffffffffffda RBX: 00007f0f9f735fa0 RCX: 00007f0f9f545d29
[  135.613472][T12358] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[  135.621478][T12358] RBP: 00007f0f9dbb1090 R08: 0000000000000000 R09: 0000000000000000
[  135.629482][T12358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.637537][T12358] R13: 0000000000000000 R14: 00007f0f9f735fa0 R15: 00007ffc8ec8d4c8
[  135.645558][T12358]  </TASK>
[  135.714647][T12366] loop1: detected capacity change from 0 to 512
[  135.779050][T12381] pim6reg: entered allmulticast mode
[  135.784808][T12366] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  135.797713][T12366] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  135.801045][T12381] pim6reg: left allmulticast mode
[  135.824377][T11501] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.835541][   T29] kauditd_printk_skb: 1528 callbacks suppressed
[  135.835554][   T29] audit: type=1326 audit(1736307719.151:29492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12379 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  135.845926][T12392] netlink: 4 bytes leftover after parsing attributes in process `+}[@'.
[  135.864887][   T29] audit: type=1326 audit(1736307719.151:29493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12379 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd783b15d63 code=0x7ffc0000
[  135.896260][   T29] audit: type=1326 audit(1736307719.151:29494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12379 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd783b15d63 code=0x7ffc0000
[  135.919177][   T29] audit: type=1326 audit(1736307719.151:29495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12379 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  135.942448][   T29] audit: type=1326 audit(1736307719.151:29496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12379 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  135.965748][   T29] audit: type=1326 audit(1736307719.221:29497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12379 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  135.988692][   T29] audit: type=1326 audit(1736307719.221:29498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12379 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  136.011800][   T29] audit: type=1326 audit(1736307719.221:29499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12379 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  136.035426][   T29] audit: type=1326 audit(1736307719.221:29500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12380 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  136.059185][   T29] audit: type=1326 audit(1736307719.221:29501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12380 comm="syz.4.3229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  136.125493][T12407] netlink: 'syz.3.3234': attribute type 3 has an invalid length.
[  136.133384][T12407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3234'.
[  136.139245][T12409] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3235'.
[  136.288096][T12432] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  136.294638][T12432] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  136.302097][T12432] vhci_hcd vhci_hcd.0: Device attached
[  136.312827][T12433] usbip_core: unknown command
[  136.317612][T12433] vhci_hcd: unknown pdu 0
[  136.321951][T12433] usbip_core: unknown command
[  136.327361][T11921] vhci_hcd: stop threads
[  136.331615][T11921] vhci_hcd: release socket
[  136.336070][T11921] vhci_hcd: disconnect device
[  136.415087][T12446] pim6reg: entered allmulticast mode
[  136.422017][T12446] pim6reg: left allmulticast mode
[  136.499702][T12457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3247'.
[  136.552501][T12460] netlink: 'syz.2.3248': attribute type 3 has an invalid length.
[  136.560289][T12460] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3248'.
[  136.625410][T12466] loop2: detected capacity change from 0 to 1024
[  136.641982][T12466] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  136.658746][T12466] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  136.686505][T12466] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  136.702692][T12466] EXT4-fs (loop2): orphan cleanup on readonly fs
[  136.709802][T12466] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5837: Corrupt filesystem
[  136.719453][T12466] EXT4-fs (loop2): Remounting filesystem read-only
[  136.726665][T12466] EXT4-fs (loop2): 1 orphan inode deleted
[  136.732902][T12466] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  136.745765][T12466] SELinux: (dev loop2, type ext4) getxattr errno 5
[  136.752793][T12466] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.807572][T12480] 9pnet_fd: Insufficient options for proto=fd
[  136.908411][T12491] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  137.078708][T12520] 9pnet_fd: Insufficient options for proto=fd
[  137.091719][T12524] loop4: detected capacity change from 0 to 128
[  137.106068][T12524] FAT-fs (loop4): bogus number of reserved sectors
[  137.112749][T12524] FAT-fs (loop4): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  137.122103][T12524] FAT-fs (loop4): Can't find a valid FAT filesystem
[  137.211464][T12567] bpf_get_probe_write_proto: 2 callbacks suppressed
[  137.211479][T12567] syz.3.3273[12567] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  137.230756][T12567] syz.3.3273[12567] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  137.264245][T12567] syz.3.3273[12567] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  137.410453][T12595] loop0: detected capacity change from 0 to 512
[  137.461663][T12595] EXT4-fs (loop0): filesystem is read-only
[  137.568779][T12601] pim6reg: entered allmulticast mode
[  137.591578][T12595] EXT4-fs (loop0): filesystem is read-only
[  137.597483][T12595] EXT4-fs (loop0): orphan cleanup on readonly fs
[  137.611084][T12601] pim6reg: left allmulticast mode
[  137.619451][T12595] EXT4-fs error (device loop0): ext4_orphan_get:1415: comm syz.0.3279: bad orphan inode 16
[  137.649396][T12595] ext4_test_bit(bit=15, block=3) = 0
[  137.669735][T12595] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  137.682533][T12517] loop2: detected capacity change from 0 to 8192
[  137.762696][T11264] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.920295][T12627] FAULT_INJECTION: forcing a failure.
[  137.920295][T12627] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  137.933475][T12627] CPU: 0 UID: 0 PID: 12627 Comm: syz.4.3285 Not tainted 6.13.0-rc6-syzkaller-00038-g09a0fa92e5b4 #0
[  137.944235][T12627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  137.954368][T12627] Call Trace:
[  137.957677][T12627]  <TASK>
[  137.960611][T12627]  dump_stack_lvl+0xf2/0x150
[  137.965263][T12627]  dump_stack+0x15/0x1a
[  137.969422][T12627]  should_fail_ex+0x223/0x230
[  137.974177][T12627]  should_fail+0xb/0x10
[  137.978386][T12627]  should_fail_usercopy+0x1a/0x20
[  137.983474][T12627]  strncpy_from_user+0x25/0x210
[  137.988368][T12627]  ? kmem_cache_alloc_noprof+0x18e/0x320
[  137.994012][T12627]  ? getname_flags+0x81/0x3b0
[  137.998690][T12627]  getname_flags+0xb0/0x3b0
[  138.003286][T12627]  getname+0x17/0x20
[  138.007174][T12627]  do_sys_openat2+0x67/0x120
[  138.011770][T12627]  __x64_sys_openat+0xf3/0x120
[  138.016538][T12627]  x64_sys_call+0x2b30/0x2dc0
[  138.021223][T12627]  do_syscall_64+0xc9/0x1c0
[  138.025775][T12627]  ? clear_bhb_loop+0x55/0xb0
[  138.030473][T12627]  ? clear_bhb_loop+0x55/0xb0
[  138.035296][T12627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.041226][T12627] RIP: 0033:0x7f673aaa4690
[  138.045660][T12627] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  138.065357][T12627] RSP: 002b:00007f6739116b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  138.073805][T12627] RAX: ffffffffffffffda RBX: 0000000000101301 RCX: 00007f673aaa4690
[  138.081837][T12627] RDX: 0000000000101301 RSI: 00007f6739116c10 RDI: 00000000ffffff9c
[  138.089884][T12627] RBP: 00007f6739116c10 R08: 0000000000000000 R09: 0000000000000000
[  138.097877][T12627] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  138.105891][T12627] R13: 0000000000000000 R14: 00007f673ac95fa0 R15: 00007ffc7021fcc8
[  138.113929][T12627]  </TASK>
[  138.296949][T12652] loop4: detected capacity change from 0 to 1024
[  138.311838][T12652] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  138.322861][T12652] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  138.369929][T12652] JBD2: no valid journal superblock found
[  138.375732][T12652] EXT4-fs (loop4): Could not load journal inode
[  138.383189][T12659] 9pnet_fd: Insufficient options for proto=fd
[  138.512475][T12691] pim6reg: entered allmulticast mode
[  138.570384][T11921] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.583756][T12691] pim6reg: left allmulticast mode
[  138.626587][T11921] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.637159][T12662] chnl_net:caif_netlink_parms(): no params data found
[  138.648052][T12807] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  138.659900][T12718] IPVS: stopping master sync thread 12807 ...
[  138.676097][T12824] netlink: 'syz.2.3303': attribute type 3 has an invalid length.
[  138.768628][T11921] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.805080][T12662] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.812247][T12662] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.817317][T12804] loop4: detected capacity change from 0 to 8192
[  138.826971][T12876] netlink: 'syz.0.3308': attribute type 3 has an invalid length.
[  138.849029][T12662] bridge_slave_0: entered allmulticast mode
[  138.855508][T12662] bridge_slave_0: entered promiscuous mode
[  138.862241][T12662] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.869503][T12662] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.877139][T12662] bridge_slave_1: entered allmulticast mode
[  138.888577][T12662] bridge_slave_1: entered promiscuous mode
[  138.896816][T11921] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.935123][T12662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  138.935561][T12912] 9pnet_fd: Insufficient options for proto=fd
[  138.945772][T12662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  138.960581][T12917] xt_TCPMSS: Only works on TCP SYN packets
[  138.980669][T12917] sctp: [Deprecated]: syz.1.3310 (pid 12917) Use of struct sctp_assoc_value in delayed_ack socket option.
[  138.980669][T12917] Use struct sctp_sack_info instead
[  139.049709][T12953] loop0: detected capacity change from 0 to 1024
[  139.078382][T12953] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended
[  139.095768][T12953] EXT4-fs warning (device loop0): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  139.115653][T12953] EXT4-fs (loop0): mount failed
[  139.117629][T12974] 9pnet_fd: Insufficient options for proto=fd
[  139.175402][T12980] 9pnet_fd: Insufficient options for proto=fd
[  139.181826][T11921] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  139.198607][T11921] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  139.208442][T11921] bond0 (unregistering): Released all slaves
[  139.217986][T12662] team0: Port device team_slave_0 added
[  139.226439][T12662] team0: Port device team_slave_1 added
[  139.238070][T12991] loop0: detected capacity change from 0 to 512
[  139.245337][T12991] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  139.277334][T12991] EXT4-fs (loop0): too many log groups per flexible block group
[  139.285058][T12991] EXT4-fs (loop0): failed to initialize mballoc (-12)
[  139.291910][T12991] EXT4-fs (loop0): mount failed
[  139.297263][T11921] hsr_slave_0: left promiscuous mode
[  139.305857][T11921] veth1_macvtap: left promiscuous mode
[  139.311395][T11921] veth0_macvtap: left promiscuous mode
[  139.365833][T11921] team0 (unregistering): Port device team_slave_1 removed
[  139.378327][T11921] team0 (unregistering): Port device team_slave_0 removed
[  139.405023][T12662] batman_adv: batadv0: Adding interface: batadv_slave_0
[  139.412051][T12662] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.438152][T12662] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  139.450866][T12662] batman_adv: batadv0: Adding interface: batadv_slave_1
[  139.457849][T12662] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  139.483873][T12662] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  139.512388][T12662] hsr_slave_0: entered promiscuous mode
[  139.518766][T12662] hsr_slave_1: entered promiscuous mode
[  139.757294][T13167] loop1: detected capacity change from 0 to 512
[  139.781933][T13167] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.799041][T13167] ext4 filesystem being mounted at /38/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  139.823778][T13144] loop2: detected capacity change from 0 to 8192
[  139.839836][T11501] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.859329][T12662] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  139.870318][T12662] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  139.887076][T12662] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  139.897219][T12662] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  139.973804][T12662] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.007893][T12662] 8021q: adding VLAN 0 to HW filter on device team0
[  140.034584][T13212] netlink: 'syz.4.3330': attribute type 3 has an invalid length.
[  140.037808][T11921] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.042490][T13212] __nla_validate_parse: 10 callbacks suppressed
[  140.042503][T13212] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3330'.
[  140.049556][T11921] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.055917][T13212] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3330'.
[  140.081313][T13219] FAULT_INJECTION: forcing a failure.
[  140.081313][T13219] name failslab, interval 1, probability 0, space 0, times 0
[  140.093965][T13219] CPU: 1 UID: 0 PID: 13219 Comm: syz.1.3333 Not tainted 6.13.0-rc6-syzkaller-00038-g09a0fa92e5b4 #0
[  140.104736][T13219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  140.114798][T13219] Call Trace:
[  140.118075][T13219]  <TASK>
[  140.121021][T13219]  dump_stack_lvl+0xf2/0x150
[  140.125630][T13219]  dump_stack+0x15/0x1a
[  140.129962][T13219]  should_fail_ex+0x223/0x230
[  140.134659][T13219]  should_failslab+0x8f/0xb0
[  140.139266][T13219]  kmem_cache_alloc_noprof+0x52/0x320
[  140.144708][T13219]  ? audit_log_start+0x34c/0x6b0
[  140.149753][T13219]  audit_log_start+0x34c/0x6b0
[  140.154595][T13219]  audit_seccomp+0x4b/0x130
[  140.159107][T13219]  __seccomp_filter+0x6fa/0x1180
[  140.164172][T13219]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  140.169875][T13219]  ? vfs_write+0x596/0x920
[  140.174327][T13219]  __secure_computing+0x9f/0x1c0
[  140.179333][T13219]  syscall_trace_enter+0xd1/0x1f0
[  140.184380][T13219]  ? fpregs_assert_state_consistent+0x83/0xa0
[  140.190463][T13219]  do_syscall_64+0xaa/0x1c0
[  140.195130][T13219]  ? clear_bhb_loop+0x55/0xb0
[  140.199897][T13219]  ? clear_bhb_loop+0x55/0xb0
[  140.204572][T13219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.210506][T13219] RIP: 0033:0x7f2da9f85d29
[  140.214980][T13219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.234586][T13219] RSP: 002b:00007f2da85f1038 EFLAGS: 00000246 ORIG_RAX: 000000000000013d
[  140.243018][T13219] RAX: ffffffffffffffda RBX: 00007f2daa175fa0 RCX: 00007f2da9f85d29
[  140.251033][T13219] RDX: 0000000020000340 RSI: 0000000000000000 RDI: 0000000000000001
[  140.259007][T13219] RBP: 00007f2da85f1090 R08: 0000000000000000 R09: 0000000000000000
[  140.266967][T13219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.275071][T13219] R13: 0000000000000000 R14: 00007f2daa175fa0 R15: 00007ffe0fc0f3b8
[  140.283524][T13219]  </TASK>
[  140.289376][T11928] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.296618][T11928] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.476390][T13274] loop4: detected capacity change from 0 to 512
[  140.511948][T12662] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.529588][T13274] EXT4-fs (loop4): external journal device major/minor numbers have changed
[  140.542653][T13274] block device autoloading is deprecated and will be removed.
[  140.557060][T13294] loop0: detected capacity change from 0 to 512
[  140.574147][T13274] syz.4.3342: attempt to access beyond end of device
[  140.574147][T13274] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  140.589700][T13274] EXT4-fs (loop4): couldn't read superblock of external journal
[  140.612094][T13294] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  140.725808][T13338] loop4: detected capacity change from 0 to 1024
[  140.733248][T13294] EXT4-fs (loop0): too many log groups per flexible block group
[  140.741009][T13294] EXT4-fs (loop0): failed to initialize mballoc (-12)
[  140.751711][T13338] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended
[  140.764062][T13294] EXT4-fs (loop0): mount failed
[  140.814444][T13338] EXT4-fs warning (device loop4): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  140.847659][T12662] veth0_vlan: entered promiscuous mode
[  140.852808][   T29] kauditd_printk_skb: 1051 callbacks suppressed
[  140.852823][   T29] audit: type=1326 audit(1736307724.156:30547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13282 comm="syz.2.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f45ba965db7 code=0x7ffc0000
[  140.861199][T12662] veth1_vlan: entered promiscuous mode
[  140.883898][T13300] loop2: detected capacity change from 0 to 8192
[  140.892256][T13338] EXT4-fs (loop4): mount failed
[  140.894828][   T29] audit: type=1326 audit(1736307724.196:30548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13282 comm="syz.2.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f45ba964690 code=0x7ffc0000
[  140.923451][   T29] audit: type=1326 audit(1736307724.196:30549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13282 comm="syz.2.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f45ba96592b code=0x7ffc0000
[  140.946238][T12662] veth0_macvtap: entered promiscuous mode
[  140.947137][   T29] audit: type=1326 audit(1736307724.206:30550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13282 comm="syz.2.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  140.967841][T12662] veth1_macvtap: entered promiscuous mode
[  140.976543][   T29] audit: type=1326 audit(1736307724.206:30551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13282 comm="syz.2.3344" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  140.977245][   T29] audit: type=1326 audit(1736307724.266:30552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13337 comm="syz.4.3350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  141.011552][T12662] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  141.029426][   T29] audit: type=1326 audit(1736307724.266:30553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13337 comm="syz.4.3350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  141.029510][   T29] audit: type=1326 audit(1736307724.266:30554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13337 comm="syz.4.3350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  141.029533][   T29] audit: type=1326 audit(1736307724.266:30555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13337 comm="syz.4.3350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  141.029555][   T29] audit: type=1326 audit(1736307724.266:30556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13337 comm="syz.4.3350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  141.040062][T12662] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.144865][T12662] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  141.155413][T12662] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.167002][T12662] batman_adv: batadv0: Interface activated: batadv_slave_0
[  141.175528][T12662] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  141.186084][T12662] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.195929][T12662] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  141.206527][T12662] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  141.217078][T12662] batman_adv: batadv0: Interface activated: batadv_slave_1
[  141.229176][T12662] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  141.229631][T13380] 9pnet_fd: Insufficient options for proto=fd
[  141.238005][T12662] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  141.252885][T12662] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  141.261690][T12662] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  141.384044][T13401] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3358'.
[  141.398121][T13397] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3356'.
[  141.420584][T13407] random: crng reseeded on system resumption
[  141.463345][T13415] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  141.473115][T13413] IPVS: stopping master sync thread 13415 ...
[  141.528504][T13419] 9pnet_fd: Insufficient options for proto=fd
[  141.550327][T13422] netlink: 'syz.3.3365': attribute type 3 has an invalid length.
[  141.558127][T13422] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3365'.
[  141.567175][T13422] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3365'.
[  141.603933][T13407] loop2: detected capacity change from 0 to 512
[  141.630487][T13407] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.643885][T13407] ext4 filesystem being mounted at /109/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.669313][T13441] loop3: detected capacity change from 0 to 512
[  141.670302][T10761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.685437][T13441] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  141.726819][T13441] EXT4-fs (loop3): too many log groups per flexible block group
[  141.734675][T13441] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  141.741926][T13441] EXT4-fs (loop3): mount failed
[  141.789272][T13465] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  141.799289][T13464] IPVS: stopping master sync thread 13465 ...
[  141.980676][T13474] pim6reg: entered allmulticast mode
[  141.987492][T13474] pim6reg: left allmulticast mode
[  142.015402][T13481] 9pnet_fd: Insufficient options for proto=fd
[  142.121718][T13502] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3385'.
[  142.122843][T13503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3381'.
[  142.132107][T13502] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3385'.
[  142.141360][T13503] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.156175][T13503] batman_adv: batadv0: Removing interface: batadv_slave_0
[  142.164077][T13503] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  142.171546][T13503] batman_adv: batadv0: Removing interface: batadv_slave_1
[  142.178590][T13502] syz.2.3385[13502] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  142.178705][T13502] syz.2.3385[13502] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  142.190525][T13506] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3381'.
[  142.198782][T13502] syz.2.3385[13502] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  142.353970][T13514] 9pnet_fd: Insufficient options for proto=fd
[  142.417146][T13505] loop4: detected capacity change from 0 to 8192
[  142.632408][T13525] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.700296][T13532] 9pnet_fd: Insufficient options for proto=fd
[  142.981926][T13561] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  142.988502][T13561] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  142.996041][T13561] vhci_hcd vhci_hcd.0: Device attached
[  143.028986][T13562] usbip_core: unknown command
[  143.033831][T13562] vhci_hcd: unknown pdu 0
[  143.038171][T13562] usbip_core: unknown command
[  143.043821][T11921] vhci_hcd: stop threads
[  143.048157][T11921] vhci_hcd: release socket
[  143.052241][T13566] 9pnet_fd: Insufficient options for proto=fd
[  143.052572][T11921] vhci_hcd: disconnect device
[  143.082825][T13573] loop1: detected capacity change from 0 to 512
[  143.116188][T13573] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.128912][T13573] ext4 filesystem being mounted at /59/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  143.149560][T11501] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.308048][T13605] pim6reg: entered allmulticast mode
[  143.315034][T13605] pim6reg: left allmulticast mode
[  143.370911][T13612] random: crng reseeded on system resumption
[  143.528736][T13612] loop2: detected capacity change from 0 to 512
[  143.556357][T13612] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.569408][T13612] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.596171][T10761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.698694][T13619] loop0: detected capacity change from 0 to 512
[  143.729197][T13619] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.747320][T13619] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.770223][T13619] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #2: block 18: comm syz.0.3413: lblock 23 mapped to illegal pblock 18 (length 1)
[  143.772103][T13654] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  143.790983][T13654] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  143.798448][T13654] vhci_hcd vhci_hcd.0: Device attached
[  143.816692][T13619] EXT4-fs error (device loop0): ext4_readdir:261: inode #2: block 12: comm syz.0.3413: path /106/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  143.817082][T13656] usbip_core: unknown command
[  143.842295][T13656] vhci_hcd: unknown pdu 0
[  143.846662][T13656] usbip_core: unknown command
[  143.859643][T11917] vhci_hcd: stop threads
[  143.863963][T13619] EXT4-fs error (device loop0): ext4_readdir:261: inode #2: block 13: comm syz.0.3413: path /106/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  143.863949][T11917] vhci_hcd: release socket
[  143.864034][T11917] vhci_hcd: disconnect device
[  143.897252][T13662] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #2: block 18: comm syz.0.3413: lblock 23 mapped to illegal pblock 18 (length 1)
[  143.911988][T13619] EXT4-fs error (device loop0): ext4_readdir:261: inode #2: block 14: comm syz.0.3413: path /106/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  143.912560][T13662] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #2: block 18: comm syz.0.3413: lblock 23 mapped to illegal pblock 18 (length 1)
[  143.937375][T13619] EXT4-fs error (device loop0): ext4_readdir:261: inode #2: block 15: comm syz.0.3413: path /106/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  143.967897][T13619] EXT4-fs error (device loop0): ext4_readdir:261: inode #2: block 16: comm syz.0.3413: path /106/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  143.990883][T13619] EXT4-fs error (device loop0): ext4_readdir:261: inode #2: block 17: comm syz.0.3413: path /106/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  143.994440][T13665] EXT4-fs error (device loop0): ext4_map_blocks:671: inode #2: block 18: comm syz.0.3413: lblock 23 mapped to illegal pblock 18 (length 1)
[  144.297028][T13525] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.348270][T13525] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.403915][T13525] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.467032][T11264] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.494852][T13525] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  144.531112][T13525] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  144.552324][T13525] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  144.568484][T13525] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  144.614483][T13736] bridge0: entered promiscuous mode
[  144.619755][T13736] macvlan2: entered promiscuous mode
[  144.626705][T13736] bridge0: port 3(macvlan2) entered blocking state
[  144.633264][T13736] bridge0: port 3(macvlan2) entered disabled state
[  144.640674][T13736] macvlan2: entered allmulticast mode
[  144.646159][T13736] bridge0: entered allmulticast mode
[  144.654981][T13736] macvlan2: left allmulticast mode
[  144.660134][T13736] bridge0: left allmulticast mode
[  144.670938][T13736] bridge0: left promiscuous mode
[  144.674367][T13744] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  144.682569][T13744] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  144.690104][T13744] vhci_hcd vhci_hcd.0: Device attached
[  144.697811][T13745] usbip_core: unknown command
[  144.702671][T13745] vhci_hcd: unknown pdu 0
[  144.707096][T13745] usbip_core: unknown command
[  144.712054][T11921] vhci_hcd: stop threads
[  144.716430][T11921] vhci_hcd: release socket
[  144.720953][T11921] vhci_hcd: disconnect device
[  144.749589][T13751] loop0: detected capacity change from 0 to 512
[  144.765874][T13751] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.778783][T13751] ext4 filesystem being mounted at /110/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  144.797914][T11264] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.849602][T13765] 9pnet_fd: Insufficient options for proto=fd
[  144.958750][T13786] netlink: 'syz.2.3452': attribute type 3 has an invalid length.
[  144.985028][T13789] 9pnet_fd: Insufficient options for proto=fd
[  145.010147][T13793] netlink: 'syz.2.3454': attribute type 3 has an invalid length.
[  145.110084][T13790] loop0: detected capacity change from 0 to 8192
[  145.148562][T13812] 9pnet_fd: Insufficient options for proto=fd
[  145.190720][T13820] __nla_validate_parse: 13 callbacks suppressed
[  145.190735][T13820] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3461'.
[  145.480881][T13818] loop2: detected capacity change from 0 to 8192
[  145.502470][T13877] 9pnet_fd: Insufficient options for proto=fd
[  145.578667][T13883] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  145.585215][T13883] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  145.592777][T13883] vhci_hcd vhci_hcd.0: Device attached
[  145.650705][T13891] vhci_hcd: connection closed
[  145.651416][T11920] vhci_hcd: stop threads
[  145.660464][T11920] vhci_hcd: release socket
[  145.664936][T11920] vhci_hcd: disconnect device
[  145.701834][T13915] loop4: detected capacity change from 0 to 1024
[  145.741668][T13915] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.765332][T13915] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.862696][   T29] kauditd_printk_skb: 1750 callbacks suppressed
[  145.862711][   T29] audit: type=1326 audit(1736307729.169:32307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  145.908677][   T29] audit: type=1326 audit(1736307729.189:32308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  145.931798][   T29] audit: type=1326 audit(1736307729.209:32309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13971 comm="syz.3.3484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08adab5d29 code=0x7ffc0000
[  145.955401][   T29] audit: type=1326 audit(1736307729.209:32310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13971 comm="syz.3.3484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08adab5d29 code=0x7ffc0000
[  145.979075][   T29] audit: type=1326 audit(1736307729.209:32311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13971 comm="syz.3.3484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f08adab5d29 code=0x7ffc0000
[  146.002671][   T29] audit: type=1326 audit(1736307729.209:32312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13971 comm="syz.3.3484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08adab5d29 code=0x7ffc0000
[  146.026384][T13975] loop2: detected capacity change from 0 to 1024
[  146.032878][   T29] audit: type=1326 audit(1736307729.209:32313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13971 comm="syz.3.3484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08adab5d29 code=0x7ffc0000
[  146.036216][T13975] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended
[  146.056497][   T29] audit: type=1326 audit(1736307729.209:32314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13971 comm="syz.3.3484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f08adab5d29 code=0x7ffc0000
[  146.088944][   T29] audit: type=1326 audit(1736307729.209:32315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13971 comm="syz.3.3484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08adab5d29 code=0x7ffc0000
[  146.101323][T13975] EXT4-fs warning (device loop2): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  146.112507][   T29] audit: type=1326 audit(1736307729.209:32316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13971 comm="syz.3.3484" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08adab5d29 code=0x7ffc0000
[  146.151810][T13902] loop0: detected capacity change from 0 to 8192
[  146.158261][T13975] EXT4-fs (loop2): mount failed
[  146.195215][T11020] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.238701][T13992] loop2: detected capacity change from 0 to 512
[  146.241730][T13989] 9pnet_fd: Insufficient options for proto=fd
[  146.253957][T13994] random: crng reseeded on system resumption
[  146.297901][T13992] EXT4-fs (loop2): failed to initialize system zone (-117)
[  146.315493][T13992] EXT4-fs (loop2): mount failed
[  146.453734][T14005] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3490'.
[  146.531370][T13994] loop4: detected capacity change from 0 to 512
[  146.570730][T13994] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  146.583384][T13994] ext4 filesystem being mounted at /111/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  146.615949][T11020] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.633922][T14082] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3500'.
[  146.643007][T14082] bridge_slave_1: left allmulticast mode
[  146.648800][T14082] bridge_slave_1: left promiscuous mode
[  146.654608][T14082] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.670756][T14082] bridge_slave_0: left allmulticast mode
[  146.676481][T14082] bridge_slave_0: left promiscuous mode
[  146.682150][T14082] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.683444][T14084] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3501'.
[  146.852974][T14079] loop3: detected capacity change from 0 to 8192
[  146.931700][T14111] loop1: detected capacity change from 0 to 512
[  146.938419][T14111] EXT4-fs: Ignoring removed orlov option
[  146.945088][T14111] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  147.039917][T14111] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.055418][T14111] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  147.114313][T14132] IPVS: stopping master sync thread 14133 ...
[  147.120488][T14133] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  147.140475][T14136] pim6reg: entered allmulticast mode
[  147.148440][T14136] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3512'.
[  147.177767][T14135] pim6reg: left allmulticast mode
[  147.195358][T14143] 9pnet_fd: Insufficient options for proto=fd
[  147.251987][T11501] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.267654][T14150] 9pnet_fd: Insufficient options for proto=fd
[  147.331846][T14165] loop3: detected capacity change from 0 to 512
[  147.344630][T14165] EXT4-fs: Ignoring removed orlov option
[  147.350817][T14165] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  147.360949][T14170] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3520'.
[  147.404978][T14165] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  147.565507][T14172] loop0: detected capacity change from 0 to 8192
[  147.572375][T14165] xt_hashlimit: max too large, truncated to 1048576
[  147.671153][T14199] netlink: 'syz.3.3526': attribute type 1 has an invalid length.
[  147.681706][T14204] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  147.692089][T14203] IPVS: stopping master sync thread 14204 ...
[  147.760719][T14218] netlink: 'syz.0.3530': attribute type 4 has an invalid length.
[  147.773708][T14222] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3532'.
[  147.785119][T14218] netlink: 'syz.0.3530': attribute type 4 has an invalid length.
[  147.813686][T14222] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  147.831917][T14234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3534'.
[  148.039473][T14282] bridge_slave_0: left allmulticast mode
[  148.045257][T14282] bridge_slave_0: left promiscuous mode
[  148.051000][T14282] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.065970][T14282] bridge_slave_1: left allmulticast mode
[  148.071686][T14282] bridge_slave_1: left promiscuous mode
[  148.077505][T14282] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.092851][T14282] bond0: (slave bond_slave_0): Releasing backup interface
[  148.133875][T14282] bond0: (slave bond_slave_1): Releasing backup interface
[  148.144843][T14298] netlink: 133492 bytes leftover after parsing attributes in process `syz.0.3544'.
[  148.175994][T14282] team0: Port device team_slave_0 removed
[  148.203313][T14282] team0: Port device team_slave_1 removed
[  148.229385][T14308] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3545'.
[  148.232824][T14282] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  148.245829][T14282] batman_adv: batadv0: Removing interface: batadv_slave_0
[  148.269815][T14282] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  148.277340][T14282] batman_adv: batadv0: Removing interface: batadv_slave_1
[  148.413001][T14325] 9pnet_fd: Insufficient options for proto=fd
[  148.447042][T14327] loop3: detected capacity change from 0 to 512
[  148.470400][T14327] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  148.516694][T14344] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  148.523232][T14344] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  148.530773][T14344] vhci_hcd vhci_hcd.0: Device attached
[  148.589525][T14345] usbip_core: unknown command
[  148.594317][T14345] vhci_hcd: unknown pdu 0
[  148.597333][T14355] pim6reg: entered allmulticast mode
[  148.598670][T14345] usbip_core: unknown command
[  148.614287][T11920] vhci_hcd: stop threads
[  148.618557][T11920] vhci_hcd: release socket
[  148.622976][T11920] vhci_hcd: disconnect device
[  148.650234][T14354] pim6reg: left allmulticast mode
[  148.785702][T14369] netlink: 'syz.4.3559': attribute type 3 has an invalid length.
[  148.796420][T14366] loop0: detected capacity change from 0 to 2048
[  148.861019][T14366] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  148.889597][T14377] bridge1: entered promiscuous mode
[  148.911928][T14366] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 192 with error 28
[  148.924502][T14366] EXT4-fs (loop0): This should not happen!! Data will be lost
[  148.924502][T14366] 
[  148.934229][T14366] EXT4-fs (loop0): Total free blocks count 0
[  148.940250][T14366] EXT4-fs (loop0): Free/Dirty block details
[  148.946269][T14366] EXT4-fs (loop0): free_blocks=66060288
[  148.951915][T14366] EXT4-fs (loop0): dirty_blocks=192
[  148.957196][T14366] EXT4-fs (loop0): Block reservation details
[  148.963163][T14366] EXT4-fs (loop0): i_reserved_data_blocks=12
[  149.048033][T14399] loop4: detected capacity change from 0 to 512
[  149.071566][T14399] ext4 filesystem being mounted at /120/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  149.137348][T14409] syz.3.3568[14409] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  149.137432][T14409] syz.3.3568[14409] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  149.144712][T14419] pim6reg: entered allmulticast mode
[  149.169475][T14409] syz.3.3568[14409] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  149.170363][T14418] pim6reg: left allmulticast mode
[  149.222929][T14427] 9pnet_fd: Insufficient options for proto=fd
[  149.387210][T14446] loop4: detected capacity change from 0 to 512
[  149.397586][T14446] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  149.461555][T14446] EXT4-fs (loop4): too many log groups per flexible block group
[  149.469455][T14446] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  149.479457][T14446] EXT4-fs (loop4): mount failed
[  149.848338][T14462] loop1: detected capacity change from 0 to 8192
[  149.933331][T14493] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  149.939879][T14493] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  149.947416][T14493] vhci_hcd vhci_hcd.0: Device attached
[  149.996770][T14494] usbip_core: unknown command
[  150.001502][T14494] vhci_hcd: unknown pdu 0
[  150.005957][T14494] usbip_core: unknown command
[  150.017630][T11918] vhci_hcd: stop threads
[  150.021917][T11918] vhci_hcd: release socket
[  150.026405][T11918] vhci_hcd: disconnect device
[  150.043171][T14503] 9pnet_fd: Insufficient options for proto=fd
[  150.061159][T14510] netlink: 'syz.1.3586': attribute type 3 has an invalid length.
[  150.148695][T14529] pim6reg: entered allmulticast mode
[  150.161500][T14528] pim6reg: left allmulticast mode
[  150.517185][T14552] loop0: detected capacity change from 0 to 512
[  150.545662][T14552] ext4 filesystem being mounted at /155/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  150.577967][T14561] 9pnet_fd: Insufficient options for proto=fd
[  150.599486][T14564] random: crng reseeded on system resumption
[  150.806702][T14566] loop0: detected capacity change from 0 to 512
[  150.825755][T14566] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.024589][   T29] kauditd_printk_skb: 1396 callbacks suppressed
[  151.024604][   T29] audit: type=1326 audit(1736307734.332:33713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14574 comm="syz.4.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  151.056963][   T29] audit: type=1326 audit(1736307734.342:33714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14574 comm="syz.4.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  151.080885][   T29] audit: type=1326 audit(1736307734.342:33715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14574 comm="syz.4.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  151.104752][   T29] audit: type=1326 audit(1736307734.342:33716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14574 comm="syz.4.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  151.128634][   T29] audit: type=1326 audit(1736307734.342:33717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14574 comm="syz.4.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  151.152464][   T29] audit: type=1326 audit(1736307734.342:33718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14574 comm="syz.4.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  151.176203][   T29] audit: type=1326 audit(1736307734.342:33719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14574 comm="syz.4.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  151.199985][   T29] audit: type=1326 audit(1736307734.342:33720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14574 comm="syz.4.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  151.223718][   T29] audit: type=1326 audit(1736307734.342:33721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14574 comm="syz.4.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  151.247400][   T29] audit: type=1326 audit(1736307734.342:33722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14574 comm="syz.4.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f673aaa5d29 code=0x7ffc0000
[  151.259722][T14585] loop4: detected capacity change from 0 to 512
[  151.278431][T14580] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  151.285004][T14580] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  151.292512][T14580] vhci_hcd vhci_hcd.0: Device attached
[  151.308147][T14584] vhci_hcd: connection closed
[  151.308609][T11920] vhci_hcd: stop threads
[  151.309223][T14585] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.313343][T11920] vhci_hcd: release socket
[  151.313352][T11920] vhci_hcd: disconnect device
[  151.371459][T14578] loop2: detected capacity change from 0 to 8192
[  151.410482][T14608] netem: change failed
[  151.416720][T14608] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(14)
[  151.423412][T14608] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  151.430992][T14608] vhci_hcd vhci_hcd.0: Device attached
[  151.486012][T14618] __nla_validate_parse: 11 callbacks suppressed
[  151.486029][T14618] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3609'.
[  151.501498][T14618] bridge_slave_1: left allmulticast mode
[  151.507157][T14618] bridge_slave_1: left promiscuous mode
[  151.512835][T14618] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.521068][T14618] bridge_slave_0: left allmulticast mode
[  151.526775][T14618] bridge_slave_0: left promiscuous mode
[  151.532441][T14618] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.587835][T14627] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  151.620486][T14633] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  151.620542][T14632] IPVS: stopping master sync thread 14633 ...
[  151.636741][    T9] vhci_hcd: vhci_device speed not set
[  151.694240][    T9] usb 7-1: new full-speed USB device number 2 using vhci_hcd
[  151.703064][T14642] 9pnet: Could not find request transport: fd0x000000000000000cT(N
[  151.742687][T14649] 9pnet_fd: Insufficient options for proto=fd
[  151.922848][T14669] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3624'.
[  151.931952][T14669] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  151.939385][T14669] batman_adv: batadv0: Removing interface: batadv_slave_0
[  151.965495][T14669] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  151.972925][T14669] batman_adv: batadv0: Removing interface: batadv_slave_1
[  151.981848][T14673] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14673 comm=syz.2.3624
[  151.996397][T14609] vhci_hcd: connection reset by peer
[  152.443765][T14686] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3627'.
[  152.471649][T11921] vhci_hcd: stop threads
[  152.476039][T11921] vhci_hcd: release socket
[  152.480505][T11921] vhci_hcd: disconnect device
[  152.533914][T14689] 9pnet: Could not find request transport: fd0x000000000000000cT(N
[  152.711304][T14698] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3630'.
[  152.851576][T14701] x_tables: eb_tables: nflog.0 target: invalid size 80 (kernel) != (user) 0
[  152.933699][T14717] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3636'.
[  153.128330][T14720] loop3: detected capacity change from 0 to 2048
[  153.175837][T14720] EXT4-fs mount: 14 callbacks suppressed
[  153.175853][T14720] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  153.352038][T14775] IPVS: stopping master sync thread 14776 ...
[  153.359474][T14776] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  153.419418][T14778] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3648'.
[  153.455265][T14787] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3650'.
[  153.512670][T14802] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  153.519254][T14802] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  153.526708][T14802] vhci_hcd vhci_hcd.0: Device attached
[  153.563681][T14803] usbip_core: unknown command
[  153.568503][T14803] vhci_hcd: unknown pdu 0
[  153.572848][T14803] usbip_core: unknown command
[  153.578017][T11917] vhci_hcd: stop threads
[  153.582288][T11917] vhci_hcd: release socket
[  153.586778][T11917] vhci_hcd: disconnect device
[  153.595516][T14808] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3655'.
[  153.687204][T14805] loop1: detected capacity change from 0 to 8192
[  153.736731][T12662] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.897383][T14841] random: crng reseeded on system resumption
[  153.956795][T14842] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3656'.
[  153.972682][T14842] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  153.980931][T14842] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  153.989257][T14842] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  153.997431][T14842] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  154.007499][T14842] vxlan0: entered promiscuous mode
[  154.121889][T14851] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3662'.
[  154.127760][T14841] loop1: detected capacity change from 0 to 512
[  154.160620][T14841] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.176761][T14841] ext4 filesystem being mounted at /108/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.193059][T14863] random: crng reseeded on system resumption
[  154.208733][T11501] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.338791][T14893] x_tables: eb_tables: nflog.0 target: invalid size 80 (kernel) != (user) 0
[  154.402341][T14901] loop2: detected capacity change from 0 to 512
[  154.406412][T14864] loop0: detected capacity change from 0 to 8192
[  154.431346][T14910] FAULT_INJECTION: forcing a failure.
[  154.431346][T14910] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.444541][T14910] CPU: 0 UID: 0 PID: 14910 Comm: syz.4.3669 Not tainted 6.13.0-rc6-syzkaller-00038-g09a0fa92e5b4 #0
[  154.454760][T14901] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.455322][T14910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  154.467897][T14901] ext4 filesystem being mounted at /177/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.477762][T14910] Call Trace:
[  154.477773][T14910]  <TASK>
[  154.477781][T14910]  dump_stack_lvl+0xf2/0x150
[  154.477813][T14910]  dump_stack+0x15/0x1a
[  154.503238][T14910]  should_fail_ex+0x223/0x230
[  154.507998][T14910]  should_fail+0xb/0x10
[  154.512247][T14910]  should_fail_usercopy+0x1a/0x20
[  154.517293][T14910]  _copy_to_user+0x20/0xa0
[  154.521734][T14910]  simple_read_from_buffer+0xa0/0x110
[  154.527175][T14910]  proc_fail_nth_read+0xf9/0x140
[  154.532175][T14910]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  154.537718][T14910]  vfs_read+0x1a2/0x700
[  154.541953][T14910]  ? __rcu_read_unlock+0x4e/0x70
[  154.546901][T14910]  ? __fget_files+0x17c/0x1c0
[  154.551581][T14910]  ksys_read+0xe8/0x1b0
[  154.555810][T14910]  __x64_sys_read+0x42/0x50
[  154.560381][T14910]  x64_sys_call+0x2874/0x2dc0
[  154.565188][T14910]  do_syscall_64+0xc9/0x1c0
[  154.569738][T14910]  ? clear_bhb_loop+0x55/0xb0
[  154.574406][T14910]  ? clear_bhb_loop+0x55/0xb0
[  154.579152][T14910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.585049][T14910] RIP: 0033:0x7f673aaa473c
[  154.589536][T14910] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  154.609197][T14910] RSP: 002b:00007f6739117030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  154.617600][T14910] RAX: ffffffffffffffda RBX: 00007f673ac95fa0 RCX: 00007f673aaa473c
[  154.625565][T14910] RDX: 000000000000000f RSI: 00007f67391170a0 RDI: 0000000000000004
[  154.633527][T14910] RBP: 00007f6739117090 R08: 0000000000000000 R09: 0000000000000000
[  154.641540][T14910] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001
[  154.649683][T14910] R13: 0000000000000000 R14: 00007f673ac95fa0 R15: 00007ffc7021fcc8
[  154.657824][T14910]  </TASK>
[  154.693684][T14918] netlink: 'syz.1.3672': attribute type 3 has an invalid length.
[  154.704704][T14920] 9pnet_fd: Insufficient options for proto=fd
[  154.753121][T14928] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  154.762993][T14927] IPVS: stopping master sync thread 14928 ...
[  154.909305][T14953] loop4: detected capacity change from 0 to 512
[  154.923585][T14953] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  154.955402][T14953] EXT4-fs (loop4): too many log groups per flexible block group
[  154.963127][T14953] EXT4-fs (loop4): failed to initialize mballoc (-12)
[  154.971361][T14960] 9pnet_fd: Insufficient options for proto=fd
[  154.975368][T14953] EXT4-fs (loop4): mount failed
[  155.003587][T14974] 9pnet_fd: Insufficient options for proto=fd
[  155.044593][T10761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.068383][T14990] loop1: detected capacity change from 0 to 512
[  155.076014][T14990] EXT4-fs: Ignoring removed i_version option
[  155.085562][T14990] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.099178][T14990] ext4 filesystem being mounted at /118/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.112337][T14967] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  155.134661][T14967] EXT4-fs error (device loop1): ext4_do_update_inode:5153: inode #4: comm syz.1.3683: corrupted inode contents
[  155.150793][T14967] EXT4-fs error (device loop1): ext4_dirty_inode:6041: inode #4: comm syz.1.3683: mark_inode_dirty error
[  155.162866][T14967] EXT4-fs error (device loop1): ext4_do_update_inode:5153: inode #4: comm syz.1.3683: corrupted inode contents
[  155.178619][T14967] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #4: comm syz.1.3683: mark_inode_dirty error
[  155.190378][T14967] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.3683: Failed to acquire dquot type 1
[  155.202110][T14967] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  155.280190][T11501] EXT4-fs error (device loop1): ext4_empty_dir:3097: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  155.311175][T11501] EXT4-fs error (device loop1): ext4_empty_dir:3097: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  155.331778][T14985] loop3: detected capacity change from 0 to 8192
[  155.338585][T11501] EXT4-fs error (device loop1): ext4_empty_dir:3097: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  155.352808][T11501] EXT4-fs error (device loop1): ext4_empty_dir:3097: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  155.366371][T11501] EXT4-fs error (device loop1): ext4_empty_dir:3097: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  155.499391][T15024] loop2: detected capacity change from 0 to 8192
[  155.535578][T15074] 9pnet_fd: Insufficient options for proto=fd
[  155.645337][T11917] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.727301][T11917] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.820580][T11917] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.853802][T15122] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  155.853848][T15119] IPVS: stopping master sync thread 15122 ...
[  155.901117][T11917] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.039441][   T29] kauditd_printk_skb: 1293 callbacks suppressed
[  156.039454][   T29] audit: type=1326 audit(1736307739.350:35013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15210 comm="syz.0.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  156.069691][   T29] audit: type=1326 audit(1736307739.350:35014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15210 comm="syz.0.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd783b17c47 code=0x7ffc0000
[  156.093350][   T29] audit: type=1326 audit(1736307739.350:35015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15210 comm="syz.0.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  156.107252][T15226] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  156.117036][   T29] audit: type=1326 audit(1736307739.350:35016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15210 comm="syz.0.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  156.123412][T15226] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  156.147015][   T29] audit: type=1326 audit(1736307739.350:35017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15210 comm="syz.0.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  156.154437][T15226] vhci_hcd vhci_hcd.0: Device attached
[  156.177802][   T29] audit: type=1326 audit(1736307739.350:35018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15210 comm="syz.0.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  156.206905][   T29] audit: type=1326 audit(1736307739.350:35019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15210 comm="syz.0.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  156.208661][T15218] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  156.230507][   T29] audit: type=1326 audit(1736307739.350:35020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15210 comm="syz.0.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  156.236948][T15218] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  156.237053][T15218] vhci_hcd vhci_hcd.0: Device attached
[  156.260480][   T29] audit: type=1326 audit(1736307739.350:35021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15210 comm="syz.0.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  156.260506][   T29] audit: type=1326 audit(1736307739.350:35022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15210 comm="syz.0.3716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd783b15d29 code=0x7ffc0000
[  156.275386][T15227] vhci_hcd: connection closed
[  156.330493][   T28] vhci_hcd: stop threads
[  156.339535][   T28] vhci_hcd: release socket
[  156.343952][   T28] vhci_hcd: disconnect device
[  156.366825][T15219] vhci_hcd: connection closed
[  156.367345][   T28] vhci_hcd: stop threads
[  156.376399][   T28] vhci_hcd: release socket
[  156.380811][   T28] vhci_hcd: disconnect device
[  156.404544][T11437] vhci_hcd: vhci_device speed not set
[  156.411892][T15280] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  156.418484][T15280] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  156.425957][T15280] vhci_hcd vhci_hcd.0: Device attached
[  156.426060][T11917] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  156.434900][T15281] usbip_core: unknown command
[  156.444621][T15281] vhci_hcd: unknown pdu 0
[  156.448926][T15281] usbip_core: unknown command
[  156.454928][   T28] vhci_hcd: stop threads
[  156.459195][   T28] vhci_hcd: release socket
[  156.463600][   T28] vhci_hcd: disconnect device
[  156.468610][T11917] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  156.478417][T11917] bond0 (unregistering): Released all slaves
[  156.498219][T15100] chnl_net:caif_netlink_parms(): no params data found
[  156.542628][T11917] hsr_slave_0: left promiscuous mode
[  156.549359][T11917] hsr_slave_1: left promiscuous mode
[  156.557081][T11917] veth1_macvtap: left promiscuous mode
[  156.562577][T11917] veth0_macvtap: left promiscuous mode
[  156.568162][T11917] veth1_vlan: left promiscuous mode
[  156.573400][T11917] veth0_vlan: left promiscuous mode
[  156.639398][T11917] team0 (unregistering): Port device team_slave_1 removed
[  156.650181][T11917] team0 (unregistering): Port device team_slave_0 removed
[  156.676438][T15100] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.683600][T15100] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.690988][T15100] bridge_slave_0: entered allmulticast mode
[  156.697480][T15100] bridge_slave_0: entered promiscuous mode
[  156.706493][T15100] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.713630][T15100] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.720799][T15100] bridge_slave_1: entered allmulticast mode
[  156.727153][T15100] bridge_slave_1: entered promiscuous mode
[  156.749381][T15100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.758649][    T9] usb 7-1: enqueue for inactive port 0
[  156.764141][    T9] usb 7-1: enqueue for inactive port 0
[  156.777369][T15100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.834400][    T9] vhci_hcd: vhci_device speed not set
[  156.835283][T15100] team0: Port device team_slave_0 added
[  156.851905][T15100] team0: Port device team_slave_1 added
[  156.862673][T15417] FAULT_INJECTION: forcing a failure.
[  156.862673][T15417] name failslab, interval 1, probability 0, space 0, times 0
[  156.875519][T15417] CPU: 1 UID: 0 PID: 15417 Comm: syz.0.3724 Not tainted 6.13.0-rc6-syzkaller-00038-g09a0fa92e5b4 #0
[  156.886324][T15417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  156.896457][T15417] Call Trace:
[  156.899747][T15417]  <TASK>
[  156.902684][T15417]  dump_stack_lvl+0xf2/0x150
[  156.907339][T15417]  dump_stack+0x15/0x1a
[  156.911625][T15417]  should_fail_ex+0x223/0x230
[  156.916370][T15417]  should_failslab+0x8f/0xb0
[  156.920973][T15417]  kmem_cache_alloc_noprof+0x52/0x320
[  156.926376][T15417]  ? getname_flags+0x81/0x3b0
[  156.931076][T15417]  getname_flags+0x81/0x3b0
[  156.935592][T15417]  getname+0x17/0x20
[  156.939491][T15417]  path_listxattrat+0x7d/0x2a0
[  156.944301][T15417]  ? ksys_write+0x176/0x1b0
[  156.948869][T15417]  __x64_sys_llistxattr+0x4d/0x60
[  156.954030][T15417]  x64_sys_call+0x204f/0x2dc0
[  156.958722][T15417]  do_syscall_64+0xc9/0x1c0
[  156.963237][T15417]  ? clear_bhb_loop+0x55/0xb0
[  156.967920][T15417]  ? clear_bhb_loop+0x55/0xb0
[  156.972607][T15417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.978566][T15417] RIP: 0033:0x7fd783b15d29
[  156.983047][T15417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.002720][T15417] RSP: 002b:00007fd782187038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  157.011264][T15417] RAX: ffffffffffffffda RBX: 00007fd783d05fa0 RCX: 00007fd783b15d29
[  157.019255][T15417] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  157.027224][T15417] RBP: 00007fd782187090 R08: 0000000000000000 R09: 0000000000000000
[  157.035192][T15417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.043367][T15417] R13: 0000000000000000 R14: 00007fd783d05fa0 R15: 00007ffc4e85cd28
[  157.051403][T15417]  </TASK>
[  157.073027][T15100] batman_adv: batadv0: Adding interface: batadv_slave_0
[  157.080144][T15100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.106063][T15100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.141598][T15462] x_tables: eb_tables: nflog.0 target: invalid size 80 (kernel) != (user) 0
[  157.156264][T15466] __nla_validate_parse: 12 callbacks suppressed
[  157.156277][T15466] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3729'.
[  157.182778][T15100] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.189806][T15100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.215979][T15100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  157.287585][T15100] hsr_slave_0: entered promiscuous mode
[  157.292045][T15476] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3732'.
[  157.302473][T15492] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  157.309066][T15492] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  157.316533][T15492] vhci_hcd vhci_hcd.0: Device attached
[  157.327034][T15100] hsr_slave_1: entered promiscuous mode
[  157.327061][T15509] usbip_core: unknown command
[  157.337370][T15509] vhci_hcd: unknown pdu 0
[  157.339474][T15519] loop2: detected capacity change from 0 to 512
[  157.341721][T15509] usbip_core: unknown command
[  157.342418][T11921] vhci_hcd: stop threads
[  157.357077][T11921] vhci_hcd: release socket
[  157.357934][T15100] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  157.361569][T11921] vhci_hcd: disconnect device
[  157.371074][T15519] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.374131][T15100] Cannot create hsr debugfs directory
[  157.387083][T15519] ext4 filesystem being mounted at /190/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  157.428947][T15531] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3737'.
[  157.490858][T10761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.672923][T15100] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  157.688376][T15100] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  157.693761][T15646] x_tables: eb_tables: nflog.0 target: invalid size 80 (kernel) != (user) 0
[  157.708301][T15100] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  157.721826][T15100] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  157.761575][T15517] loop0: detected capacity change from 0 to 8192
[  157.814037][T15100] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.833752][T15100] 8021q: adding VLAN 0 to HW filter on device team0
[  157.862867][T11917] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.869983][T11917] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.893216][T15675] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3743'.
[  157.924531][T15100] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  157.934978][T15100] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  157.949743][T11917] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.956834][T11917] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.059655][T15100] 8021q: adding VLAN 0 to HW filter on device batadv0
[  158.112505][T15717] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  158.119058][T15717] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  158.126573][T15717] vhci_hcd vhci_hcd.0: Device attached
[  158.150367][T15718] usbip_core: unknown command
[  158.155160][T15718] vhci_hcd: unknown pdu 0
[  158.159523][T15718] usbip_core: unknown command
[  158.175109][   T52] vhci_hcd: stop threads
[  158.179416][   T52] vhci_hcd: release socket
[  158.183832][   T52] vhci_hcd: disconnect device
[  158.301885][T15100] veth0_vlan: entered promiscuous mode
[  158.313863][T15100] veth1_vlan: entered promiscuous mode
[  158.343265][T15100] veth0_macvtap: entered promiscuous mode
[  158.357531][T15100] veth1_macvtap: entered promiscuous mode
[  158.381149][T15100] batman_adv: batadv0: Interface activated: batadv_slave_0
[  158.405328][T15100] batman_adv: batadv0: Interface activated: batadv_slave_1
[  158.421904][T15100] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  158.430829][T15100] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  158.439641][T15100] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  158.448453][T15100] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.612273][T15741] loop3: detected capacity change from 0 to 8192
[  159.404075][T15896] x_tables: eb_tables: nflog.0 target: invalid size 80 (kernel) != (user) 0
[  159.438032][T15922] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3778'.
[  159.469673][T15925] random: crng reseeded on system resumption
[  159.573904][T15890] loop2: detected capacity change from 0 to 8192
[  159.603681][T15937] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3781'.
[  159.673691][T15942] x_tables: eb_tables: nflog.0 target: invalid size 80 (kernel) != (user) 0
[  159.703754][T15927] loop0: detected capacity change from 0 to 512
[  159.727369][T15947] loop5: detected capacity change from 0 to 512
[  159.733907][T15947] EXT4-fs: Ignoring removed i_version option
[  159.747444][T15956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3786'.
[  159.757720][T15956] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3786'.
[  159.770725][T15927] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.786167][T15947] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.790535][T15927] ext4 filesystem being mounted at /190/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.799404][T15947] ext4 filesystem being mounted at /4/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.811940][T15956] syz.4.3786[15956] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.821136][T15968] 9pnet_fd: Insufficient options for proto=fd
[  159.839470][T15956] syz.4.3786[15956] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.839573][T15956] syz.4.3786[15956] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  159.895825][T15974] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3790'.
[  159.917196][T15947] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  159.983808][T15989] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  159.984082][T15986] IPVS: stopping master sync thread 15989 ...
[  160.025376][T15100] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.362659][T11264] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.439983][T16040] random: crng reseeded on system resumption
[  160.537627][T16009] loop3: detected capacity change from 0 to 8192
[  160.666494][T16040] loop0: detected capacity change from 0 to 512
[  160.713369][T16040] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.713485][T16040] ext4 filesystem being mounted at /192/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.735228][T16070] loop5: detected capacity change from 0 to 2048
[  160.737435][T16070] EXT4-fs (loop5): bad block size 8192
[  160.758152][T11264] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.795513][T16083] random: crng reseeded on system resumption
[  160.893364][T16088] loop2: detected capacity change from 0 to 512
[  160.909193][T16086] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3808'.
[  160.920482][T16088] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.920630][T16088] ext4 filesystem being mounted at /212/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  160.945996][T10761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.965429][T16102] 9pnet_fd: Insufficient options for proto=fd
[  161.028192][T16110] loop3: detected capacity change from 0 to 512
[  161.049373][   T29] kauditd_printk_skb: 1580 callbacks suppressed
[  161.049387][   T29] audit: type=1326 audit(1736307744.356:36603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16103 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  161.049414][   T29] audit: type=1326 audit(1736307744.356:36604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16103 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  161.049438][   T29] audit: type=1326 audit(1736307744.356:36605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16103 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  161.057903][   T29] audit: type=1326 audit(1736307744.376:36606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16103 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  161.151130][   T29] audit: type=1326 audit(1736307744.376:36607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16103 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  161.151165][   T29] audit: type=1326 audit(1736307744.376:36608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16103 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  161.223678][   T29] audit: type=1326 audit(1736307744.396:36609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16103 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  161.278518][   T29] audit: type=1326 audit(1736307744.396:36610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16103 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  161.278544][   T29] audit: type=1326 audit(1736307744.396:36611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16103 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  161.278570][   T29] audit: type=1326 audit(1736307744.396:36612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16103 comm="syz.2.3811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45ba965d29 code=0x7ffc0000
[  161.358035][T16110] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  161.358176][T16110] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  161.449182][T16115] loop4: detected capacity change from 0 to 8192
[  161.623900][T12662] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.722049][T16200] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0
[  161.731872][T16196] IPVS: stopping master sync thread 16200 ...
[  161.814780][T16214] loop3: detected capacity change from 0 to 512
[  161.821565][T16214] EXT4-fs: Ignoring removed i_version option
[  161.835559][T16214] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  161.848532][T16214] ext4 filesystem being mounted at /92/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  161.863659][T16214] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  161.884741][T16214] EXT4-fs error (device loop3): ext4_do_update_inode:5153: inode #4: comm syz.3.3833: corrupted inode contents
[  161.897225][T16214] EXT4-fs error (device loop3): ext4_dirty_inode:6041: inode #4: comm syz.3.3833: mark_inode_dirty error
[  161.909230][T16214] EXT4-fs error (device loop3): ext4_do_update_inode:5153: inode #4: comm syz.3.3833: corrupted inode contents
[  161.921549][T16214] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #4: comm syz.3.3833: mark_inode_dirty error
[  161.933474][T16214] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.3833: Failed to acquire dquot type 1
[  161.945430][T16214] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  161.992642][T12662] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.003490][ T2999] ==================================================================
[  162.011583][ T2999] BUG: KCSAN: data-race in block_uevent / inc_diskseq
[  162.018355][ T2999] 
[  162.020676][ T2999] write to 0xffff888102152620 of 8 bytes by task 12662 on cpu 0:
[  162.028441][ T2999]  inc_diskseq+0x2c/0x40
[  162.032699][ T2999]  disk_force_media_change+0x9f/0xf0
[  162.037997][ T2999]  lo_release+0x2ca/0x400
[  162.042339][ T2999]  bdev_release+0x3c6/0x420
[  162.046854][ T2999]  blkdev_release+0x15/0x20
[  162.051389][ T2999]  __fput+0x17a/0x6d0
[  162.055358][ T2999]  __fput_sync+0x96/0xc0
[  162.059615][ T2999]  __se_sys_close+0x109/0x1b0
[  162.064274][ T2999]  __x64_sys_close+0x1f/0x30
[  162.068854][ T2999]  x64_sys_call+0x266c/0x2dc0
[  162.073516][ T2999]  do_syscall_64+0xc9/0x1c0
[  162.078032][ T2999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.083919][ T2999] 
[  162.086230][ T2999] read to 0xffff888102152620 of 8 bytes by task 2999 on cpu 1:
[  162.093754][ T2999]  block_uevent+0x31/0x50
[  162.098077][ T2999]  dev_uevent+0x2f3/0x380
[  162.102420][ T2999]  uevent_show+0x11e/0x210
[  162.106843][ T2999]  dev_attr_show+0x3a/0xa0
[  162.111263][ T2999]  sysfs_kf_seq_show+0x17c/0x250
[  162.116202][ T2999]  kernfs_seq_show+0x7c/0x90
[  162.120793][ T2999]  seq_read_iter+0x2d1/0x930
[  162.125378][ T2999]  kernfs_fop_read_iter+0xc0/0x310
[  162.130508][ T2999]  vfs_read+0x5dc/0x700
[  162.134656][ T2999]  ksys_read+0xe8/0x1b0
[  162.138803][ T2999]  __x64_sys_read+0x42/0x50
[  162.143301][ T2999]  x64_sys_call+0x2874/0x2dc0
[  162.147967][ T2999]  do_syscall_64+0xc9/0x1c0
[  162.152462][ T2999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.158379][ T2999] 
[  162.160689][ T2999] value changed: 0x00000000000001d1 -> 0x00000000000001d2
[  162.167782][ T2999] 
[  162.170092][ T2999] Reported by Kernel Concurrency Sanitizer on:
[  162.176231][ T2999] CPU: 1 UID: 0 PID: 2999 Comm: udevd Not tainted 6.13.0-rc6-syzkaller-00038-g09a0fa92e5b4 #0
[  162.186556][ T2999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  162.196596][ T2999] ==================================================================
[  162.238480][T16247] loop3: detected capacity change from 0 to 512
[  162.247363][T16247] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  162.265452][T16247] EXT4-fs (loop3): too many log groups per flexible block group
[  162.273159][T16247] EXT4-fs (loop3): failed to initialize mballoc (-12)
[  162.279979][T16247] EXT4-fs (loop3): mount failed